Let's investigate and solve where needed a couple issues we think might be in play.
It appears that when wikitech ldap password is either blanked or scrambled by an admin in an effort to block a malicious actor, the attacker is able to evade this block by following the password reset flow and obtaining a new credential. We would like to verify this still works and if it does come up with a solution to prevent it.