Allow saving of common LDAP credentials to apply to many filters.
This would allow a central place to create and save LDAP credentials to then apply to things like smart labels. Currently with over 100+ LDAP Labels, if we need to change the password on the account it requires manually changing all 100+ labels.
Because this is an automation appliance, it seems pretty clear that a simple password change should be modified on a single object that is referenced in 'X' locations. Manual updates to MULTIPLE locations over an account password change is not good and encourages poor security practices. Especially when you have Support Techs giving advice like "Use an account whose password does not ever change"....Ummm NO! I'll continue to manually change LDAP labels every 60 days until this obvious option added into the already existing 'Credentials Management'.
6.4 introduced a credential store, so it's a shame LDAP labels don't use it yet. Surely it's planned ?
Graham Wilton commented
Agree, Kace must implement a single place to store credentials and then link them to ALL the various places LDAP authentication is needed, LDAP Labels, LDAP Authentication, LDAP Organisation Filters. You know follow object orientated theory that has been around since the 70's.
Tyler Hoadley commented
UPDATE: For those who know about the mysql updating box and know how to write proper sql statements for mysql. this can be done... I was determined to not do what anonymous did below, so I wrote the sql statments very very carefully (I mean very very very carefully) and updated all LDAP queries based on a new ldap query i created. (the password is in binary so had to copy from table column to all in my query) still a pain, when I would love to see and apply a credential template of some sort instead.
Joseph Blake commented
I concur. Important that it not be limited to one set of ldap credentials system-wide. We get our user import from a different ldap server than our computers.
I just had to go through this myself. We had to reset the password on the account used on all of our LDAP queries and I had to update almost 700 LDAP labels one at a time.