Affects Version/s: 4.5.0
Fix Version/s: None
Component/s: Admin Console
Environment:Windows Server 2016, Active Directory
- A test environment made of 3 servers - an Active Directory server, an MS SQL server and an Openfire server.
- All 3 boxes are accessed by Remote Desktop, using the AD Administrator password.
- The Openfire instance is configured to us LDAP. The adminDN is that of the same user accessing the box - the Administrator account.
- The Openfire authorizedJIDs is the same user again (v bad practice, but potentially not unique, and proved interesting for this test!)
- When using Remote Desktop to access the Openfire server this morning, I had to change the AD Administrator's password due to password expiry.
- I changed it, and connected via Remote Desktop again using the new password
- I could no longer access Openfire Admin locally from the Openfire server
- The ldap.adminPassword in SQL remained set to the old password for the AD user
- Attempting to log in to Admin using either the old or new password resulted in failure
- Correcting the ldap.adminPassword returned "normal behaviour" where correct passwords would authenticate and incorrect ones would not
- Looking at LdapAuthProvider.java, the user is turned into a disguishedName before authentication, which requires AD search, which requires credentials
Unsure what to suggest as a fix. A warning about not having your AD user as your only admin authorised JID?