Comments (4)
Hi
In the Appconfig you have the possibility to define a user that should be used to execute the password changing operations. But in my installation I have it running without defining that user, and it works as well. As on the system I have no privileged user I assume the password is changed in the context of the user changing the password.
Hope this helps and best regards
Simon
from passcore.
I have it running without defining that user, and it works as well.
I'll have to check again then, as the security logs on my test domain's DC is only showing a successful sign-in of a test user from the PC running Passcore, but not a subsequent password change attempt.
Would you be comfortable sharing your configuration here, omitting / censoring your domain-specifics or anything else you consider sensitive? Please let me know.
from passcore.
Hi
My configuration is the default settings with following parameters changed:
{
[ omitted ]
"AppSettings": {
// The following options for AD Provider (remove if you don't use this Provider)
"UseAutomaticContext": true, // Set true to allow PassCore to reset password using the same credentials, or false if you will fill the credentials below
"RestrictedADGroups": [
"Administrators",
"Domain Admins",
"Enterprise Admins"
], // Set the AD groups to restrict the use of PassCore
"AllowedADGroups": [], // Set the AD Groups to allow PassCore, if the array is empty all the groups no-restricted above are allowed
"IdTypeForUser": "UPN", // Possible values are "DN", "GUID", "Name", "SAM", "SID" and "UPN" (Default UPN)
"UpdateLastPassword": true, // Set true to allow PassCore to update the last password timestamp
// The following options are for LDAP Provider (remove if you don't use this Provider)
"LdapSearchBase": "dc=domain,dc=tld",
"LdapSecureSocketLayer": true, // Default for AD is true when using LDAPS 636
"LdapStartTls": false, // Default for AD is true when using LDAP 389
"LdapChangePasswordWithDelAdd": true,
"LdapSearchFilter": "(sAMAccountName={Username})", // Another value: "(&(objectClass=person)(cn={Username}))"
// General options (valid for both providers)
"LdapHostnames": [
"dc1.domain.tld",
"dc2.domain.tld"
], // Set your hostname(s)
"LdapPort": 636, // Default for AD is 389, for LDAPS 636
"LdapUsername": "", // Set the username or distinguish name (DN) to bind the LDAP server
"LdapPassword": "", // Set the password for the username
"DefaultDomain": "domain.tld" // Set your default AD domain here, or non "@" logins will not work! Use empty value to allow user to set the domain. This option is ONLY available with UPN.
},
"ClientSettings": {
"ValidationRegex": {
"EmailRegex": "^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$",
"UsernameRegex": "^[a-zA-Z0-9._-]{3,20}$"
},
"UsePasswordGeneration": false, //Set true to let PassCore create a new password for the current account. If true the user can not customize its new password.
"MinimumDistance": 2, //The minimum distance beetween the old and the new password, this is used to enforce the edit distance using the levenshtein distance algorithm.
"PasswordEntropy": 8, // the number of bytes of entropy to use for generated passwords
"ShowPasswordMeter": true,
"MinimumScore": 1, //The minimum acceptable score that the user's new password needs to get at being evaluated by ZXCVBN to be established as the new password.
[ omitted ]
}
}
Please note that right now I'm running on v4.2.3 as I am in an environment where the passcore server has no internet access and I can't use the Have I been Pwned API, which bricks Passcore for the moment (see #605)
Hope this helps
from passcore.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from passcore.
Related Issues (20)
- The error when change the password HOT 4
- You are not allowed to change your password. Please contact your system administrator. HOT 5
- option to disable haveibeenpwned api HOT 2
- Add .Net Core 5.0 - 6.0 support HOT 6
- Add support in AD multi site. HOT 1
- Wrong message for password policies HOT 4
- Could not load file or assembly 'Microsoft.Extensions.Logging
- Changes the password, but gives lots of errors HOT 5
- DNS resolution does not work in docker container HOT 1
- Password resets but requests still being spammed HOT 3
- Linux Docker AD (working conf?) HOT 2
- The server is not operational, using LDAPS at 636 HOT 1
- Help with like everything please HOT 1
- PassCore using Docker always got Invalid Credentials HOT 14
- Passcore API returns IncorrectCredentials insted of ComplexPassword error response HOT 2
- Wrong current password sends multiple login attempts HOT 1
- IIS installation issues HOT 1
- URL param userName
- Restricted groups
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passcore.