AD - User password change template

Felipe.Maia · January 26, 2022, 8:44pm

Default senhasegura AD user password change template

# Version: 1
# Created on: 30/04/2017 11:40
# Last modify: 30/04/2017 11:40

# Protocol version
set-option LDAP_OPT_PROTOCOL_VERSION 3
set-option LDAP_OPT_REFERRALS 3

# Bind
bind "cn=[#AUTH_USER#],CN=Users,DC=senhasegura,DC=local"

# Search user entry
find "CN=Users,DC=senhasegura,DC=local" (sAMAccountName=[#USERNAME#])

# Update password
mod-replace unicodePwd "u([#NEW_PASSWORD#])"

# Add this line, to unblock account also
mod-replace userAccountControl 512

To properly use this template, change the settings defined in bind and find lines of the default template.

NOTE: Sometimes the AD server sends a TLS certificate when doing a bind, preventing the connection from occurring successfully. For older versions of senhasegura, you must edit the /etc/ldap/ldap.conf file and set the last argument TLS_REQCERT never

NOTE 2: When requesting find to be executed in the domain root, an error code may be returned in the search. Alternatively, change the parameter below and retest:

# Protocol Version
set-option LDAP_OPT_PROTOCOL_VERSION 3
set-option LDAP_OPT_REFERRALS 0

Thiago_Dantas · March 24, 2022, 7:48pm

Hello, Felipe, we are having a issue, that is a bit simmilar to this one.

Situation : we are triying to change an Domain user password, but we are using the same user to perform the Bind connection.

The User has the permission to change his own password (The Checkbox ind AD “User is unable to change his own password” is unchecked).

And we are gettind the Error in the feedback log below:

jnascimento · March 24, 2022, 8:51pm

Hi Thiago,

Seems that error that you’re facing is not the same in this article.

As you can see, the error: “50 - Insufficient access” can be verified in this error code list: https://ldapwiki.com/wiki/LDAP%20Result%20Codes

50 LDAP_INSUFFICIENT_ACCESS - Indicates that the caller does not have sufficient rights to perform the requested operation.

This error means that the requester (Credential used to perform the password change) doesn’t have sufficient permissions/rights to execute the operation. The error code returned in senhasegura logs is generated by Microsoft AD and doesn’t have relation to any senhasegura settings.

Please, check the credentials settings in the Microsoft AD and refer to Microsoft documentation to solve this issue.