davearre Absent Member.
Absent Member.
1853 views

Trying to Change AD Password from GW2014 failing

Hello,

I've got the Caledonia books by Danita and I am preparing to upgrade / move our GW2012 edirectory system to 2014, then migrating that to AD. In preparation, I have set up a test GW2014 server and set it to authenticate LDAP against AD. I was easily able to get a user to sync and login to both the 2014 client and webaccess. However, when I try to change the password for this user through either client, the attempt fails with the following error in the POA:

17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test (gw2014test)

The closest TID I have seen on this is for GW 2012 where it says that LDAP passwords in GroupWise were designed to work with eDirectory so the function does not work in other LDAP servers?!

Any help would be much appreciated!

Thanks
Labels (1)
0 Likes
3 Replies
mblackham Absent Member.
Absent Member.

Re: Trying to Change AD Password from GW2014 failing


You can change your AD password via the GW 2014 client, however, due to requirements of AD, the LDAP session must be SSL'ized to do so. So you'll have to export the CA cert that your AD LDAP process is using and import it in to the AD directory configuration in GW Admin Console. Here are the high level steps to getting the AD cert:




•Run MMC on the Domain Controller

•Add the “Certificates” Snap-In for the Computer account. (File | Add/Remove Snap-Ins)

•Find the certificate issued to the domain controller in the “Personal/Certificates” folder.

•View the certification path for the certificate, locate the CA and view it’s properties.
Export the CA certificate as a DER or PEM file


--Morris



>>> davearre<davearre@no-mx.forums.novell.com> 7/31/2014 3:36 PM >>>




Hello,

I've got the Caledonia books by Danita and I am preparing to upgrade /
move our GW2012 edirectory system to 2014, then migrating that to AD. In
preparation, I have set up a test GW2014 server and set it to
authenticate LDAP against AD. I was easily able to get a user to sync
and login to both the 2014 client and webaccess. However, when I try to
change the password for this user through either client, the attempt
fails with the following error in the POA:

17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test
(gw2014test)

The closest TID I have seen on this is for GW 2012 where it says that
LDAP passwords in GroupWise were designed to work with eDirectory so the
function does not work in other LDAP servers?!

Any help would be much appreciated!

Thanks


--
davearre
------------------------------------------------------------------------
davearre's Profile: https://forums.novell.com/member.php?userid=14696
View this thread: https://forums.novell.com/showthread.php?t=478544
davearre Absent Member.
Absent Member.

Re: Trying to Change AD Password from GW2014 failing

Hi, Morris,

Awesome, thank you that worked!! After I posted my question I tried to do the SSL but got LDAP error 81 on the POA because I exported the DC's certificate and not the CA's. Once I followed your steps and exported the CA certificate I was able to login and change the password without error in both the client and webaccess.

One more question, I tried to do a "user must change their password on next login", which is what we do now with eDirectory with new teachers especially in the summertime, they can change passwords from home before they arrive. With edir and an expired password, Webaccess puts up a page for them to change their password. It also does this at password expiration time. When I set the user must change password in AD, I could no longer log into webaccess at all, it acted like the password was incorrect. Is there a trick to get the change password page prompt in Webaccess or is this something not available with AD as the authentication source?

Thanks for your quick help!


mblackham;2327566 wrote:
You can change your AD password via the GW 2014 client, however, due to requirements of AD, the LDAP session must be SSL'ized to do so. So you'll have to export the CA cert that your AD LDAP process is using and import it in to the AD directory configuration in GW Admin Console. Here are the high level steps to getting the AD cert:




•Run MMC on the Domain Controller

•Add the “Certificates” Snap-In for the Computer account. (File | Add/Remove Snap-Ins)

•Find the certificate issued to the domain controller in the “Personal/Certificates” folder.

•View the certification path for the certificate, locate the CA and view it’s properties.
Export the CA certificate as a DER or PEM file


--Morris



>>> davearre<davearre@no-mx.forums.novell.com> 7/31/2014 3:36 PM >>>




Hello,

I've got the Caledonia books by Danita and I am preparing to upgrade /
move our GW2012 edirectory system to 2014, then migrating that to AD. In
preparation, I have set up a test GW2014 server and set it to
authenticate LDAP against AD. I was easily able to get a user to sync
and login to both the 2014 client and webaccess. However, when I try to
change the password for this user through either client, the attempt
fails with the following error in the POA:

17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test
(gw2014test)

The closest TID I have seen on this is for GW 2012 where it says that
LDAP passwords in GroupWise were designed to work with eDirectory so the
function does not work in other LDAP servers?!

Any help would be much appreciated!

Thanks


--
davearre
------------------------------------------------------------------------
davearre's Profile: https://forums.novell.com/member.php?userid=14696
View this thread: https://forums.novell.com/showthread.php?t=478544
0 Likes
mblackham Absent Member.
Absent Member.

Re: Trying to Change AD Password from GW2014 failing


I don't believe there is a way to check for expired pwd. I'll check with developers though.



--Morris



>>> davearre<davearre@no-mx.forums.novell.com> 8/1/2014 4:36 AM >>>




Hi, Morris,

Awesome, thank you that worked!! After I posted my question I tried to
do the SSL but got LDAP error 81 on the POA because I exported the DC's
certificate and not the CA's. Once I followed your steps and exported
the CA certificate I was able to login and change the password without
error in both the client and webaccess.

One more question, I tried to do a "user must change their password on
next login", which is what we do now with eDirectory with new teachers
especially in the summertime, they can change passwords from home before
they arrive. With edir and an expired password, Webaccess puts up a page
for them to change their password. It also does this at password
expiration time. When I set the user must change password in AD, I could
no longer log into webaccess at all, it acted like the password was
incorrect. Is there a trick to get the change password page prompt in
Webaccess or is this something not available with AD as the
authentication source?

Thanks for your quick help!


mblackham;2327566 Wrote:

> You can change your AD password via the GW 2014 client, however, due to
> requirements of AD, the LDAP session must be SSL'ized to do so. So
> you'll have to export the CA cert that your AD LDAP process is using and
> import it in to the AD directory configuration in GW Admin Console.
> Here are the high level steps to getting the AD cert:
>
>
>
>
> •Run MMC on the Domain Controller
>
> •Add the “Certificates” Snap-In for the Computer account. (File |
> Add/Remove Snap-Ins)
>
> •Find the certificate issued to the domain controller in the
> “Personal/Certificates” folder.
>
> •View the certification path for the certificate, locate the CA and
> view it’s properties.
> Export the CA certificate as a DER or PEM file
>
>
> --Morris
>
>
>

> >>> davearre<davearre@no-mx.forums.novell.com> 7/31/2014 3:36 PM >>>

>
>
>
>
> Hello,
>
> I've got the Caledonia books by Danita and I am preparing to upgrade /
> move our GW2012 edirectory system to 2014, then migrating that to AD.
> In
> preparation, I have set up a test GW2014 server and set it to
> authenticate LDAP against AD. I was easily able to get a user to sync
> and login to both the 2014 client and webaccess. However, when I try to
> change the password for this user through either client, the attempt
> fails with the following error in the POA:
>
> 17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test
> (gw2014test)
>
> The closest TID I have seen on this is for GW 2012 where it says that
> LDAP passwords in GroupWise were designed to work with eDirectory so
> the
> function does not work in other LDAP servers?!
>
> Any help would be much appreciated!
>
> Thanks
>
>
> --
> davearre
> ------------------------------------------------------------------------
> davearre's Profile: https://forums.novell.com/member.php?userid=14696
> View this thread: https://forums.novell.com/showthread.php?t=478544



--
davearre
------------------------------------------------------------------------
davearre's Profile: https://forums.novell.com/member.php?userid=14696
View this thread: https://forums.novell.com/showthread.php?t=478544
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.