By: prerna arote user 02 Dec 2015 at 3:06 a.m. CST

3 Responses
prerna arote gravatar
Hi, I am using Active Directory as a backend server for authentication. I got all users into gluu from AD also I am able to login with their credentials. Is it possible to update those users password from gluu and that change should reflect in AD back??

By Mohib Zico staff 02 Dec 2015 at 4:17 a.m. CST

Mohib Zico gravatar
Well, there are ways to achieve that but we do not encourage to do so. Our target is to keep Gluu Server as IDP/OP ( Identity Provider or OpenID Provider ), not IDM.

By Michael Schwartz Account Admin 02 Dec 2015 at 9:39 a.m. CST

Michael Schwartz gravatar
You could do it with a custom authentication script. We're thinking of writing an example for something like this. For example, it could keep a custom user attribute called passwordData: passwordData: {'passwordExpiration':'3/31/15', 'oldPasswords': ['<hash-old-passwd>'], 'failedAttempts':0} When you see the expiration is passed, you could present a special page 2 to prompt the user to set a new password (and validate complexity, or even non-reuse of old passwords by keeping a hash of old passwords. After collection of the password in step 2, you could write to AD using LDAP. So its totally possible... given some more time we're even going to provide some example interception scripts to do this.

By prerna arote user 14 Dec 2015 at 12:06 a.m. CST

prerna arote gravatar
Thank you Mohib and Michael. You can close this ticket now.