How does Sitefinity Handle password updates in an LDAP scena

Posted by Community Admin on 05-Aug-2018 17:56

How does Sitefinity Handle password updates in an LDAP scenario?

Sitefinity - On Premise – Configurations & Setup

All Replies

Posted by Community Admin on 08-Apr-2013 00:00

Hello,
I've implemented LDAP within Sitefinity, and it seems to be working well. I do have a couple of questions, though:

- I created a user in my active directory, and gave him the password "password1@". Then, I logged into sitefinity as this user. I then changed my password for the user through active directory. I tried to login with the new password and it worked. (All good up to this point.) I then tried to login with the old password, and it also worked. So, is there a/what is the timeout length on this?
- What happens if an admin were to click the "reset password" button within sitefinity for an LDAP user?

Thanks,

Travis

Posted by Community Admin on 11-Apr-2013 00:00

Hi Travis,

I will provide you with this information in a few hours. 

All the best,
Jen Peleva
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 17-Apr-2013 00:00

Hi Travis,

 Please excuse me for the delay.

I investigated the issue further and here's what I found out:
 Ldap users are handled in out LdapMembership provider, which is read-only - you can't change any properties of the users through it. It simply pulls users from your AD. The password of the user is not stored anywhere, nor it can be changed from somewhere in Sitefinity. On your question - what is the functionality of the Reset password button, I would say  - it doesn't work for Ldap users, because we don't store the password anywhere (as mentioned before). Furthermore, the ChangePassword method of the provider is configured to raise a NotSupportedException. 

What happens when the users logs in is that ValidateUser method is called, then the AuthenticateUser method of Ldapfacade. What happens is that A Network connection is opened and the Ldap credentials are passed to it. If the credentials are not correct, a connection can't be established. Then the code goes to some generic system classes. User credentials are not cached on Sitefinity level. Possible reasons for what you experience is authentication cookies, that weren't deleted, because you changed the password of the user, while he was logged in to the server. Another possible reason is if you're using an Ldap forest, the password that you changed may not have been updated on all nodes and when you tried to log in with the old password again, you were redirected to a node, where the new password still hasn't been applied. These are just possible reasons for the behavior. In short, we don't have mechanism in Sitefinity that stores the user credentials of caches them.

Hope you find this information useful!

Kind regards,
Jen Peleva
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed