Open demogorgonz opened 2 years ago
Ok so i made new AD, enabled CA/SSL.. tripple checked new password against password policy and still get random errors:
{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request starting HTTP/1.1 POST http://localhost/api/password application/json 164","State":{"Message":"Request starting HTTP/1.1 POST http://localhost/api/password application/json 164","Protocol":"HTTP/1.1","Method":"POST","ContentType":"application/json","Co
ntentLength":164,"Scheme":"http","Host":"localhost","PathBase":"","Path":"/api/password","QueryString":""}}
{"EventId":0,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executing endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","State":{"Message":"Executing endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","
EndpointName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","{OriginalFormat}":"Executing endpoint \u0027{EndpointName}\u0027"}}
{"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Route matched with {action = \u0022Post\u0022, controller = \u0022Password\u0022}. Executing controller action with signature System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web.Models.C
hangePasswordModel) on controller Unosquare.PassCore.Web.Controllers.PasswordController (Unosquare.PassCore.Web).","State":{"Message":"Route matched with {action = \u0022Post\u0022, controller = \u0022Password\u0022}. Executing controller action with signature System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web
.Models.ChangePasswordModel) on controller Unosquare.PassCore.Web.Controllers.PasswordController (Unosquare.PassCore.Web).","RouteData":"{action = \u0022Post\u0022, controller = \u0022Password\u0022}","MethodInfo":"System.Threading.Tasks.Task\u00601[Microsoft.AspNetCore.Mvc.IActionResult] Post(Unosquare.PassCore.Web.Models.ChangePasswordModel)","Controller":"Un
osquare.PassCore.Web.Controllers.PasswordController","AssemblyName":"Unosquare.PassCore.Web","{OriginalFormat}":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName})."}}
{"EventId":0,"LogLevel":"Warning","Category":"PassCoreLDAPProvider","Message":"LDAP query: (sAMAccountName=123)","State":{"Message":"LDAP query: (sAMAccountName=123)","0":"(sAMAccountName=123)","{OriginalFormat}":"LDAP query: {0}"}}
{"EventId":0,"LogLevel":"Warning","Category":"PassCoreLDAPProvider","Message":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain. - LdapException: Constraint Violation (19) Constraint Violation
\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","State":{"Message":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new pa
ssword does not meet the length, complexity, or history requirements of the domain. - LdapException: Constraint Violation (19) Constraint Violation\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","0":"LdapE
xception: Constraint Violation (19) Constraint Violation\nLdapException: Server Message: 0000052D: AtrErr: DSID-031910C9, #1:\n\t0: 0000052D: DSID-031910C9, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n\u0000\nLdapException: Matched DN: ","{OriginalFormat}":"Resolved Win32 API Error: code=1325 name=ERROR_PASSWORD_RESTRICTION desc=Unable t
o update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain. - {0}"}}
{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor","Message":"Executing BadRequestObjectResult, writing value of type \u0027Unosquare.PassCore.Web.Models.ApiResult\u0027.","State":{"Message":"Executing BadRequestObjectResult, writing value of type \u0027Unosquare.PassCore.Web.Models.ApiResult\u0027.",
"ObjectResultType":"BadRequestObjectResult","Type":"Unosquare.PassCore.Web.Models.ApiResult","{OriginalFormat}":"Executing {ObjectResultType}, writing value of type \u0027{Type}\u0027."}}
{"EventId":2,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in 60.8681ms","State":{"Message":"Executed action Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web) in
60.8681ms","ActionName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","ElapsedMilliseconds":60.8681,"{OriginalFormat}":"Executed action {ActionName} in {ElapsedMilliseconds}ms"}}
{"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executed endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","State":{"Message":"Executed endpoint \u0027Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)\u0027","En
dpointName":"Unosquare.PassCore.Web.Controllers.PasswordController.Post (Unosquare.PassCore.Web)","{OriginalFormat}":"Executed endpoint \u0027{EndpointName}\u0027"}}
{"EventId":2,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request finished HTTP/1.1 POST http://localhost/api/password application/json 164 - 400 - application/json;\u002Bcharset=utf-8 61.2996ms","State":{"Message":"Request finished HTTP/1.1 POST http://localhost/api/password application/json 164 - 400 - application/
json;\u002Bcharset=utf-8 61.2996ms","ElapsedMilliseconds":61.2996,"StatusCode":400,"ContentType":"application/json; charset=utf-8","ContentLength":null,"Protocol":"HTTP/1.1","Method":"POST","Scheme":"http","Host":"localhost","PathBase":"","Path":"/api/password","QueryString":""}}
With the focus on :
name=ERROR_PASSWORD_RESTRICTION desc=Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.
Run command:
docker run \
-e WebSettings__EnableHttpsRedirect='false' \
-e AppSettings__UseAutomaticContext='false' \
-e AppSettings__LdapHostnames__0='192.168.1.60' \
-e AppSettings__LdapPort='636' \
-e AppSettings__LdapUsername='passcore' \
-e AppSettings__LdapPassword='P@ssw0rd' \
-e ClientSettings__UseEmail='false' \
-e AppSettings__IdTypeForUser='SAM' \
-e AppSettings__DefaultDomain='corp.localdev' \
-e AppSettings__LdapSearchBase='CN=Users,DC=corp,DC=localdev' \
-e AppSettings__LdapSecureSocketLayer='true' \
-e AppSettings__LdapStartTls='false' \
-e AppSettings__LdapIgnoreTlsValidation='true' \
-e AppSettings__LdapIgnoreTlsErrors='true' \
-e AppSettings__RestrictedADGroups='' \
-it \
-p 80:80 \
passcore:latest
passcore user is in Domain Admins
group too.
Managed to get single password reset to work, which can't be repeated across other users or same user (used different and strong password). Seems like project is not stable/working.
PassCore Server
Can anyone share working config for AD setup ? Is port
636
required for password change to work ?I have been fiddling and got various errors from :
Have tried even windows powershell install, but got requests spamming without password change.
Current run command is (doesn't work) :