Skip to main content
Mitratech Success Center

BFDS Multi Server User Password Synchronization Instructions

In this chapter we will explain setting up of the component that provides the ability to detect a password change on one DSX server and propagate it to all others in a configured Multiple DSX Server system.

Purpose

To assist with the setting up of the component that provides the ability to detect a password change on one DSX server and propagate it to all others in a configured Multiple DSX Server system.

Requirement

BFDS have approximately ten DSX servers and hundreds of users. To simplify the key distribution problem, when a user's password changes on one server then it is to be distributed automatically to the other servers.

Solution

A plugin component (HitecLabs.DataStore.BFDS.PasswordSyncPlugin.dll) to the DataStore service will be provided. This will be manually copied into the standard plugins folder which will be specified to the service via the Management Studio Configuration>Plugin Options. This plugin will then be loaded when the service is restarted, the service's configuration file will be read and, if valid, password changes will then be made to the entire system of DSX servers. Each server's configuration file will need to hold full connection details for the DSX databases of all the servers.

After a password change is propagated to another server, the originating server will show an event:

Windows Logs: Information Event #129="Password for user "Mr Bland" successfully changed on 1 remote server(s).

Server Id=id of this server (local, not the remote).

Note that when sysadmin changes a user's password, it is considered to be a 'Reset'. If the server is configured so that UserMustChangePasswordAfterReset then the user will be asked to change their password when they login (with the temporary password provided by sysadmin) no matter which server they are on.

Configuration

The HitecLabs.DataStore.DataService.exe.config needs some additions to all of their DSX servers.

  1. In configSections:
    <section name="HitecLabs.DataStore.BFDS.PasswordSyncPlugin.Settings" type="HitecLabs.DataStore.BFDS.PasswordSyncPlugin.Settings, HitecLabs.DataStore.BFDS.PasswordSyncPlugin"/>
  2. In applicationSettings:

    As an example of a ten server test system

<HitecLabs.DataStore.BFDS.PasswordSyncPlugin.Settings passwordHistoryLength="47">

<Servers>

<Server id="D7EC5CE1-1998-4AF5-A247-CF4B78C57C46" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS1; Integrated Security=True"/>

<Server id="C7D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS2; Integrated Security=True"/>

<Server id="37D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS3; Integrated Security=True"/>

<Server id="47D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS4; Integrated Security=True"/>

<Server id="57D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS5; Integrated Security=True"/>

<Server id="67D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS6; Integrated Security=True"/>

<Server id="77D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS7; Integrated Security=True"/>

<Server id="87D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS8; Integrated Security=True"/>

<Server id="97D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDS9; Integrated Security=True"/>

<Server id="A7D4F798-F52E-469B-B17D-557BD709C427" connectionString="Data Source=CS-WS-2045-W7; Initial Catalog=DSX343_BFDSTWO; Integrated Security=True"/>

</Servers>

</HitecLabs.DataStore.BFDS.PasswordSyncPlugin.Settings>

Note: The table must be the same in all of the servers. 

Simplistically the servers will all be set to have the same values for UserMustChangePasswordAfterReset and UserMustChangePasswordAfterCreation.