Release date: 1.5.2018
Changes in this release:
- This release adds the following new features:
- Support for management of passwords in AD forests that do not have trust relationship with AD forest where PDS is installed
This is done via SID mapping configuration in PDS configuration file: this configuration element allows mapping of SIDs from PDS forest (or any trusted forest) to SID from untrusted forest.
Permissions are delegated to security principals from untrusted forest and PDS then maps them to SID of caller, if appropriate mapping exists.
Note: When operation is allowed because of existing SID mapping, PDS logs additional audit event to reveal mapping that authorized the operation. - Support for Authentication Method Assurance. This is done via configuration element MandatoryGroups that specifies one or more SIDs of group that must be in user's security token so as PDS fulfills the request.
Note: If the list specifies more group SIDs, membership in just one is enough to pass this security check.
- Support for management of passwords in AD forests that do not have trust relationship with AD forest where PDS is installed
- This release fixes the following bugs:
- Bug in license validation that under certain rare conditions, wrongly reported PDS forest as unlicensed
- Also, parameter name for managed account in ResetManagedAccountPassword was changed from 'Name' to 'AccountName' to unify parameter naming.