Hi Roland, Thanks for the quick follow-up.
On 3/19/19 9:09 PM, Roland Gruber wrote:
please check "Do not add object class" in your server profile, tab Module settings. This will skip the button and not add the object class.
Will check it out, thank you.
LAM will set Windows and Unix password to the same value by default. You can also select to set only Windows password in dialog. Do you need some kind of configuration option to not manage the Unix password at all?
Well, I was thinking the following scenario: we set an inital password using LAM, and after this our users use the/our 'regular' tools to change passwords: under windows with ctrl-alt-delete, or via de web using keycloak. (https://www.keycloak.org/)
Those tools use the regular AD methods to change a password. See (https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/6e803168-f140-4d23-b2d3-c3a8ab5917d2)
Our concern: these regular AD tools will not change the LAM unixPassword. So that intial password will remain eternally in AD. We are not sure if it is possible to actually use that password to logon (as LDAP/windows logins will use the regular unicodePwd password, I guess)
But keeping an old password in AD that is never used or changed doesn't feel safe and sane. So perhaps... yes: In this case it would be useful to have LAM *only* set the regular AD password, like ADUC would.
Another thing: is it possible to set a default unix group? Can't find such an option in LAM. It seems to default to the top group, alphabetically. We would like to set unix group to "Domain Users", and manage other group memberships using the windows groups.
Again: thanks for the quick and helpful reply. MJ _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
