Dear
when i use the new Self-Service Password Recovery for a user over the “pwdresetsample.nsf” i get a error message on the server
HTTP Server: Agent ‘User Password Reset agUserPasswordReset’ error: ResetUse
Agent containing ResetUserPassword method must be signed by a designated Password Resetter.
I have signed the agent with a designated user-id, wich has rights to reset password in id-vault.
The user have right to “RUN Restricted Agents”.
What are the problem with this agent ?
Thank you
Max
Subject: Is the ID used to sign the agent in a different OU than the server on which the application runs?
If so, we recently fixed this problem (SPR# JKAH7KXSZU).
For example:
Users whose password is being reset is in /usr/org (hedy/green/apple)
Password reset authority (agent signer) is in /signer/org (pw/singer/apple)
Server where the agent runs is in /srv/org (nik/fan/apple)
There is a vault trust cert for users in /green/apple
There is a pw reset certificate for pw/singer/apple
There is a pw reset certificate for nik/fan/apple
If this is not the problem, can you confirm that you followed all the following steps to configure the agent?
An IBM® Lotus® Domino® server comes with the application “Sample Web Agent - Reset User Password” (PwdResetSample.nsf). The application contains a sample LotusScript® agent called UserPasswordReset that enables users with IDs stored in an ID vault to reset their IBM® Lotus® Notes® passwords from a browser. A user who has forgotten his or her Notes password might do this to specify a new one.
This application is intended as an example for you to customize to suit your needs. By default, users use their HTTP passwords to log into a Domino Web server in the domain that is authorized to run the agent. The agent code also provides examples of setting up the agent not to require HTTP authentication or to allow users to specify the number of ID downloads they are allowed for ID recovery.
To set up the sample application:
Give at least Editor access to the vaulted users who will use the application to reset their passwords. One way to do this is to ensure that the -Default- entry has Editor access.
Give Manager access to the name of the Notes ID that will be used to sign the agent in the next step.
Click Code - Agents and then double-click.
With the UserPasswordReset agent selected, click Sign.
Decide which server or servers in the Domino domain to allow to run the agent on behalf of the agent signer specified in Step 2. Then in the Server document of each in the Domino Directory, give the name of the agent signer “Run restricted LotusScript/Java agents” access. A server does not have to be a vault server to run the agent.
Copy the signed PwdResetSample.nsf to the data directory of each server that will run it.
Assign “Self-service password reset authority” to the following names:
The name that signed the agent in Step 2.
The names of each server you allowed to run the agent in Step 3.
Specify instructions to display when users click “Forgot your password?” during Notes login.
Run the HTTP task on each server that is allowed to run the agent.
Users whose IDs have been uploaded to the vault can now perform the following steps to reset their Notes passwords:
http:///PwdResetSample.nsf
Log in to the HTTP server.
In the Reset User Password window, type and confirm a new password, then click “Reset My Password.”
Subject: Same problem with ResetUserPassword here
I’m also having the same problem with the ResetUserPassword method. Notes Admin/XXX is using a custom Notes client app (not a browser app) to reset the password of John Smith/USERS/XXX. The code calls an agent (via the RunOnServer method) that has a call to the ResetUserPassword method. The agent has a runtime security level of 3. The server is running Domino 8.5.1 under Windows 2008 R2 64-bit. The key lines in the code are as follows:
Print "Owner is " & agent.Owner
Call session.ResetUserPassword(nameServer.Canonical, nameWho.Canonical, docParam.NewPassword(0))
The log is showing the following
30/03/2010 11:17:37 AM Agent printing: Owner is CN=Notes Admin/O=XXX
30/03/2010 11:17:37 AM Agent ‘Run ResetUserPassword’ error: ResetUserPassword Failed:
Agent containing ResetUserPassword method must be signed by a designated Password Resetter.
In the NAB, I have three Password Reset Certificates issued to Notes Admin/XXX, one for /XXX, another for /USERS/XXX, the third for /SERVERS/XXX. I also have three corresponding Vault Trust Certificates, issued to /VaultOne.
Notes Admin/XXX is Manager of VaultOne and has the [Auditor] role. He is able to reset passwords via the Administration client without issue.
Anyone able to shed any light on this?
Subject: Problem resolved
I solved the problem by checking the “Password reset agent authority” checkbox in the Authority To Reset Passwords dialog next to the name of the password reset authority. It wasn’t enabled by default.