SOLVED
Password change LDAP Module , can still use the old password
1 Accepted Solution
Correct answer by
wrote...
wrote...
wrote...
wrote...
Firstly with ldap integration password is never stored or synced with AEM OOB.No need to call or update jackrabbit changepasswordUsing SSO is right fit for such cases
Hi Sham,
Thanks for your reply.
1) We first create use in LDAP and then do getRepository().login(new SimpleCredentials(username, password.toCharArray()), defaultWorkspace); and this creates rep:User with principal name fetched from LDAP and password i think is applied on the rep:User because we do a login.
2) Well then how the password be updated?
3) We do have SSO but it is customized and not OOB. We don't have a layer of authentication above publishers and we do the authentication on the publisher and issue a unique cookie to each user and that cookie is validated by customized SSO for every request.
Anything that you can suggest for this problem would be helpful.
When user login password is validated directly against ldap & hence password not required in aem. Though internally have a cache for other property to avoid calling ldap server every time.
Interesting, first time hearing such implementation. Hope you are testing against multiple publish instances. Coming to original issue It is custom implementation issue & with out code can't suggest anything. Only thing I can assure is OOB change password uses same api & should work.
Yes, we are testing against multiple instances and its fine. I am not saying that it doesn't work. I am saying you can still use your old password as well as the new changed password. Is the old password cached, can i force it to clear.
As informed earlier repeating again In AEM password of ldap never stored or cached. Check with ldap server dirrectly because there are some issue with windows Active directory it will cache old password for an hour (You need to apply patch). Also since you are updating password in AEM check your implementation also.
wrote...
Firstly with ldap integration password is never stored or synced with AEM OOB.No need to call or update jackrabbit changepasswordUsing SSO is right fit for such cases
Hi Sham,
Thanks for your reply.
1) We first create use in LDAP and then do getRepository().login(new SimpleCredentials(username, password.toCharArray()), defaultWorkspace); and this creates rep:User with principal name fetched from LDAP and password i think is applied on the rep:User because we do a login.
2) Well then how the password be updated?
3) We do have SSO but it is customized and not OOB. We don't have a layer of authentication above publishers and we do the authentication on the publisher and issue a unique cookie to each user and that cookie is validated by customized SSO for every request.
Anything that you can suggest for this problem would be helpful.
wrote...
wrote...
Firstly with ldap integration password is never stored or synced with AEM OOB.No need to call or update jackrabbit changepasswordUsing SSO is right fit for such cases
Hi Sham,
Thanks for your reply.
1) We first create use in LDAP and then do getRepository().login(new SimpleCredentials(username, password.toCharArray()), defaultWorkspace); and this creates rep:User with principal name fetched from LDAP and password i think is applied on the rep:User because we do a login.
2) Well then how the password be updated?
3) We do have SSO but it is customized and not OOB. We don't have a layer of authentication above publishers and we do the authentication on the publisher and issue a unique cookie to each user and that cookie is validated by customized SSO for every request.
Anything that you can suggest for this problem would be helpful.
When user login password is validated directly against ldap & hence password not required in aem. Though internally have a cache for other property to avoid calling ldap server every time.
Interesting, first time hearing such implementation. Hope you are testing against multiple publish instances. Coming to original issue It is custom implementation issue & with out code can't suggest anything. Only thing I can assure is OOB change password uses same api & should work.
wrote...
wrote...
wrote...
Firstly with ldap integration password is never stored or synced with AEM OOB.No need to call or update jackrabbit changepasswordUsing SSO is right fit for such cases
Hi Sham,
Thanks for your reply.
1) We first create use in LDAP and then do getRepository().login(new SimpleCredentials(username, password.toCharArray()), defaultWorkspace); and this creates rep:User with principal name fetched from LDAP and password i think is applied on the rep:User because we do a login.
2) Well then how the password be updated?
3) We do have SSO but it is customized and not OOB. We don't have a layer of authentication above publishers and we do the authentication on the publisher and issue a unique cookie to each user and that cookie is validated by customized SSO for every request.
Anything that you can suggest for this problem would be helpful.
When user login password is validated directly against ldap & hence password not required in aem. Though internally have a cache for other property to avoid calling ldap server every time.
Interesting, first time hearing such implementation. Hope you are testing against multiple publish instances. Coming to original issue It is custom implementation issue & with out code can't suggest anything. Only thing I can assure is OOB change password uses same api & should work.
Yes, we are testing against multiple instances and its fine. I am not saying that it doesn't work. I am saying you can still use your old password as well as the new changed password. Is the old password cached, can i force it to clear.
Correct answer by
wrote...
wrote...
wrote...
wrote...
Firstly with ldap integration password is never stored or synced with AEM OOB.No need to call or update jackrabbit changepasswordUsing SSO is right fit for such cases
Hi Sham,
Thanks for your reply.
1) We first create use in LDAP and then do getRepository().login(new SimpleCredentials(username, password.toCharArray()), defaultWorkspace); and this creates rep:User with principal name fetched from LDAP and password i think is applied on the rep:User because we do a login.
2) Well then how the password be updated?
3) We do have SSO but it is customized and not OOB. We don't have a layer of authentication above publishers and we do the authentication on the publisher and issue a unique cookie to each user and that cookie is validated by customized SSO for every request.
Anything that you can suggest for this problem would be helpful.
When user login password is validated directly against ldap & hence password not required in aem. Though internally have a cache for other property to avoid calling ldap server every time.
Interesting, first time hearing such implementation. Hope you are testing against multiple publish instances. Coming to original issue It is custom implementation issue & with out code can't suggest anything. Only thing I can assure is OOB change password uses same api & should work.
Yes, we are testing against multiple instances and its fine. I am not saying that it doesn't work. I am saying you can still use your old password as well as the new changed password. Is the old password cached, can i force it to clear.
As informed earlier repeating again In AEM password of ldap never stored or cached. Check with ldap server dirrectly because there are some issue with windows Active directory it will cache old password for an hour (You need to apply patch). Also since you are updating password in AEM check your implementation also.
Related Conversations
