Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ADSI RESETANDCHANGEPASSWRDJSON Change Reset Password Functionality

Go to solution
ReshamDas
Regular Contributor
Regular Contributor

‎09/09/2024 11:45 AM

Hi,

We understand that the AD connector on Saviynt has RESETANDCHANGEPASSWRDJSON parameter, where specific logic can be implemented for the two distinct cases of Change Password (when user changes own AD account password) and Reset Password (when someone else changes user's AD account password) from Saviynt UI, which can be defined within CHANGE and RESET blocks respectively, like in this example:-

{
"RESET": {
"pwdLastSet": "0" ,
"title": "password reset",
"password": "${password}"
},
"CHANGE": {
"pwdLastSet": "-1",
"title": "password changed",
"password": "${password}"
}
}

However, the sample code in the ADSI documentation here does not give example of if this segregation between Change Password and Reset Password can be performed in ADSI connector.

We tried with below code but it threw error:-

{
"RESET": {
"objects": [
{
"objectClasses": [
"user"
],
"password": "${password}",
"distinguishedName": "${account.customproperty25}",
"attributes": {
"pwdLastSet": "0"
}
}
]
},
"CHANGE": {
"objects": [
{
"objectClasses": [
"user"
],
"password": "${password}",
"distinguishedName": "${account.customproperty25}",
"attributes": {
"pwdLastSet": "-1"
}
}
]
}
}

Error message: Error in change password: { "status": "Failure", "message": "'objectClasses' and 'distinguishedName' are mandatory attributes."

Hence, kindly suggest if this can be implemented in the ADSI RESETANDCHANGEPASSWRDJSON by any means.

0 Kudos
4 REPLIES 4

Go to solution
stalluri
Valued Contributor II
Valued Contributor II

‎09/09/2024 01:28 PM

@ReshamDas 

{
    "RESET": {
        "objects": [
            {
                "objectClasses": [
                    "user"
                ],
                "password": "${password}",
                "distinguishedName": "${account.customproperty25?.replace('\\', '\\\\')?.replace('/', '\\/')}",
                "attributes": {
                    "pwdLastSet": "0"
                }
            }
        ]
    },
    "CHANGE": {
        "objects": [
            {
                "objectClasses": [
                    "user"
                ],
                "password": "${password}",
                "distinguishedName": "${account.customproperty25?.replace('\\', '\\\\')?.replace('/', '\\/')}",
                "attributes": {
                    "pwdLastSet": "-1"
                }
            }
        ]
    }
}

Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
ReshamDas
Regular Contributor
Regular Contributor
In response to stalluri

‎09/10/2024 12:24 AM

@stalluri I see you added the replace functions to the CP25 attribute for replacing \ and / characters. But, this too returned same error message: Error in change password: { "status": "Failure", "message": "'objectClasses' and 'distinguishedName' are mandatory attributes."

0 Kudos

Go to solution
ReshamDas
Regular Contributor
Regular Contributor

‎09/10/2024 04:56 AM

I figured out the below code for ADSI to handle the Change Password (self-initiated) and Reset Password (admin-initiated) scenarios differently, using Java if-else:-

{
"objects": [
{
"objectClasses": [
"user"
],
"password": "${password}",
"distinguishedName": "${account.customproperty25}",
"attributes": {
"pwdLastSet": 
"${if(arstasksObj?.source.equals('changeOwnPasswordFromUI') || arstasksObj?.source.equals('forgotPassword') || ('dll_by_user').equalsIgnoreCase(arstasksObj?.source)){return -1}else{return 0}}"
}
}
]
}

I was able to test my scenarios successfully with above code. Kindly review this snippet and let me know if this has all, or if any improvements required.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to ReshamDas

‎09/10/2024 05:41 AM 

{
  "objects": [
    {
      "objectClasses": [
        "user"
      ],
      "password": "${password}",
      "distinguishedName": "${accountsObj?.customproperty25}",
      "attributes": {
        "pwdLastSet": "${if(arstasksObj?.source.equalsIgnoreCase('changeOwnPasswordFromUI') || arstasksObj?.source.equalsIgnoreCase('forgotPassword') || ('dll_by_user').equalsIgnoreCase(arstasksObj?.source)){return -1}else{return 0}}"
      }
    }
  ]
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC