N8n LDAP node - setting password for MS Active Directory user

Klop · April 18, 2024, 2:42pm

Hi there!

I’m trying to make a Flow in n8n to create users in a Microsoft Active Directory with the builtin n8n LDAP node.

I’m able to create/delete the users, change their attributes. The only thing I can’t figure out to do is to set the users password in the AD attribute unicodePwd.

I’m aware of the special format of the value of the attribute (UTF-16 encoded Unicode string containing the password surrounded by quotation marks, which has been BER-encoded as an octet string per the Object(Replica-Link) syntax).

When I try to Update/Replace the attribute with a valid value (I think…) I get the error

This is when I choose to “Ignore SSL/TLS Issues”. This is working when creating/deleting users with the LDAP node or changing values of other attributes.

When I remove the “Ignore SSL/TLS Issues” I get the error

Then I tried to use several different certificates (including root and intermediate certificates) - still the same error…

Now I don’t know what to try next and hope that someone out there has a solution for this because if I can’t change the newly created users password the whole Flow has no point.

Information on your n8n setup

n8n version: 1.36.2
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app): npm
Operating system: Windows 10

Jon · April 24, 2024, 2:56pm

Hey @Klop,

It looks like AD is returning DSID-031A126C with problem 5003 and error code 0x35 looking online it would suggest that it could be that the password does not meet your orgs password policy or that the bind user doesn’t have permission to control passwords. Password changes are also only allowed over “secure” ldap which tends to be over port 636.

I would also recommend checking event viewer on your primary DC as that may show more information on the error.

Mulen · June 6, 2024, 8:09am

Hey @Klop how are you?

Can you share an example workflow how to set the user’s password via LDAP node? I am interested too!

Klop · June 12, 2024, 7:11am

Hi @Jon

I have tried to set the password manually on the testuser with the bind user (with domain admin permissions) and that works. When I try the same in with the n8n LDAP Node - the same bind account (domain admin) and the same converted password i get the mentioned error. I can’t find any events in the event viewer on the domain controller I’m connecting to in the credentials in the LDAP Node!?!

Mulen · June 12, 2024, 7:24am

@Klop I found the solution on how to set the password with unicodePwd.

First you have to create an LDAP connection but with SSL at port 636 and the CA certificate.

The you have to encode the password.

Here is the flow i use that it works

Look at the Encode Password Node to see the logic so that you can encode the password to a valid format.

For me now it is working after many hours of searching and troubleshooting how to do it.

Klop · June 12, 2024, 7:29am

Hi @Mulen

This is the most simple workflow I have used to try to set a password for an existing user.

The plain text password is n8n#Rules!Zebra and the converted password is IgBuADgAbgAjAFIAdQBsAGUAcwAhAFoAZQBiAHIAYQAiAA==

Mulen · June 12, 2024, 7:49am

@Klop I have tried it to to set it encoded like you mentioned and it does not work. You have to convert the password with the function i mentioned and then pass the encoded password to the LDAP node and set it to unicodePwd attribute so that you can succefully set it.

Also use the native n8n LDAP node.

Klop · June 12, 2024, 6:09pm

Thank you @Mulen !! It’s working with your workflow