BFDS Multi Server User Password Synchronization Instructions
Purpose
To assist with the setting up of the component that provides the ability to detect a password change on one DSX server and propagate it to all others in a configured Multiple DSX Server system.
Requirement
BFDS have approximately ten DSX servers and hundreds of users. To simplify the key distribution problem, when a user's password changes on one server then it is to be distributed automatically to the other servers.
Solution
A plugin component (HitecLabs.DataStore.BFDS.PasswordSyncPlugin.dll) to the DataStore service will be provided. This will be manually copied into the standard plugins folder which will be specified to the service via the Management Studio Configuration>Plugin Options. This plugin will then be loaded when the service is restarted, the service's configuration file will be read and, if valid, password changes will then be made to the entire system of DSX servers. Each server's configuration file will need to hold full connection details for the DSX databases of all the servers.
After a password change is propagated to another server, the originating server will show an event:
Windows Logs: Information Event #129="Password for user "Mr Bland" successfully changed on 1 remote server(s).
Server Id=id of this server (local, not the remote).
Note that when sysadmin changes a user's password, it is considered to be a 'Reset'. If the server is configured so that UserMustChangePasswordAfterReset then the user will be asked to change their password when they login (with the temporary password provided by sysadmin) no matter which server they are on.
Configuration
The HitecLabs.DataStore.DataService.exe.config needs some additions to all of their DSX servers.
- In configSections:
<section name="HitecLabs.DataStore.BFDS.PasswordSyncPlugin.Settings" type="HitecLabs.DataStore.BFDS.PasswordSyncPlugin.Settings, HitecLabs.DataStore.BFDS.PasswordSyncPlugin"/>
- In applicationSettings:
As an example of a ten server test system
<HitecLabs.DataStore.BFDS.PasswordSyncPlugin.Settings passwordHistoryLength="47">
<Servers>
<Server id="D7EC5CE1-1998-4AF5-A247-CF4B78C57C46" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS1; Integrated Security=True"/>
<Server id="C7D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS2; Integrated Security=True"/>
<Server id="37D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS3; Integrated Security=True"/>
<Server id="47D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS4; Integrated Security=True"/>
<Server id="57D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS5; Integrated Security=True"/>
<Server id="67D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS6; Integrated Security=True"/>
<Server id="77D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS7; Integrated Security=True"/>
<Server id="87D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS8; Integrated Security=True"/>
<Server id="97D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS9; Integrated Security=True"/>
<Server id="A7D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDSTWO; Integrated Security=True"/>
</Servers>
</HitecLabs.DataStore.BFDS.PasswordSyncPlugin.Settings>
Note: The table must be the same in all of the servers.
Simplistically the servers will all be set to have the same values for UserMustChangePasswordAfterReset and UserMustChangePasswordAfterCreation.