cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Learn all about the Community Ranking System, a fun gamification element of the PTC Community. X

Working with WC Pwd Policy (Pwd Expiration)

Go to solution
srammohan
1-Newbie
1-Newbie
‎Apr 01, 2014 02:59 AM
‎Apr 01, 2014 02:59 AM

Working with WC Pwd Policy (Pwd Expiration)

Dear Guys,

Assume a case where where WC is not integrated with AD , and the pwd policy management policy (Pwd Auro-Expiration for 1 month ) is set up in Windchill-DS . When a users fails to change the pwd , his account is automatically locked. And it causes an over-head for the Admin tochange the pwd for the failed users(s) .. is there a way to downsize the effort ? meaning like sending mail with random pwd to the Users automatically after the pwd expiration ?

Any other suggestions or ideas pls ?

Regards,

Sriram Rammohan


Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
ChrisSpartz
12-Amethyst
12-Amethyst
(To:srammohan)
‎Apr 02, 2014 01:46 PM
‎Apr 02, 2014 01:46 PM

WindchillDS is just a customized version of OpenDS (for Windchill 9.1, 10.0, and 10.1) or OpenDJ (10.2). Below are links to the documentation for these softwares:
OpenDS:
http://docs.oracle.com/cd/E19476-01/

OpenDJ:

https://wikis.forgerock.org/confluence/display/OPENDJ/OpenDJ+Documentation

These links contain more indepth info on the capabilities of the software than what is in the WindchillDS Admin Guide. You can take a look through the documentation to see if OpenDS/DJ is capable of what you're looking for.

Though, as far as I know, these softwares aren't capable of fully atuomating the procedure you describe. OpenDS/DJ do include a random password generator. But, I haven't been able to find a way to automatically trigger the random password generator every time a user's password expires. The other problem is sending the random password to the user. OpenDS/DJ can be configured to send out notifications to users letting them know of a password reset. And these emails can be confiured to include the values of certain attribues. But, the problem is that the value of the userPassword attribute is encrypted, so the password won't be sent in plain text.

You could automate this procedure by adding some of your own custom code. For example, OpenDS/DJ can be configured to send out JMX notifications on a password expiration. You could write something that listens for this JMX notification, and automaticaly runs a reset using the random password generator on that account. Then, it would take the random password returned by the reset, and send this out to the user.

View solution in original post

Notify Moderator
4 REPLIES 4
ChrisSpartz
12-Amethyst
12-Amethyst
(To:srammohan)
‎Apr 02, 2014 01:46 PM
‎Apr 02, 2014 01:46 PM

WindchillDS is just a customized version of OpenDS (for Windchill 9.1, 10.0, and 10.1) or OpenDJ (10.2). Below are links to the documentation for these softwares:
OpenDS:
http://docs.oracle.com/cd/E19476-01/

OpenDJ:

https://wikis.forgerock.org/confluence/display/OPENDJ/OpenDJ+Documentation

These links contain more indepth info on the capabilities of the software than what is in the WindchillDS Admin Guide. You can take a look through the documentation to see if OpenDS/DJ is capable of what you're looking for.

Though, as far as I know, these softwares aren't capable of fully atuomating the procedure you describe. OpenDS/DJ do include a random password generator. But, I haven't been able to find a way to automatically trigger the random password generator every time a user's password expires. The other problem is sending the random password to the user. OpenDS/DJ can be configured to send out notifications to users letting them know of a password reset. And these emails can be confiured to include the values of certain attribues. But, the problem is that the value of the userPassword attribute is encrypted, so the password won't be sent in plain text.

You could automate this procedure by adding some of your own custom code. For example, OpenDS/DJ can be configured to send out JMX notifications on a password expiration. You could write something that listens for this JMX notification, and automaticaly runs a reset using the random password generator on that account. Then, it would take the random password returned by the reset, and send this out to the user.

Notify Moderator
srammohan
1-Newbie
1-Newbie
(To:ChrisSpartz)
‎Apr 03, 2014 05:02 AM
‎Apr 03, 2014 05:02 AM

Thanks a lot for the details & suggestion Chris , Lots of take aways for me from your post

Sriram R

0 Kudos
Notify Moderator
mdebower
18-Opal
18-Opal
(To:ChrisSpartz)
‎Oct 20, 2015 02:06 PM
‎Oct 20, 2015 02:06 PM

Chris,

What about sending out a warning to the users before the password expires?   It looks like WindchillDS should be able to do that, but I haven't been able to get it to work...   Is it possible?

-marc

CAD / PLM Systems Manager

0 Kudos
Notify Moderator
ChrisSpartz
12-Amethyst
12-Amethyst
(To:mdebower)
‎Oct 21, 2015 03:17 PM
‎Oct 21, 2015 03:17 PM

Yes, it's possible to configure WindchillDS to send out email notifications on password policy events. See the below article for instructions:
https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS125304

0 Kudos
Notify Moderator
Top Tags