cancel
Showing results for 
Search instead for 
Did you mean: 

iRules LX for APM password reset

Dan_E
Altostratus
Altostratus

We are attempting to use APM as a Self-Service Password Reset resolution.

I can modify Active Directory attributes than to this article https://devcentral.f5.com/s/articles/apm-cookbook-modify-ldap-attribute-values-using-iruleslx-21850 , however, has anyone used iRules LX to reset a password.

I'll validate the user first with other methods but want to reset a forgotten password rather than the APM built-in Kerberos API reset with the current password to update to a new one.

 

Thanks

1 REPLY 1

JacobAx
Nimbostratus
Nimbostratus

Hi, If this question is still relevant I have an incomplete code, but the password reset works, this should get you started in your devolpment.

If you are intrested i'll can get back at you and post the final product once done!

 

Please note that this is currently in development and validation should occur in irule before sending data to the workspace

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; var f5 = require('f5-nodejs'); var ldap = require('ldapjs');     const bind_url = 'ldaps url'; const bind_dn = 'enter DN'; const bind_pw = 'enter password here';     var ilx = new f5.ILXServer(); ilx.listen();   function ldap_unbind(client){ client.unbind(function(err) { if (err) { console.log('Error Unbinding.'); } }); }       ilx.addMethod('ldap_pwreset', function(ldap_pwreset, response) { var newPassword = ldap_pwreset.params()[0]; var DN = ldap_pwreset.params()[1]; this.ldapClient = ldap.createClient({ url: bind_url, tlsOptions: { 'rejectUnauthorized': false }, reconnect: { initialDelay: 100, maxDelay: 1000, failAfter: 10 } });   const ldap_client = this.ldapClient; // do a rebind when reconnect this.ldapClient.on('connect', function () { ldap_client.bind(bind_dn, bind_pw, err => { if (err) { console.log('error while ldap binding' + err); } }); ldap_client.bind(bind_dn, bind_pw, function(err) { if (err) { console.log(err) } }); function encodePassword(password) { return new Buffer('"' + password + '"', 'utf16le').toString(); } const change = new ldap.Change({ operation: 'replace', modification: { unicodePwd: encodePassword(newPassword) }, });   ldap_client.modify(DN, change, function(err) { if (err) { ldap_unbind(ldap_client); response.reply(err); }else{ ldap_unbind(ldap_client); response.reply('success'); } });             });   });