Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

iRules LX for APM password reset

Dan_E
Altostratus
Altostratus

‎23-Feb-2021 17:18

We are attempting to use APM as a Self-Service Password Reset resolution.

I can modify Active Directory attributes than to this article https://devcentral.f5.com/s/articles/apm-cookbook-modify-ldap-attribute-values-using-iruleslx-21850 , however, has anyone used iRules LX to reset a password.

I'll validate the user first with other methods but want to reset a forgotten password rather than the APM built-in Kerberos API reset with the current password to update to a new one.

 

Thanks

Labels:
1 REPLY 1

JacobAx
Nimbostratus
Nimbostratus

‎02-Nov-2021 02:05 - last edited on ‎21-Nov-2022 15:44 by Fog

Hi, If this question is still relevant I have an incomplete code, but the password reset works, this should get you started in your devolpment.

If you are intrested i'll can get back at you and post the final product once done!

 

Please note that this is currently in development and validation should occur in irule before sending data to the workspace

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
var f5 = require('f5-nodejs');
var ldap = require('ldapjs');
 
 
const bind_url = 'ldaps url';
const bind_dn = 'enter DN';
const bind_pw = 'enter password here';  
 
 
var ilx = new f5.ILXServer(); 
ilx.listen();
 
function ldap_unbind(client){
    client.unbind(function(err) {
        if (err) {
           console.log('Error Unbinding.');
        } 
    });
}
 
 
 
ilx.addMethod('ldap_pwreset', function(ldap_pwreset, response) {
    var newPassword = ldap_pwreset.params()[0];
    var DN = ldap_pwreset.params()[1];
    
     this.ldapClient = ldap.createClient({
        url: bind_url,
        tlsOptions: { 'rejectUnauthorized': false },
        reconnect: {
            initialDelay: 100,
            maxDelay: 1000,
            failAfter: 10
        }
    });
 
    const ldap_client = this.ldapClient;
    // do a rebind when reconnect
    this.ldapClient.on('connect', function () {
        ldap_client.bind(bind_dn, bind_pw, err => {
            if (err) {
                console.log('error while ldap binding' + err);
            }
        });
        
 ldap_client.bind(bind_dn, bind_pw, function(err) { 
        
       if (err) {
            console.log(err)
        }
    });
    function encodePassword(password) {
    return new Buffer('"' + password + '"', 'utf16le').toString();
}
    const change = new ldap.Change({
      operation: 'replace',
      modification: { unicodePwd: encodePassword(newPassword) },
    });
 
    ldap_client.modify(DN, change, function(err) {
      if (err) {
          ldap_unbind(ldap_client);
        response.reply(err);
      }else{
        ldap_unbind(ldap_client);
       response.reply('success');
      }
    });
 
 
 
 
 
 
   });   
    
    
    
 
    });

 

0 Kudos
Copyright © 2023 Khoros, LLC