000014829 - AxM - How to view account lockout status/changes in AxM Logs

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014829
Applies To Access Manager 6.x 
The optional objectclass ctscUserAuxClass is being used in ldap.conf.  This objectclass provides additional optional attributes to control password policies.  They can be used in place of similar attributes provided by the datastore itself.
IssueAxM - How to view account lockout status/changes in AxM Logs
In the use case of an AxM user account being automatically locked out:

1) Is this logged anywhere?
2) Where is it logged?
3) What is logged ?
4) Is any special logging level required to see this activity? 
ResolutionGiven the appropriate datastore and objectclass are in use, lockouts will be recorded in the AServer logs when the aserver.log level is set to 20 via the parameter cleartrust.aserver.log.level=20:

sequence_number=7,2009-09-15 11:11:04:546 EDT,messageID=1001,user=testuser1,result_code=0,result_action=Authentication Failure,result_reason=Administrative Lockout
NotesAs long as the current time exceeds the time the account was locked out by the password policy auto unlock time then the lock is reset and the user is authenticated.
When an administrator manually unlocks a user, it is recorded in the eserver logs, a sample looks like:

sequence_number=63,2009-09-15 14:37:54:578 EDT,conn=0,op=61,eventID=1062,messageID=701,ip=127.0.0.1,uname=admin,urole=Default Administrative Role,msg=Modify user,msgtype=MODIFY,result=0,etime=141ms,user=testuser1,new_user=[userid:[testuser1] firstname:[TEST] lastname:[USER1] email:[] certdn:[uid=testuser1 ou=People dc=techfest dc=com] properties:[] account_start_date:[Feb 27  2007 11:31:56 AM] account_expiry_date:[Feb 27  2010 11:31:00 AM] islockedout:[false] isactive:[true] passwordexpiry_date:[Sep 29  2010 1:37:34 PM] admin_group:[Default Administrative Group] ispublic:[false]],user_owner=Default Administrative Group,upd_user=testuser1,original_user=[userid:[testuser1] firstname:[TEST] lastname:[USER1] email:[] certdn:[uid=testuser1 ou=People dc=techfest dc=com] properties:[] account_start_date:[Feb 27  2007 11:31:56 AM] account_expiry_date:[Feb 27  2010 11:31:00 AM] islockedout:[true] isactive:[false] passwordexpiry_date:[Sep 29  2010 1:37:34 PM] admin_group:[Default Administrative Group] ispublic:[false]],userUID=AAAAAQEAAAAETERBUAAAAAZUZXN0djEAAAABEAAAACp1aWQ9dGVzdHVzZXIxLG91PVBlb3BsZSxkYz10ZWNoZmVzdCxkYz1jb20=,upd_user_owner=Default Administrative Group
Legacy Article IDa47623

Attachments

    Outcomes