(Long story short.)  I'm moving a complex solution from a local network to a hosted service.  The solution uses (and needs to use) external authentication. In order to divorce the solution from the local network completely, we will no longer be using our active directory on the local network.  Setting up security groups and users on the hosted server and configuring FM server to authenticate against it was very easy.  Only one problem remains, How can users change their passwords? 

This isn't really a Filemaker question as the question becomes, how can you let a user change their password on windows servers if they do not have desktop access(on the server)?

I have done a couple of google searches and found enough to know I could write some sort of custom solution (or likely adapt one that is already out there) but before going down that rabbit hole.... I thought I would ask the helpful people here.

Simple answer?  They can't, at least not natively.  If you're not going to use FileMaker's built-in authentication then you're going to have to craft your own interface with whatever external authentication you're using.

Edited August 14, 201510 yr by James Gill

Are your users logging into their workstations on the domain? If yes, they can change their password through the workstation. If not, you need a webpage to work using LDAP ( I believe ), to change the password.

FileMaker is completely separated from the the user management, other than asking if a user is allow to access the file.

Edited August 15, 201510 yr by Josh Ormond

Simple answer?  They can't, at least not natively. 

Kinda depends on what you mean by natively.

As in "from FM" -> then no

As in "through the OS" -> then yes.  Windows has the scripting hooks to let the user change their pw.  But it requires a good knowledge of those APIs and OS-level scripting proficiency.

Thank you all for your responses. I knew when I asked this question that this was beyond the scope of Filemaker. (Needs to be a web based/OS solution.)  

As I said in my original post, I've done some searches on the issue.  I even found a 90% solution but it failed to encrypt the passwords that was sent. (:face-palm:)

I would think the best solution would be to use php(compiled with LDAP). I was hoping that this was a common enough issue(in an FM Server environment) that someone here might of written or know of a solid solution to this problem.

At the moment, my solution will be that users can NOT change their own passwords.  Not a great solution but it works.

I will likely look into this more in the future and if I come up with or find a solid solution, I will share and would welcome you all to do the same.

Thank you again,

Allen

 

No, not very common.  Typically if you want/need to use EA it means the FMS box is on-premise.  Or some other form of federated authentication is in use already that FMS can piggy-back on (trusted domains perhaps,...)