This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Editing server profile removes the credentials from server settings. Is this a defect?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Editing server profile removes the credentials from server settings. Is this a defect?

Go to solution
Param_Upadhyay
L2 Linker

‎05-16-2023 11:14 AM - edited ‎05-16-2023 11:16 AM

Hi,

 

In the LDAP server profile section, if you open an existing profile and edit any field (example even an ip address) , it automatically removes the account credentials from the server settings for all servers defined in the server profile.

Simply editing an entry like an IP address for one server should not remove credential information for the entire group.

This can cause major VPN authentication issues and potentially a major impact because the service account used by the server profile will no longer match and will lock out the AD account. 

 

version 10.2.4 - we see the same on 10.2.1 as well

 

Looking for suggestions or solutions to this defect.

 

Attaching screenshots:

->LDAP server profile

Param_Upadhyay_1-1684260564359.png

-> As soon as we edit the ip address of one of the servers - the Password field gets blanked out.

Param_Upadhyay_2-1684260697074.png

 

 

 

Thanks

Param Upadhyay

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎05-16-2023 11:22 AM

@Param_Upadhyay,

I wouldn't really call this a bug, but working as designed. While the concerns that you have are valid, anyone changing one of these values should also be required to re-verify the configuration for some of the exact reasons that you actually brought up. 

Easy enough way around this would be directly modifying the XML and then import, load, and commit the change that way if someone truly didn't know, and couldn't get, the existing password. 

View solution in original post

1 REPLY 1

Go to solution
BPry
Cyber Elite
Cyber Elite

‎05-16-2023 11:22 AM

@Param_Upadhyay,

I wouldn't really call this a bug, but working as designed. While the concerns that you have are valid, anyone changing one of these values should also be required to re-verify the configuration for some of the exact reasons that you actually brought up. 

Easy enough way around this would be directly modifying the XML and then import, load, and commit the change that way if someone truly didn't know, and couldn't get, the existing password. 

  • 1 accepted solution
  • 1028 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks