46 lines
2.8 KiB
HTML
46 lines
2.8 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="dc.language" scheme="rfc1766" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow"/>
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<title>Directory Server (LDAP) - Password policy-related errors</title>
|
|
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
|
|
<link rel="stylesheet" type="text/css" href="ic.css" />
|
|
</head>
|
|
<body>
|
|
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
|
|
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
|
|
|
|
<img src="delta.gif" alt="Start of change" />
|
|
<a name="rzahypwderrors"></a>
|
|
<h2 id="rzahypwderrors">Password policy-related errors</h2>
|
|
<p>When certain password policies are enabled, they can cause failures that
|
|
may not be obvious. Review the following for help in troubleshooting password
|
|
policy-related errors.</p>
|
|
<p><span class="bold">Bind with proper password fails with "invalid credentials":</span> The password may have expired or the account may be locked. Look at
|
|
the pwdchangedtime and pwdaccountlockedtime attributes of the entry as described
|
|
in <a href="rzahypwdpoltips.htm#rzahypwdpoltips">Password policy tips</a>.</p>
|
|
<p><span class="bold">Requests fail with "unwilling to perform" after a successful
|
|
bind:</span> The password may have been reset, in which case a bind will succeed,
|
|
but the only operation permitted by the server is for the user to change his
|
|
password. Other requests fail with "unwilling to perform" until the password
|
|
has been changed.</p>
|
|
<p><span class="bold">Authentication with a password that has been reset behaves
|
|
unexpectedly:</span>When the password has been reset, the bind request will
|
|
succeed, as described above. This means that a user may be able to authenticate
|
|
indefinitely using a reset password.</p><img src="deltaend.gif" alt="End of change" />
|
|
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
|
|
</body>
|
|
</html>
|