How do I change a user's password via LDAP integration with active directory?

oscar morelli · ‎03-24-2023

Hi,

searching via GlideLDAP works fine.

Now I would like to reset the password for this user, how can I do it?

var gr = new GlideRecord('ldap_server_config');

var ldap_id = '1ae0a9d020b9a5100eed0c8b78e8cdd7';
gr.get(ldap_id);
var ldap = new GlideLDAP();
ldap.setConfigID(ldap_id);
var env = ldap.setup();

if (env == null) {
gs.addErrorMessage("Environment not set, missing server URL");
}
var ldapConnectionTester = new GlideLDAPTestConnectionProcessor(ldap_id, null);

try {
var connessione = ldapConnectionTester.testConnection();
gs.print('connessione instaurata: ' + connessione);

var query = '(sAMAccountName=testuser1)';

var result= ldap.getMatching('', query, true, 1);

if(!JSUtil.nil(result)){
while(test = result.next()){
var strResult = test.toString();
var mail = strResult.split('mail=')[1];
mail = mail.split(',')[0];

var dn = strResult.split('dn=')[1];
dn = dn.split(',')[0];

gs.print(mail);
gs.print(dn);

var ldapUserUpdate = new GlideLDAPUserUpdate();
ldapUserUpdate.setDN(dn);
ldapUserUpdate.setAttribute('password', 'newpassword'); // Imposta il nuovo cognome dell'utente
ldap.update(ldapUserUpdate);
}
}

}catch(e) {

gs.addErrorMessage(e.getMessage());
}

Ratnakar7 · ‎03-25-2023

Hi @oscar morelli ,

Here's an updated code:

var gr = new GlideRecord('ldap_server_config');
var ldap_id = '1ae0a9d020b9a5100eed0c8b78e8cdd7';
gr.get(ldap_id);
var ldap = new GlideLDAP();
ldap.setConfigID(ldap_id);
var env = ldap.setup();

if (env == null) {
    gs.addErrorMessage("Environment not set, missing server URL");
}

var ldapConnectionTester = new GlideLDAPTestConnectionProcessor(ldap_id, null);

try {
    var connessione = ldapConnectionTester.testConnection();
    gs.print('connessione instaurata: ' + connessione);

    var query = '(sAMAccountName=testuser1)';
    var result= ldap.getMatching('', query, true, 1);

    if(!JSUtil.nil(result)){
        while(test = result.next()){
            var strResult = test.toString();
            var mail = strResult.split('mail=')[1];
            mail = mail.split(',')[0];
            var dn = strResult.split('dn=')[1];
            dn = dn.split(',')[0];
            gs.print(mail);
            gs.print(dn);

            // Create a new instance of GlideLDAPUserUpdate
            var ldapUserUpdate = new GlideLDAPUserUpdate();
            // Set the DN of the user to update
            ldapUserUpdate.setDN(dn);
            // Set the new password for the user
            ldapUserUpdate.setAttribute('unicodePwd', '"newpassword"');
            // Call the update() method to perform the update
            ldap.update(ldapUserUpdate);
        }
    }
} catch(e) {
    gs.addErrorMessage(e.getMessage());
}

Note that for Active Directory, the unicodePwd attribute must be set to the new password enclosed in double quotes. Also, make sure that the LDAP user used for this operation has the appropriate permissions to reset passwords in Active Directory.

If my response helps you to resolve the issue close the question by ✅Accepting solution and hit 👍thumb icon. From Correct answers others will get benefited in future.

Thanks,

Ratnakar

oscar morelli · ‎03-27-2023

Hi, thanks for the reply.

I tried to use the code you shared but it doesn't reset the password.
I'm using a user that has the permission to reset the password, do you have another solution?

Ratnakar7 · ‎03-27-2023

Hi @oscar morelli ,

If the code I shared didn't work for you, there could be a few reasons why the password reset is not successful. Here are some things you can check:

Make sure the LDAP connection is set up correctly and the user account you are using has the necessary permissions to reset passwords.
Verify that the user's distinguished name (DN) is correct and that you are targeting the correct user account.
Check the LDAP server logs to see if there are any errors or issues reported when attempting to reset the password.
Try setting a new password for the user manually in the Active Directory management console or via another LDAP client to see if there are any issues with the user account or the LDAP integration.

Here is an alternative code snippet you can try to reset the password for a user using LDAP integration:

var userName = 'testuser1';
var newPassword = 'newpassword';
var ldap = new GlideLDAP();
var ldapConfig = new GlideRecord('ldap_server_config');
ldapConfig.addQuery('name', 'myldapserver'); // replace with your LDAP server name
ldapConfig.query();
if (ldapConfig.next()) {
   ldap.setConfigID(ldapConfig.sys_id);
   var user = ldap.getUser(userName);
   user.setAttribute('unicodePwd', newPassword);
   ldap.update(user);
}

Thank you!

Ratnakar

oscar morelli · ‎03-27-2023

Hi @Ratnakar7,

I confirm that the connection is established correctly.
I extracted the DN from the browse on the LDAP server, and I checked it on the active directory, so it's correct.
The code doesn't give me any errors.

The following variable gives me undefined:

var user = ldap.getUser(userName);

Do you have any other suggestions?

Because I'm getting the doubt that through LDAP it is not possible to change information on the active directory.