Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:manage_ad [2021/06/24 07:07] soval [Password mapping] |
tutorial:adm:manage_ad [2021/06/25 12:41] soval [Forced password change (User must change password at next logon)] |
||
---|---|---|---|
Line 165: | Line 165: | ||
* Attribute with password - true | * Attribute with password - true | ||
+ | ==== Forced password change (User must change password at next logon) ==== | ||
+ | When mapping AD attributes, it is sometimes useful to be able to set a forced password change option. This requirement is often set for two different cases: | ||
- | ==== Send additional attributes with password | + | * We need to change the password |
+ | * We need to force a password change but **only after a password reset** | ||
- | It's possible to send additional attributes to provisioning, when password is changed (e.g. password expiration in extended | + | 1/ To force a password change for newly created users, map the **" |
- | - send additional attributes together with new password | + | |
- | - send additional attributes after password is changed in another provisioning operation | + | |
- | Two ways are be configurable by application configuration '' | + | |
- | * '' | + | |
- | * '' | + | |
- | <note tip> | ||
- | === Send attribute | + | 2/ If we need to force password change every time password is reset, map attribute |
- | Since version | + | |
- | If is this flag checked, then the attribute will be send to the system only during change of password operation. It means that this attribute will be ignored in standard provisioning operations (create/ | + | {{: |
- | <note important> | + | |
===== Role for AD ===== | ===== Role for AD ===== |