Environment
Self Service Password Reset
SSPR 2.0
SSPR 3.X
SSPR 3.X
Situation
The following error is returned after changing password in SSPR:
An error occurred while unlocking your account. Please contact your administrator. {5046 ERROR_UNLOCK_FAILURE (unable to unlock user <name> error: error writing to lockedByIntruder: [LDAP: error code 16 - NDS error: no such value (-602)]) }
Intruder Lockout is not set for the user in eDirectory.
Intruder Lockout is not set for the user in eDirectory.
Resolution
Make sure the pwmproxy user has modify rights to the following attributes:
lockedByIntruder
loginIntruderResetTime
loginIntruderAttempts
Additional Information
Rights can be granted manually, or by re-running the edirectory-rights.ldif file after appending the following:
# Grant rights to the users container for the proxy user
dn: ou=USERS,o=O
changetype: modify
add: ACL
ACL: 7#subtree#cn=PwmProxy,ou=OU,o=O#lockedByIntruder
# Grant rights to the users container for the proxy user
dn: ou=USERS,o=O
changetype: modify
add: ACL
ACL: 7#subtree#cn=PwmProxy,ou=OU,o=O#loginIntruderResetTime
# Grant rights to the users container for the proxy user
dn: ou=USERS,o=O
changetype: modify
add: ACL
ACL: 7#subtree#cn=PwmProxy,ou=OU,o=O#loginIntruderAttempts