Clément "KPTN" OUDOT
Clément "KPTN" OUDOT
Hello, indeed, the current issue is still opened. It requires an evolution in ltb-common to use this control in AD and an option in SSP to enable this feature. You...
This can be a new feature
Yes, selecting the scope could be a new feature If you are using OpenLDAP, you can use extended filter matching: ``` (!(ou:dn:=deactivated)) ```
@artlog hello, could you create a PR with your changes?
Could you send the logs of LDAP server? I don't think SSP is doing a second modify if exop is failing. Could you also give the constraint overlay configuration?
Hello, did you also follow this documentation: https://lemonldap-ng.org/documentation/latest/confignginx.html ?
Hello, on Active Directory you should configure: ```php $ldap_login_attribute = "sAMAccountName"; ``` Or directly edit the LDAP filter like written in the docs: https://self-service-password.readthedocs.io/en/stable/config_ldap.html#active-directory
You forgot to enable AD mode. Read the documentation carefully: https://self-service-password.readthedocs.io/en/stable/config_ldap.html#active-directory
I don't see why you disable TLSv1.3. Configure your SSL layer on your server to match ciphers from AD. This is not linked to Self Service Password. Try to connect...
I don't know what is the correct SSL configuration for Windows. The SSL settings are outside Self Service Password configuration, but you can override system settings by putting this on...