Hi,
We would like to ask if LAM (probably pro then) would be able to help us
out with the following problem.
Our LAM managed Active Directory users are divided (50/50) between
on-site Win10/domain users and external users, authenticating solely
over LDAP.
This means that if we define settings like max password age in AD (or
samba in our case), 50% of the onsite users would get the regular
windows notifications: Your password will expire in X days, consider
changing it, etc, etc.
However, the other (LDAP) half, usually do NOT get any of these
warnings. Only once the password is actually expired, they can no longer
logon and they don't understand why.
So, our question:
Is it possible to utilize LAM (pro?) for this scenario:
- define max password age in LAM
- have lam check the AD info (like pwdLastSet)
- configure a LAM task to send emails to users X,Y and Z days before
expiration, with a link to the self-service portal where they can change it
- and if a password actually would expire, perform 'an action' (like
notify admins, disable the user, run a script, or whatever)
That way, all our users would become equal, and we could hand over
password expiration etc over to LAM completely.
Something else:
We discovered only today, that if we set the OU for users to the base of
our ldap tree, LAM discovers *all* users (including those in other OU's,
and an extra drop down appears where we can move users between OU's!
Great functionality that we thought was missing in LAM, but that was
actually there!)
What would be nice as well (having discovered the above) is to have a
dropdown filter, to select what OU to filter on. (so we could choose to
show only the users in OU=students-2019)
Sorry for the long email, hope you have the time to read it, and that
I'm not too unclear...
Thanks!
MJ
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
