Forum Discussion

Gilberto_383328's avatar
Gilberto_383328
Icon for Nimbostratus rankNimbostratus
Mar 06, 2019

Change password fo the users using APM in LDAP servers

Hi:   I am configuring an authentication policy in my F5 using APM. I wanna know if I can change the user's password using the policy when I use an LDAP server. I have found that I can change user...
application delivery
BIG-IP Access Policy Manager (APM)
  • AMiles_377865's avatar
    AMiles_377865
    Mar 06, 2019

    Hi Gilberto,

     

    The short answer is no.

     

    As long as you have the "change password" option enabled on the logon page, the end user can see the option to change their password. But if you are using an LDAP server instead of an AD server, the prompt to change the password won't actually be given to the user.

     

    I tested this in a lab environment, where I used the same exact actual server but created two different entries in APM: one as an LDAP server, and one as an AD server. Either way, the logon page presented the checkbox. But only if I was using an AD server would the checkbox actually take me to a reset password page.

     

    This thread on devcentral explains the configuration in decent detail. Of course, the use-case for this was fairly limited in the first place, not really allowing for support of users who forgot their passwords to change it. There's been a couple of requests for greater support but I haven't seen a response or any other documentation for it.

     

    Best of luck,

     

    Austin

     

AMiles_377865's avatar
AMiles_377865
Icon for Cirrocumulus rankCirrocumulus

Hi Gilberto,

 

The short answer is no.

 

As long as you have the "change password" option enabled on the logon page, the end user can see the option to change their password. But if you are using an LDAP server instead of an AD server, the prompt to change the password won't actually be given to the user.

 

I tested this in a lab environment, where I used the same exact actual server but created two different entries in APM: one as an LDAP server, and one as an AD server. Either way, the logon page presented the checkbox. But only if I was using an AD server would the checkbox actually take me to a reset password page.

 

This thread on devcentral explains the configuration in decent detail. Of course, the use-case for this was fairly limited in the first place, not really allowing for support of users who forgot their passwords to change it. There's been a couple of requests for greater support but I haven't seen a response or any other documentation for it.

 

Best of luck,

 

Austin

 

Gilberto_383328's avatar
Gilberto_383328
Icon for Nimbostratus rankNimbostratus
Mar 07, 2019

Thank you so much for your answer. Can I do something in the F5 like an iRule to solve this problem? or We need to use an AD.