1 Reply Latest reply on Sep 25, 2012 7:44 AM by crestenst

    Microsoft Active Directory 2008 - Day CQ Integration.

    rakesh2k78

      Hi All,

       

      We have integrated AD with CQ for authentication purpose (JAAS config, LDAPLoginModule).

       

      We are registering user from our website and storing them directly on AD (using day ldap client APIs - day-commons-ldapclient-1.1.6.jar). Now the problem is that the created user are disabled by default, to overcome this we have set an attribute "userAccountControl" while registering.

      This solved the disable issue, but another issue is that user can not login unless his/her password is being reset from AD admin interface.

      The password is set in "userPassword" attribute and AD is not treating this as a password so it enable the flag for reset password mechanism.

      There is another attribute which needs to be set for this and is called "unicodePwd", but to set this the connection should be encrypted(at least 128 bit SSL/TLS) and LDAPS should be used and not LDAP.

      Please refer the MS article at http://msdn.microsoft.com/en-us/library/cc223248%28v=prot.10%29.aspx

       

      So the question is that can it be achieved with with LDAP protocol itself, if not then how big is the effort to go via LDAPS approach.

       

      Has anybody achieved something similar and throw some light?

      Any pointer will be helpful.

       

      Thanks in Advance,

      Rakesh