OnDemand User Group
Support Forums => MP Server => Topic started by: akstrom on May 04, 2022, 03:04:08 AM
-
Hi!
Our customer wants us to enabe LDAP (SSO) to only some users, and the rest of the users included our users are held outside. When I enable the "Enable LDAP" setting .. I, as the administrator, must have the ability to add new non SSO users to the system, and also change passwords, and I can both add and change pw, but the users are not able to use the new userid or pw until I remove the "enable LDAP" box and do the process once more.
So the question is : Is it possible to have both SSO (LDAP) users AND normal non SSO users in the admin client ?
-
Hi Anne! :)
LDAP is normally a ON or OFF, with nothing inbetween.
Having said that, there is a configuration parameter in the ars.cfg file that lets you 'exclude' a short list of User ID's from LDAP authentication - this is normally used for administrative accounts and service accounts (loading / ODWEK API access, etc.) so that they don't have to change their passwords regularly, as required by the enterprise LDAP system.
To get the functionality you require, you'd have to write a custom CMOD Security User Exit.
Hope all is well, and take care!
-JD.
-
Thanks Justin
All well here, hope you're ok too :-)
-
One other option you might consider. You can set the ARS_LDAP_OD_AUTHORITY_FALLBACK=TRUE in your systems configuration. This will cause OnDemand to revert back to the OnDemand logon when the userid does not exist on the LDAP server. NOTE: The default is FALSE if the ARS_LDAP_OD_AUTHORITY_FALLBACK is not set.
So if the user isn't found it LDAP, OnDemand will attempt to authenticate the user using the provided userid/password. Let me know if you have any questions.
Rob