Default senhasegura AD user password change template
# Version: 1
# Created on: 30/04/2017 11:40
# Last modify: 30/04/2017 11:40
# Protocol version
set-option LDAP_OPT_PROTOCOL_VERSION 3
set-option LDAP_OPT_REFERRALS 3
# Bind
bind "cn=[#AUTH_USER#],CN=Users,DC=senhasegura,DC=local"
# Search user entry
find "CN=Users,DC=senhasegura,DC=local" (sAMAccountName=[#USERNAME#])
# Update password
mod-replace unicodePwd "u([#NEW_PASSWORD#])"
# Add this line, to unblock account also
mod-replace userAccountControl 512
To properly use this template, change the settings defined in bind and find lines of the default template.
NOTE: Sometimes the AD server sends a TLS certificate when doing a bind, preventing the connection from occurring successfully. For older versions of senhasegura, you must edit the /etc/ldap/ldap.conf file and set the last argument TLS_REQCERT never
NOTE 2: When requesting find to be executed in the domain root, an error code may be returned in the search. Alternatively, change the parameter below and retest:
# Protocol Version
set-option LDAP_OPT_PROTOCOL_VERSION 3
set-option LDAP_OPT_REFERRALS 0
50 LDAP_INSUFFICIENT_ACCESS - Indicates that the caller does not have sufficient rights to perform the requested operation.
This error means that the requester (Credential used to perform the password change) doesn’t have sufficient permissions/rights to execute the operation. The error code returned in senhasegura logs is generated by Microsoft AD and doesn’t have relation to any senhasegura settings.
Please, check the credentials settings in the Microsoft AD and refer to Microsoft documentation to solve this issue.