SSPR Check expired password

Dear community,

we have set up a SSPR and connected it to eDirectory like specified in the documentation. We also have a policy assigned to a user where it is stated, that password is already expired.

We want for SSPR to send email on password expiration, but this email was not received. Now I would like to know if someone already tried this and if it works for users that have not yet changed password over SSPR, because we have users in that directory whose passwords are going to expire in eDirectory and want to send them an email stating that their password is about to expire.

With kind regards,

Sebastian Novak

  • Suggested Answer

    Hi Sebastian,

    This is something i would think is not supported in SSPR could you open an idea in the ideas portal for this 

    Regards

    Liam O'Dowd 

  • Verified Answer

    Hi!

    I can confirm it will work, but you need to make sure all user objects have the objectclass pwmUser added to them. (The class is part of the schema extension you need to do for SSPR).

    If users have changed password in SSPR, this class is added by default, otherwise not :)

    Also: Make sure the Email attributes under the LDAP connection details are in line with where your email address is stored.

    (The expiration notification logic in SSPR is looking at Password Expiration Time in eDirectory to calculate notifications to send)

    Regards,

    Tor Harald Lothe

  • Dear Harald,

    I have checked and the user I am testing this functionality on has pwmUser class added. I have set attribute passwordExpirationTime in eDirectory to 10th of November and set "notification" to 1 and 2 days before expiration. The user has never ever before changed password over SSPR. Now I still do not get email when I start the notification service job.

    I also tried to inspect the user in "user debug", but I keep getting error 5015. In logs I can see next errors:

    FATAL, servlet.AbstractPwmServlet, {36,-} unexpected error: 5015 ERROR_INTERNAL (unexpected error processing request: java.lang.IllegalStateException: Attribute msDS-ResultantPSO has no value, cause:java.util.NoSuchElementException: Attribute msDS-ResultantPSO has no value [5D575E229F6C24329F23650F9FD54993D7226A0A]) [192.168.144.58]
    2023-11-09T11:53:37Z, FATAL, servlet.AbstractPwmServlet, {36,-} unexpected error: 5015 ERROR_INTERNAL (unexpected error processing request: java.lang.IllegalStateException: Attribute msDS-ResultantPSO has no value, cause:java.util.NoSuchElementException: Attribute msDS-ResultantPSO has no value [5D575E229F6C24329F23650F9FD54993D7226A0A]) [192.168.144.58]
    2023-11-09T11:53:37Z, ERROR, servlet.AbstractPwmServlet, {36,-} unexpected error processing request: java.lang.IllegalStateException: Attribute msDS-ResultantPSO has no value, cause:java.util.NoSuchElementException: Attribute msDS-ResultantPSO has no value [5D575E229F6C24329F23650F9FD54993D7226A0A] [192.168.144.58] (stacktrace follows)
    java.lang.Throwable: Attribute msDS-ResultantPSO has no value

    When I checked eDirectory I could not find any attribute of this name that would have value on user. Is this maybe something that can cause the issue I m having? If so, what should be the value of this attribute?

    Thank you and kind regards,

    Sebastian Novak

  • Dear Tor Harald,

    I have resolved the issue and can confirm your answer was right! Thank you for all your help.

    With kind regards,

    Sebastian Novak