Affected SecureAuth IdP Version: 9.0+
When attempting to reset a password using the Password Reset option of "Administrative Reset with History Check" the attempt fails with the error "Password was not changed Exception: The LDAP server is unavailable" even though the Test Connection on the Data tab worked fine.
The password reset action connects using the connection string specified in the Data Tab which is generally the domain instead of a specific DC. However, the DC that responds presents it's own certificate and this is the FQDN of the DC and causes a certificate mismatch with the connection string meaning the connection is closed.
The certificate being presented by the DC needs to match the connection string to avoid the mismatch. The easiest way to achieve this is to edit the Connection String.
- Open the Data tab
- Edit the Connection String to specify a Domain Controller. Eg, if the domain is wood.example.com and the DC is called mydc this connection string becomes