directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Brooks (US)" <Brian.Bro...@datapath.com>
Subject RE: Using REST API to get user's locked and reset states
Date Fri, 02 Jun 2017 20:39:17 GMT
Hi Shawn,

Dave and I work together.  He's on vacation for a couple days.

> Can you export that corresponding user entry into ldif and post it here?

Below is the dave user's entry exported to ldif (I omitted the jpegPhoto, userPassword, and
the 5 pwdHistory attributes). 

I don't see the policy attribute even though fotress-commander seems to successfully commit
the password policy assignment.  For example, I just tried to change another user's password
policy and tomcat recorded an HTTP 200 in it's access log.  I don't see any obvious errors
in the tomcat stdout/stderr/catalina logs.

10.1.122.55 - test [02/Jun/2017:16:26:34 -0400] "POST /fortress-web/wicket/bookmarkable/org.apache.directory.fortress.web.UserPage?2-1.IBehaviorListener.0-layout-userdetailpanel-editFields-commit&wicket-ajax=true&wicket-ajax-baseurl=wicket%2Fbookmarkable%2Forg.apache.directory.fortress.web.UserPage%3F2
HTTP/1.1" 200 261634

dn: uid=dave,ou=People,dc=example,dc=com
objectClass: extensibleObject
objectClass: ftMods
objectClass: ftProperties
objectClass: ftUserAttrs
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: dave
ftId: 8f35b947-6db5-4e4f-a73a-98b448b15874
sn: dave
displayName: dave
ftCstr: dave$0$$$$$$$
ftModCode: AdminMgrImpl.resetPassword
ftModId: e351aa19-aded-4a92-ab3b-725c5c75ec9b
ftModifier: 70e12de5-cbf5-4152-b98a-89d185667bda
ftProps: initAttrArrays:
ftRA: fortress-rest-super-user
ftRC: fortress-rest-super-user$0$$$$$$$
ftSystem: FALSE
ou: dev0
uid: dave
createTimestamp: 20170531211627.651Z
creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
entryCSN: 20170601195338.392000Z#000000#001#000000
entryDN: uid=dave,ou=People,dc=example,dc=com
entryParentId: a59bdb1e-b9eb-40c1-acbc-6be60ee64b42
entryUUID:: M2MyNzc0YTctNWQzMy00ODdlLTk1ZWItMjZhNWNmMTJiYTkz
modifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
modifyTimestamp: 20170601195338.057Z
nbChildren: 0
nbSubordinates: 0
pwdAccountLockedTime: 000001010000Z
pwdReset: TRUE
subschemaSubentry: cn=schema


Brian Brooks
Sr Software Engineer
brian.brooks@datapath.com
Office: +1 678 252 4498
2205 Northmont Pkwy, STE 100
Duluth, GA 30096

-----Original Message-----
From: Shawn McKinney [mailto:smckinney@apache.org] 
Sent: Thursday, June 01, 2017 6:12 PM
To: fortress@directory.apache.org
Subject: Re: Using REST API to get user's locked and reset states

Welcome Dave,

Can you export that corresponding user entry into ldif and post it here?   We’ll need to
see the operational attributes before trying to figure out where the problem is.  

For example, here’s an export I did of test user ‘foo1’.  You can see that I’ve put
that user’s account into both a locked and reset state (in openldap).

You can also see this user’s password policy is ‘test1’.

dn: uid=foo1,ou=People,dc=example,dc=com
objectClass: extensibleObject
objectClass: ftMods
objectClass: ftProperties
objectClass: ftUserAttrs
objectClass: inetOrgPerson
objectClass: top
cn: foo1
ftId: fdc4a7f3-62f7-47d4-aac4-bac4b7cdb551
sn: fighter
description: foo fighter
displayName: foo1
ftCstr: foo1$0$$$$$$$
ftProps: initAttrArrays:
ou: dev1
uid: foo1
userPassword:: e1NTSEF9UVQ0K21NdE5lYTBwckFRTC96QlQ2akZrK1ZESTIxd3E=
createTimestamp: 20170601212713Z
creatorsName: cn=Manager,dc=example,dc=com
entryCSN: 20170601213012.870902Z#000000#000#000000
entryDN: uid=foo1,ou=People,dc=example,dc=com
entryUUID:: ZDJlMDE3YjItZGI1Yy0xMDM2LThlMzMtNTkzZmZmYzA1ODU4
hasSubordinates: FALSE
modifiersName: cn=Manager,dc=example,dc=com
modifyTimestamp: 20170601213012Z
pwdAccountLockedTime: 000001010000Z
pwdChangedTime: 20170601212844Z
pwdHistory:: MjAxNzA2MDEyMTI4NDRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXlSVm5jMjVUUThZN2libnVuVEpUR2VVY1pYeFBCdjFR
pwdPolicySubentry: cn=test1,ou=Policies,dc=example,dc=com
pwdReset: TRUE
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema



thanks
Shawn





> On Jun 1, 2017, at 10:57 AM, David Erie (US) <David.Erie@datapath.com> wrote:
> 
> Hello,
> We're evaluating Fortress with ApacheDS, and I'm trying to get a user's account status
(locked and reset, specifically) via the REST API for a user whose account is locked and whose
password has been reset.
> 
> What I get back is this:
> 
> <entity xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
> xsi:type="user"> ..
>                <userId>dave</userId>
>                <locked>false</locked>
>                <reset>false</reset>
> ..
> </entity>
> 
> How can I tell that a user's account has been locked or reset when these Boolean properties
don't seem to contain the correct information?
> 
> Thank you,
> Dave

Mime
View raw message