LDAP -> Password reset

Jean-Philippe LECHÊNE's Avatar

Jean-Philippe LECHÊNE

17 Jan, 2011 05:00 PM

Hello,

I am setting up an LDAP (Oracle Directory Service 7) server to work with Cascade Server (v6.7.4 )

Users from the LDAP get created / updated inside the CMS, so far, so good. :-)

But now, I need to validate if the password policy put in place on the LDAP side is correctly enforced by Cascade Server.
I put in place a password policy which locks a user account as soon as 5 consecutives failed login attempt have been done.

Now I have my user's account with the 'pwdRest' attribut set on the LDAP side, but how am I supposed to change it on the CMS side ?
Does Cascade Server supports the pwdReset feature and how ?

Thank you to shed some light on this.

Best regards,

  1. 1 Posted by Joel on 17 Jan, 2011 05:05 PM

    Joel's Avatar

    Hi Jean-Philippe,

    But now, I need to validate if the password policy put in place on the LDAP side is correctly enforced by Cascade Server.

    Cascade Server will validate the imported user accounts against your LDAP server, so yes it is enforcing it.

    I put in place a password policy which locks a user account as soon as 5 consecutives failed login attempt have been done.

    Yes, after 5 failed attempts, the user account should be locked on Oracle Directory Service 7, which Cascade authenticates through.

    Now I have my user's account with the 'pwdRest' attribut set on the LDAP side, but how am I supposed to change it on the CMS side ?

    Unfortunately you can't, as user accounts created/imported via LDAP are managed on the LDAP server, so you will have to change the password there.

    Thanks!

  2. 2 Posted by Jean-Philippe L... on 17 Jan, 2011 05:16 PM

    Jean-Philippe LECHÊNE's Avatar

    Hello Joel,

    Thank for your rapid answer and all those precisions.

    So, in other words, does this mean that if we need the user to change itself his/her previous/expired/locked password we need to build a small application aside of Cascade Server which directly talk with the LDAP server or do you see another way of providing the same functionnality (apart from asking the IT guys incharge for the LDAP to remove the attribut of course :-) ) ?

    Regards,

  3. 3 Posted by Joel on 17 Jan, 2011 05:18 PM

    Joel's Avatar

    Jean-Philippe,

    Unfortunately yes, as you are at the mercy of the LDAP administrator when it comes to password management via LDAP.

    Thanks!

  4. 4 Posted by Joel on 25 Feb, 2011 06:24 PM

    Joel's Avatar

    Jean-Philippe,

    Please feel free to reopen this ticket if you should have an update regarding this issue.

    Thanks!

  5. Joel closed this discussion on 25 Feb, 2011 06:24 PM.

  6. Jean-Philippe LECHÊNE re-opened this discussion on 25 Feb, 2011 07:50 PM

  7. 5 Posted by Jean-Philippe L... on 25 Feb, 2011 07:50 PM

    Jean-Philippe LECHÊNE's Avatar

    Hello Joel,

     Thank you for the information. I have developed a small external module
    which copes with this. So no more problems regarding this.

    Have a nice week-end,

    Regards,

    Jean-Philippe LECHÊNE

    Senior E-Business Consultant

    Mobile: +352 691 65 66 13
    Tel +352 26 45 86 50 20
    Fax +352 26 45 86 59
    [email blocked]

    Rue d’Orange 4
    L-2267 Luxembourg
    Business Intelligence | CRM |
    e-Business | Identity Access
    Management

    www.businessdecision.lu

  8. 6 Posted by Joel on 01 Mar, 2011 02:58 PM

    Joel's Avatar

    Good to hear Jean-Philippe, thanks!

  9. Joel closed this discussion on 01 Mar, 2011 02:58 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac