Changing Password via IceWarp WebClient

Users can change their passwords via WebClient. Click the avatar in the right-hand top corner ⚙Options > Accounts > Change Password). Since release of IceWarp Server version 10.3.0, the action can be performed although passwords could be stored on an Active Directory server only. Support for generic LDAP servers has been added since version 11.2.0. IceWarp Server sends password value in userPassword attribute and in plain variant only. Therefore despite secure connection (LDAPS) is not usually required by generic LDAP.  It is a good practice to have it enabled to protect passwords from attacks as well as restricting access to LDAP server itself as passwords can be easily retrieved from there too.

The way how passwords are sent to directory server is determined from value set in LDAP server type drop-down list.

For password changes, add directory service must be setup to work properly.

For password changes, ActiveDirectory requires SSL secured connection (ldaps://) by default.

Possible use case scenarios are:

  1. IceWarp Server on Windows with c_accounts_global_ldap_usewindowsdll set to false - deprecated option.

  2. IceWarp Server on Windows with c_accounts_global_ldap_usewindowsdll set to true - recommended option for all builds, the only option for 64-bit builds.

  3. IceWarp Server on Linux with c_accounts_global_ldap_usewindowsdll set to false - the only option.

To allow password update to work for the use cases # 1 and 3, follow these steps:

  1. Establish secure connection as described in the previous chapter (Secure Connection/OpenLDAP library).

  2. Set the secured connection to AD server using the following syntax: ldaps://{your_AD_FQDN}:636,

    where {your_AD_FQDN} is a placeholder for FQDN (must be resolvable on IceWarp Server side) or IP of AD server, 636 (sometimes 3269) - is the default port for secured LDAP communication - may differ on your system.

To allow password update to work for the use case # 2, follow these steps:

  1. Establish secure connection as described in the previous chapter (Secure Connection/OpenLDAP library).

  2. Configure Hostname in Directory synchronization to match AD certificate property cn (common name).

Note: For those who wants to set up the login text box for the user, do not forget that directory service have to be synced with Active Directory. Add directory service must be setup for change password to work.