我正在使用 OpenAM 9.5.4 和 Open DJ 2.4.5,并且遇到“重置时强制更改密码”的问题
以下是我设置环境的步骤:
1) 向默认领域添加了密码服务:
- iplanet-am-password-reset-userValidate=uid
- iplanet-am-password-reset-searchFilter=objectclass=person
- iplanet-am-password-reset-baseDN=dc=opensso,dc-java,dc=net
- iplanet-am-password-reset-lockout-duration=0
- iplanet-am-password-reset-max-num-of-questions=5
- iplanet-am-password-reset-question=最喜欢的餐厅
- iplanet-am-password-reset-bindPasswd= * *
- iplanet-am-password-reset-failure-duration=300
- iplanet-am-password-reset-notification=com.sun.identity.password.plugins.EmailPassword
- iplanet-am-password-reset-lockout-attribute-name=inetuserstatus
- iplanet-am-password-reset-lockout-attribute-value=inactive
- iplanet-am-password-reset-lockout-warn-user=4
- iplanet-am-password-reset-bindDN=cn=openssouser,ou=opensso adminusers,dc=opensso,dc=java,dc=net
- iplanet-am-password-reset-lockout-email-address=
- iplanet-am-password-reset-user-personal-question=true RequiredValueValidator=com.sun.identity.sm.RequiredValueValidator
- iplanet-am-password-reset-force-reset=true
- iplanet-am-password-reset-failure-count=5
- iplanet-am-password-reset-failure-lockout-mode=true
- iplanet-am-password-reset-option=com.sun.identity.password.plugins.RandomPasswordGenerator
- iplanet-am-password-reset-enabled=true
2) 在 OpenDJ 中创建密码策略:
配置密码策略的属性
Property Value(s)
-------------------------------------------------------
1) account-status-notification-handler -
2) allow-expired-password-changes false
3) allow-user-password-changes true
4) default-password-storage-scheme Salted SHA-1
5) deprecated-password-storage-scheme -
6) expire-passwords-without-warning false
7) force-change-on-add false
8) force-change-on-reset true
9) grace-login-count 0
10) idle-lockout-interval 0 s
11) last-login-time-attribute -
12) last-login-time-format -
13) lockout-duration 0 s
14) lockout-failure-count 0
15) lockout-failure-expiration-interval 0 s
16) max-password-age 2 d
17) max-password-reset-age 0 s
18) min-password-age 0 s
19) password-attribute userpassword
20) password-change-requires-current-password false
21) password-expiration-warning-interval 1 d
22) password-generator -
23) password-history-count 0
24) password-history-duration 0 s
25) password-validator -
26) previous-last-login-time-format -
27) require-change-by-time -
28) require-secure-authentication false
29) require-secure-password-changes false
?) help
f) finish - apply any changes to the Password Policy
c) cancel
q) quit
3)创建了一个虚拟属性来将密码策略分配给一组用户:
配置用户定义的虚拟属性的属性
Property Value(s)
-----------------------------------------------------------------------
1) attribute-type ds-pwp-password-policy-dn
2) base-dn The location of the entry in the server is not taken
into account when determining whether an entry is
eligible to use this virtual attribute.
3) conflict-behavior real-overrides-virtual
4) enabled true
5) filter (objectClass=*)
6) group-dn "cn=Users,ou=groups,dc=opensso,dc=java,dc=net"
7) value "cn=OpenSSO Users Policy,cn=Password
Policies,cn=config"
?) help
f) finish - apply any changes to the User Defined Virtual Attribute
c) cancel
q) quit
4)创建用户
当我通过“重置密码”屏幕回答秘密问题时,我会收到重置密码的电子邮件。但是使用新密码(或旧密码)会给出“身份验证错误”
我在 OpenDJ 控制面板中查看了用户,“pwdReset”属性按预期从“false”更改为“true”。但是,如果我将其改回“false”,我会验证属性,但我不会被迫更改密码。
有没有其他人有这个问题?