OptionSets Password Expiration Notification

[Giedrius Vaitiekus]

Hello,

I have configured option sets for user OUs. However, it doesn't seem that WebADM is sending password expiration alerts as configured "Alert Period" 10 days and "Alert Repeat" 1 day. 

I could not find find anything in the logs. I am not sure if I missed anything in order to enable OptionSets. I  unremarked optionsets_container "cn=OptionSets,cn=WebADM" in webadm.inf file, but no difference.

I feel I am missing something, but I don't know what. I've read documentation, but no luck yet.

Thank you in advance!

[Yoann Traut (RCDevs)]

Hello, 

Which LDAP directory are you using with WebADM? 

Regards

[Giedrius Vaitiekus]

I am using Windows 2019 AD, WebAdm 2.3.13.

Please stand by for updates. I don't have any users that have expiring passwords right now. Ones that did, they already changed their passwords.

I set "Alert Period" to max 30 days to expedite notifications.

I will keep you posted. Thanks again!

[Giedrius Vaitiekus]

I am still waiting for user input as some users fall within 30 days of password expiration.

Could you please tell me what log file would contain any information? I don't seem to be able to locate any emails sent within Webadm web GUI or Linux logs.

Thank you!

[Yoann Traut (RCDevs)]

Hello, 

That kind of alerts are triggered by the background jobs. 

Logs are available here:

/opt/webadm/logs/bgjobs.log

or from WebADM GUI > Databases > Background Job Log file

Alerts sent logs the following:

[2024-02-14 00:18:08] [3826060] Sent 1 alerts for 'CN=john,OU=SUPAdmins,DC=support,DC=rcdevs,DC=com' (password)
[2024-02-14 00:18:09] [3826060] Sent 1 alerts for 'CN=Test User Un,OU=Users,OU=WebADMs,DC=support,DC=rcdevs,DC=com' (password)
[2024-02-14 00:18:09] [3826060] Sent 1 alerts for 'CN=xrdp,OU=SUPAdmins,DC=support,DC=rcdevs,DC=com' (password)

Regards

[Giedrius Vaitiekus]

OK, I know Default Option setting is 10 days in advance, but I have changed it to 30 days and repeat at 1. There are 4 users whose password expires in less than 30 days - 5, 17, 17, and 13 days.

Only one user with 5 days expiration received email twice on 11th and 12th of February, no more alerts yesterday or today, and his password is expiring in 5 days.

Other users are not getting any alerts. They all are in the same OU OptionSet.

Really strange. Any ideas?

[Yoann Traut (RCDevs)]

Hello, 

In order to receive alerts, the users must be licensed. Is it the case in your setup for all users you are expecting to receive alerts?

Another point to receive alerts, the accounts must be provisioned with email value in "mail" or "othermailbox" attributs by default.

Regards

[Giedrius Vaitiekus]

We have just 9/25 users with our free license. I would think that all users should receive alerts under this because we meet the licensing requirements.

All users have email address set and they do receive email OTP as needed.

So I am not sure where and why alerts are not working as scheduled.

[Giedrius Vaitiekus]

Hello Yoann,

I rebooted both WebAdm and WAProxy servers. Background log file showed that alert was sent to all 4 users after reboot.

Interesting that reboot was needed in addition to OptionSet configuration. I had tried to restart just services before, but that did not help.

Thank you for your assistance!

[Yoann Traut (RCDevs)]

Hello, 

Ok let us know if your alerts are working as expected and yes as I said, alert are sent to licensed users only.

Regards

[Giedrius Vaitiekus]

Hi Yoann,

So I checked again today - no alerts sent to users. The last time alerts were sent it was on Wednesday, when I rebooted the server.

OptionSet is configured to send alerts every day, starting at 30 days. Alerts should have been sent to all users today as well.

And what makes a licensed user to get alerts? All those 4 people were sent alerts, and then next day alerts do not work. We are 9/25 active users.

Also, my own password expires in 29 days, but no alerts.

So there is something wrong with background job not sending alerts.

Please advise.

[Giedrius Vaitiekus]

Hi Yoann, 

Update. Alerts skipped one day, Thursday, but were sent on Friday. I received one too.

I will keep monitoring the log to see the frequency. Hopefully they will be sent now on a daily basis to all WebAdm users.

Thanks!

[Giedrius Vaitiekus]

Hello Yoann,

I just wanted to update you that after server reboot last week, all alerts are being sent to all users on the daily basis.

Reboot of the system fixed the issue.

Thank you for your time!

[Yoann Traut (RCDevs)]

Hello, 

Great to hear that everything is working now!

It seems that rebooting the system helped remove some old blocking alerts triggers. I encountered a similar situation with a customer earlier this week, where dropping the Redis database and rebooting the system resolved the issue.

Regards,

[Giedrius Vaitiekus]

Thanks for the update. It is still hit or miss. Alerts are sent out for few days then they skip and don't send.
Reboot the system again - alerts are sent again.

Really strange.

[Benoît Jager (RCDevs)]

Hello,

Can you clear the session cache using Admin→Clear Application Sessions & Work Data, and so re-check if mail are sent on a daily basis?

An alternate solution for clearing the session cache is to delete it on command line of the WebADM server:

rm /opt/webadm/temp/sessiond.dump

and restart WebADM:

/opt/webadm/bin/webadm restart

Can you provide a screenshot of “Application Status” of Home page of WebADM?

Kind regards

[Giedrius Vaitiekus]

Hi Benoit,

I cleared Application Sessions and Work data and restarted WebAdm. Yesterday, 02/25, no alerts were sent.

I am attaching screenshot and background log.

Giedrius

[Benoît Jager (RCDevs)]

Hello,

Can you downgrade to version 2.3.11 of WebADM, your issue was fixed in that version. You can do this using this archive install file:

https://repos.rcdevs.com/direct/Archived/webadm_all_in_one-2.3.11-x64.sh.gz

[Giedrius Vaitiekus]

Hi Benoit!

I will see what I can do and will let you know. 

Thanks!