在设置用户登录默认页时报错:已拒绝用户访问路径/user/...... ,报错原因是什么?

0
在设置用户登录默认页时报错:已拒绝用户访问路径/user/......
上次遇到这个问题参照了http://www.flybi.net/question/153这个解决了问题,但是出现这个问题的原因是什么,什么情况下会出现这种情况呢?


当初迁移时有很多用户,迁移后也没来得及验证,但是大部分用户都能正常登陆查看报表,隔了几个月发现有几个用户登陆后无法查看报表,打开报表时用户登录默认页时报错:已拒绝用户访问路径/user/......
已邀请:
1

Yuvv - BIEE独立顾问、业务架构 2013-08-28 回答

用户是有一个过期时间,在Obiee 内部策略机制里是OID的机制,过期时间属性名是pwdMaxAge默认值为10368000 seconds (120 days)。
从官方文档中可以查看到,当然还有其他属性值例如:
”pwdLockout“
When this is true, the server locks out a user after a number of consecutive invalid login attempts. The number is specified by pwdMaxFailure. The default value of pwdLockout is 1 (true).

”orclpwdIPLockout“
When this is true, the server locks out a user after a number of consecutive invalid login attempts from the same IP address. The number is specified by orclpwdIPMaxFailure.The default is false.
等等。
这些属性都可以进行替换,由于本人没有实际操作过,只能帮您以查找文档的方式提供解决办法(官方文档),方法如下:
Managing Password Policies by Using Command-Line Tools

This section contains these topics:

Section 29.3.1, "Viewing Password Policies by Using Command-Line Tools"

Section 29.3.2, "Creating a New Password Policy by Using Command-Line Tools"

Section 29.3.3, "Applying a Password Policy to a Subtree by Using Command-Line Tools"

Section 29.3.4, "Setting Password Policies by Using Command-Line Tools"

Section 29.3.5, "Making a Password Policy Entry Specific by Using Command-Line Tools"

29.3.1 Viewing Password Policies by Using Command-Line Tools

The following example retrieves password policies under a specific password policy container:

ldapsearch -p port -h host \
-b "cn=pwdPolicies,cn=common,cn=products,cn=OracleContext, \
o=my_company,dc=com" \
-s sub "(objectclass=pwdpolicy)"
The following example retrieves all password policy entries:

ldapsearch -p port -h host -b " " -s sub "(objectclass=pwdpolicy)"
29.3.2 Creating a New Password Policy by Using Command-Line Tools

You create a new password policy by adding a policy entry to the appropriate container. A good way to do this is as follows:

Dump the contents of the default entry, cn=default,cn=pwdPolicies,cn=Common,cn=Products, cn=OracleContext, to an LDIF file, using ldapmodify. For example:

ldapsearch -p port -h host -D cn=orcladmin -q -L \
-b 'cn=default,cn=pwdPolicies,cn=Common,cn=Products, cn=OracleContext' \
-s base '(objectclass=pwdpolicy)' >> pwdpolicy.ldif
As an alternative to ldapsearch, you could use ldifwrite. Ensure ORACLE_INSTANCE is set, then type:

ldifwrite connect="conn_str" \
baseDN="cn=default,cn=pwdPolicies,cn=Common,cn=Products, cn=OracleContext" \
ldiffile="pwpolicy.ldif"
Modify the LDIF file so that it has the common name and desired values for the new policy. For example, you might change cn=default to cn=policy1 and change pwdMaxFailure from 10 to 5.

Add the new entry by using ldapadd. You would use a command line of the form:

ldapadd -p port_number -h host -D cn=orcladmin -q -f pwdpolicy.ldif
29.3.3 Applying a Password Policy to a Subtree by Using Command-Line Tools

To apply the new password policy to the subtree "dn: cn=accounting,c=us" you would use a command line such as:

ldapmodify -D "cn=orcladmin" -q -p port -h host -f my_file.ldif
with an LDIF file such as this:

dn: cn=accounting,c=us
changetype: modify
replace: pwdPolicysubentry
pwdPolicysubentry:cn=policy1,cn=pwdPolicies,cn=common,cn=products,
cn=OracleContext,o=my_company,dc=com
29.3.4 Setting Password Policies by Using Command-Line Tools

The following example disables the pwdLockout attribute in the default password policy. It changes the attribute from its default setting of 1 to 0.

The file my_file.ldif contains:

dn: cn=default,cn=pwdPolicies,cn=common,cn=products,cn=OracleContext,
o=my_company,dc=com
changetype:modify
replace: pwdlockout
pwdlockout: 0

The following command loads this file into the directory:

ldapmodify -D "cn=orcladmin" -q -p port -h host -f my_file.ldif
The following example modifies pwdMaxAge in the default password policy entry.

ldapmodify -D "cn=orcladmin" -q -p port -h host -q -f file
where file contains:

dn: cn=default,cn=pwdPolicies,cn=common,cn=products,cn=OracleContext,
o=my_company,dc=com
changetype: modify
replace: pwdMaxAge
pwdMaxAge: 10000
29.3.5 Making a Password Policy Entry Specific by Using Command-Line Tools

If the password policy is reset for a large number of users, Oracle Internet Directory server must refresh its passwordPolicySubentry cache, which can affect performance by causing a large number of SQL query requests to the Oracle database.

Beginning with Oracle Internet Directory 11g Release 1 (11.1.1.7.0), you can make a password policy entry specific by subtyping the entrylevel. For example, the following command adds a password policy to A_user:

ldapmodify -D "cn=orcladmin" -q -p port -h host -q -f pwdpolicy.ldif
where pwdpolicy.ldif contains:

dn: A_user,cn=users,dc=us,dc=mycompany,dc=com
changetype: modify
add: pwdpolicysubentry;entrylevel
pwdpolicysubentry;entrylevel: cn=pwdpolicies,dc=us,dc=mycompany,dc=com
The password policy applies only to A_user. If the entrylevel subtype is missing in the entry for the pwdpolicysubentry attribute, then the password policy applies to the entire subtree.

要回复问题请先登录注册