If I specify "user-search-path" or "group-search-path" in vas.conf, will this restrict QAS users outside these paths from logging in?
If in server mode and not in workstation-mode, users or groups are not restricted to the paths specified by "user-search-path" or "group-search-path" in vas.conf. Any valid QAS user can still log in, and will be loaded into the cache at the time of logon.
The purpose of these options is to specify a list of Active Directory containers that QAS will use to initially load users or groups from and store in cache. QAS will only load Unix-enabled users or groups from the specified paths, not User/Group Personalities.
Note that if you are setting up user and group search paths for cross domains and you still want users and groups cached for the joined domain you need to set up a search path for the joined domain as well.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center