Knowledge Partner
Knowledge Partner
547 views

SMS tokens and storing in LDAP

SSPR 4.1.04 in IDM mode with OSP/NAM on Red Hat.

I knew I had seen the issue of very long tokens before, even though I
set it to 8 character, I was getting a B64 encoded token that was 3 SMS
messgaes long.

Found the message and it says that is the Crypto type. INterestingly,
the Verification tokens in Helpdesk module send 8 chars, but Verifying a
user during user Update sends the Crypto version.

No big deal, went to switch to LDAP storage, since I will have two
nodes, and get 5203: Configuration format error: cannot generate new
user tokens when storage type is configured as STORE_LDAP.

Docs say you cannot use LDAP storage for New User Registration, but this
is the Update Profile module. I suspect this is one of those cases as well.

0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: SMS tokens and storing in LDAP

On 7/17/2017 4:11 PM, Geoffrey Carman wrote:
> SSPR 4.1.04 in IDM mode with OSP/NAM on Red Hat.
>
> I knew I had seen the issue of very long tokens before, even though I
> set it to 8 character, I was getting a B64 encoded token that was 3 SMS
> messgaes long.
>
> Found the message and it says that is the Crypto type. INterestingly,
> the Verification tokens in Helpdesk module send 8 chars, but Verifying a
> user during user Update sends the Crypto version.
>
> No big deal, went to switch to LDAP storage, since I will have two
> nodes, and get 5203: Configuration format error: cannot generate new
> user tokens when storage type is configured as STORE_LDAP.
>
> Docs say you cannot use LDAP storage for New User Registration, but this
> is the Update Profile module. I suspect this is one of those cases as
> well.


Hmm, I thought I had an idea...

Why would LDAP storage not work on a new user? Because the user does
not yet exist, and there is no where to write the pwmToken value. So
first thing I did was grant [This] access to pwmToken to r/w it and also
needed it on mobile, since Helpdesk module can use Proxy, but the Update
Profile uses the user permissions.

However same error. Drat. I thought I was being clever and correct there.


0 Likes
Knowledge Partner
Knowledge Partner

Re: SMS tokens and storing in LDAP

You probably already checked but has the user got the extended schema class?
0 Likes
Knowledge Partner
Knowledge Partner

Re: SMS tokens and storing in LDAP

On 7/17/2017 5:54 PM, joakim ganse wrote:
>
> You probably already checked but has the user got the extended schema
> class?


Forced to enroll in C/R first which is written to NMAS and
pwmResponseSet, so ya. Good question.



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.