Affected SecureAuth IdP Version: 9.0+
Description:
When attempting to reset a password using the Password Reset option of "Administrative Reset with History Check" the attempt fails with the error "Password was not changed Exception: The LDAP server is unavailable" even though the Test Connection on the Data tab worked fine.
Cause:
The password reset action connects using the connection string specified in the Data Tab which is generally the domain instead of a specific DC. However, the DC that responds presents it's own certificate and this is the FQDN of the DC and causes a certificate mismatch with the connection string meaning the connection is closed.
Resolution:
The certificate being presented by the DC needs to match the connection string to avoid the mismatch. The easiest way to achieve this is to edit the Connection String.
- Open the Data tab
- Edit the Connection String to specify a Domain Controller. Eg, if the domain is wood.example.com and the DC is called mydc this connection string becomes
LDAP://mydc.wood.example.local/DC=wood,DC=example,DC=local
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products
Comments
Please sign in to leave a comment.