Password Self Service with LDAPPasswordChangeValve


When configuring PSS through the guide, the valves and settings in the "Password reset pipe" will be for Active Directory.
This document describes how to change this, if another LDAP source is used.
NOTE: The settings below should be seen as an example. Adjust according to environment.

Requirements :  

  • PhenixID Authentication Services 3.2 or higher installed


NOTE: Make sure to have a backup of the file /config/phenix-store.json before doing any changes.

Login to configuration gui and go to the PSS  scenario, then click on "Password reset flow".
Default pipe will look like this:

The following valves should be disabled or deleted (unless specifically needed for the password policy in place):

- DateTimeGeneratorValve
- FileTimeValidatorValve
- The second FlowFailValve, with description "Fail flow if pwdLastSet validation failed"
- ADPasswordChangeValve

Then add the valve "LDAPPasswordChangeValve" as the last valve in the pipe. Replacing the "ADPasswordChangeValve".
Should look similar to this:

Configuration for the "LDAPPasswordChangeValve" will be dependent on the LDAP source used.
But should look similar to this:

When done, save the configuration and try password reset.