I don't believe there is a way to check for expired pwd. I'll check with developers though.


>>> davearre<davearre@no-mx.forums.novell.com> 8/1/2014 4:36 AM >>>

Hi, Morris,

Awesome, thank you that worked!! After I posted my question I tried to
do the SSL but got LDAP error 81 on the POA because I exported the DC's
certificate and not the CA's. Once I followed your steps and exported
the CA certificate I was able to login and change the password without
error in both the client and webaccess.

One more question, I tried to do a "user must change their password on
next login", which is what we do now with eDirectory with new teachers
especially in the summertime, they can change passwords from home before
they arrive. With edir and an expired password, Webaccess puts up a page
for them to change their password. It also does this at password
expiration time. When I set the user must change password in AD, I could
no longer log into webaccess at all, it acted like the password was
incorrect. Is there a trick to get the change password page prompt in
Webaccess or is this something not available with AD as the
authentication source?

Thanks for your quick help!

mblackham;2327566 Wrote:

> You can change your AD password via the GW 2014 client, however, due to
> requirements of AD, the LDAP session must be SSL'ized to do so. So
> you'll have to export the CA cert that your AD LDAP process is using and
> import it in to the AD directory configuration in GW Admin Console.
> Here are the high level steps to getting the AD cert:
> •Run MMC on the Domain Controller
> •Add the “Certificates” Snap-In for the Computer account. (File |
> Add/Remove Snap-Ins)
> •Find the certificate issued to the domain controller in the
> “Personal/Certificates” folder.
> •View the certification path for the certificate, locate the CA and
> view it’s properties.
> Export the CA certificate as a DER or PEM file
> --Morris

> >>> davearre<davearre@no-mx.forums.novell.com> 7/31/2014 3:36 PM >>>

> Hello,
> I've got the Caledonia books by Danita and I am preparing to upgrade /
> move our GW2012 edirectory system to 2014, then migrating that to AD.
> In
> preparation, I have set up a test GW2014 server and set it to
> authenticate LDAP against AD. I was easily able to get a user to sync
> and login to both the 2014 client and webaccess. However, when I try to
> change the password for this user through either client, the attempt
> fails with the following error in the POA:
> 17:10:43 4233 Error: LDAP failure detected [D06B] User:gw2014test
> (gw2014test)
> The closest TID I have seen on this is for GW 2012 where it says that
> LDAP passwords in GroupWise were designed to work with eDirectory so
> the
> function does not work in other LDAP servers?!
> Any help would be much appreciated!
> Thanks
> --
> davearre
> ------------------------------------------------------------------------
> davearre's Profile: https://forums.novell.com/member.php?userid=14696
> View this thread: https://forums.novell.com/showthread.php?t=478544

davearre's Profile: https://forums.novell.com/member.php?userid=14696
View this thread: https://forums.novell.com/showthread.php?t=478544