Settings file (without sensitive information):
{
"Logging": {
"IncludeScopes": false,
"LogLevel": {
"Default": "Debug",
"System": "Information",
"Microsoft": "Information"
}
},
"WebSettings": {
"EnableHttpsRedirect": true
},
"AppSettings": {
// The following options for AD Provider (remove if you don't use this Provider)
"UseAutomaticContext": false, // Set true to allow PassCore to reset password using the same credentials, or false if you will fill the credentials below
"RestrictedADGroups": [], // Set the AD groups to restrict the use of PassCore
"AllowedADGroups": [], // Set the AD Groups to allow PassCore, if the array is empty all the groups no-restricted above are allowed
"IdTypeForUser": "UPN", // Possible values are "DN", "GUID", "Name", "SAM", "SID" and "UPN" (Default UPN)
"UpdateLastPassword": false, // Set true to allow PassCore to update the last password timestamp
// The following options are for LDAP Provider (remove if you don't use this Provider)
"LdapSearchBase": "OU=Users,OU=Home,DC=internal,DC=society,DC=ch",
"LdapSecureSocketLayer": true, // Default for AD is true when using LDAPS 636
"LdapStartTls": false, // Default for AD is true when using LDAP 389
"LdapChangePasswordWithDelAdd": true,
"LdapSearchFilter": "(sAMAccountName={Username})", // Another value: "(&(objectClass=person)(cn={Username}))"
// General options (valid for both providers)
"LdapHostnames": ["dc01.internal.society.ch"], // Set your hostname(s)
"LdapPort": 636, // Default for AD is 389, for LDAPS 636
"LdapUsername": "user", // Set the username or distinguish name (DN) to bind the LDAP server
"LdapPassword": "pass", // Set the password for the username
"DefaultDomain": "" // Set your default AD domain here, or non "@" logins will not work! Use empty value to allow user to set the domain. This option is ONLY available with UPN.
},
"ClientSettings": {
"ValidationRegex": {
"EmailRegex": "^[a-zA-Z0-9.!#$%&’+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)$",
"UsernameRegex": "^[a-zA-Z0-9._-]{3,20}$"
},
"UsePasswordGeneration": false, //Set true to let PassCore create a new password for the current account. If true the user can not customize its new password.
"MinimumDistance": 0, //The minimum distance beetween the old and the new password, this is used to enforce the edit distance using the levenshtein distance algorithm.
"PasswordEntropy": 16, // the number of bytes of entropy to use for generated passwords
"ShowPasswordMeter": true,
"MinimumScore": 0, //The minimum acceptable score that the user's new password needs to get at being evaluated by ZXCVBN to be established as the new password.
"Recaptcha": {
"SiteKey": "", // ReCAPTCHA public key: replace this! or leave empty if you don't need ReCAPTCHA
"PrivateKey": "", // ReCAPTCHA private key: replace this! or leave empty if you don't need ReCAPTCHA
"LanguageCode": ""
},
"UseEmail": "true",
"ApplicationTitle": "society",
"ChangePasswordTitle": "society",
"ChangePasswordForm": {
"HelpText": "Pour obtenir de l'aide contacter le Service IT",
"UsernameLabel": "Adresse e-mail",
"UsernameHelpblock": "Renseigner votre adresse e-mail d'entreprise",
"UsernameDefaultDomainHelperBlock": "Votre adresse e-mail d'entreprise",
"CurrentPasswordLabel": "Mot de passe actuel",
"CurrentPasswordHelpblock": "Renseigner votre mot de passe actuel",
"NewPasswordLabel": "Nouveau mot de passe",
"NewPasswordHelpblock": "Vous pouvez générer un mot de passe sécurisé en cliquant ici.",
"NewPasswordVerifyLabel": "Confirmer votre nouveau mot de passe",
"NewPasswordVerifyHelpblock": "Confirmer votre nouveau mot de passe",
"ChangePasswordButtonLabel": "Modifier le mot de passe"
},
"ErrorsPasswordForm": {
"FieldRequired": "Ce champ est requis",
"UsernamePattern": "Veuillez entrer une adresse email valide",
"UsernameEmailPattern": "Veuillez entrer une adresse email valide",
"PasswordMatch": "Les mots de passe ne correspondent pas"
},
"Alerts": {
"SuccessAlertTitle": "Mot de passe modifié avec succès.",
"SuccessAlertBody": "ATTENTION : Vous avez changé votre mot de passe, mais votre ordinateur portable a encore l’ancien. Pour confirmer le changement sur votre laptop, verrouillez votre ordinateur (CTR+ALT+DEL, choisir “Verrouiller”) et déverrouillez-le. Depuis l’extérieur du réseau informatique Society, connectez le VPN avant de faire cette opération. Service IT.",
"ErrorPasswordChangeNotAllowed": "Vous n'êtes pas autorisé à modifier votre mot de passe. Veuillez contacter votre administrateur.",
"ErrorInvalidCredentials": "Le mot de passe actuel est incorrecte.",
"ErrorInvalidDomain": "Le domaine est inconnu.",
"ErrorInvalidUser": "Adresse e-mail inconnue.",
"ErrorCaptcha": "Impossible de vérifier que vous n'êtes pas un robots. Actualisez la page.",
"ErrorFieldRequired": "Merci de remplir tous les champs.",
"ErrorFieldMismatch": "Les mots de passe ne correspondent pas.",
"ErrorComplexPassword": "Le nouveau mot de passe ne respecte pas les critères de complexité minimale.",
"ErrorConnectionLdap": "Impossible d'atteindre le serveur LDAP.",
"ErrorScorePassword": "Le nouveau mot de passe n'est pas suffisament complexe.",
"ErrorDistancePassword": "Le nouveau mot de passe est trop similaire au précédent.",
"ErrorPwnedPassword": "Le mot de passe que vous tentez d'utiliser est connu publiquement et peut être utilisé lors d'attaques malveillantes!"
}
}
}
Log file (without sensitive information):
Hosting environment: Production
Request finished in 263.4488ms 400 application/json; charset=utf-8
Describe the bug
Displays "The server is not operational." when using LDAPs at 636.
Works fine when using LDAP at 389.
We tried biding the server by using ldp.exe in 636 SSL, it works perfectly fine.
The webpage displays message "The server is not operational"
Expected behavior
We expect that users would be able to change password using LDAPs at 636
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
We're using the release 4.2.0 because of the last one spamming LDAP requests.
PassCore Server
OS: Windws
Provider: LDAP
Settings file (without sensitive information): { "Logging": { "IncludeScopes": false, "LogLevel": { "Default": "Debug", "System": "Information", "Microsoft": "Information" } }, "WebSettings": { "EnableHttpsRedirect": true }, "AppSettings": { // The following options for AD Provider (remove if you don't use this Provider) "UseAutomaticContext": false, // Set true to allow PassCore to reset password using the same credentials, or false if you will fill the credentials below "RestrictedADGroups": [], // Set the AD groups to restrict the use of PassCore "AllowedADGroups": [], // Set the AD Groups to allow PassCore, if the array is empty all the groups no-restricted above are allowed "IdTypeForUser": "UPN", // Possible values are "DN", "GUID", "Name", "SAM", "SID" and "UPN" (Default UPN) "UpdateLastPassword": false, // Set true to allow PassCore to update the last password timestamp // The following options are for LDAP Provider (remove if you don't use this Provider) "LdapSearchBase": "OU=Users,OU=Home,DC=internal,DC=society,DC=ch", "LdapSecureSocketLayer": true, // Default for AD is true when using LDAPS 636 "LdapStartTls": false, // Default for AD is true when using LDAP 389 "LdapChangePasswordWithDelAdd": true, "LdapSearchFilter": "(sAMAccountName={Username})", // Another value: "(&(objectClass=person)(cn={Username}))" // General options (valid for both providers) "LdapHostnames": ["dc01.internal.society.ch"], // Set your hostname(s) "LdapPort": 636, // Default for AD is 389, for LDAPS 636 "LdapUsername": "user", // Set the username or distinguish name (DN) to bind the LDAP server "LdapPassword": "pass", // Set the password for the username "DefaultDomain": "" // Set your default AD domain here, or non "@" logins will not work! Use empty value to allow user to set the domain. This option is ONLY available with UPN. }, "ClientSettings": { "ValidationRegex": { "EmailRegex": "^[a-zA-Z0-9.!#$%&’+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)$", "UsernameRegex": "^[a-zA-Z0-9._-]{3,20}$" }, "UsePasswordGeneration": false, //Set true to let PassCore create a new password for the current account. If true the user can not customize its new password. "MinimumDistance": 0, //The minimum distance beetween the old and the new password, this is used to enforce the edit distance using the levenshtein distance algorithm. "PasswordEntropy": 16, // the number of bytes of entropy to use for generated passwords "ShowPasswordMeter": true, "MinimumScore": 0, //The minimum acceptable score that the user's new password needs to get at being evaluated by ZXCVBN to be established as the new password. "Recaptcha": { "SiteKey": "", // ReCAPTCHA public key: replace this! or leave empty if you don't need ReCAPTCHA "PrivateKey": "", // ReCAPTCHA private key: replace this! or leave empty if you don't need ReCAPTCHA "LanguageCode": "" }, "UseEmail": "true", "ApplicationTitle": "society", "ChangePasswordTitle": "society", "ChangePasswordForm": { "HelpText": "Pour obtenir de l'aide contacter le Service IT", "UsernameLabel": "Adresse e-mail", "UsernameHelpblock": "Renseigner votre adresse e-mail d'entreprise", "UsernameDefaultDomainHelperBlock": "Votre adresse e-mail d'entreprise", "CurrentPasswordLabel": "Mot de passe actuel", "CurrentPasswordHelpblock": "Renseigner votre mot de passe actuel", "NewPasswordLabel": "Nouveau mot de passe", "NewPasswordHelpblock": "Vous pouvez générer un mot de passe sécurisé en cliquant ici.", "NewPasswordVerifyLabel": "Confirmer votre nouveau mot de passe", "NewPasswordVerifyHelpblock": "Confirmer votre nouveau mot de passe", "ChangePasswordButtonLabel": "Modifier le mot de passe" }, "ErrorsPasswordForm": { "FieldRequired": "Ce champ est requis", "UsernamePattern": "Veuillez entrer une adresse email valide", "UsernameEmailPattern": "Veuillez entrer une adresse email valide", "PasswordMatch": "Les mots de passe ne correspondent pas" }, "Alerts": { "SuccessAlertTitle": "Mot de passe modifié avec succès.", "SuccessAlertBody": "ATTENTION : Vous avez changé votre mot de passe, mais votre ordinateur portable a encore l’ancien. Pour confirmer le changement sur votre laptop, verrouillez votre ordinateur (CTR+ALT+DEL, choisir “Verrouiller”) et déverrouillez-le. Depuis l’extérieur du réseau informatique Society, connectez le VPN avant de faire cette opération. Service IT.", "ErrorPasswordChangeNotAllowed": "Vous n'êtes pas autorisé à modifier votre mot de passe. Veuillez contacter votre administrateur.", "ErrorInvalidCredentials": "Le mot de passe actuel est incorrecte.", "ErrorInvalidDomain": "Le domaine est inconnu.", "ErrorInvalidUser": "Adresse e-mail inconnue.", "ErrorCaptcha": "Impossible de vérifier que vous n'êtes pas un robots. Actualisez la page.", "ErrorFieldRequired": "Merci de remplir tous les champs.", "ErrorFieldMismatch": "Les mots de passe ne correspondent pas.", "ErrorComplexPassword": "Le nouveau mot de passe ne respecte pas les critères de complexité minimale.", "ErrorConnectionLdap": "Impossible d'atteindre le serveur LDAP.", "ErrorScorePassword": "Le nouveau mot de passe n'est pas suffisament complexe.", "ErrorDistancePassword": "Le nouveau mot de passe est trop similaire au précédent.", "ErrorPwnedPassword": "Le mot de passe que vous tentez d'utiliser est connu publiquement et peut être utilisé lors d'attaques malveillantes!" } } }
Log file (without sensitive information): Hosting environment: Production
Content root path: C:\passcore
Now listening on: http://cptest.society.ch:80/
Now listening on: https://cptest.society.ch:443/
Application started. Press Ctrl+C to shut down.
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
info: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
warn: Unosquare.PassCore.PasswordProvider.PasswordChangeProvider[0]
info: Microsoft.AspNetCore.Mvc.Infrastructure.ObjectResultExecutor[1]
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Describe the bug Displays "The server is not operational." when using LDAPs at 636. Works fine when using LDAP at 389. We tried biding the server by using ldp.exe in 636 SSL, it works perfectly fine.
Note: If you want to report an issue of passcorepro, please use the proper bug report form at https://store.unosquare.com/passcorepro
To Reproduce Steps to reproduce the behavior:
Expected behavior We expect that users would be able to change password using LDAPs at 636 Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here. We're using the release 4.2.0 because of the last one spamming LDAP requests.