SFTP Gateway Support

3.0

Password Reset Issue

Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.

Overview

With SFTP Gateway 2.001.2 and prior, there is an issue with resetting passwords for SFTP users.

When you update the password for one SFTP user, it breaks the password functionality for other SFTP users.

Note: This issue has been resolved in version 2.001.03.

What is causing the issue

SFTP Gateway lets you turn on password authentication on a per-user basis. Behind the scenes, these SFTP users (with passwords enabled) are added to a special group in LDAP called passwordenabled.

If you add a bunch of users (user1, user2, user3), each of these users gets added to the passwordenabled group.

However, the moment you update the password (say, for user1), all the other users are kicked out of the passwordenabled group. This is because of a bug in our code that sets the group membership to a single user (overwriting the existing array).

Create a bash script

In the meantime, there is a script that you can run.

First, create the script:

sudo su
touch /usr/local/bin/refresh-password-enabled-group.sh

Second, make this script executable:

chmod +x /usr/local/bin/refresh-password-enabled-group.sh

Third, set the contents of this script to the following code:

#!/bin/bash
 
ldappassword=$(sudo grep ldap.password /opt/sftpgw/application.properties | cut -d"=" -f2)
SFTP_USERS=$(sftpgw.sh get-users --query 'users[].username' --output text)
 
for SFTP_USER in $SFTP_USERS; do
ldapmodify -D "cn=admin" -w ${ldappassword} <<HERE
dn: cn=passwordenabled,ou=Groups,dc=sftpgateway,dc=com
changetype: modify
add: memberUid
memberUid: ${SFTP_USER}
HERE
done

This is what the script is doing:

  1. The LDAP password in application.properties is assigned to a variable
  2. You get all the SFTP users, and assign them to an array
  3. For each SFTP user, you add the property memberUid: <username> to the passwordenabled group

Running the script

Finally, run the script:

/usr/local/bin/refresh-password-enabled-group.sh

To test whether it's working, run the following commands:

ldappassword=$(sudo grep ldap.password /opt/sftpgw/application.properties | cut -d"=" -f2)
ldapsearch -D cn=admin -w ${ldappassword} -b cn=passwordenabled,ou=Groups,dc=sftpgateway,dc=com

If all is well, you should see a memberUid entry for each of your SFTP users:

# passwordenabled, Groups, sftpgateway.com
dn: cn=passwordenabled,ou=Groups,dc=sftpgateway,dc=com
memberUid: user1
memberUid: user2
memberUid: user3
SFTP Gateway 2.0 Update ProcessSFTP Gateway Managing Disk Space