Older version3.2 ValvesLDAPLDAPPasswordChangeValve

LDAPPasswordChangeValve

Valve for changing a users password in an LDAP Directory.

Valve operates on all items in current item set.

Properties

Name Description Default value Mandatory Supports property expansion
connection_ref Id of LDAP connection to use. Must refer to a connection of type 'LDAP' Yes No
value The password to set Yes Yes
password_attr_name Name of password attribute userPassword No No
rebind Flag controlling if the current LDAP connection should be rebound (as user) or if a new connection should be used to change the password true No No
replace Flag controlling if password change should use single modify operation or separate delete and add. true No No
current_password_param_name Name of parameter containing the current password. If this is configured the valve will bind with the current password instead of a random password before setting the new password. No No
temp_password_prefix Prefix of temporary random password used for password reset (when current password is not known). This property can be used to force compliance with directory password policies. Random_ No No
temp_password_maxlen Length of temporary random password 16 No No

Example Configuration (bare minimum) 

{
        "name": "LDAPPasswordChangeValve",
        "config": { 
              "connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
              "value":"{{request.password}}"
        }
}

Example configuration (full) 

{
        "name": "LDAPPasswordChangeValve",
        "config": { 
              "connection_ref":"b0f2ddff-9585-47c5-9286-2bee2b731197",
              "value":"{{request.new_password}}",
              "current_password_param_name":"{{request.old_password}}",
              "password_attr_name":"customPassword",
              "rebind":"false",
              "replace":"false", 
              "temp_password_prefix":"pwdPolicyC0mpat!bl3_", 
              "temp_password_maxlen":"32" 
        }
}

Requirements