Some Active Directory users are unable to login to Vibe when a password expiration policy is enforced

  • 7023145
  • 02-Jul-2018
  • 02-Jul-2018

Environment

Micro Focus Vibe 4.0.4
Micro Focus Vibe 4.0.3
Micro Focus Vibe 4.0.2
Novell Vibe 4.0.1
Novell Vibe 4.0

Situation

When Vibe is configured with Active Directory(AD) for LDAP authentication and a password expiration policy is enforced in AD, some users are unable to login to Vibe even when their password has not yet expired. This situation occurs when a default password expiry is set on the AD domain level, but a different (less restrictive) policy is set on a group through a Group Policy Object (GPO) in AD. Vibe LDAP only sees the domain level policy and ignores the group level policy.

For example:
If you have a AD system where the domain level password expiry policy is set at 40 days but all users are members of a group that is subject to a GPO that sets maximum password age to 90 days.  After 40 days a user will not be able to login Vibe anymore and appserver.log will show that the password for the specific user has expired. If the password is changed in AD, the user can once again login Vibe.

Resolution

A fix for this issue is available for Vibe 4.0.4. Please contact Micro Focus Customer Care with reference to this TID for further assistance.