[midPoint] Short question "password sync"

Menke, Christopher christopher.menke at gwdg.de
Mon Nov 21 13:23:30 CET 2016 

Dear Ivan,

we used an OpenLDAP Server and we want to synchronize real passwords encrypted over this LDAP.
You can find my configuration within the appendix.
In inbound I decrypt an existing AES Password with an key from Keystore and in outbound I want to send the encrypted string to LDAP.
Problem is the live-sync. If I change the password in LDAP, midpoint overwrites it directly and there is an endless loop.

Best regards,
Christopher

Von: midPoint [mailto:midpoint-bounces at lists.evolveum.com] Im Auftrag von Ivan Noris
Gesendet: Montag, 21. November 2016 12:01
An: midpoint at lists.evolveum.com
Betreff: Re: [midPoint] Short question "password sync"


Hi Christopher,

what is your setup? What LDAP server are you using and what's the password algorithm/storage in the LDAP server? Are you synchronizing real passwords from LDAP server to midPoint, or generating random passwords in midPoint?

Can you also paste the corresponding mappings for credentials/password (probably you have outbound as well as inbound)?

Thanks,

Ivan

On 11/21/2016 11:41 AM, Menke, Christopher wrote:
Dear all,

we want to sync an encrypted password between midpoint and a second system (LDAP).
If we change the password within the LDAP (live-sync), midpoint encrypts the password (Groovy Script) and overwrites the internal password.
But then midpoint overwrites the password again in LDAP.
Is there a loopback-protection to prevent that tasks coming from LDAP-LiveSync overwrites the password again in LDAP?

Best regards,
Christopher




_______________________________________________

midPoint mailing list

midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>

http://lists.evolveum.com/mailman/listinfo/midpoint



--

Ivan Noris

Senior Identity Engineer

evolveum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161121/dc7b186d/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: config_password.txt
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161121/dc7b186d/attachment.txt>

More information about the midPoint mailing list