Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1921

Cannot log into admin after changing AD credentials

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.5.0
    • Fix Version/s: None
    • Component/s: Admin Console
    • Labels:
      None
    • Environment:
      Windows Server 2016, Active Directory

      Description

      Setup/Config:

      • A test environment made of 3 servers - an Active Directory server, an MS SQL server and an Openfire server.
      • All 3 boxes are accessed by Remote Desktop, using the AD Administrator password.
      • The Openfire instance is configured to us LDAP. The adminDN is that of the same user accessing the box - the Administrator account.
      • The Openfire authorizedJIDs is the same user again (v bad practice, but potentially not unique, and proved interesting for this test!)

      Steps:

      • When using Remote Desktop to access the Openfire server this morning, I had to change the AD Administrator's password due to password expiry.
      • I changed it, and connected via Remote Desktop again using the new password
      • I could no longer access Openfire Admin locally from the Openfire server

      Diagnosis:

      • The ldap.adminPassword in SQL remained set to the old password for the AD user
      • Attempting to log in to Admin using either the old or new password resulted in failure
      • Correcting the ldap.adminPassword returned "normal behaviour" where correct passwords would authenticate and incorrect ones would not
      • Looking at LdapAuthProvider.java, the user is turned into a disguishedName before authentication, which requires AD search, which requires credentials

       

      Unsure what to suggest as a fix. A warning about not having your AD user as your only admin authorised JID?

        Attachments

          Activity

            People

            Assignee:
            guus Guus der Kinderen
            Reporter:
            danc_surevine Dan Caseley
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated: