Reset pwdFailureTime in OpenDJ

Tagged: ,

This topic has 1 reply, 2 voices, and was last updated 5 years, 6 months ago by Ludo.

  • Author
  • #16744


    I m trying to clear failed authentication times of users in OpenDJ programmatically. I found following OpenDJ command to be a fit to perform this.

    ./manage-account clear-authentication-failure-times -h localhost -p 4444 -D “cn=Directory Manager” -w xxxxxxxx-b uid=testuser1,ou=usercredentials,ou=security,dc=siam,dc=truvenhealth,dc=com -X

    I tried to reset ‘pwdFailureTime’ using DirectoryManager account through LDAP Java API, but i got following error.

    Entry uid=siamtester6,ou=usercredentials,ou=security,dc=siam,dc=truvenhealth,dc=com cannot be modified because the modification attempted to update attribute pwdFailureTime which is defined as NO-USER-MODIFICATION in the server schema

    Looks like Directory Manager requires some special permission to achieve this programmatically? How do it achieve this programmatically?


    Why do you want to reset pwdFailureTime attribute for a user ?
    OpenDJ has a feature that allows an account to be unlocked automatically after a period of time.
    You cannot modify the attribute with an LDAP Modify operation because the attribute is read-only and managed by the server.
    The manage-account tool uses a specific LDAP Extended Operation to modify or reset password policy specific attributes in user entries. From a Java program, you could exec the command, call the main point with passing the same arguments, or implement the extended operation yourself. This extended operation is not yet available in the OpenDJ Client library, but should be in a future release.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?