Topic
  • 7 replies
  • Latest Post - ‏2013-02-07T18:53:13Z by SystemAdmin
BalajiVuppuluri
BalajiVuppuluri
87 Posts

Pinned topic Managing force change password attribute in AD Account through ITIM

‏2012-06-24T07:32:53Z |
HI All,

I have a problem going on.

I am trying to set erForceChangePassword attribute to true on AD password change operation.
Every time I try to set some value to it, ITIM returns an error message stating password cannot be set.

Any suggestion as to how to solve it or what could have gone wrong ??

Thanks all!!!
Updated on 2013-02-07T18:53:13Z at 2013-02-07T18:53:13Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: Managing force change password attribute in AD Account through ITIM

    ‏2012-06-24T11:19:48Z  
    Please take a look here : http://www.catb.org/~esr/faqs/smart-questions.html

    You really need to show what you are doing also - not only your goal - remember that we do not know anything about setup unless you tell us....

    Are you doing this in the workflows or in provisioning policy or just an account modify ?
    What is the output from the logs ?

    Try to as specific as possible - it makes it much more likely you will get a good answer soon.

    HTH

    Regards
    Franz Wolfhagen
  • BalajiVuppuluri
    BalajiVuppuluri
    87 Posts

    Re: Managing force change password attribute in AD Account through ITIM

    ‏2012-06-25T11:22:41Z  
    Please take a look here : http://www.catb.org/~esr/faqs/smart-questions.html

    You really need to show what you are doing also - not only your goal - remember that we do not know anything about setup unless you tell us....

    Are you doing this in the workflows or in provisioning policy or just an account modify ?
    What is the output from the logs ?

    Try to as specific as possible - it makes it much more likely you will get a good answer soon.

    HTH

    Regards
    Franz Wolfhagen
    Hi Franz,

    logs are all green,
    I initially had an error message stating password does not comply the rules,
    I was setting erADForceChangepassword attribute to false.

    I changed the code and tried to put it as -1.

    I dont have any errors, but the the values are not being set.

    I am doing this in the workflows.

    Thanks,
    Balaji V.
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: Managing force change password attribute in AD Account through ITIM

    ‏2012-06-25T11:57:23Z  
    Hi Franz,

    logs are all green,
    I initially had an error message stating password does not comply the rules,
    I was setting erADForceChangepassword attribute to false.

    I changed the code and tried to put it as -1.

    I dont have any errors, but the the values are not being set.

    I am doing this in the workflows.

    Thanks,
    Balaji V.
    You are still expecting to much mind reading :-) - but anyhow....

    So based on the assumption that this is done in the entity change password operation you should set the erADForceChangepassword to "true" (if you want to force a password change after a password change in ITIM)

    Take a look at this (rather old - but still good) document : http://www-01.ibm.com/support/docview.wss?uid=swg21191422&aid=1

    The reason for the password failure you should be able to find in the AD Adapter log (and no - there is no such thing as "logs are all green" - either they report something or report nothing - and "logs" is very unspecific - you need to state the individual logs e.g. trace.log, WAS systemout.log etc. - the important log here is the AD Adapter log).

    HTH

    Regards
    Franz Wolfhagen
  • BalajiVuppuluri
    BalajiVuppuluri
    87 Posts

    Re: Managing force change password attribute in AD Account through ITIM

    ‏2012-06-25T14:45:59Z  
    You are still expecting to much mind reading :-) - but anyhow....

    So based on the assumption that this is done in the entity change password operation you should set the erADForceChangepassword to "true" (if you want to force a password change after a password change in ITIM)

    Take a look at this (rather old - but still good) document : http://www-01.ibm.com/support/docview.wss?uid=swg21191422&aid=1

    The reason for the password failure you should be able to find in the AD Adapter log (and no - there is no such thing as "logs are all green" - either they report something or report nothing - and "logs" is very unspecific - you need to state the individual logs e.g. trace.log, WAS systemout.log etc. - the important log here is the AD Adapter log).

    HTH

    Regards
    Franz Wolfhagen
    Thanks Franz for ducument,

    My implimentation is almost same.

    By green I meant there is nothing in logs.
    everything shows as successfull (in ITIM trace).

    at ITIM Account profile, forchangepassword is being even set top true but not being updated at AD platform.

    in Adapter logs, I do not see any error either.

    THanks,
  • jmdennis
    jmdennis
    52 Posts

    Re: Managing force change password attribute in AD Account through ITIM

    ‏2012-06-27T20:56:06Z  
    Thanks Franz for ducument,

    My implimentation is almost same.

    By green I meant there is nothing in logs.
    everything shows as successfull (in ITIM trace).

    at ITIM Account profile, forchangepassword is being even set top true but not being updated at AD platform.

    in Adapter logs, I do not see any error either.

    THanks,
    Try increasing the adapter logging to debug and ensure that the adapter is actually trying to set the value for erADForceChangepassword to true.

    jdennis
  • BalajiVuppuluri
    BalajiVuppuluri
    87 Posts

    Re: Managing force change password attribute in AD Account through ITIM

    ‏2012-07-04T12:15:40Z  
    • jmdennis
    • ‏2012-06-27T20:56:06Z
    Try increasing the adapter logging to debug and ensure that the adapter is actually trying to set the value for erADForceChangepassword to true.

    jdennis
    Thanks Dennis,

    It was actually my code issue.
    Got it resolved.
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: Managing force change password attribute in AD Account through ITIM

    ‏2013-02-07T18:53:13Z  
    Thanks Dennis,

    It was actually my code issue.
    Got it resolved.
    what you mean by code issue. can you provide more details.

    we are also planning to implement this.