Cannot start job for Password Notification

sofia(백선혜)

unread,

Jun 24, 2022, 5:53:18 AM6/24/22

to pwm-general

Hello Team,

I have some questions while configuring Password Expiration Email Notification for PWM.

I'm running PWM on Windows EC2 server and I registered its IIS SMTP server as a default email server on PWM (3-pwm-editor-email_server.png). And Also, I enabled node service (4-pwm-editor-node_service.png), password expiration notification(5-pwm-editor-password_expiration_notification) too. I checked the EmailService and PwNotifyService is opened too. (2-pwm-dashboard-services.png)

But the Start Job button in Password Notification section of Dashbard is blacked out.(1-pwm-dashboard-password_notification.png)

What else should I check more?

Best Regards,

Sofia.

2-pwm-dashboard-services.png

1-pwm-dashboard-password_notification.png

4-pwm-editor-node_service.png

3-pwm-editor-email_server.png

5-pwm-editor-password_expiration_notification.png

Repulsive Concern

unread,

Jun 24, 2022, 3:54:19 PM6/24/22

to pwm-g...@googlegroups.com

Hi,

Does your test email server settings work?

Regards,

Fabian

--
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/56412861-4715-45d0-aba9-e135c6b72dc8n%40googlegroups.com.

Repulsive Concern

unread,

Jun 24, 2022, 4:48:54 PM6/24/22

to pwm-g...@googlegroups.com

Hi,

After checking, I think you need to check a few things. 1. Make sure your test user has the write rights in AD attributes in User Password and delegate permissions accordingly. Also, once your ldap test user shows good in services, the node master should start as the provided pic. Then the password expiration "start job" will not be grayed out.

On Fri, Jun 24, 2022 at 5:53 AM sofia(백선혜) <sofi...@kakaostyle.com> wrote:

--

Message has been deleted

sofia(백선혜)

unread,

Jun 26, 2022, 11:57:19 PM6/26/22

to pwm-general

Hi, Fabian!

Thank you so much for your effort. Could you give me more specified guide?

1. Make sure your test user has the write rights in AD attributes in User Password and delegate permissions accordingly.

-> Do you mean "Write all properties" permission?

2. Once your ldap test user shows good in services, the node master should start as the provided pic.
-> How can I set the node master like that pic? (cc. you can see the screenshots of current node configurations below)

Best Regards,

Sofia.

sofia(백선혜)

unread,

Jun 29, 2022, 5:56:56 AM6/29/22

to pwm-general

Hi PWM team.

This is gentle reminder. My company wants to activate the password expiration notification service in the very near future..

It would be very appreciate if you can help me as soon as possible.

Best Regards,

Sofia.

Repulsive Concern

unread,

Jun 30, 2022, 11:17:06 AM6/30/22

to pwm-g...@googlegroups.com

Hi Sofia,

I am on the same boat as you, as I'm trying to configure this for my org. :) I am figuring things out with your help as well, actually. Based on your screenshots, I was able to get the password expiration module running, but having issues with email server connectivity to send the password exp alerts. (different story) So, what I suggested is for you is to make sure the test user has these "attributes added" in AD, as a test, add those attributes and even (domain admin) rights of course (we are testing).. then stop/start tomcat and check if the master instance starts.

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/3b9cf643-c0d0-402a-96f5-b2a6ce4d4900n%40googlegroups.com.

sofia(백선혜)

unread,

Jul 5, 2022, 5:38:26 AM7/5/22

to pwm-general

Hi Team,

Thanks for the suggestions.

I added those attributes both in pwm configuration setting and active directory users setting. ( And I configured email server and enable password notification service and node service before) Also, I restarted tomcat.

But still it says Node data is not yet available. And Cannot start job for Password Notification.

Screen Shot 2022-07-05 at 6.32.55 PM.png

Screen Shot 2022-07-05 at 6.33.18 PM.png

Could you please help me out?

===============================Current PWM configurations===============================

Screen Shot 2022-07-05 at 6.33.37 PM.png

Screen Shot 2022-07-05 at 6.33.49 PM.png

Screen Shot 2022-07-05 at 6.34.19 PM.png

Screen Shot 2022-07-05 at 6.34.52 PM.png

Screen Shot 2022-07-05 at 6.35.32 PM.png

Best Regards,

Sofia.

Jason Rivard

unread,

Jul 5, 2022, 9:41:33 PM7/5/22

to pwm-general

The node has to be running for a few minutes before the node service is operating. Are you letting it run for more than a few seconds?

sofia(백선혜)

unread,

Jul 5, 2022, 10:04:16 PM7/5/22

to pwm-general

Hi, Jason.

Thank you for replying.

Does the node mean Tomcat service? Tomcat had been running and I restarted it. How can I let it run before its operation?

Jason Rivard

unread,

Jul 5, 2022, 10:12:05 PM7/5/22

to pwm-general

No, the node means a PWM instance running inside tomcat.

sofia(백선혜)

unread,

Jul 5, 2022, 11:28:12 PM7/5/22

to pwm-general

The pwm service is running and had been running well before the tomcat restart. The users can change their password through PWM.

And this is recent error log. I know I have to add attribute "pwmData" to AD schema. But it seems like there is issue regarding node so that I can see the Node data is not yet available.

in the PWM dashboard.

2022-07-06T03:19:50Z, ERROR, node.NodeMachine, 5093 ERROR_NODE_SERVICE_ERROR (error writing node service heartbeat: 5079 ERROR_LDAP_DATA_ERROR (error writing node service data user 'CN=test02,OU=Users,OU=corp,DC=corp,DC=kakao,DC=com (kakao)' attribute 'pwmData', error: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D77, comment: Error in attribute conversion operation, data 0, v2580]))

p.s. I'm very new to this server management. Thank you for helping me out again.

Jason Rivard

unread,

Jul 6, 2022, 12:37:29 AM7/6/22

to pwm-general

It's not going to work unless PWM can write to the pwmData attribute on the test user object in AD.

sofia(백선혜)

unread,

Jul 18, 2022, 10:01:29 PM7/18/22

to pwm-general

Thank you, Jason.

I'm adding a "pwmData" attribute to my AD schema. So I need to clarify its properties.

What kind of value will "pwmData" have ? Like string(Unicode), binary data, boolean, Integer, .. etc
- for the attributeSyntax and oMSyntax properties: Choose a syntax for the attribute. The syntax is determined by the combination of the oMSyntax and oMObjectClass attributes.
Will "pwmData" have a unique value ?
- for the isSingleValued property: Decide if the attribute is single or multi-valued. The isSingleValued attribute determines if the attribute is single or multi-valued.

Best Regards,

Sofia.

Jason Everling

unread,

Jul 18, 2022, 10:07:37 PM7/18/22

to pwm-g...@googlegroups.com

https://github.com/pwm-project/pwm/tree/master/webapp/src/build/ldif

From: pwm-g...@googlegroups.com <pwm-g...@googlegroups.com> on behalf of sofia(백선혜) <sofi...@kakaostyle.com>
Sent: Monday, July 18, 2022 9:01:29 PM
To: pwm-general <pwm-g...@googlegroups.com>
Subject: Re: [pwm-general] Cannot start job for Password Notification

To view this discussion on the web visit https://groups.google.com/d/msgid/pwm-general/9a26896c-3e7f-493b-ade9-bebd2e147d2en%40googlegroups.com.

Reply all

Reply to author

Forward