We have an authentication service that allows admins to attach various directory services to our cloud service. We support a bunch of different directory services (Active Directory, OpenLDAP, GSuit etc.) and we're offering support for a new LDAP service called "IBM Security Directory Server 6.4"
So, for the previous LDAP services that we've supported in the past, we allowed admins to specify an attribute on users that would tell us if their password was expired, and needed to be reset (shadowExpire). If the password was expired, we could then prompt the user to enter a new password, and then issue an Extended Request using a very commonly supported OID "1.3.6.1.4.1.4203.1.11.1" (this is the standard password modify protocol ID). However, IBM - SDS does not support this protocol unlike every other LDAP service, which means we need some method of modifying user attributes directly using a client request.
Bear in mind, we have authorized admin credentials registered with our service, so we have super admin rights to do anything. The question here is how can we directly modify user attributes via client request (this isn't using ldapmodify like all of IBM's documentation provides) on an IBM - SDS 6.4 server?
