unosquare/passcore

Restricted groups

Opened this issue · 0 comments

gleb-lazis commented

PassCore Server

  • OS: Debian 11 Docker
  • Provider: [Active Directory | LDAP]
  • Settings file (without sensitive information):
  • Log file (without sensitive information):
    .

Hello!
Change how to handle groups, but in the new version verification is skipped, administrators can change the password. "UseAutomaticContext": false - dont work. Password changes from current user.

appsettings.json:
{
"Logging": {
"IncludeScopes": false,
"LogLevel": {
"Default": "Debug",
"System": "Information",
"Microsoft": "Information"
}
},
"WebSettings": {
"EnableHttpsRedirect": true
},
"AppSettings": {
"UseAutomaticContext": false,
"RestrictedADGroups": [
"IT-SuperAdmin",
"IT-Adminl"
],
"AllowedADGroups": [
"Allow"
],
"IdTypeForUser": "SAM",
"UpdateLastPassword": true,
"LdapSearchBase": "OU=Users, OU=DC, DC=domain, DC=local",
"LdapSecureSocketLayer": true,
"LdapStartTls": false,
"LdapChangePasswordWithDelAdd": true,
"LdapSearchFilter": "(sAMAccountName={Username})",
"LdapHostnames": [
"dc1.domain.local",
"dc2.domain.local"
],
"LdapPort": 636,
"LdapUsername": "user@domain.local",
"LdapPassword": "xxxxxxxx",
"DefaultDomain": [
"domain.local"
]
},
"ClientSettings": {
"ValidationRegex": {
"EmailRegex": "^[a-zA-Z0-9.!#$%& ^^y*+/=?^_{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$",
"UsernameRegex": "^[a-zA-Z0-9._-]{3,20}$"
},
"UsePasswordGeneration": false,
"MinimumDistance": 0,
"PasswordEntropy": 16,
"ShowPasswordMeter": true,
"MinimumScore": 0,
"Recaptcha": {
"SiteKey": "",
"PrivateKey": "",
"LanguageCode": "en"
},
"UseEmail": "false",
"ApplicationTitle": "Change Account Password | Self-Service Account Management Tools",
"ChangePasswordTitle": "Change Account Password",
"ChangePasswordForm": {
"HelpText": "If you are having trouble with this tool, please contact IT Support",
"UsernameLabel": "Username",
"UsernameHelpblock": "Your organization's email address",
"UsernameDefaultDomainHelperBlock": "Your organization's username",
"CurrentPasswordLabel": "Current Password",
"CurrentPasswordHelpblock": "Enter your current password",
"NewPasswordLabel": "New Password",
"NewPasswordVerifyLabel": "Re-enter New Password",
"NewPasswordVerifyHelpblock": "Enter your new password again",
"ChangePasswordButtonLabel": "Change Password"
},
"ErrorsPasswordForm": {
"FieldRequired": "This field is required",
"UsernamePattern": "Please enter a valid username",
"UsernameEmailPattern": "Please enter a valid email address",
"PasswordMatch": "Passwords do not match"
},
"Alerts": {
"SuccessAlertTitle": "You have changed your password successfully.",
"SuccessAlertBody": "Please note it may take a few hours for your new password to reach all domain controllers.",
"ErrorPasswordChangeNotAllowed": "You are not allowed to change your password. Please contact your system administrator.",
"ErrorInvalidCredentials": "You need to provide the correct current password.",
"ErrorInvalidDomain": "You have supplied an invalid domain to logon to.",
"ErrorInvalidUser": "We could not find your user account.",
"ErrorCaptcha": "Could not verify you are not a robot.",
"ErrorFieldRequired": "Fulfill all the fields.",
"ErrorFieldMismatch": "The passwords do not match.",
"ErrorComplexPassword": "Failed due to password complex policies: New password length is shorter than AD minimum password length",
"ErrorConnectionLdap": "Unhandled error connecting to the LDAP server.",
"ErrorScorePassword": "The password you are trying to set is not secure enough.",
"ErrorDistancePassword": "The password you are trying to set is not diferent enough of your last password.",
"ErrorPwnedPassword": "The password you are trying to use is publicly known and can be used in dictionary attacks."
}
}
}

Help me please