Open n3rada opened 2 months ago
@n3rada did you try with LDAPS as suggested ? Most tools will attempt a first connection through LDAPS and thus succeed. But you used an LDAP connection and I would not be surprised that the server requires password changes to be performed over a secured channel.
Maybe we could default to LDAPS (which we don't at the time) but here you specifically requested LDAP.
I tried LDAPS and it didn't work either. Have you checked the mentioned code block of bloodyAD
that works?
I could but what I would be missing is the configuration of the Active Directory you were working against. I'd like to implement a change but I need to test it against something.
Unfortunately, I didn't control this Active Directory domain. It was a challenge. 🥲
The only thing I know for sure is that it worked with bloodyAD
. To test, you can try to set the ForceChangePassword
right on a user (ExtendedRight
on User-Force-Change-Password
object type).
I'm experiencing an issue with the
ldeep
tool when attempting to change user passwords, which works flawlessly withbloodyAD
. Below are the details of the commands used and the error encountered.It failed:
Whereas with
bloodyAD
it is totally fine:Considering the success of the password change using bloodyAD, perhaps ldeep could benefit from integrating a similar method for password modifications. The relevant method in bloodyAD can be found here.