mdemel Absent Member.
Absent Member.
1121 views

Webaccess and expired password

We currently have a Groupwise 18.0.1 email system setup with LDAP authentication to our eDirectory with bind. We have a problem when a users' password expires they can still log into the Groupwise via the Web access. I can disable the account and it does prevent the user from logging in. Any thoughts on what to look at to make the webaccess not let people login when their password has expired?

Michael
Labels (1)
0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: Webaccess and expired password

I'd assume they're running on grace logins.
0 Likes
mdemel Absent Member.
Absent Member.

Re: Webaccess and expired password

Yes, there is a password policy in place that has a grace login set. However, even after the grace login amount has expired it will still let the user login.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Webaccess and expired password

Can't dupe this with an 18.1.0 lab-box running against build 20812.21, i.e. a pretty current OES2015sp1+. If that happens, can the user login with a NCP client? Or with ndslogin (which should throw a -222 at that point)?
mdemel Absent Member.
Absent Member.

Re: Webaccess and expired password

Version we are running is: 18.0.1 2/22/2018 Build 129782
edir version 20812.21
oes 2015.1

When trying to login into imanager it will throw a "(Error -222) An attempt was made to log in using an account password that has expired and all grace logins have also expired.", the client on a workstation will give a 0x800789DE error.

I do remember several years ago when we were running groupwise 7 or 8, I had set the system to compare the password so that when the password was expired the login for groupwise web access would continue to work until the user would login into a workstation on the network. At the time we didn't have a way to let users reset there passwords out side our network. For the life of me I can not remember where that setting is or how I came across it. I do know in the GW 2018 admin console its set to bind.
0 Likes
mdemel Absent Member.
Absent Member.

Re: Webaccess and expired password

Ok, I found the culprit. I had set up two ldap servers under the :LDAP Servers section in the GW admin, one is standard LDAP server and the other is Directory. The POA was set to use the generic LDAP instead of the Directory type, I switched the server and bounced the POA and it now says "[D071] LDAP authentication failed because the password has expired".
0 Likes
Knowledge Partner
Knowledge Partner

Re: Webaccess and expired password

This makes perfect sense. The generic option can't handle eDir specific stuff. The bind / compare setting, b.t.w., is located on the "LDAP authentication" tab in the LDAP server's properties, just in the middle of the "General" and "Email Publishing" tabs.
0 Likes
mdemel Absent Member.
Absent Member.

Re: Webaccess and expired password [Problem Fixed]

Thanks for the help.

Michael
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.