Configuration file not being applied after locked.
1,030 views
Skip to first unread message
Alberto Zeledon
Jan 3, 2012, 9:43:43 AM1/3/12
to pwm-general
I made configuration changes for several days using the configuration
mode. Once I reached a desired configuration I locked the
configuration. I rebooted the server. Logged back in and noticed it
did not take the last configuration prior the lock and the
configuration mode was back on. Used the configuration manager link
and the latest settings were there. Attempted to save the
configuration and got "configEpoc is null or not an object". Decided
to run the "Lock Configuration" once again and edit the configuration
through the admin options of upload and download and copy to the WEB-
INF directory but nothing I do seems to work. The old configuration
persists....my challenge questions do not display and any change I
make to the configuration does not seem to apply even after UPLOADING
- editing - DOWNLOADING and copying new edited file to the WEB-INF
folder and rebooting the server. No activity reported in the event log
regarding configuration
1) How do I manually restart the pwm server???
2) how can I make the configuration file be accepted and used by the
pwm server???
mode. Once I reached a desired configuration I locked the
configuration. I rebooted the server. Logged back in and noticed it
did not take the last configuration prior the lock and the
configuration mode was back on. Used the configuration manager link
and the latest settings were there. Attempted to save the
configuration and got "configEpoc is null or not an object". Decided
to run the "Lock Configuration" once again and edit the configuration
through the admin options of upload and download and copy to the WEB-
INF directory but nothing I do seems to work. The old configuration
persists....my challenge questions do not display and any change I
make to the configuration does not seem to apply even after UPLOADING
- editing - DOWNLOADING and copying new edited file to the WEB-INF
folder and rebooting the server. No activity reported in the event log
regarding configuration
1) How do I manually restart the pwm server???
2) how can I make the configuration file be accepted and used by the
pwm server???
Menno Pieters
Jan 3, 2012, 11:18:25 AM1/3/12
to pwm-g...@googlegroups.com
Hi Alberto,
Normally, "touching" (on unix-like systems) the web.xml under pwm/WEB-INF should restart PWM. Also, changing the configuration file, should trigger PWM to restart.
How do you edit the file? Note that you MUST use an editor that understands UTF-8. So never, ever use notepad, but a decent editor (vim, notepad++, etc.). If the file is unreadable for whatever reason, it will not get picked up.
- Menno
Normally, "touching" (on unix-like systems) the web.xml under pwm/WEB-INF should restart PWM. Also, changing the configuration file, should trigger PWM to restart.
2) how can I make the configuration file be accepted and used by the
pwm server???
How do you edit the file? Note that you MUST use an editor that understands UTF-8. So never, ever use notepad, but a decent editor (vim, notepad++, etc.). If the file is unreadable for whatever reason, it will not get picked up.
- Menno
Alberto Zeledon
Jan 3, 2012, 11:53:25 AM1/3/12
to pwm-general
Menno, the editing is being done through pwm admin interface. upload
the file, edit it, since it is in memory download it back to the
server to the /home/root/Downloads and then as a final step copy the
file from the /home/root/Downloads to the pwm/WEB-INF directory...am I
doing anything wrong???
the file, edit it, since it is in memory download it back to the
server to the /home/root/Downloads and then as a final step copy the
file from the /home/root/Downloads to the pwm/WEB-INF directory...am I
doing anything wrong???
Alberto Zeledon
Jan 3, 2012, 12:29:45 PM1/3/12
to pwm-general
I guess I must me seeing a different issue here than just applying the
configuration file. Let me explain...
Even though the view of the configuration clearly shows several
challenge questions and required questions, when I login as a user and
go under challenge questions setup I do not see the challenge
questions and I see an old required question that should not be there
based on the new configuration settings...
these are my configuration settings:
LDAP Directory
LDAP URLs ldaps://kiwi.clementpappas.com:636
LDAP Promiscuous SSL false
LDAP Proxy User cn=PwmProxy,o=cpc
LDAP Proxy Password not shown
LDAP Contextless Login Root o=cpc
Login Contexts
LDAP Test User cn=pwtest,ou=hq,o=cpc
PWM Admin Query String (groupMembership=cn=PwmAdmins,ou=hq,o=cpc)
Username search filter (&(objectClass=person)(cn=%USERNAME%))
Read Password Policies true
Auto Add Object Classes pwmUser
Default Object Classes on Create inetOrgPerson
Change Password Query Match (objectClass=*)
Last Password Update Attribute pwmLastPwdUpdate
LDAP Naming Attribute cn
LDAP Proxy Idle Timeout 0
LDAP GUID Attribute VENDORGUID
Auto-Add GUID Value false
Enable LDAP Wire Trace false
Always use proxy false
LDAP Chai Settings
General
Require HTTPS false
Forward URL /pwm
Logout URL
Logout After Password Change true
Password Pre-Expire Time 43200
Password ExpireWarn Time 432000
Check Expire During Authentication true
Password Change Minimum Wait Time 10
Password Change Maximum Wait Time 90
Require Current Password during change false
Wordlist File wordlist.zip
Seedlist File seedlist.zip
Google Analytics Code
PWM Instance Name
Token Characters ABCDEFGHJKLMNPQRSTUVWXY3456789
Token Length 16
Token Maximum Lifetime 3600
Token Storage Method STORE_PWMDB
User Interface
Interface Theme water
Show Detailed Errors true
Show Auto Generate Randoms true
Show Strength Meter true
Password Guide Text
Password Change Agreement Message
New User Agreement Message
Allow Show/Hide Password Fields true
Show Cancel Button true
Show Reset Button true
Show Password History false
Show User Account Information false
Password Policy
Minimum Length 8
Maximum Length 128
Maximum Repeat 0
Maximum Sequential Repeat 0
Allow Numeric Characters true
Allow First Character Numeric true
Allow Last Character Numeric true
Maximum Numeric 0
Minimum Numeric 0
Allow Special Characters true
Allow First Character Special true
Allow Last Character Special true
Maximum Special 0
Minimum Special 0
Maximum Alphabetic 0
Minimum Alphabetic 0
Maximum Non-Alphabetic 0
Minimum Non-Alphabetic 0
Maximum Uppercase 0
Minimum Uppercase 1
Maximum Lowercase 0
Minimum Lowercase 0
Minimum Unique Characters 0
Maximum Characters From Previous Password 6
Enable Wordlist true
Enforce Microsoft-AD Password Complexity false
Required Regular Expression Matches
Disallowed Regular Expression Matches
Disallowed Values password
test
Disallowed Attributes cn
givenName
sn
Enable Shared History false
Shared History Age 2419200
Minimum Password Strength 45
Password Change Message
Challenge Policy
Enable Setup Responses true
Force Response Setup true
Random Questions
Default What is your favorite book?::2::200
What is the name of your favorite teacher?::4::200
If you could meet someone from history, who would it be?::4::200
What is your least favorite film of all time?::4::200
Who was your least favorite teacher?::4::200
What food do you dislike the most?::4::200
What is the name of your favorite pet?::4::200
What was the name of your childhood best friend?::4::200
What is your father's middle name::2::200
What was your favorite show as a child?::4::200
What isd your mother's maiden name?::2::200
Who is your favorite author?::4::200
What is your favorite food?::4::200
What is your partner's nickname?::4::200
What is your favorite team?::4::200
What street did you grow up on?::4::200
What city / town were you born in?::4::200
What is your favorite vehicle?::4::200
%user%::3::200
Required Questions
Default What make car do you drive?::3::200
What is your favorite color?::3::200
%user%::3::200
Minimum Random Required 1
Minimum Random Challenges Required During Setup 2
Show Response Confirmation true
Case Insensitive Responses true
Allow Duplicate Responses false
Apply Wordlist false
Save Challenge Query String (objectClass=*)
Check Responses Query Match (objectClass=*)
Email
SMTP Email Server Address 10.239.140.9
SMTP Email Server Username
SMTP Email Server Password
User Email attribute Mail
Maximum Email Queue Age 3600
Admin Alert To Address azel...@clementpappas.com
Admin Alert From Address PWM Alert Notification
<nor...@clementpappas.com>
Change Password Email From PWM Notification Agent
<nor...@clementpappas.com>
Change Password Email Subject Password Change Notification
Change Password Plaintext Email Body Your password has been changed.
If you have changed your password, then no action is required. If you
did not initiate a password change please contact your help desk.
Change Password HTML Email Body <b>Your password has been changed.</
b> If you have changed your password, then no action is required. If
you did not initiate a password change please contact your help desk.
New User Email Subject Welcome
New User Email From Password Notification Agent
<nor...@clementpappas.com>
New User Plaintext Email Body Thank you for registering.
New User HTML Email Body <b>Thank you for registering your account.</
b>
New User Verification Subject New User Verification
New User Verification From New User Agent <nor...@clementpappas.com>
New User Verification Plaintext Email Body Your activation token is
%TOKEN%.
New User Verification HTML Email Body You, or someone acting as you
has requested a new account.<br/><br/>To continue with your account
registration, please <a href="http://www.example.com/pwm/public/
NewUser/%TOKEN%">click here</a> to continue.<br/><br/>Alternatively,
you can enter the code <b>%TOKEN%</b> to continue.<br/><br/>If you did
not request to create a new account, you do not need to take any
action.
Activation Email Subject Account Activated
Activation Email From Password Notification Agent
<nor...@example.com>
Activation Plaintext Email Body Thank you for activating your
account.
Activation HTML Email Body <b>Thank you for activating your account.</
b>
Challenge Token Email From Forgotten Password Agent
<nor...@clementpappas.com.com>
Challenge Token Email Subject Forgotten Password Information
Challenge Token Plaintext Email Body Your activation token is %TOKEN
%.
Challenge Token HTML Email Body You, or someone acting as you has
requested a password reset.<br/><br/>To continue with your password
reset, please <a href="http://www.example.com/pwm/public/
ForgottenPassword/%TOKEN%">click here</a> to continue.<br/><br/
>Alternatively, you can enter the code <b>%TOKEN%</b> to continue.<br/
><br/>If you do not wish to change your password at this time, you do
not need to take any action.
New Guest Email Subject Welcome
New Guest Email From Password Notification Agent
<nor...@clememtpappas.com>
New Guest Plaintext Email Body Your account has been created. Your
username is: %cn% Your password is: %password%
New Guest User HTML Email Body <b>Your account has been created.</
b><p>Your username is: <b>%cn%</b><br>Your password is: <b>%password%</
b></p>
Update Guest Email Subject Account update notification
Update Guest Email From Password Notification Agent
<nor...@clementpappas.com>
Updated Guest Plaintext Email Body Your account has been updated.
New Guest User HTML Email Body <b>Your account has been created.</b>
SMTP Email Advanced Settings
SMS
User SMS number attribute personalMobile
Maximum SMS Queue Age 300
SMS Gateway https://sms.example.com/service
SMS Gateway User exampleuser
SMS Gateway Password not shown
HTTP(S) Method POST
SMS Gateway Authentication Method REQUEST
SMS Request Data user=%USER%&pass=%PASS%&to=%TO%&msg=%MESSAGE%
SMS Data Content Type application/x-www-form-urlencoded
SMS Data Content Encoding URL
SMS Gateway HTTP Request Headers
Maximum SMS Text Length 140
Response Regular Expressions
SMS Sender ID
SMS Phone Number Format ZEROS
Default SMS Country Code 1
Request Id Characters 0123456789abcdef
Request Id Length 6
Challenge Token SMS Text Your activation token is %TOKEN%.
Use URL Shortener false
Intruder Detection & Captcha
User Reset Time 300
User Maximum Attempts 10
Address Reset Time 120
Address Maximum Attempts 30
reCAPTCHA Public Key
reCAPTCHA Private Key not shown
Captcha Skip Parameter Value
Captcha Skip Cookie
Logging & Alerts
Health Check Frequency 120
Java StdOut Log Level INFO
Log4j Configuration File
Maximum PwmDB Events 1000000
Maximum Age PwmDB Events 2419200
PwmDB Log Level INFO
User History Attribute pwmEventLog
User History Maximum Events 20
Startup Alerts true
Shutdown Alerts true
Intruder Alerts true
Fatal Event Alerts true
Configuration Modification Alerts true
Daily Summary Alerts true
Forgotten Password
Enable Forgotten Password true
Response Read Location LDAP
Response Storage Attribute pwmResponseSet
Store Responses in Remote Database false
Store Responses in PwmDB false
Allow Unlock true
Store PWM Responses Encrypted true
Required Attributes
Default sn:Last Name:text:2:100:true:false
Require Responses true
Require Email Token false
Token Send Method EMAILONLY
Forgotten Username
Enable Forgotten Username false
Forgotten Username Form
Default mail:Email Address:email:3:50:true:false
surname:Last Name:text:2:50:true:false
Forgotten Username Search Filter (&(objectClass=person)(mail=%mail%)
(surname=%surname%))
Username LDAP Attribute cn
New User Registration
Enable New User Registration false
Creation Context ou=users,o=example
New User Form
Default mail:Email Address:email:3:50:true:false
givenName:First name:text:2:40:true:false
sn:Last name:text:2:40:true:false
Unique Attributes cn
mail
Write Attributes description=PWM Created User
Delete On Creation Failure true
Random Username Characters ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Random Username Length 16
Enable New User Email Verification true
New User Password Policy Template TESTUSER
New User Minimum Wait Time 10
Guest Registration
Enable Guest Registration false
Creation Context ou=guests,o=example
Guest Admin Query String
(groupMembership=cn=useradmins,ou=groups,o=example)
New Guest Form
Default cn:Username:text:2:10:true:false
givenName:First name:text:4:40:true:false
sn:Last name:text:4:40:true:false
mail:Email Address:email:3:50:true:true
telephoneNumber:Telephone Number:text:7:10:true:false
Update Guest Form
Default cn:Username:readonly:1:10:false:false
givenName:First name:text:4:40:true:false
sn:Last name:text:4:40:true:false
mail:Email Address:email:3:50:true:false
telephoneNumber:Telephone Number:text:7:10:true:false
Unique Attributes cn
mail
Write Attributes description=PWM Created Guest User
Administrator DN Attribute manager
Edit Guest By Original Administrator Only false
Maximum Duration of Account Validity 30
Attribute Used To Store Account Expiration Date loginExpirationTime
User Activation
Enable User Activation false
Activate User Form
Default cn:Username:text:2:10:true:false
sn:Last Name:text:2:32:true:false
Activation Search Filter (&(objectClass=person)(cn=%cn%))
Activation Query Match (&(loginDisabled=true)(!
(vehicleInformation=pwmActivated)))
Activation Write Attributes (Before Password Change)
loginDisabled=false
Activation Write Attributes (After Password Change)
vehicleInformation=pwmActivated
Update Profile
Enable Update Profile false
Update Query Match (objectClass=person)
Update Write Attributes vehicleInformation=pwmUpdated
Update Profile Form
Default telephoneNumber:Telephone Number:text:3:15:true:false
title:Title:text:2:15:true:false
Update Check Query Match
Shortcuts
Enable Shortcuts false
Shortcut Items
Default Google::http://www.google.com::
(objectClass=inetOrgPerson)::Google Search
Example::http://www.Example.com::(&(objectClass=inetOrgPerson)
(cn=n*))::Example Page
Yahoo::http://www.yahoo.com::(objectClass=inetOrgPerson)::Yahoo Home
Page
Shortcut Headers X-PWM-Shortcuts
People Search
Enable PeopleSearch true
PeopleSearch Query Match (objectClass=*)
Search filter (&(objectClass=inetOrgPerson)(|(cn=*%USERNAME%*)
(givenName=*%USERNAME%*)(sn=*%USERNAME%*)(mail=*%USERNAME%*)
(telephoneNumber=*%USERNAME%*)))
LDAP Search base o=cpc
PeopleSearch result form
Default givenName:First Name:text:1:50:true:false
sn:Last Name:text:1:50:true:false
mail:Email:email:1:50:true:false
telephoneNumber:Telephone:text:1:50:true:false
PeopleSearch result limit 25
Use proxy account true
Novell eDirectory
Enable NMAS Extensions true
Store NMAS Responses true
Read Challenge Sets true
UserApp Password SOAP Service URL
Database
PwmDB Location pwmDB
PwmDB Implementation Class password.pwm.util.pwmdb.Berkeley_PwmDb
PwmDB Initialization String je.maxMemory=10000000
je.cleaner.minUtilization=70
Database Class
Database Connection String
Database Username
Database Password not shown
Miscellaneous
Use X-Forwarded-For Header true
Allow URL Sessions false
Enable Session Verification true
Force Basic Authentication false
Enable Reverse DNS true
External Change Method
External Judge Method password.pwm.PwmPasswordJudge
External Rule Method
Disallowed HTTP Inputs (?i)<.*script.*>
(?i)<.*xml.*>*
(?i)<.*img.*>
(?i)<.*src.*>
(?i).*href.*
Wordlist Case Sensitivity false
HTTP Proxy
Hide Configuration Health Warnings false
CAS ClearPass URL
Enable URL Shortening Service Class
Regular Expression for Matching URLs (https?://([^:@]+(:[^@]+)?@)?([a-
zA-Z0-9\.]+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|\[[0-9a-fA-F:]+\])(:
\d{1,5})?/*[a-zA-Z0-9/\\%_.]*\?*[a-zA-Z0-9/\\%_.=&#]*)
Configuration Parameters for URL Shortening Service
Helpdesk
Enable Helpdesk Module false
Enforce PWM Password Policy true
Administrative Password Reset Query Match
(groupMembership=cn=PwmAdmins,ou=Groups,o=example)
User Attributes givenname:Given Name
sn:Surname
mail:Mail
Enable Unlock true
Values in blue are modified from the default values.
Idle Timeout: 5 minutes
azeledon | ::1 | English
configuration file. Let me explain...
Even though the view of the configuration clearly shows several
challenge questions and required questions, when I login as a user and
go under challenge questions setup I do not see the challenge
questions and I see an old required question that should not be there
based on the new configuration settings...
these are my configuration settings:
LDAP Directory
LDAP URLs ldaps://kiwi.clementpappas.com:636
LDAP Promiscuous SSL false
LDAP Proxy User cn=PwmProxy,o=cpc
LDAP Proxy Password not shown
LDAP Contextless Login Root o=cpc
Login Contexts
LDAP Test User cn=pwtest,ou=hq,o=cpc
PWM Admin Query String (groupMembership=cn=PwmAdmins,ou=hq,o=cpc)
Username search filter (&(objectClass=person)(cn=%USERNAME%))
Read Password Policies true
Auto Add Object Classes pwmUser
Default Object Classes on Create inetOrgPerson
Change Password Query Match (objectClass=*)
Last Password Update Attribute pwmLastPwdUpdate
LDAP Naming Attribute cn
LDAP Proxy Idle Timeout 0
LDAP GUID Attribute VENDORGUID
Auto-Add GUID Value false
Enable LDAP Wire Trace false
Always use proxy false
LDAP Chai Settings
General
Require HTTPS false
Forward URL /pwm
Logout URL
Logout After Password Change true
Password Pre-Expire Time 43200
Password ExpireWarn Time 432000
Check Expire During Authentication true
Password Change Minimum Wait Time 10
Password Change Maximum Wait Time 90
Require Current Password during change false
Wordlist File wordlist.zip
Seedlist File seedlist.zip
Google Analytics Code
PWM Instance Name
Token Characters ABCDEFGHJKLMNPQRSTUVWXY3456789
Token Length 16
Token Maximum Lifetime 3600
Token Storage Method STORE_PWMDB
User Interface
Interface Theme water
Show Detailed Errors true
Show Auto Generate Randoms true
Show Strength Meter true
Password Guide Text
Password Change Agreement Message
New User Agreement Message
Allow Show/Hide Password Fields true
Show Cancel Button true
Show Reset Button true
Show Password History false
Show User Account Information false
Password Policy
Minimum Length 8
Maximum Length 128
Maximum Repeat 0
Maximum Sequential Repeat 0
Allow Numeric Characters true
Allow First Character Numeric true
Allow Last Character Numeric true
Maximum Numeric 0
Minimum Numeric 0
Allow Special Characters true
Allow First Character Special true
Allow Last Character Special true
Maximum Special 0
Minimum Special 0
Maximum Alphabetic 0
Minimum Alphabetic 0
Maximum Non-Alphabetic 0
Minimum Non-Alphabetic 0
Maximum Uppercase 0
Minimum Uppercase 1
Maximum Lowercase 0
Minimum Lowercase 0
Minimum Unique Characters 0
Maximum Characters From Previous Password 6
Enable Wordlist true
Enforce Microsoft-AD Password Complexity false
Required Regular Expression Matches
Disallowed Regular Expression Matches
Disallowed Values password
test
Disallowed Attributes cn
givenName
sn
Enable Shared History false
Shared History Age 2419200
Minimum Password Strength 45
Password Change Message
Challenge Policy
Enable Setup Responses true
Force Response Setup true
Random Questions
Default What is your favorite book?::2::200
What is the name of your favorite teacher?::4::200
If you could meet someone from history, who would it be?::4::200
What is your least favorite film of all time?::4::200
Who was your least favorite teacher?::4::200
What food do you dislike the most?::4::200
What is the name of your favorite pet?::4::200
What was the name of your childhood best friend?::4::200
What is your father's middle name::2::200
What was your favorite show as a child?::4::200
What isd your mother's maiden name?::2::200
Who is your favorite author?::4::200
What is your favorite food?::4::200
What is your partner's nickname?::4::200
What is your favorite team?::4::200
What street did you grow up on?::4::200
What city / town were you born in?::4::200
What is your favorite vehicle?::4::200
%user%::3::200
Required Questions
Default What make car do you drive?::3::200
What is your favorite color?::3::200
%user%::3::200
Minimum Random Required 1
Minimum Random Challenges Required During Setup 2
Show Response Confirmation true
Case Insensitive Responses true
Allow Duplicate Responses false
Apply Wordlist false
Save Challenge Query String (objectClass=*)
Check Responses Query Match (objectClass=*)
SMTP Email Server Address 10.239.140.9
SMTP Email Server Username
SMTP Email Server Password
User Email attribute Mail
Maximum Email Queue Age 3600
Admin Alert To Address azel...@clementpappas.com
Admin Alert From Address PWM Alert Notification
<nor...@clementpappas.com>
Change Password Email From PWM Notification Agent
<nor...@clementpappas.com>
Change Password Email Subject Password Change Notification
Change Password Plaintext Email Body Your password has been changed.
If you have changed your password, then no action is required. If you
did not initiate a password change please contact your help desk.
Change Password HTML Email Body <b>Your password has been changed.</
b> If you have changed your password, then no action is required. If
you did not initiate a password change please contact your help desk.
New User Email Subject Welcome
New User Email From Password Notification Agent
<nor...@clementpappas.com>
New User Plaintext Email Body Thank you for registering.
New User HTML Email Body <b>Thank you for registering your account.</
b>
New User Verification Subject New User Verification
New User Verification From New User Agent <nor...@clementpappas.com>
New User Verification Plaintext Email Body Your activation token is
%TOKEN%.
New User Verification HTML Email Body You, or someone acting as you
has requested a new account.<br/><br/>To continue with your account
registration, please <a href="http://www.example.com/pwm/public/
NewUser/%TOKEN%">click here</a> to continue.<br/><br/>Alternatively,
you can enter the code <b>%TOKEN%</b> to continue.<br/><br/>If you did
not request to create a new account, you do not need to take any
action.
Activation Email Subject Account Activated
Activation Email From Password Notification Agent
<nor...@example.com>
Activation Plaintext Email Body Thank you for activating your
account.
Activation HTML Email Body <b>Thank you for activating your account.</
b>
Challenge Token Email From Forgotten Password Agent
<nor...@clementpappas.com.com>
Challenge Token Email Subject Forgotten Password Information
Challenge Token Plaintext Email Body Your activation token is %TOKEN
%.
Challenge Token HTML Email Body You, or someone acting as you has
requested a password reset.<br/><br/>To continue with your password
reset, please <a href="http://www.example.com/pwm/public/
ForgottenPassword/%TOKEN%">click here</a> to continue.<br/><br/
>Alternatively, you can enter the code <b>%TOKEN%</b> to continue.<br/
><br/>If you do not wish to change your password at this time, you do
not need to take any action.
New Guest Email Subject Welcome
New Guest Email From Password Notification Agent
<nor...@clememtpappas.com>
New Guest Plaintext Email Body Your account has been created. Your
username is: %cn% Your password is: %password%
New Guest User HTML Email Body <b>Your account has been created.</
b><p>Your username is: <b>%cn%</b><br>Your password is: <b>%password%</
b></p>
Update Guest Email Subject Account update notification
Update Guest Email From Password Notification Agent
<nor...@clementpappas.com>
Updated Guest Plaintext Email Body Your account has been updated.
New Guest User HTML Email Body <b>Your account has been created.</b>
SMTP Email Advanced Settings
SMS
User SMS number attribute personalMobile
Maximum SMS Queue Age 300
SMS Gateway https://sms.example.com/service
SMS Gateway User exampleuser
SMS Gateway Password not shown
HTTP(S) Method POST
SMS Gateway Authentication Method REQUEST
SMS Request Data user=%USER%&pass=%PASS%&to=%TO%&msg=%MESSAGE%
SMS Data Content Type application/x-www-form-urlencoded
SMS Data Content Encoding URL
SMS Gateway HTTP Request Headers
Maximum SMS Text Length 140
Response Regular Expressions
SMS Sender ID
SMS Phone Number Format ZEROS
Default SMS Country Code 1
Request Id Characters 0123456789abcdef
Request Id Length 6
Challenge Token SMS Text Your activation token is %TOKEN%.
Use URL Shortener false
Intruder Detection & Captcha
User Reset Time 300
User Maximum Attempts 10
Address Reset Time 120
Address Maximum Attempts 30
reCAPTCHA Public Key
reCAPTCHA Private Key not shown
Captcha Skip Parameter Value
Captcha Skip Cookie
Logging & Alerts
Health Check Frequency 120
Java StdOut Log Level INFO
Log4j Configuration File
Maximum PwmDB Events 1000000
Maximum Age PwmDB Events 2419200
PwmDB Log Level INFO
User History Attribute pwmEventLog
User History Maximum Events 20
Startup Alerts true
Shutdown Alerts true
Intruder Alerts true
Fatal Event Alerts true
Configuration Modification Alerts true
Daily Summary Alerts true
Forgotten Password
Enable Forgotten Password true
Response Read Location LDAP
Response Storage Attribute pwmResponseSet
Store Responses in Remote Database false
Store Responses in PwmDB false
Allow Unlock true
Store PWM Responses Encrypted true
Required Attributes
Default sn:Last Name:text:2:100:true:false
Require Responses true
Require Email Token false
Token Send Method EMAILONLY
Forgotten Username
Enable Forgotten Username false
Forgotten Username Form
Default mail:Email Address:email:3:50:true:false
surname:Last Name:text:2:50:true:false
Forgotten Username Search Filter (&(objectClass=person)(mail=%mail%)
(surname=%surname%))
Username LDAP Attribute cn
New User Registration
Enable New User Registration false
Creation Context ou=users,o=example
New User Form
Default mail:Email Address:email:3:50:true:false
givenName:First name:text:2:40:true:false
sn:Last name:text:2:40:true:false
Unique Attributes cn
Write Attributes description=PWM Created User
Delete On Creation Failure true
Random Username Characters ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Random Username Length 16
Enable New User Email Verification true
New User Password Policy Template TESTUSER
New User Minimum Wait Time 10
Guest Registration
Enable Guest Registration false
Creation Context ou=guests,o=example
Guest Admin Query String
(groupMembership=cn=useradmins,ou=groups,o=example)
New Guest Form
Default cn:Username:text:2:10:true:false
givenName:First name:text:4:40:true:false
sn:Last name:text:4:40:true:false
mail:Email Address:email:3:50:true:true
telephoneNumber:Telephone Number:text:7:10:true:false
Update Guest Form
Default cn:Username:readonly:1:10:false:false
givenName:First name:text:4:40:true:false
sn:Last name:text:4:40:true:false
mail:Email Address:email:3:50:true:false
telephoneNumber:Telephone Number:text:7:10:true:false
Unique Attributes cn
Write Attributes description=PWM Created Guest User
Administrator DN Attribute manager
Edit Guest By Original Administrator Only false
Maximum Duration of Account Validity 30
Attribute Used To Store Account Expiration Date loginExpirationTime
User Activation
Enable User Activation false
Activate User Form
Default cn:Username:text:2:10:true:false
sn:Last Name:text:2:32:true:false
Activation Search Filter (&(objectClass=person)(cn=%cn%))
Activation Query Match (&(loginDisabled=true)(!
(vehicleInformation=pwmActivated)))
Activation Write Attributes (Before Password Change)
loginDisabled=false
Activation Write Attributes (After Password Change)
vehicleInformation=pwmActivated
Update Profile
Enable Update Profile false
Update Query Match (objectClass=person)
Update Write Attributes vehicleInformation=pwmUpdated
Update Profile Form
Default telephoneNumber:Telephone Number:text:3:15:true:false
title:Title:text:2:15:true:false
Update Check Query Match
Shortcuts
Enable Shortcuts false
Shortcut Items
Default Google::http://www.google.com::
(objectClass=inetOrgPerson)::Google Search
Example::http://www.Example.com::(&(objectClass=inetOrgPerson)
(cn=n*))::Example Page
Yahoo::http://www.yahoo.com::(objectClass=inetOrgPerson)::Yahoo Home
Page
Shortcut Headers X-PWM-Shortcuts
People Search
Enable PeopleSearch true
PeopleSearch Query Match (objectClass=*)
Search filter (&(objectClass=inetOrgPerson)(|(cn=*%USERNAME%*)
(givenName=*%USERNAME%*)(sn=*%USERNAME%*)(mail=*%USERNAME%*)
(telephoneNumber=*%USERNAME%*)))
LDAP Search base o=cpc
PeopleSearch result form
Default givenName:First Name:text:1:50:true:false
sn:Last Name:text:1:50:true:false
mail:Email:email:1:50:true:false
telephoneNumber:Telephone:text:1:50:true:false
PeopleSearch result limit 25
Use proxy account true
Novell eDirectory
Enable NMAS Extensions true
Store NMAS Responses true
Read Challenge Sets true
UserApp Password SOAP Service URL
Database
PwmDB Location pwmDB
PwmDB Implementation Class password.pwm.util.pwmdb.Berkeley_PwmDb
PwmDB Initialization String je.maxMemory=10000000
je.cleaner.minUtilization=70
Database Class
Database Connection String
Database Username
Database Password not shown
Miscellaneous
Use X-Forwarded-For Header true
Allow URL Sessions false
Enable Session Verification true
Force Basic Authentication false
Enable Reverse DNS true
External Change Method
External Judge Method password.pwm.PwmPasswordJudge
External Rule Method
Disallowed HTTP Inputs (?i)<.*script.*>
(?i)<.*xml.*>*
(?i)<.*img.*>
(?i)<.*src.*>
(?i).*href.*
Wordlist Case Sensitivity false
HTTP Proxy
Hide Configuration Health Warnings false
CAS ClearPass URL
Enable URL Shortening Service Class
Regular Expression for Matching URLs (https?://([^:@]+(:[^@]+)?@)?([a-
zA-Z0-9\.]+|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|\[[0-9a-fA-F:]+\])(:
\d{1,5})?/*[a-zA-Z0-9/\\%_.]*\?*[a-zA-Z0-9/\\%_.=&#]*)
Configuration Parameters for URL Shortening Service
Helpdesk
Enable Helpdesk Module false
Enforce PWM Password Policy true
Administrative Password Reset Query Match
(groupMembership=cn=PwmAdmins,ou=Groups,o=example)
User Attributes givenname:Given Name
sn:Surname
mail:Mail
Enable Unlock true
Values in blue are modified from the default values.
Idle Timeout: 5 minutes
azeledon | ::1 | English
Menno Pieters
Jan 3, 2012, 12:56:00 PM1/3/12
to pwm-g...@googlegroups.com
On Tue, Jan 3, 2012 at 6:29 PM, Alberto Zeledon <albertozel...@gmail.com> wrote:
I guess I must me seeing a different issue here than just applying the
configuration file. Let me explain...
Even though the view of the configuration clearly shows several
challenge questions and required questions, when I login as a user and
go under challenge questions setup I do not see the challenge
questions and I see an old required question that should not be there
based on the new configuration settings...
You may have questions configured in NMAS/eDirectory, which are probably read by PWM. The latest svn revision allows you to select the source of the questions, which could be either LDAP or PWM.
- Menno
--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To post to this group, send email to pwm-g...@googlegroups.com.
To unsubscribe from this group, send email to pwm-general...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/pwm-general?hl=en.
Reply all
Reply to author
Forward
0 new messages