IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Utilities: LDAP Password Set

    Posted Wed May 22, 2019 09:26 AM
    Good day,

    I have got the Utilities: LDAP Search function to work within my environment and have even added additional fields that are queried from the DC and populated into a table within Resilient

    The next step, is to enable Resilient to Reset and Toggle Passwords

    I have given my Service account the ability to do this

    However,

    When I test I receive the following error:
    FunctionException_: <Traceback (most recent call last): File "/usr/local/lib/python2.7/site-packages/fn_ldap_utilities/components/ldap_utilities_set_password.py", line 70, in _ldap_utilities_set_password_function raise ValueError("Could not change password. Check input_ldap_dn and input_ldap_new_password are valid") ValueError: Could not change password. Check input_ldap_dn and input_ldap_new_password are valid > File "/usr/local/lib/python2.7/site-packages/circuits/core/manager.py", line 856, in processTask raise value.extract()

    Attempting to change password

    Information

    Connected to Active Directory

    Information

    Function Inputs OK

    Information

    Appconfig Settings OK

    Information

    Starting ldap_utilities_set_password

    I have checked my password complexity and permissions and I am assuming that it has to do with pulling the DN from the Dictionary object that is passed from the search function - but Im not sure

    Has anyone done this before?

    Thanks
    Zaid

     


    ------------------------------
    Zaid Abrahams
    ------------------------------


  • 2.  RE: Utilities: LDAP Password Set

    Posted Thu May 23, 2019 04:17 AM
    Hi Zaid,

    This is a limitation of AD.

    When I came up against this previously the AD logs returned the following error:

    Internal event: The LDAP server returned an error.
     
    Additional Data
    Error value:
    0000001F: SvcErr: DSID-031A1248, problem 5003 (WILL_NOT_PERFORM), data 0

    You need to connect to AD using SLDAP so 636 normally.

    $ vi /home/resadmin/.resilient/app.config

    [fn_ldap_utilities]
    ldap_server=ad.example.com
    ldap_port=636
    ldap_use_ssl=True
    ldap_auth=SIMPLE
    ldap_user_dn=CN=adbind,OU=systemaccounts,DC=example,DC=com
    ldap_password=********
    ldap_is_active_directory=True
    ldap_connect_timeout=10
    # The domain setting must be set to a valid Windows domain if using NTLM authentication.
    #ldap_domain=WORKGROUP

    $ systemctl restart resilient_circuits && tail -f /home/resadmin/.resilient/app.log

    ------------------------------
    BEN WILLIAMS
    ------------------------------

    Original Message


  • 3.  RE: Utilities: LDAP Password Set

    Posted Fri May 24, 2019 04:38 AM
    Edited by Shane Curtin Fri May 24, 2019 04:39 AM
    Hi Zaid,

    I could also recommend ensuring you have the latest LDAP Utilities version v1.1.0. We updated it recently:
    https://exchange.xforce.ibmcloud.com/hub/extension/72b8204066d3b290b68bae2eeb1942cd

    We have added support to connect to your AD Server using NTLM, which helps avoid some authentication limitations/issues and note the ldap_port also. See the updated documentation for updating your App Configs:


    Also, in the pre-process script for the Set Password function you will see the logic of how to read the found DN from the Search function

    Hope this helps

    ------------------------------
    Shane Curtin
    Integrations Engineer - IBM Resilient
    ------------------------------

    Original Message