Nmas Error 222
Site Leaders Articles Blogs What's New? FAQ Advanced Search Forum PRODUCT RELATED DISCUSSIONS IDENTITY & ACCESS MANAGEMENT Self Service Password Reset NMAS error -222 You can view the discussions, but you must login before you can post. Click the LOGIN link in the forum header to proceed. To start viewing messages, select the forum that you want to visit from the selection below. If this is your first visit, be sure to check out the FAQ by clicking the link above. Results 1 to 4 of 4 Thread: NMAS error -222 Thread Tools Show Printable Version Subscribe to this Thread… Display Switch to Linear Mode Switch to Hybrid Mode Threaded Mode Threaded View 17-Jul-2013,02:34 PM #1 icsynergymg NNTP User NMAS error -222 I'm attempting to configure SSPR_20 the eDirectory that comes with Identity Manager 4.02 NOTE: I'm using LDAP Promiscuous SSL mode True I've successfully: 1) added the schema and a PwmProxy user to my eDirectory. 2) setup a "LDAP Test User" in "cn=pwmTest,ou=users,o=data" After I save the configuration. In the browser I see: LDAP WARN unexpected policy error while writing test user temporary random password: nmas error -222 In the catalina.out logs: 2013-07-17 08:29:00, TRACE, provider.JNDIProviderImpl, bind successful as cn=PwmProxy,ou=sa,o=data (334ms) 2013-07-17 08:29:00, TRACE, provider.ChaiProviderFactory, adding StatisticsWrapper to provider instance 2013-07-17 08:29:00, DEBUG, impl.AbstractChaiEntry, error testing nmas password: -1659 2013-07-17 08:29:00, TRACE, health.LDAPStatusChecker, error retrieving user password from directory, this is probably okay; error reading nmas password: error -1659 2013-07-17 08:29:00, TRACE, entry.EdirEntries, using active universal password policy for user cn=pwmTest,ou=users,o=data at cn=Sample Password Policy,cn=Password Policies,cn=Security 2013-07-17 08:29:00, DEBUG, pwm.PwmPasswordPolicy, discovered assigned password policy for cn=pwmTest,ou=users,o=data at cn=Sample Password Policy,cn=Password Policies,cn=Security PwmPasswordPolicy: {MinimumLowerCase=0, MinimumSpecial=0, MaximumUpperCase=0,
MaximumNumeric=0, MinimumLifetime=0, MinimumUnique=0,
DisallowedAttributes=[], UniqueRequired=FALSE, AllowNumeric=TRUE,
CaseSensitive=TRUE, ChangeMessage=, ExpirationInterval=0,
MaximumLowerCase=0, AllowSpecial=TRUE, MaximumLength=12,
AllowFirstCharNumeric=TRUE, MinimumLength=4, MaximumSequentialRep
Favorite Rating: Changing the minimum password length on a policy expires all LDAP accessed user accounts.This document (3565677) is provided subject to the disclaimer at the end of this document. Environment Novell eDirectory 8.7.3 for All PlatformsNovell eDirectory 8.8 for All Platforms Situation ISSUE:ldap_bind: Invalid credentials additional info: NDS error: bad password (-222)LocalLoginRequest. Error bad password (-222)The environment was eDirectory 8.7.3.9 FTF3 and Security Services 204. A Universal Password Policy was in place where the minimum number of characters required in a password was 6. Later this policy was changed to require 8 characters. The administrator did not want https://forums.novell.com/showthread.php/490095-NMAS-error-222 this policy to be enforced on everyone at once. Therefore, care was taken to ensure in the policy's options that the option to " Verify whether existing passwords comply with the password policy (verification occurs on login)" was not checked. Therefore the expected behavior was that this enforcement would occur when the user's current password expiration time came. This worked as designed as long as users logged in with a https://www.novell.com/support/kb/doc.php?id=3565677 Novell NCP client using NMAS authentication. However, if the user logged in via LDAP his account would be immediately expired. Thereafter each LDAP authentication would consume a grace login. Once all grace logins were consumed the account would be prevented from logging in again. The ldap client would return, " ldap_bind: Invalid credentials additional info: NDS error: bad password (-222) ". Looking in dstrace the following could be seen " LocalLoginRequest. Error bad password (-222) ".CAUSE:NMAS places password restriction attributes on the policy object itself. The old way of enforcing passwords would place password restriction attributes on the user object. When moving from the legacy password policies to NMAS enforcement, many administrators were confused by iManager reading and returning the policy object's values and ConsoleOne reading and returning the user objects values. Therefore a change was made in NMAS to synch some of the policy attributes to the user object upon login. One of these attributes that is synchronized is the " Password Minimum Length ". In eDirectory 8.7.3 NMAS is not used on LDAP authentication. Therefore when a LDAP authentication occurs it makes a dclient call to eDirectory. eDirectory will evaluate the current password length with the user's existing value in his " Password Minimum L
GoogleВойтиСкрытые поляПоиск групп или сообщений