Account Information from Active Directory
246 views
Skip to first unread message
Alberto Zeledon
May 2, 2013, 8:48:56 AM5/2/13
to pwm-g...@googlegroups.com
I need to have our users display their Account Information. I did make changes to the private/userinfo.jsp to reflect the sAMAccountName attribute using pwm:LdapValue explained in another post. That worked great. Now I am faced with a dilemma: The "Password Expiration Time" field shows n/a as it should based on the field is attempting to retrieve that information from. The problem is that Active Directory does not store that information anywhere, it actually calculates the password expiration tile based on pwdLastSet attribute which is a little complicated because it is a huge number of nanoseconds since 01/01/1601, then it calculates that number against the pwdMaxAge.
Has anybody created this calculation in the userinfo.jsp? can someone share that code? or does anybody has another suggestion as to how to display an accurate "Password Expiration Time" while pulling data from Active Directory's LDAP???
thanks
AL
Jerah Cameron
May 2, 2013, 1:21:18 PM5/2/13
to pwm-g...@googlegroups.com
Hi AL,
I'm sorry, I don't have code examples but I'll likely be doing the same thing once I get my environment up and running. My question for you though is, can you tell me the exact steps you took to create your self-signed cert on your DC, then to get it over to your pwm server, importing it into the java store database and getting it to bind successfully? I've been trying to get it all configured for about a week now, and am just continuing to have no luck. It seem's like the users on here who are using AD have been able to do it so easily. Anything would help at this point. Thank you!!
~Jerah
azel...@boomi.com
May 6, 2013, 3:40:59 PM5/6/13
to pwm-g...@googlegroups.com
Well....I don't really have the step by step "exporting self signed certificate" from the DC but I remember googling it and I had TONS of answers. I did have to convert the cert to .pem which I remember finding an online converter then I followed VERY CAREFULLY the instructions in the PWM Administrator's Guide, the section on "Secure LDAP Connection". That should get you going
Cheers
AL
Cheers
AL
Jerah
May 6, 2013, 3:43:22 PM5/6/13
to pwm-g...@googlegroups.com
Sounds great! Thanks Al. Do you remember if you had to extend your schema?
--
You received this message because you are subscribed to a topic in the Google Groups "pwm-general" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pwm-general/blD692UOlp4/unsubscribe?hl=en-US.
To unsubscribe from this group and all its topics, send an email to pwm-general...@googlegroups.com.
To post to this group, send email to pwm-g...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/pwm-general/-/ccFwSFo3ZboJ.
For more options, visit https://groups.google.com/groups/opt_out.
Alberto Zeledon
May 6, 2013, 4:00:44 PM5/6/13
to pwm-g...@googlegroups.com
No, I did not have to do that....I rather leave the schema untouched
You received this message because you are subscribed to the Google Groups "pwm-general" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to pwm-general...@googlegroups.com.
Menno Pieters
May 6, 2013, 4:36:36 PM5/6/13
to pwm-g...@googlegroups.com
I do not know how to create a certificate in AD, but do know how to export it:
- Open C:\Windows\System32\certmgr.msc
- Go to Trusted Root Certification Authorities > Certificates
- Select the certificate (CA) you wish to export
- Double click the certificate
- In the new window go to the Details tab
- Click "Copy to File..."
- Click Next, select "Base-64 encoded X.509 (.CER)" and click Next again
- Enter a location and name for the file and click Next again and finally Finish.
Now you have a file with a PEM encoded certificate, say e.g. C:\Temp\MyCA.cer.
To add this to your JDK's cacerts, go to the directory where the cacerts resides, like e.g.:
C:\Program Files\Java\jdk1.6.0_43\jre\lib\security\cacerts
Here, enter the command:
keytool -import -keystore cacerts -alias "My AD CA" -file C:\Temp\MyCA.cer -storepass changeit
You may want to repeat this for the JRE in e.g. C:\Program Files\Java\jre6\lib\security\cacerts.
Now restart the Tomcat instance that PWM uses.
Again, note that the latest build have a wizard in the configuration editor to import the certificates of all connected LDAP servers automatically.
Regards,
Menno
Jerah
May 6, 2013, 4:39:03 PM5/6/13
to pwm-g...@googlegroups.com
And you were able to write to AD successfully? Did you have to give any 'special' permissions to an user?
Jerah Cameron
http://about.me/jerahcameronReply all
Reply to author
Forward
0 new messages