+1-888-365-2779
Try Now
More in this section

Forums / Deployment / How does Sitefinity Handle password updates in an LDAP scenario?

How does Sitefinity Handle password updates in an LDAP scenario?

3 posts, 0 answered
  1. Travis
    Travis avatar
    86 posts
    Registered:
    15 Oct 2008
    08 Apr 2013
    Link to this post
    Hello,
    I've implemented LDAP within Sitefinity, and it seems to be working well. I do have a couple of questions, though:

    - I created a user in my active directory, and gave him the password "password1@". Then, I logged into sitefinity as this user. I then changed my password for the user through active directory. I tried to login with the new password and it worked. (All good up to this point.) I then tried to login with the old password, and it also worked. So, is there a/what is the timeout length on this?
    - What happens if an admin were to click the "reset password" button within sitefinity for an LDAP user?

    Thanks,

    Travis
  2. Jen Peleva
    Jen Peleva avatar
    568 posts
    Registered:
    10 Nov 2016
    11 Apr 2013
    Link to this post
    Hi Travis,

    I will provide you with this information in a few hours. 

    All the best,
    Jen Peleva
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Jen Peleva
    Jen Peleva avatar
    568 posts
    Registered:
    10 Nov 2016
    17 Apr 2013
    Link to this post
    Hi Travis,

     Please excuse me for the delay.

    I investigated the issue further and here's what I found out:
     Ldap users are handled in out LdapMembership provider, which is read-only - you can't change any properties of the users through it. It simply pulls users from your AD. The password of the user is not stored anywhere, nor it can be changed from somewhere in Sitefinity. On your question - what is the functionality of the Reset password button, I would say  - it doesn't work for Ldap users, because we don't store the password anywhere (as mentioned before). Furthermore, the ChangePassword method of the provider is configured to raise a NotSupportedException. 

    What happens when the users logs in is that ValidateUser method is called, then the AuthenticateUser method of Ldapfacade. What happens is that A Network connection is opened and the Ldap credentials are passed to it. If the credentials are not correct, a connection can't be established. Then the code goes to some generic system classes. User credentials are not cached on Sitefinity level. Possible reasons for what you experience is authentication cookies, that weren't deleted, because you changed the password of the user, while he was logged in to the server. Another possible reason is if you're using an Ldap forest, the password that you changed may not have been updated on all nodes and when you tried to log in with the old password again, you were redirected to a node, where the new password still hasn't been applied. These are just possible reasons for the behavior. In short, we don't have mechanism in Sitefinity that stores the user credentials of caches them.

    Hope you find this information useful!

    Kind regards,
    Jen Peleva
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
3 posts, 0 answered