[Ltb-changes] [LDAP Tool Box (LTB)] page changed: documentation:self-service-password:0.9:config_ldap

Thu, 08 Oct 2015 01:17:51 -0700 

A page in your DokuWiki was added or changed. Here are the details:

Date        : 2015/10/08 10:17
Browser     : Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 
Firefox/41.0
IP-Address  : 193.248.50.71
Hostname    : LStLambert-656-1-262-71.w193-248.abo.wanadoo.fr
Old Revision: 
http://ltb-project.org/wiki/documentation/self-service-password/0.9/config_ldap?rev=1444292122
New Revision: 
http://ltb-project.org/wiki/documentation/self-service-password/0.9/config_ldap
Edit Summary: [Active Directory] 
User        : coudot

@@ -79,10 +79,8 @@
  Adapt the search filter too:
  <file php>
  $ldap_filter = 
"(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
  </file>
- 
- <note warning>Due to PHP LDAP API limitations, changing password as user is 
not possible. You need to change it as manager.</note>
  
  You can tune some options:
    * Force unlock: will unlock a locked account when password is changed
  <file php>
@@ -90,21 +88,24 @@
  </file>
    * Force user to change password at next login:
  <file php>
  $ad_options['force_pwd_change'] = true;
+ </file>
+   * Allow user to change password if password is expired:
+ <file php>
+ $ad_options['change_expired_password'] = true;
  </file>
  
- 
- You need to have a manager account on Active Directory with rights to change 
password of users. To set the minimum rights for this account, do the following:
+ You need to have an account on Active Directory with rights to change 
password of users. To set the minimum rights for this account, do the following:
    * Create a basic domain account without any additional privileges
    * Use Delegate control wizard within "User and computers", then
      * User Object
      * Reset Password
      * Write lockoutTime (if unlock is enabled)
      * Write shadowlastchange
  
  If you enabled the [[config_questions|reset by questions feature]], you also 
need to give rights on the question attribute:
-   * Right click the OU where you want delegation of permissions to propogate 
down from and select "Delegate Control…"
+   * Right click the OU where you want delegation of permissions to propagate 
down from and select "Delegate Control…"
    * Add the account to delegate to, click Next
    * Create a custom task to delegate
    * Select the radio button for "Only the following objects in the folder", 
then select "User objects" at the bottom of the list, click Next
    * Select the "Property-specific" checkbox only, then locate the attribute 
you are using to store the "Reset by questions" answer in.



-- 
This mail was generated by DokuWiki at
http://ltb-project.org/wiki/

_______________________________________________
ltb-changes mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-changes

Reply via email to