Use of Lockout script - unlocking users / aging user passwords

By: Simon Devlin user 20 Oct 2016 at 5:51 a.m. CDT

4 Responses
Simon Devlin gravatar
Hi folks, In the integrations section of the support document there's a script to do account lockouts after a number of failed attempts. If one uses that, how are unlocks achieved? Similarly, most organizations have requirements around forcing password changes periodically. If I enable this within OpenDJ, how would this manifest within Gluu? Thanks
Rhel72
closed

Answers

By Aliaksandr Samuseu staff 20 Oct 2016 at 6:53 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Simon. 1. To unlock user you can use web UI to search for her/him, then change its status to "Active" 2. Regarding password expiration, please check [this ticket](https://support.gluu.org/other/2769/expiration-policy-and-password-reset/) Best regards, Alex.

By Aliaksandr Samuseu staff 20 Oct 2016 at 6:57 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Just one thing to note: Gluu usually doesn't store passwords in its own LDAP directory. Usually user entries are imported from LDAP backend you already have in your network. In such case passwords will not be stored locally (usually), and authentication will happen against that backend. Unless you'll write some application that will be called from your custom script, or implement all steps needed to do that change in your backend directory using LDAP requests in it, it won't be possible for Gluu to change such password.

By Simon Devlin user 20 Oct 2016 at 8:04 a.m. CDT

Copy
Simon Devlin gravatar
Hi - I should have added that this was using the embedded OpenDJ instance, not an external directory, so the question still stands.

By Simon Devlin user 20 Oct 2016 at 8:07 a.m. CDT

Copy
Simon Devlin gravatar
Sorry - hadn't seen your first part of the response. Thanks. Is there an ETA for version referred to in the expiration/policy ticket?

Post an answer