Forum Discussion
Simon_Waters_13
Cirrostratus
CirrostratusIs there an example of setting an Active Directory attribute from F5 iRule or Access Policy?
I want to set the password to be changed for an Active Directory account which I have fetched via a query.
The documentation for AD seems suitably dense and unreadable, but I'm fairly sure it'll...
JoeTheFifth
Altostratus
Altostratusheading the same route here: forgotten password => logon page with userid only => AD Query => Get user email => OTP Generate => Mail => OTP Verify => Reset Password with random value and set User Must Change Password at next logon => Email new new password to user email fetched from AD (same used in OTP step). Missing Step = Reset Password with random value and set User Must Change Password at next logon
Simon_Waters_13Cirrostratus
CirrostratusI confess we gave up trying to do this with APM, we deployed a simple webserver behind the F5 which only the F5 can talk to, and sent requests from the the F5 to this webserver to perform the password reset and toggle the must change at next login field. We used the LDAP Tool Box project as a template, and adapted it to meet our needs.
It seems insane as F5 license a whole bunch of Oracle software to do precisely this kind of thing, but it didn't seem to be exposed in a sensible fashion. This seems a common use case so I'm surprised F5 haven't sorted it, but then there are a whole bunch of things APM does or doesn't do that surprise me too often. It is possible it has improved since, but I haven't seen anything obvious in 12, and the hardware we have doesn't support 13.