JoeTheFifth
Jun 21, 2017Altostratus
Reset forgotten user password iRule = Sideband
Hi Guys,
Just discovered the sideband technique. I'm looking into crafting an irule to reset a user password in Active directory. I'm using APM to get the user loginname. BigIP LTM 11.5.4. Here is the workflow of the APM policy:
- Detect the url is a passwordreset url through the landinguri variable (via an irule event)
- Present the user with a loginpage to enter his username
- Do an AD query to get the attributes (email)
- Generate an OTP5. Send an email with the OTP
- present the user with a loginpage to enter the OTP
- Verify the TOP
- Reset the user password in AD with an iRule
- Set the attribute "User must change password at next logon"
- Send the new password to the user's email (fetched in step 3)
- Present the user with a loginpage to enter his user name and password
- Authenticate vai AD Auth13. Do an SSO Mapping to get a kerb ticket
- Let the user in if everything is ok
And the missing steps are:
- Reset the user password in AD with an iRule
- Set the attribute "User must change password at next logon"
Thanks for your help.