Question
· Mar 20, 2019

Controlling LDAP authentication

Hello everyone,

 

i am in process of changing our authentication method, so we can integrate our AD authentication in our programs. At the moment i am using they %SYS.LDAP object, and trying to use the .Bind() method with the user information to authenticate. This seems to work without issues, but here the problems start.

When i flag a user 'Change password on next logon' in our Active Directory, the Bind fails with a status error: "Invalid Credentials". To make sure the user who logged in is in fact the user to change the password. I still need to check if this user entered the correct current login information.

Checking the fields 'badPwdCount' or 'badPasswordTime' does not help since they are not filled after a failed .Bind() it seems.

Anyone has experience with this issue and knows how to work around the change password issue?

Thank you guys in advance!

 

Thomas

Discussion (1)1
Log in or sign up to continue