[midPoint] when does outbound credentials happen?

Pavol Mederly mederly at evolveum.com
Sat Jul 4 15:39:09 CEST 2015 

Hello Jason,

mapping strength influences how the mapping is applied, either during 
normal operation or during reconciliation.
I'm sure you have already seen this: 
https://wiki.evolveum.com/display/midPoint/Mapping#Mapping-MappingStrength

In your case, I assume the outbound mapping for password is specified 
with strength of "normal" (the default) or "weak".
According to the documentation, both are used if the target attribute 
does not have any value.

So far so good. But in AD the password always has no value, because the 
AD clients are not allowed to retrieve it (for obvious reasons).
So I'm almost sure that the AD password would get overwritten by the one 
stored in the repository.

This is what the theory says. Maybe Ivan (or anyone with practical 
experiences in this respect) would correct me.

Back to your case; it is possible to enable/disable a mapping for 
example depending on a channel that caused the mapping to fire.
See the <channel> element directly under <mapping>. In your case, you 
could try to include a limitation to LiveSync channel, with
an assumption that changes from your CSV file would come through 
LiveSync. But please try in the test environment before
using this advice :)

Best regards and nice weekend!
Pavol


On 3. 7. 2015 21:06, Jason Everling wrote:
> I just wanted to confirm, before I un-comment outbound credentials for 
> my AD resource,
>
> The only time a password is sent outbound is when the password in 
> midPoint is changed correct?
>
> I need to run a reconcile against AD after making a few changes but I 
> wanted to make sure that this will not send out passwords for all 
> users? I am correct in assuming not?
>
> Users in midPoint will authenticate via CAS, the outbound password 
> mapping is for when a user is created from CSV and a password is 
> generated.
>
> JASON
>
>
>
> CONFIDENTIALITY NOTICE:
> This e-mail together with any attachments is proprietary and 
> confidential; intended for only the recipient(s) named above and may 
> contain information that is privileged. You should not retain, copy or 
> use this e-mail or any attachments for any purpose, or disclose all or 
> any part of the contents to any person. Any views or opinions 
> expressed in this e-mail are those of the author and do not represent 
> those of the Baptist School of Health Professions. If you have 
> received this e-mail in error, or are not the named recipient(s), you 
> are hereby notified that any review, dissemination, distribution or 
> copying of this communication is prohibited by the sender and to do so 
> might constitute a violation of the Electronic Communications Privacy 
> Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender 
> and delete this e-mail and any attachments from your computer.
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20150704/81a2e911/attachment.htm>

More information about the midPoint mailing list