I'm newbie to OpenLDAP. I have done a bit of research on the above topic and so far couldn't find a satisfactory answer. I would appreciate if anyone can show me how to enable/disable/remove a user account in OpenLDAP.
admin changing user's password is not a good idea. it has several side effects:
it will cause a login failure.
it's not easy to re-enable user
I like the solution to add a ACL of userPassword attribute, see the solution here: acl control userPassword
it's clean and effective.
Disable: using the password-policy overlay, set pwdAccountLockedTime.
Enable: clear or remove the above attribute.
Remove: remove the entry for the user from the DIT.
The simplest way for an admin to disable an account is to change the password.
the account could be easily re-activated by giving the user the password and ask the user to change.
Related
does anyone know which "Profile / Role" user allows changing the validity of lots/products when using MIGO tcode?
How can I denied specific users from doing it without the user-exit?
best regards
SOLVED. I have created a specific role and whoever has that role I use user-exit exit_sapmm07m_001 that display (e) message. Thanks, everyone
I think i get the whole password hashing and verifying login as I got it working with php. however I need an answer and some advise and I dont mean dont eat yellow snow!! :)
I want to store the passwords of users in a hashed format, however I have a need where by I need to be able to see or use given password so I can help the customer fix there issues as a technician.
Now passwords are first created by my system then issued to customer, however users have the choice to change their passwords if they so wish.
username is also created by system.
Now that being said:
I had 2 thoughts both of which I have no idea how to do so some pointer or an answer would be great.
idea 1:
is to have a button on my site to show only the technicians the user password on demand. so they can copy and paste to the site.
Idea 2:
I was also thinking that rather than see the password. I could have some way to transfer the password into the site to create an auto login into the website.
So technician would have a button that they press and the password is sent to the site to auto login with the hashed password.
Thanks in advance.
To give technicians access to a user account, there is no need to know the users plaintext passwords. It is the job of your application to restrict access, so you can create an admin role which is able to impersonate a user.
Making passwords recoverable weakens the security of your site immensly.
Disclaimer: This is more of an Auth0 Lock question--there isn't an "Auth0-Lock" tag yet, if someone with 1500+ rep wants to create one.
Anyone know how or if there is a way to make it so Lock does not show the email/username and password fields on the login tab, as well as the email, username, and password fields on the Sign Up tab?
I figured it out. The search results from Auth0's site took me to old documentation.
Solution:
the OPTIONS object you can pass into the lockProvider accepts a property called "allowedConnections", which is an array of string values. I just had to list the connection options I wanted to be ALLOWED rather than letting it show all the connections I have available for the app.
Documentation for Lock v10:
https://auth0.com/docs/libraries/lock/v10/customization#allowedconnections-array-
The follow allows users to log in but not to sign up with a username/password:
manage.auth0.com
Connections
Database
Username-Password-Authentication
Settings
Disable Sign Ups
Is it possible, with Youtrack 6.x, to:
enforce a password minimal complexity for all user accounts ?
reset all passwords at once ?
So far, I'm only able to change passwords, one user at a time.
Such functionality is not available in YouTrack.
I have SugarCRM running and able to log in and out using the super admin account. I created a new user with type Regular User and defined it password because I unchecked the auto generation of password.
Even if I change the password through the database I cannot log in. But, if I changed the the type to Administrator that user can now login. Why is that? I want it to be a Regular User only.
Regards,
Ronel
In version 6.5.x I have found that there is a problem with password rules. Perhaps this is the case. Go to config.php and look at passwordsetting array. There is a minpwdlenght and a oneupper. Change 'oneuppper' to 'false' and match minpwdlenght to the lenght you want.
This solved my issue.