[midPoint] All users expiring after a few days in 3.6 docker
Ivan Noris
ivan.noris at evolveum.com
Tue Jul 25 15:51:18 CEST 2017
Hi,
yes I think Pavol's commit just fixed it. I'm playing with system time
now but it looks good.
If you can upgrade to latest midpoint master, it should do the trick.
If you cannot and you cannot get in to modify the Default Password
Policy object, please use this workaround to get in:
1. stop Tomcat
2. in webapps/midpoint/WEB-INF/classes/initial-objects/ create a new
object (file) from 050-user-administrator.xml
(e.g. 999-user-admin1.xml)
3. in the 999-user-admin1.xml change the object oid and change at least
c:name values to e.g. admin1 and save
4. start Tomcat. It will automatically import the new object to repository.
After Tomcat is started you can login as admin1 (or whatever you used)
with default administrator password 5ecr3t (or whatever you used in
999-user-admin1.xml). Then modify the Default Password Policy or any
other policy you use - comment the <lifetime> section.
Be sure to change admin1 password immediately and remove the user from
midPoint AND from the initial-objects when not needed anymore.
Best regards,
Ivan
On 25.07.2017 14:42, Davy Priem wrote:
> Hi,
>
> During testing I also noticed there’s something weird with the password expiration. Installed a brand new Midpoint 3.6 (on mariadb) and few days later, passwords were expired too (even administrator). Maybe this is a bug?
>
> Best regards
> Davy Priem
>
>> Op 24 jul. 2017, om 23:15 heeft Kromhout, Ethan A. <ethan at unc.edu> het volgende geschreven:
>>
>> Hello,
>>
>> This question is specific to some recent builds I've been doing from the "valtri/docker-midpoint-mariadb" published docker image that has recently been updated to 3.6, and so may not be appropriate for this list, but I thought someone here might understand what setting or policy is causing what I'm seeing.
>>
>> Twice now I have done builds off of this image and everything has come up fine for me after some minor tweaks to the apache configuration, but after a few days, less than 5, all my users can no longer log in, and receive a " User doesn't have defined password." error in the GUI. I don't see anything interesting in the idm.log, but looking in the database I see entries like the below in m_audit_event.
>>
>> | 132 | http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user | 1500902355806-0-2 | 0 | 6 | localhost | administrator | 00000000-0000-0000-0000-000000000002 | password expired | DefaultNode | 3 | administrator | 0:0:0:0:0:0:0:1 | NULL | CFA0610ACB46DED269278A0012604BDE | NULL | NULL | NULL | NULL | NULL | 1500902355806-0-1 | NULL | 2017-07-24 13:19:15.000000 |
>>
>> So "password expired" in the message seems like it could be my problem. After this happened the first time, I noted that a difference between this docker image and ones built on the 3.5.1 docker image was that there was no password policy linked in the system configuration. I added one after a rebuild and was hopeful, but 5 days later all my accounts are locked again.
>>
>> I do not see this issue in another container that I built off of the 3.5.1 image, and manually upgraded to 3.6, so I don't think this has to do with 3.6, more likely some configuration I am missing.
>>
>> Thanks,
>>
>> Ethan
>>
>>
>> 6C2F 9067 96D4 AB4A 9621 4FEB 3069 4100 EBFB 55D1
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
--
Ivan Noris
Senior Identity Engineer
evolveum.com
More information about the midPoint
mailing list