ForgottenPassword failing with pwdAccountLockedTime: attribute type undefined

671 views
Skip to first unread message

Mark Nichols

unread,
Jul 4, 2017, 6:31:04 PM7/4/17
to pwm-general
I am trying to configure PWM 1.8 that was downloaded from http://www.pwm-project.org/artifacts/pwm/pwm-1.8.0-SNAPSHOT-2017-06-30T04:39:49Z-pwm-bundle.zip with Zimbra 8.7 using OpenLDAP.

I am using Ubuntu 16.04 for pwm. Most of the configuration is working, such as being able to reset a password from the profile manager in pwm. 

When attempting to reset a password with Forgotten Password, I am getting the following error in the /var/lib/tomcat8/logs/catalina.out

2017-07-04T21:50:55Z, ERROR, forgottenpw.ForgottenPasswordServlet, {229} 5046 ERROR_UNLOCK_FAILURE (unable to unlock user uid=cogeco-admin,ou=people,dc=zm-train,dc=com error: javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error code 17 - pwdAccountLockedTime: attribute type undefined]) 


The pwdAccountLockedTime attribute is not defined in Zimbra's OpenLDAP schema. Is this something I need to add?

If a user has forgotten a password, he has not necessarily locked his account and therefore may not need it unlocked. Regardless, just because a password is reset, the administrator may have locked the account for other reasons and therefore does not want it unlocked.


Any suggestions for a workaround? 



Mark Nichols

unread,
Jul 4, 2017, 9:21:23 PM7/4/17
to pwm-general
Update: I extended the Zimbra OpenLDAP schema to add the pwdAccountLockedTime attributetype and added a value for a new test user. The forgotpw code DID delete the attribute from the record but is still throwing an error. New error is:

2017-07-05T01:13:43Z, ERROR, forgottenpw.ForgottenPasswordServlet, {252} 5046 ERROR_UNLOCK_FAILURE (unable to unlock user uid=cogeco-test,ou=people,dc=zm-train,dc=com error: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - modify/delete: pwdAccountLockedTime: no such attribute]) 

2017-07-05T01:13:43Z, ERROR, http.PwmResponse, {252} 5046 ERROR_UNLOCK_FAILURE (unable to unlock user uid=cogeco-test,ou=people,dc=zm-train,dc=com error: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - modify/delete: pwdAccountLockedTime: no such attribute]) 

andremi...@gmail.com

unread,
Oct 1, 2017, 6:23:01 PM10/1/17
to pwm-general
Any news on this? i run into the same error and in the delivered schema is no pwdAccountLockedTime: attribute

Message has been deleted

jfr...@gmail.com

unread,
Jan 5, 2018, 12:34:16 PM1/5/18
to pwm-general
1. Any head ways on the pwdAccountLockedTime error if any can you share.
2. How were you able to extend zimbra's schema to include pwdAccountLockedTime.
Thanks
Reply all
Reply to author
Forward
0 new messages