ADPasswordChangeValve
Warning
This valve is blocking - this may hurt throughput and cause performance issues since other pipes won't be able to execute while this valve is waiting on a long-running operation in the same instance of the pipes module, for example due to a network request, disk access or similar. Try to limit the usage of blocking valves, try to ensure that they are fast to execute, and if needed, consider deploying multiple instances of the pipes module.
Note
Valve for modifying a users password in Microsoft Active Directory.
This valve extends LDAPPasswordChangeValve and overrides the following behaviour(s):
Password reset (i.e. NOT change with random password) is default when current password is not known (reset: "true").
AD specific attributes are reset before bind/change (pwdLastSet, lockoutTime) to enable user bind/modify operations.
Account is unlocked after reset if configured (unlock: "true").
Attribute unicodePwd is default password attribute name.
The new password will be formatted as an AD password - a binary UTF-16 LE string (little-endian byte order) enclosed in double quotes (“).
Valve operates on all items in current item set.
When doing a password change, the property pwdLastSet have to exist on the item if the old password is expired.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| connection_ref | Id of user store connection. | Yes | No | |
| value | The new password. | Yes | Yes | |
| password_attr_name | Name of password attribute. | unicodePwd | No | |
| current_password_param_name | Name of parameter containing the current password. If this is configured the valve will bind with the current password instead of a random password before setting the new password. | No | Yes | |
| unlock | Flag controlling if locked account should be unlocked during password change process. | false | No |
Example Configuration
{
"name": "ADPasswordChangeValve",
"config": {
"connection_ref": "d5c9fd4f-0e51-43d4-b1c5-b3e34b6edd4b",
"value": "{{item.new_password}}",
"unlock": "true"
}
}