So i want to disable the required password change for fist time users.
I am running this local, to test this out until it works, as i want it.
I have made an portal-ext file that contains the following:
company.security.auth.type=screenName
users.screen.name.allow.numeric=true
terms.of.use.required=false
users.reminder.queries.enabled=false
passwords.default.policy.changeable=true
passwords.default.policy.change.required=false
users.reminder.queries.custom.question.enabled=false
users.last.name.required=false
users.email.address.required=false
passwords.toolkit=com.liferay.portal.security.pwd.RegExpToolkit
passwords.regexptoolkit.charset=0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghilmnopqrstuv
passwords.regexptoolkit.length=8
passwords.regexptoolkit.pattern=.+
As you can see, i have already set the passwords.default.policy.change.required to false.
But when i login with a first time user, it still shows the "change password" screen, which it should not.
It NEEDS to be done from the portal-ext file, and not the control panel, since this file is going on multiply servers,
so its disabled on all. And future servers as well.
Anyone have an idea whats wrong, or what I'm needing ?
Thanks in advance
when you add the property
passwords.default.policy.changeable=true
It means allow user to change his password. On other hand when you set the property,
passwords.default.policy.change.required=false
It implies its mandatory for the user to change the password. Here, you are setting it false. So we should not get 'Change password' screen.
I would suggest try to remove changeable property from the portal-ext.property file.
passwords.default.policy.changeable=true
A further look at the liferay forum, i found a post about this, where a liferay staff posted this answer:
Unfortunately the default password policy is not something you can
configure in portal(-ext).properties so there's no way to disable it
that way.
It's therefore impossible to get the result I'm looking for.
Source
Blockquote
So i want to disable the required password change for fist time users. I am running this local, to test this out until it works, as i want it.
Blockquote
If you want to diseable change required for users password, just use this portal propertie:
passwords.default.policy.change.required=false
#Patrick R This is the portal-ext i use . See the screenshots of new user login in.Im not sure whether this will solve your issue or not.Please cross the check the properties.
#jdbc.default.jndi.name=jdbc/LiferayPool
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
jdbc.default.username=root
jdbc.default.password=root
soas.database.name=soasdb
soas.database.username=root
soas.database.password=root
soas.database.hostname=localhost
soas.database.connection=jdbc:mysql://localhost/soasdb?user=root&password=root
soas.servicepartner.name=localhost
json.service.auth.token.hosts.allowed=127.0.0.1
json.service.auth.token.enabled=false
jsonws.web.service.public.methods=*
jsonws.servlet.hosts.allowed=127.0.0.1
users.screen.name.validator=com.liferay.portal.security.auth.LiberalScreenNameValidator
ldap.base.provider.url= ldap://localhost:389
ldap.base.dn= dc=soas,dc=schoox
ldap.security.principal= cn=admin
ldap.security.credentials= blahblah
auth.pipeline.pre=com.liferay.portal.security.auth.LDAPAuth
ldap.auth.enabled=true
ldap.auth.required=false
ldap.password.policy.enabled=true
ldap.users.dn= dc=soas,dc=schoox
ldap.groups.dn= dc=soas,dc=schoox
ldap.import.enabled=true
ldap.import.interval=1
ldap.import.on.startup=true
ldap.import.method=group
ldap.import.group.search.filter.enabled=true
ldap.import.user.password.enabled=false
ldap.import.user.password.autogenerated=false
ldap.import.user.password.default=userPassword
ldap.user.mappings=screenName=uid\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
#ldap.user.mappings=screenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=cn\nlastName=sn
#ldap.user.mappings=screenName=displayName\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn
ldap.group.mappings=groupName=cn\ndescription=description\nuser=member
ldap.import.user.search.filter=(objectClass=inetOrgPerson)
ldap.import.group.search.filter=(objectClass=groupOfEntries)
ldap.auth.search.filter=(uid=#screen_name#)
axis.servlet.hosts.allowed=
axis.servlet.https.required=false
company.security.auth.type=screenName
search.container.show.pagination.top=false
setup.wizard.enabled=false
When a new user login
Terms and condition
Password Reminder
Successfull login
I agree with Olaf Kock. I'm currently working on a Liferay DXP 7.2 upgrade from 6.2 and I'm facing the same issue of having Change Password screen on first-time user login through Kerberos SSO.
I went through the addUserWithWorkflow method of Liferay codebase in UserLocalServiceImpl and I've also verified the database table for handling the Password Policy which has these columns for configuring Password Changeable and Change Required settings. During addUser for the first-time, passwordReset column in the Liferay table - User_ is set as 1 (true) if the columns in Password Policy is set to 1 (true). This is the reason why we see Change Password prompt after user login.
I understood that the only way to change this configuration through portal-ext.properties is when the Liferay is setup for the first time before the server startup otherwise, a DB patch has to be applied in the Liferay table - PasswordPolicy to set 0 (false) for the below columns.
changeable and changeRequired
Related
When I create a new record on the Service Request (SR) application (Maximo 7.6), I would like to set the required Reported Date (SR.REPORTDATE) field blank. Before save action, the user will input data into that field. I wonder how this could be done?
Thanks for the help.
If you look in Database Configuration to see if REPORTDATE has a Default Value, I think you'll find &SYSDATE& in there. If I'm right, then you can delete that default value, save your changes, and apply your changes. Otherwise, you'll need to do as #Dex suggested.
My mind immediately goes to an automation script. A default value control or the default value setting in Database Configuration may work too and is recommended before a script if you have the expertise to confirm or deny this theory.
As for the automation script, I think you can create one with an object launch point on SR on the "add" event. The script would simply set that field to null, which shouldn't change the "required" flag either, so the rest of your needs will still be met.
mbo.setValueNull("REPORTDATE");
Working in Nintex, I have a workflow that is kicked off when a form is saved. The workflow generates a PDF version of the Nintex form (we need actual signatures - digital in the future, fingers crossed). This is done by updating a word template, then converting to PDF.
When the word document is updated, the 'assigned to:' field is getting an AD account name instead of the user's First, Last name (which is expected). Now I'm trying to format it so it's more appropriate to the Hard Copy (in the Nintex form, it shows as Last, First).
I used a Query User Profile action, passed it the same variable I was using to hold the form's 'assigned to' value, and then used the drop down menu to choose the user profile variables I wanted (First, Last, also: username, account name, Distinguish name). All values are generating empty strings.
I've incrementally tried handing the values to variables that are of type String, Person, or Collection. I also handed it my username instead of the variable and set my account info for the login. I've always selected values, so I don't think it's a typo.
I'm at a loss... the workflow emails the user at the end, so it's getting the data. I hope that's enough info, I'm new to SP/Nintex so it could be a rookie mistake. Any help is appreciated.
Thank you!
I've seen issues where the User Profile Service properties have not been configured adequately, which leads to a lot of empty variables when running an LDAP Query action for AD attributes.
If this is the case, then one approach is to get the Farm admin (if you don't have access) to take a look at Manage User Profiles in Central Admin and see what AD attributes are mapped to the user profile. If mappings are changed you'll need to run a full sync to bring over the values. It can be inconsistent in my experience as well.
I have this small problem i am using open cart v 2.0.1.1 and when the user is logged in it shows my account with the drop down. I want to display the username of that particular user instead of " my account" can anyone help me with this problem?
in case of you don't know how start
(1) you will need to read this post How to become an open cart guru
(2) steps
you will need to pass the name of the customer in some variable to the template file by adding it to $data array in catalog/controller/common/header.php # class ControllerCommonHeader # function index
in the template file, change the part that checks whether the user is logged in or not, and add the passed customer name or the old header My Account depending on the branch
A user is not able to edit a form. The user had editor access and i've tried to replicate the issue using a test user and providing the same access as the user, but to no avail. I came across a link which told me that there is something called as additional ACL control in Lotus Administrator. I'm not sure if this actually can influence the editing privileges. I don't think that could be the problem. Anyway, please let me know if you can figure out the problem.
Additional info:
The user is a part of a distribution list(multipurpose group) and the group has editor access.
The default access to the form is Author, with a authors field in the form.
The user has 2 names mentioned in the names.nsf person document. An old name and a new name.
The required user roles are assigned to the group.
Let me know if you need additional info.
With Editor rights she should be able to edit. Please check her rights by placing a Computed Text with #UserAccess on the form.
Or if she is using a Notes client she can simply click the "Security" icon in the bottom toolbar of the Notes, near the right corner. It will open a dialog box telling what is her access level to the database.
A few things to check:
is the user listed explicitly in the ACL? If so, those rights will take precedence over any groups she's in.
check the authors field carefully. Best option is to look at the properties of the doc she's editing via the Notes client and examine the authors field in the dialog. That will let you see if any code altered the list of allowed authors. If she's an editor this shouldn't matter but based on the behavior you are seeing it sounds like she's acting as an author.
Make sure that the names in the authors fields are being stored in the canonical format and are not abbreviated or in common name. EG: using Herny Newberry/MyOrg does not work while using CN=Henry Newberry/O=MyOrg does.
The issue is solved. There was some problem with the user configuration. Thats the reason she was getting author access even though she was an editor. After reconfiguration of her Notes client, she'd able to edit the form now. Thanks to all of you for your help.
Although already answered and a solution found, it should be noted that user-names listed in the 'fullname' field of the NAB person record should list the current or 'newname' first as other names may not be recognized.
We are heavily using VirtualBox on our developer workstations. Since we share the images with other developers quite often, I have tried to automate this process as much as possible (cleaning up ap-get cache, removing tmp and log files...). We are using Ubuntu 11.10 with KDE 4.7.4, by the way.
Now I have stumbled over one little annoyance. At the login screen there is a user name prefilled and I could not figure out where this is stored. The problem is, if people get a VirtualBox image and don't realise that the pre-filled user name is not their own and enter their password a couple of time, they lock the said user on our LDAP.
Any idea where is this user name is stored, so I could remove it..?
By default, the login screen (KDM) will preselect the the last logged-in user and I'm not sure where it gets this information. However, you can configure KDM to always preselect the same user in /etc/kde4/kdm/kdmrc:
# Greeter config for all displays
[X-*-Greeter]
...
# Specify, if/which user should be preselected for log in.
# "None" - do not preselect any user
# "Previous" - the user which successfully logged in last time
# "Default" - the user specified in the DefaultUser option
# Default is None
PreselectUser=Default
# The user to preselect if PreselectUser=Default.
# Default is ""
DefaultUser=johndoe
...
Of course, you can set PreselectUser=None if you don't want to select any user.
On OpenSUSE 12.2 it is the /var/lib/kdm/kdmsts
# cat /var/lib/kdm/kdmsts
[PrevUser]
:0=user1
:1=user2
:2=user1