[midPoint] How to set AD password from Midpoint?

Oleksandr Nekriach o.nekriach at dynatech.lv
Thu Jan 4 08:39:42 CET 2018 

Hello,
It is strange I was sure that problem is in SSL.
See
Known Causes
- This is caused when you don't use SSL in your LDAP connection and AD
enforces SSL connection.
- There are password policies in the AD environment

In my Midpoint instance I don't use "direct" outbound  mapping for userPassword.
Instead, I use

       <credentials>
            <password>
               <outbound>
                  <expression>
                     <asIs xsi:type="c:AsIsExpressionEvaluatorType"/>
                  </expression>
               </outbound>
            </password>
         </credentials>

On 4 January 2018 at 02:00, Alcides Carlos de Moraes Neto
<alcides.neto at gmail.com> wrote:
> Hello,
>
> Yes, I'm using ldaps.
>
> 2018-01-02 5:16 GMT-02:00 Oleksandr Nekriach <o.nekriach at dynatech.lv>:
>>
>> Happy new year!
>> Hi Alcides,
>> Do you use secure communication for AD connection (ldaps) or not?
>> Some AD settings does not allow to manage password via open
>> communications.
>> I had similar issue few years ago with Oracle connector ;)
>>
>> Regards, Oleksandr
>>
>>
>> On 28 December 2017 at 21:30, Alcides Carlos de Moraes Neto
>> <alcides.neto at gmail.com> wrote:
>> > Hello list,
>> >
>> > I'm trying to create AD users from Midpoint. I'm getting the 53
>> > WILL_NOT_PERFORM error, which it seems to be related to the password
>> > policy.
>> > The AD I'm using does have a password policy.
>> >
>> > So I'm trying to set some literal, strong password as a placeholder, but
>> > I
>> > don't think my mapping is working. How should I configure it? I cannot
>> > find
>> > any examples. Below are the error I get and the password outbound
>> > mapping.
>> >
>> > com.evolveum.midpoint.util.exception.SystemException: Got unexpected
>> > exception:
>> >
>> > org.identityconnectors.framework.common.exceptions.PermissionDeniedException:
>> > Error adding LDAP entry CN=JOHN DOE,OU=Users,DC=midpoint,DC=local:
>> > unwillingToPerform: 0000052D: SvcErr: DSID-031A12D2, problem 5003
>> > (WILL_NOT_PERFORM), data 0?? (53)
>> >
>> > <attribute>
>> >             <c:ref>ri:userPassword</c:ref>
>> >             <tolerant>true</tolerant>
>> >             <exclusiveStrong>false</exclusiveStrong>
>> >             <fetchStrategy>explicit</fetchStrategy>
>> >             <outbound>
>> >                <authoritative>true</authoritative>
>> >                <exclusive>false</exclusive>
>> >                <strength>normal</strength>
>> >                <expression>
>> >                   <value>Midpoint2018*</value>
>> >                </expression>
>> >             </outbound>
>> > </attribute>
>> >
>> >
>> > Thanks and happy new year to all =)
>> >
>> > _______________________________________________
>> > midPoint mailing list
>> > midPoint at lists.evolveum.com
>> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >
>>
>>
>>
>> --
>> Best regards,
>>
>> Oleksandr Nekriach | Identity and access management engineer
>>
>> Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia
>>
>> +37125314685
>> ,
>> o.nekriach at dynatech.lv
>> |
>> www.dynatech.lv
>>
>>
>>
>>
>> Stay connected:
>>
>>
>> Confidentiality Notice: This message contains confidential information
>> and is intended only for the named recipient(s). If you are not the
>> addressee you may not copy, distribute or perform any other activities
>> with this information. If you have received this transmission in
>> error, please notify us by e-mail immediately. E-mail transmission
>> cannot be guaranteed to be secure or error-free as information could
>> be intercepted, corrupted, lost, destroyed, arrive late or incomplete,
>> or contain viruses.
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>



-- 
Best regards,

Oleksandr Nekriach | Identity and access management engineer

Dynatech, Mednieku str. 4a, Riga, LV-1010, Latvia

+37125314685
,
o.nekriach at dynatech.lv
|
www.dynatech.lv




Stay connected:


Confidentiality Notice: This message contains confidential information
and is intended only for the named recipient(s). If you are not the
addressee you may not copy, distribute or perform any other activities
with this information. If you have received this transmission in
error, please notify us by e-mail immediately. E-mail transmission
cannot be guaranteed to be secure or error-free as information could
be intercepted, corrupted, lost, destroyed, arrive late or incomplete,
or contain viruses.

More information about the midPoint mailing list