I am using ldapjs to bind my node server to my Active directory domain controller that handles end user accounts. This all works well except when it comes to changing an end user's expired account. I'm not very familiar with LDAP so any help would be appreciated.
The only way I can get it to work to change the users account is to do the following:
bind(domain system account) [Would like to be end user ideally]
modify:{
lookup user account
change:{ operation: delete, modification: unicodePwd:(encodedPassword) },
change:{ operation: add, modification: unicodePwd:(encodedPassword) } }
Using a system account feels less secure to me to do since I need to use it's credentials, but if I use the end user's credentials, the bind fails as expected with the data 532 error. Is there any ldap attributes that can be used to let a successful bind occur as an expired user so that the user can use it's account to change it's password?
via Jared Yach
No comments:
Post a Comment