April 5, 2017 at 10:03 pm #16744LakiParticipant
I m trying to clear failed authentication times of users in OpenDJ programmatically. I found following OpenDJ command to be a fit to perform this.
./manage-account clear-authentication-failure-times -h localhost -p 4444 -D “cn=Directory Manager” -w xxxxxxxx-b uid=testuser1,ou=usercredentials,ou=security,dc=siam,dc=truvenhealth,dc=com -X
I tried to reset ‘pwdFailureTime’ using DirectoryManager account through LDAP Java API, but i got following error.
Entry uid=siamtester6,ou=usercredentials,ou=security,dc=siam,dc=truvenhealth,dc=com cannot be modified because the modification attempted to update attribute pwdFailureTime which is defined as NO-USER-MODIFICATION in the server schema
Looks like Directory Manager requires some special permission to achieve this programmatically? How do it achieve this programmatically?April 7, 2017 at 10:16 am #16784LudoModerator
Why do you want to reset
pwdFailureTimeattribute for a user ?
OpenDJ has a feature that allows an account to be unlocked automatically after a period of time.
You cannot modify the attribute with an LDAP Modify operation because the attribute is read-only and managed by the server.
manage-accounttool uses a specific LDAP Extended Operation to modify or reset password policy specific attributes in user entries. From a Java program, you could exec the command, call the main point with passing the same arguments, or implement the extended operation yourself. This extended operation is not yet available in the OpenDJ Client library, but should be in a future release.
You must be logged in to reply to this topic.