Controlling LDAP authentication
Hello everyone,
i am in process of changing our authentication method, so we can integrate our AD authentication in our programs. At the moment i am using they %SYS.LDAP object, and trying to use the .Bind() method with the user information to authenticate. This seems to work without issues, but here the problems start.
When i flag a user 'Change password on next logon' in our Active Directory, the Bind fails with a status error: "Invalid Credentials". To make sure the user who logged in is in fact the user to change the password. I still need to check if this user entered the correct current login information.
Checking the fields 'badPwdCount' or 'badPasswordTime' does not help since they are not filled after a failed .Bind() it seems.
Anyone has experience with this issue and knows how to work around the change password issue?
Thank you guys in advance!
Thomas
Take a look at the LDAP.MAC routine in the SAMPLES database. Look at Example 5 which shows how to change a password in Active directory using LDAP.