Password Management

54 views
Skip to first unread message

stonej

unread,
Mar 16, 2022, 4:13:46 PM3/16/22
to CAS Community
Hello,

Strange question.  Is it possible to enable the password management for all users apart from a specific OU or user(s) ?

Using 6.5.1, Active Directory login.  I want them to be able to login to CAS but ignore any password queries or changes for a specific OU or user.

Thanks

artur mis

unread,
Mar 30, 2022, 4:56:56 AM3/30/22
to CAS Community, stonej
If it comes about AD/LDAP I think that generaly it is depend on  where you are binded  with pm module user and where you have permision  with this user to change  passwords for  other users.

Jason Everling

unread,
Mar 30, 2022, 9:59:21 AM3/30/22
to CAS Community, artur mis, stonej
You can use cas.authn.pm.ldap[0].searchFilter , just make sure you set others required, https://apereo.github.io/cas/6.5.x/password_management/Password-Management-LDAP.html , something like the below would work, msds-parentname is a constructed attribute in AD that holds the value of the current objects OU

cas.authn.pm.ldap[0].searchFilter=(&(objectClass=person)(!msds-parentdistname=OU=YourOU,DC=Example,DC=Com)(sAMAccountName={user}))

Jason

Reply all
Reply to author
Forward
0 new messages