[midPoint] All users expiring after a few days in 3.6 docker

Pavol Mederly mederly at evolveum.com
Tue Jul 25 15:34:39 CEST 2017


Hello Davy,

yes, it is a bug. Fixed today.

If I am not mistaken, a workaround (if you cannot upgrade midPoint to 
master branch now) is to remove deprecated password expiration 
information from the default password policy. And (if needed) use 
password lifetime settings in the security policy 
(https://wiki.evolveum.com/display/midPoint/Security+Policy+Configuration#SecurityPolicyConfiguration-Configuringpasswordrelatedpolicies).

We should fix our initial objects to avoid using deprecated features in 
them (MID-4085 <https://jira.evolveum.com/browse/MID-4085>).

Pavol Mederly
Software developer
evolveum.com

On 25.07.2017 14:42, Davy Priem wrote:
> Hi,
>
> During testing I also noticed there’s something weird with the password expiration. Installed a brand new Midpoint 3.6 (on mariadb) and few days later, passwords were expired too (even administrator). Maybe this is a bug?
>
> Best regards
> Davy Priem
>
>> Op 24 jul. 2017, om 23:15 heeft Kromhout, Ethan A. <ethan at unc.edu> het volgende geschreven:
>>
>> Hello,
>>
>> This question is specific to some recent builds I've been doing from the "valtri/docker-midpoint-mariadb" published docker image that has recently been updated to 3.6, and so may not be appropriate for this list, but I thought someone here might understand what setting or policy is causing what I'm seeing.
>>
>> Twice now I have done builds off of this  image and everything has come up fine for me after some minor tweaks to the apache configuration, but after a few days, less than 5, all my users can no longer log in, and receive a  " User doesn't have defined password." error in the GUI. I don't see anything interesting in the idm.log, but looking in the database I see entries  like the below in m_audit_event.
>>
>> | 132 | http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user | 1500902355806-0-2 |          0 |         6 | localhost      | administrator | 00000000-0000-0000-0000-000000000002 | password expired | DefaultNode    |       3 | administrator | 0:0:0:0:0:0:0:1   | NULL   | CFA0610ACB46DED269278A0012604BDE | NULL       | NULL      | NULL            | NULL           |       NULL | 1500902355806-0-1 | NULL    | 2017-07-24 13:19:15.000000 |
>>
>> So "password expired" in the message seems like it could be my problem. After this happened the first time, I noted that a difference between this docker image and ones built on the 3.5.1 docker image was that there was no password policy linked in the system configuration. I added one after a rebuild and was hopeful, but 5 days later all my accounts are locked again.
>>
>> I do not see this issue in another container that I built off of the 3.5.1 image, and manually upgraded to 3.6, so I don't think this has to do with 3.6, more likely some configuration I am missing.
>>
>> Thanks,
>>
>> Ethan
>>
>>
>> 6C2F 9067 96D4 AB4A 9621  4FEB 3069 4100 EBFB 55D1
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170725/708867d3/attachment.htm>


More information about the midPoint mailing list