IT Monkey:   Join the Cireson Community today for your chance to win $50!
We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.

We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.

For more information around feature requests in the Cireson Community click here.

Allow LDAP filter for users not allowed to reset passwords

Brett_MoffettBrett_Moffett Cireson PACE Super IT Monkey ✭✭✭✭✭
In the current version (v3.2.3) and below the administrator has an option of adding AD groups to a restricted list to prevent certain user accounts from having their password reset via the application. This is to protect sensitive accounts such as service accounts from being exposed to the application.

Many organizations have service accounts of different names, locations, types etc. and they may not all be a member of a security group.

To allow for multiple rules, it would be a good feature to be able to provide an LDAP query that filters out all accounts of a given type, naming convention, group membership etc. that would not be limited to a specific AD Group.
This could be provided in one of two ways:
  1. An LDAP query to list all accounts that are ALLOWED to reset their passwords. (Opt In option)
  2. An LDAP query to list all accounts that are DISALLOWED to reset their passwords. (Opt Out option)
7 votes

Submitted · Last Updated

Comments

Sign In or Register to comment.