We use Office 365 with directory synchronization from an on-prem AD server to the Azure directory. Users whose accounts are synchronized to the cloud cannot change their password in the cloud – only locally in the domain. This has been a problem for Mac users.
For self-service password reset of our Mac users in an Active Directory domain, I deployed the PWM Project on a Turnkey Debian VM. This has been working well, until I recently noticed these errors upon logging into the portal:
5051 ERROR_DB_UNAVAILABLE (unable to initialize database: exception initializing database service:
5051 ERROR_DB_UNAVAILABLE (error connecting to database: java.sql.SQLException: The server time zone value 'EDT' is unrecognized or represents more than one time zone. You must configure either the server or JDBC driver (via the serverTimezone configuration property) to use a more specifc time zone value if you want to utilize time zone support., cause:com.mysql.cj.exceptions.InvalidConnectionAttributeException: The server time zone value 'EDT' is unrecognized or represents more than one time zone. You must configure either the server or JDBC driver (via the serverTimezone configuration property) to use a more specifc time zone value if you want to utilize time zone support.)))
It turns out that this is a bug in the MySQL JDBC driver. I installed version 8.0.13 (mysql-connector-java-8.0.13.jar). I found some suggestions in a Stackoverflow post, but how to fix it in this WAR file distribution package, without rebuilding it from source code?
Here is how. When the application is deployed on a Tomcat server,
you will find the file PwmConfiguration.xml in the folder /home/tomcat8/pwm-data. Open this file in your favorite editor and find the section that contains the text: setting key=”db.url”. Change it by adding the timezone parameters to the connection string:
<setting key="db.url" syntax="STRING" syntaxVersion="0" modifyTime="2018-12-03T04:05:42Z">^M
<label>Database Connection String</label>^M
<value><![CDATA[jdbc:mysql://localhost/pwm?&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC]]></value>^M
</setting>
This took care of the error, and after restarting Tomcat, I was able to log in and change my password again.