This topic contains 2 replies, has 2 voices, and was last updated by  bigwavedave33 1 week, 2 days ago.

  • Author
    Posts
  • #22505
     bigwavedave33 
    Participant

    Complete newb here. Have searched through docs, google and logs to no avail, so I thought I’d post up here to see if anyone has any idea of what might have happened??? 3 days in a row all user passwords were changed. This has stopped, but we can’t see to get to the root cause and are worried it will happen again. This is a new deployment… Below is one of the actions from the Activity log during from the last time this happened. Strangely the action is “operation”: “UPDATE”, but “passwordChanged” is false. Clearly the userPassword changes from before to after. All users had to change their passwords post this activity. The userID and runAs are both the system account. Any ideas what might cause this to happen????

    Example:

    {
    “_id”: “405487fa-aeea-49bf-b09f-“,
    “transactionId”: “405487fa-aeea-49bf-b09f-“,
    “timestamp”: “2018-T12:11:07.168Z”,
    “eventName”: “activity”,
    “userId”: “blah”,
    “runAs”: “blah”,
    “operation”: “UPDATE”,
    “before”: {
    “givenName”: “jane”,
    “cn”: “jane.campbell@domain.com”,
    “dn”: “cn=jane.campbell@domain.com,ou=users,dc=domain,dc=com”,
    “mail”: “jane.campbell@domain.com”,
    “userPassword”: “lRtS2N4c3FBRmFGa2hrY2NQZnBMR3NXbmdsWjBWRUlzVk5zV2lUcGlkcXkraFF4dUVaNm9u”,
    “language”: “en”,
    “inetuserstatus”: “active”,
    “uid”: “jane.campbell@domain.com”,
    “co”: “USA”,
    “worldRegion”: “NA”,
    “sn”: “Campbell”,
    “_id”: “cn=jane.campbell@domain.com,ou=users,dc=domain,dc=com”
    },
    “after”: {
    “givenName”: “jane”,
    “cn”: “jane.campbell@domain.com”,
    “dn”: “cn=jane.campbell@domain.com,ou=users,dc=domain,dc=com”,
    “mail”: “jane.campbell@domain.com”,
    “userPassword”: “1qazhTU2ZrT1FVRVNYT3AveEE3ZjlnY1BqUS81UzVPNnJFVVh6WUVIbGdJT2xJSTlzQzdGaFhj”,
    “language”: “en”,
    “inetuserstatus”: “active”,
    “uid”: “jane.campbell@domain.com”,
    “co”: “USA”,
    “worldRegion”: “NA”,
    “sn”: “Campbell”,
    “_id”: “cn=jane.campbell@domain.com,ou=users,dc=domain,dc=com”
    },
    “changedFields”: [],
    “revision”: null,
    “message”: “message”,
    “objectId”: “system/opendj/account/cn=jane.campbell@domain.com,ou=users,dc=domain,dc=com”,
    “passwordChanged”: false,
    “status”: “SUCCESS”
    }

    #22509
     Bill Nelson 
    Participant

    This change event occurred at 2018-T12:11:07.168Z; are all of the change events which reflect a password change occurring at the same time?

    If so, then I suspect that you may be running a process (i.e. reconciliation) at that time which may be causing an update to the managed object which then forces an implicit sync to all downstream targets.

    Furthermore, I expect that your mapping to your LDAP server (I assume that this is an ldap server based on the attributes shown) has an attribute mapping for the userpassword field which is executed on the implicit sync each time and possibly updating the password on the target.

    If this is the case, then you should consider moving the setting of the password attribute into an onCreate() script to perform logic on object creation and furthermore have different logic in an onUpdate() script to update the password if (and only if) it was the password that actually changed.

    Of course I may be totally wrong on all of this, but these are the things I would check first.

    #22519
     bigwavedave33 
    Participant

    Bill,

    Yes all the actions are happening within MS of each other. You are correct in assuming LDAP. Thanks for the direction to look in.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?