For some context, I want my api to be able to ‘impersonate’ (or connect as) a user on my ldap database as most of the api’s access controls are on the ldap database and tied to the user you are connected as.
In order to do this I have an idea where I will generate a random password for each user. The random password will then be encrypted with a key only the api has access to. The encrypted string will then be stored under the user’s entry. Now when the api wants to impersonate a user, it will get the encrypted string, decrypt it and then connect as that user.
How bad of an idea is this?