LDAP (AD) Sync and PINs?

adb100 · March 2021

I have setup LDAP sync and a daily cron task to sync the users. I have been using this for a while and PINs are not required. I just checked the configuration file and I think it is set to request the LDAP Password & a prefix PIN by default: default_request_ldap_pwd=1 default_request_prefix_pin=1 However none of the users have this set in their configuration files: request_ldap_pwd=1 request_prefix_pin=0 This is a fairly vanilla setup, built from the 5.0.4.7 .OVA file and upgraded to the latest 5.8.1.1 release. Just wondering why my users don't have PINs? Andy

adminf · March 2021

Hello Andy,
Did you setup the default_request_prefix_pin=1 before syncing the first time ?
default_request_prefix_pin value is applied during the creation of the user only, but it will not change the option for the account if the account is already created.
Regards,

adb100 · March 2021

Hi, I rebuilt this host the other day so didn't change any defaults other than adding the LDAP details. All the users were recreated from new (its all in a test environment). I think my issue is because both default_request_ldap_pwd=1 and default_request_prefix_pin=1 are set. If I change default_request_ldap_pwd=0, delete a user and resync then the re-added user I deleted configuration contains request_prefix_pin=1. I think its some logic issue....

AndreL · March 2021

Hello, On the user side, you cannot have as a prefix a [PREFIX PIN] AND as [LDAP PASSWORD]. If you set request_ldap_pwd=1, the prefix will be the LDAP password, and the built in [PREFIX PIN] will not be used. Regards,

LDAP (AD) Sync and PINs?

Comments