Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:


ab;247572 Wrote:
> Does the admin user have a Universal Password set? Did you apply a
> policy
> to that user somehow, and then set one?
>
> As always, post the full trace; guessing gets old quickly, especially
> when
> the answers are likely right there.
>
> --
> Good luck.
>
> If you find this post helpful and are logged into the web interface,
> show your appreciation and click on the star below...


Apologies...
Here is the trace:
http://pastebin.com/ZcGfgbGd

-ddgaikwad


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=51359

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:

This message shows up when your driver is setting up variable in order to
use them in the future to actually do the password notification (or
whatever in your case) work. While retrieving the password this way is a
nice feature that Lothar added, I'd probably just do what he message
states and set that named password on the driver config object and move
along. Sometimes the 'admin' does not have a UP policy applied, or has
one that disables UP functionality somewhat for whatever reason, and
having the named password will always just work.

I'd also create a user specifically for this purpose rather than using the
tree admin, so that you can avoid worrying about changing passwords for
that user, or similar things that would have a side effect of breaking
this driver's functionality.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:


ab;247581 Wrote:
> This message shows up when your driver is setting up variable in order
> to
> use them in the future to actually do the password notification (or
> whatever in your case) work. While retrieving the password this way is
> a
> nice feature that Lothar added, I'd probably just do what he message
> states and set that named password on the driver config object and move
> along. Sometimes the 'admin' does not have a UP policy applied, or has
> one that disables UP functionality somewhat for whatever reason, and
> having the named password will always just work.
>
> I'd also create a user specifically for this purpose rather than using
> the
> tree admin, so that you can avoid worrying about changing passwords for
> that user, or similar things that would have a side effect of breaking
> this driver's functionality.
>
> --
> Good luck.
>
> If you find this post helpful and are logged into the web interface,
> show your appreciation and click on the star below...


Okay added the named password with the name LDAP Bind Password and set
the password for the user.
I am sure I have set the right password, yet I am getting this error.
Not sure why...?

trace:http://pastebin.com/jY6gRndi

-ddgaikwad


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=51359

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:


ddgaikwad;247584 Wrote:
> Okay added the named password with the name LDAP Bind Password and set
> the password for the user.
> I am sure I have set the right password, yet I am getting this error.
> Not sure why...?
>
> trace:http://pastebin.com/jY6gRndi
>
> -ddgaikwad


Done, create another user and made him the trustee of admin added to the
driver and change teh LDAP Bind password to match user's password.
The driver is back online and working, will start working on the primary
issue now.


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=51359

0 Likes
Highlighted
Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:

The named password should have already been there, just needing to be
populated. The actual name of the password should be 'LdapNamedPassword',
though the name meant for human consumption probably is something more
like 'LDAP Bind Password'; still, apparently you have not set it as the
system expects it, so be sure the internal name is correct per above.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: Randomly reset the passwords for users:

ddgaikwad wrote:

> I am sure I have set the right password


Unless an empty string is the right password, you probably have not:

[08/13/14 10:19:29.331]:PWD_Notify PT: Action:
do-set-local-variable("LdapPassword",notrace="true",scope="policy",token-named-p
assword("LdapNamedPassword")).
[08/13/14 10:19:29.332]:PWD_Notify PT: -- trace suppressed --
[08/13/14 10:19:29.332]:PWD_Notify PT: Action: do-if().
[08/13/14 10:19:29.332]:PWD_Notify PT: Evaluating conditions.
[08/13/14 10:19:29.332]:PWD_Notify PT: (if-local-variable
'LdapPassword' equal "") = TRUE.
[08/13/14 10:19:29.332]:PWD_Notify PT: Performing if actions.
[08/13/14 10:19:29.332]:PWD_Notify PT: Action:
do-status(level="warning","A password for
""+token-local-variable("LdapLogin")+"" could not be obtained. Make sure a
Distribution Password is available and the driver has rights to read it, or set
the "LDAP Bind Password" named password.").
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:


lhaeger;247591 Wrote:
> ddgaikwad wrote:
>
> > I am sure I have set the right password

>
> Unless an empty string is the right password, you probably have not:
>
> [08/13/14 10:19:29.331]:PWD_Notify PT: Action:
> do-set-local-variable("LdapPassword",notrace="true",scope="policy",token-named-p
> assword("LdapNamedPassword")).
> [08/13/14 10:19:29.332]:PWD_Notify PT: -- trace suppressed
> --
> [08/13/14 10:19:29.332]:PWD_Notify PT: Action: do-if().
> [08/13/14 10:19:29.332]:PWD_Notify PT: Evaluating conditions.
> [08/13/14 10:19:29.332]:PWD_Notify PT: (if-local-variable
> 'LdapPassword' equal "") = TRUE.
> [08/13/14 10:19:29.332]:PWD_Notify PT: Performing if actions.
> [08/13/14 10:19:29.332]:PWD_Notify PT: Action:
> do-status(level="warning","A password for
> ""+token-local-variable("LdapLogin")+"" could not be obtained. Make sure
> a
> Distribution Password is available and the driver has rights to read it,
> or set
> the "LDAP Bind Password" named password.").


Well I gave up with admin user and created another user and made it as
trsutee of admin.
Now the driver is running just fine, time to get back to the original
configuration of the driver.

-ddgaikwad


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=51359

0 Likes
Knowledge Partner
Knowledge Partner

Re: Randomly reset the passwords for users:

ddgaikwad wrote:

> "Message: A password for "CN=admin,OU=Services,O=havigs" could not be
> obtained. Make sure a Distribution Password is available and the driver
> has rights to read it, or set the "LDAP Bind password" named password."
>
> Not sure why, as I have already given this driver security equal to
> admin user... am I missing some configuration here?
> What exactly needs to be updated?


Did you try to "set the "LDAP Bind password" named password" as mentioned above?
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:


lhaeger;247568 Wrote:
> ddgaikwad wrote:
>
> > The other question that came to mind was that, if my rule needs to be

> on
> > the Subscriber channel instead of Publisher channel?

>
> If you're using the PWNotify driver and your code should be executed on
> a
> scheduled basis: publisher. If it acts based on Edirectory events:
> subscriber.
>
> Since you do not get an event when an account has not been used for XX
> days, I
> would expect the code to reset thier passwords to live on the publisher
> and
> trigger off the ldapsearch results similar to the various notifications
> that
> can be send out.


Getting back to the original issue:
I have set this following logic over event transformation policy on
subscriber channel,
if class name greater than "User"
And if source attribute 'Last Login Time' greater than
"$AccountIdleDays$"

Actions
set destination password ("123456")

So this should be enough to have those account password reset.

Will post a trace tomorrow, if it works 😄


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=51359

0 Likes
Knowledge Partner
Knowledge Partner

Re: Randomly reset the passwords for users:

ddgaikwad wrote:

> I have set this following logic over event transformation policy on
> subscriber channel


What do you expect to trigger this rule on the subscriber channel?
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:


lhaeger;247597 Wrote:
> ddgaikwad wrote:
>
> > I have set this following logic over event transformation policy on
> > subscriber channel

>
> What do you expect to trigger this rule on the subscriber channel?


The driver is to run daily, would that not check for the users and rest
their pasword?


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=51359

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Randomly reset the passwords for users:


ddgaikwad;247598 Wrote:
> The driver is to run daily, would that not check for the users and rest
> their pasword?


I guess I was wrong with the driver running on a daily basis.
Seems that for the rule to reset the password for the user, it needs
some kind of trigger or notification.

My logic is like this:
If its a notification then
if the user from a specific container
if lastlogintime for the user is greater than accoutn idle days
then reset the password for the user

But, what is happening is that, the execution stops at checking the
login time for the user and evaluates to FALSE...

Tried a few other combination but seems to be failing.

Then while going through the other policies and rules came across the
rule, Build Idle Notification List.
As per the logic it build up the list for idle users and then sends the
count.

I was wondering somehow I can use this same logic to reset the password
for those users?

Could you point me to the right direction?


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=51359

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.