Forum Discussion
Is there an example of setting an Active Directory attribute from F5 iRule or Access Policy?
heading the same route here: forgotten password => logon page with userid only => AD Query => Get user email => OTP Generate => Mail => OTP Verify => Reset Password with random value and set User Must Change Password at next logon => Email new new password to user email fetched from AD (same used in OTP step). Missing Step = Reset Password with random value and set User Must Change Password at next logon
- Simon_Waters_13Jun 21, 2017Cirrostratus
I confess we gave up trying to do this with APM, we deployed a simple webserver behind the F5 which only the F5 can talk to, and sent requests from the the F5 to this webserver to perform the password reset and toggle the must change at next login field. We used the LDAP Tool Box project as a template, and adapted it to meet our needs.
It seems insane as F5 license a whole bunch of Oracle software to do precisely this kind of thing, but it didn't seem to be exposed in a sensible fashion. This seems a common use case so I'm surprised F5 haven't sorted it, but then there are a whole bunch of things APM does or doesn't do that surprise me too often. It is possible it has improved since, but I haven't seen anything obvious in 12, and the hardware we have doesn't support 13.
- JoeTheFifth_453Jun 21, 2017Nimbostratus
funny I just opened a thread describing the same web server/sideband method :-) it is here: https://devcentral.f5.com/s/feed/0D51T00006uKJtNSAW
 
you comments/code share are welcome.
 
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com