Search

GlobalSCAPE Knowledge Base

Changing a User Password on AD/LDAP Sites

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT Server versions 5.2.5 - 7.4.13.15
  • In v8.x, "PasswordChg_NTADLDAP":"on" can be added to the AdvancedProperties.json file. Refer to Advanced Properties (globalscape.com) for details of using Advanced Properties.

QUESTION

Can I turn on/off the Change Password feature for AD users in the Web Transfer Client?

ANSWER

The "Forgot password" feature is not available for AD/LDAP users.

Active Directory (AD) and LDAP Site users can change their AD password through the Web Transfer Client (WTC).

See also Changing and Testing LDAP Authentication Options in EFT v7.4.13 and later, regarding LDAP over SSL. LDAP over SSL must be enabled to change your password via WTC.

If changing the password is disabled by EFT, the Change Password button is not available. When a user attempts to change the account password, errors are possible. You can customize the error messages by creating text files with the following names and saving them in the EFT installation directory \web\public\EFTClient subdirectory (e.g., C:\Program Files (x86)\Globalscape\EFT Server Enterprise\web\public\EFTClient):
  • Current password is entered incorrectly (PasswordChg_PasswordWrong.txt)
  • Network connection error (PasswordChg_NetworkProblem.txt)
  • User does not have permission by AD to change the password (PasswordChg_Permission.txt)
  • New password does not meet the AD complexity requirements (PasswordChg_PasswordComplexity.txt)
  • Current password is about to expire (PasswordChg_PwdWillExpire.txt)
If the text files identified above do not exist when an error occurs, the default text provided within EFT is presented to the user.
The location of these files can be modified by running the PasswordChg_MsgFileLocation.reg script, which is located in the EFT installation directory Client subdirectory. You must first edit the PasswordChg_MsgFileLocation.reg script to specify the new location.
The WTC change password capability can be turned on/off through the PasswordChg_NTADLDAP registry key. By default, the password change ability is "off."
  • If you have enabled the "User must change password at next logon" feature in AD, you must enable (set to "on") the string below.
  • If you have enabled the "User cannot change password" feature in AD, users will not be able to change their passwords.
In v6.2 - 7.4.13, two registry scripts are provided to enable/disable the password change feature. These registry scripts are located in the EFT installation directory \web\public\EFTClient subdirectory.
  • PasswordChg_NTADLDAP_On.reg
  • PasswordChg_NTADLDAP_Off.reg
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\GlobalSCAPE Inc.\EFT Server 4.0\EFTClient]
"PasswordChg_NTADLDAP"="on"
NOTE: This is a string, not a Dword. Use "on" (1 or true) or "off" (0 or false) only.

For the changes to take effect, after running the scripts you must restart the service.

Details
Last Modified: 2 Years Ago
Last Modified By: kmarsh
Type: HOWTO
Rated 1 star based on 15 votes.
Article has been viewed 83K times.
Options
Also In This Category
Tags