You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Maiorano Pasquale <pa...@leonardocompany.com> on 2017/04/20 10:39:27 UTC
lockout duration
Dear All,
in the Apache Directory Studio I am not able to set the ads-pwdlockout attribute in the pwd policy. The tool reply : “Error: the configured value editor cannot handle this value!” What does it means?
I guess that if i do not set this value, it is impossible to lock the account after a pre-defined number of failed attempts to log.
Regards,
Pasquale
Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.
________________________________
The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
Re: lockout duration
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 20/04/2017 à 12:39, Maiorano Pasquale a écrit :
> Error: the configured value editor cannot handle this value
What exactlyhave you done ? Editing teh ads_pwdlockout value in DN:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
?
Which version of Studio are you using ?
--
Emmanuel Lecharny
Symas.com
directory.apache.org
Re: R: lockout duration
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 20/04/2017 à 13:50, Maiorano Pasquale a écrit :
> I have added the attribute ads_pwdlockout to the following DN:
> DN: ads-pwdid=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
Ah, yes, this is a bug that has been fixed two weeks ago :/
There is a workaround : create a new LDIF file (File -> New -> Ldap
Browser -> LDIF file), then copy paste this :
dn:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
changetype: modify
replace: ads-pwdlockout
ads-pwdlockout: TRUE
-
You can set FALSE instead of TRUE if you want to disable the password
lockout.
Then on top right of the ldif tab, click on 'browse', select the server
you are connected to, and then click on teh green arrow. That will
inject the value in the server.
--
Emmanuel Lecharny
Symas.com
directory.apache.org
Re: R: R: lockout duration
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 20/04/2017 à 15:01, Maiorano Pasquale a écrit :
> I have fixed the problem by myself: It is enough to double click on the attribute value, when there is the error string, that the field is automatically set to TRUE. I don not know why but it works.
yes, if you are not on MacOSX, you can force a value in. On Mac OSX, for
some reason (and it's probably due to a SWT bug on OSX), Studio freezes.
Again, this very bug has been fixed recently.
--
Emmanuel Lecharny
Symas.com
directory.apache.org
R: R: lockout duration
Posted by Maiorano Pasquale <pa...@leonardocompany.com>.
I have fixed the problem by myself: It is enough to double click on the attribute value, when there is the error string, that the field is automatically set to TRUE. I don not know why but it works.
Thanks anyway,
Pasquale
Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.
The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
-----Messaggio originale-----
Da: Emmanuel Lécharny [mailto:elecharny@gmail.com]
Inviato: giovedì 20 aprile 2017 14:52
A: Apache Directory Developers List
Oggetto: Re: R: lockout duration
Le 20/04/2017 à 13:50, Maiorano Pasquale a écrit :
> I have added the attribute ads_pwdlockout to the following DN:
> DN:
> ads-pwdid=default,ou=passwordPolicies,ads-interceptorId=authentication
> Interceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
Ah, yes, this is a bug that has been fixed two weeks ago :/
There is a workaround : create a new LDIF file (File -> New -> Ldap Browser -> LDIF file), then copy paste this :
dn:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
changetype: modify
replace: ads-pwdlockout
ads-pwdlockout: TRUE
-
You can set FALSE instead of TRUE if you want to disable the password lockout.
Then on top right of the ldif tab, click on 'browse', select the server you are connected to, and then click on teh green arrow. That will inject the value in the server.
--
Emmanuel Lecharny
Symas.com
directory.apache.org
R: lockout duration
Posted by Maiorano Pasquale <pa...@leonardocompany.com>.
I have added the attribute ads_pwdlockout to the following DN:
DN: ads-pwdid=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
I am using the following Apache DS Studio:
Apache Directory Studio
Version: 2.0.0.v20161101-M12
Regards,
Pasquale
Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.
The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
-----Messaggio originale-----
Da: Emmanuel Lécharny [mailto:elecharny@gmail.com]
Inviato: giovedì 20 aprile 2017 13:47
A: Apache Directory Developers List
Oggetto: Re: lockout duration
Le 20/04/2017 à 12:39, Maiorano Pasquale a écrit :
> Error: the configured value editor cannot handle this value
What exactlyhave you done ? Editing teh ads_pwdlockout value in DN:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
?
Which version of Studio are you using ?
--
Emmanuel Lecharny
Symas.com
directory.apache.org