Knowledge Partner
Knowledge Partner
757 views

Clear something up for, since the docs do not... SSPR Intuder Lock,Forgotten password 'Allow Unlock'

Aaron and Phil had a thread where they asked if there was a way to allow
an NMAS INtruder locked out user to Challenge Response login, and
instead of resetting it, to unlock it?

Reading the docs, for 3.3.x, it says about the Forgot Password module:
https://www.netiq.com/documentation/self-service-password-reset-33/adminguide/data/b1ggnqpg.html

There is an option in Forgot Password called: Allow Unlock

"Enable this setting if you want to provide users the facility to unlock
their password instead of resetting it.

This setting is applicable if the user's account is locked because of
multiple invalid login attempts, and the user's password is not expired."

Now this clearly does not work when the user is NMAS Intruder locked,
since C/R is a login event that fails due to Intruder Lock. You get the
following in the log:

January 21, 2016 at 4:04:44 PM Eastern Standard Time, ERROR,
http.PwmRequest, {7a} 5069 ERROR_INTRUDER_LDAP (nmas account is intruder
locked-out) [171.21.10.130] January 21, 2016 at 4:04:44 PM Eastern
Standard Time, FATAL, servlet.PwmServlet, 5069 ERROR_INTRUDER_LDAP (nmas
account is intruder locked-out)

So first off, should the docs note this important point? Or are the docs
right and this should just work and it is a bug that it is not working?

I can see how this would work in the Helpdesk case, where the Helpdesk
user can Unlock the account instead of resetting it.

So is this a missing function, a bug, or a doc bug?
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Clear something up for, since the docs do not... SSPR IntuderLock, Forgotten password 'Allow Unlock'

I think it works when you use the SSPR intruder detection, not the NMAS
version.

If correct, the docs could be improved to clarify that for sure.

#Intruder detection:
https://www.netiq.com/documentation/sspr3/adminguide/data/b19te4i7.html

#Allowing unlock:
https://www.netiq.com/documentation/sspr3/adminguide/data/b14knmxw.html

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.