Unlock a user object in HPUX LDAP Directory Server

Question

I am accessing the HP UX directory server through my java code, for reset & unlock a locked out user account in the Directory server.

Here is my code for user account password reset.

openConnection(details);

loadUserInformation((String)details.get("END_USER_NAME"));

ModificationItem[] mods = new ModificationItem[1];

Attribute mod0 = new BasicAttribute("userpassword", (String)details.get("NEW_PASSWORD"));

mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0);

connection.modifyAttributes(user, mods);

closeConnection();

But I can't do the account unlock for the given user because I can't find the LDAP attribute for account lockout in my LDAP browser.

score 2 · Accepted Answer · answered Oct 12 '12 at 08:29

2

Looks like HPUX Directory server is a clone of Red hat Directory server.

First, which unlock are you trying to perform? An account could be locked by different aspects depending on how you have setup your password policy.

If the account is intruder detected lockout, then you need to perform the following operation:

dn: uid=scarter,ou=people,dc=example,dc=com
changetype: modify
delete: passwordRetryCount
-
delete: accountUnlockTime

-jim

answered Oct 12 '12 at 08:29

jwilleke

10,467
1
30
51

Thanks. I am looking for the account lockout which is caused by the bad password tries. Need to work access the directory server through java, so can you please elaborate which attribute will present if an account is locked and what to do with the attribute to unlock the account... – Arun Oct 12 '12 at 10:30
I do not have a HPUX available (or RedHat) but I would look for the attribute mentioned above. (passwordRetryCount and accountUnlockTime) – jwilleke Oct 13 '12 at 08:17
Thanks all i have completed the unlock issue in HPUX i have met with the configuration issues in the server now its working in java. Thanks all – Arun Oct 19 '12 at 12:15

score 1 · Answer 2 · answered Oct 19 '12 at 12:20

The correct answer is to configure the password policies first then configure subtree level or user based password policies and account lockout policies then make a user account get locked and try the following code will unlocks a locked out account.

ModificationItem[] mods = new ModificationItem[2];
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("passwordRetryCount"));
mods[1] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE, new BasicAttribute("accountUnlockTime"));
connection.modifyAttributes(user, mods);

score 0 · Answer 3 · answered Oct 11 '12 at 12:47

0

The entry's object class(es) define which attributes are allowed. You should lookup the entry's object class and try to find the correct attribute from there.

answered Oct 11 '12 at 12:47

Rein

478
3
3

Ya it shows some attributes but if i try to access them or change them through the above code that throws null pointer exception ? :( – Arun Oct 11 '12 at 12:54
Can you try to edit the attribute using some kind of LDAP editor, for example Apache Directory Studio (http://directory.apache.org/studio/)? – Rein Oct 11 '12 at 12:59
The entry's object classes do *not* define the operational attributes, which is what the question is about, and specifically not the password-policy operational attributes. – user207421 Dec 16 '16 at 07:56

Unlock a user object in HPUX LDAP Directory Server

3 Answers3