Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Active Directory Users Unable to Change Password #285

Open
gavincollins opened this issue Dec 6, 2017 · 3 comments
Open

Windows Active Directory Users Unable to Change Password #285

gavincollins opened this issue Dec 6, 2017 · 3 comments

Comments

@gavincollins
Copy link

gavincollins commented Dec 6, 2017
edited
Loading

I have a Geoportal 1.2.9 deployment, I want to enable allow user password change in Geoportal.. Currently when a user changes their password, a success message is returned by Geoportal, however, the user's passsword does not change. It remains to be the original.

I have configured the Geoportal with Windows Active Directory using the LDAPS protocol following the instructions provided on the github wiki page https://github.com/Esri/geoportal-server/wiki/Connecting-to-a-User-Directory.

All necessary changes were made to the gpt.xml and importing of Active Directory SSL certificates into the Tomcat Java Keystore which is stated as a requirement to enable password change in Geoportal. The ldapServiceAccount has full permissions on the Active Directory domain.

I am aware Windows Active Directory has two containers which records an accounts password:

  1. userPassword
  2. unicodePwd

I have tested configuring the gpt.xml with both these password containers and the outcome is the same, a false password change success message is given because the password remains to be the original one. I have also tested switching between using the LDAP and LDAPs protocols.

Importantly, when configured for either, I can see the password change process updating the containers userPassword and unicodePwd with NEW values which appear to be an encrypted version of the new password entered by the user. Therefore Geoportal has permissions to update these containers.

I would appreciate any help on this issue,

Thanks,
Gavin
@gavincollins
Copy link
Author

@mhogeweg @zguo

@zguo
Copy link
Collaborator

zguo commented Dec 9, 2017

you might check if the following post helps:
https://asadumar.wordpress.com/2013/02/28/create-user-password-in-active-directory-through-java-code/

@gavincollins
Copy link
Author

@zguo Thanks for sharing but unfortunately that post describes the steps that I have already undertaken. I can't figure out why I am receiving a successful password change message when it is actually false because user's password does not change! Within the Windows AD I can inspect the user's attributes, the unicodePwd attribute has been updated with a new value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zguo @gavincollins