Authenticate on one LDAP but change password for another LDAP

[Johnny Kim]

Hello,

I have two AD domains, DC01 for staffs and DC02 for students and I would like the staff to authenticate to DC01 but allow to change passwords for students on a different AD domain (DC02).

I have tried but have not been able to successfully accomplish this. Is this doable? If so, any written guide I can follow?

Thanks!

[Jason Rivard]

You can configure an LDAP profile for each domain and users can authenticate against either domain.  See also the setting ' LDAP ⇨ LDAP Settings ⇨ Global ⇨ LDAP Duplicate Mode'.  

Once authenticated, a user can access the helpdesk module, and if the setting ' Modules ⇨ Authenticated ⇨ People Search ⇨ People Search Profiles ⇨ [profile] ⇨ Use Proxy LDAP Account' then helpdesk operators can set passwords for any LDAP profile.  Keep in mind your bypassing LDAP/Domain user security with this setting enabled and relying entirely on PWM security model, as the password reset occurs using the PWM LDAP Proxy User account.