4.5.1b, AD/LDAP, and passwords

[ryanjwh]

Hi there,

I've done some searching on google and the forums, and haven't found an answer to the following question:
We have SugarCRM 4.5.1b up and running and have configured successfully to authenticate against our Active Directory database. This works fine.

However, I've noticed that if I create the user manually in SugarCRM, I have to set a password for them in Sugar, and then when that user logs in they can either use their Active Directory password OR their Sugar password. We want them to ONLY be able to use their Active Directory password, so we don't have to worry about securing Sugar passwords. IE, if the user exists in AD, we want them to only have the option of authenticating against AD. How can we do this? Is there a special value we can set in the password field to disable local authentication for that user?

[ryanjwh]

Small update, I found that if I do use "Automatically Create Users" (which we don't want to use, we don't want anyone in our AD to automatically be able to log into Sugar), it sets the password hash in mysql to NULL. I just tried manually setting my account's hash to NULL the same way, and it works, I can no longer locally log in, I can only log in with my AD credentials.

But, this begs the question: Is there a way in Sugar to set the password's value to NULL without having to do manual mysql commands? This would be very inconvenient to have to do for every user we create that we want to use AD authentication.

Thanks!