[midPoint] Password Inbound from Database Table

Martin Marchese mmarchese at identicum.com
Fri Oct 7 19:31:36 CEST 2016


Thanks Radovan, I'll give it a try and let you know the results.

*Ing. Martín Marchese*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
mmarchese at identicum.com
www.identicum.com

On Fri, Oct 7, 2016 at 2:21 PM, Radovan Semancik <
radovan.semancik at evolveum.com> wrote:

> Hi,
>
> Maybe just a couple of clarifications:
>
> Firstly, password is usually considered to be write-only by the ConnId
> connectors. This is the default setting that we have inherited from the Sun
> Microsystems. As we are quite keen about compatibility this setting was not
> changed in ConnId. Connectors can override this default setting. But only a
> very few connectors actually do that.
>
> Secondly, the DatabaseTable connector is also inherited from Sun
> Microsystems. The connector is old and it is well ripe for rewrite. I would
> be happy to rewrite it personally. But we were not able to secure any
> funding for this rewrite yet. As far as I know we have never really tried
> to read passwords with this connector, so I'm not sure it is capable of
> reading passwords at all. But you can check by setting TRACE log level for
> org.identityconnectors.framework. That will turn on tracing of all
> connector operations and they you can see if the connector is sending
> password to midPoint or not.
>
> --
> Radovan Semancik
> Software Architectevolveum.com
>
>
>
>
> On 10/07/2016 08:26 AM, Ivan Noris wrote:
>
> Hi Martin,
>
> I have not tried this with DB Table, but for OpenLDAP resource I'm using
> the following:
>
> 1)
>
> ...
>
>          <credentials><!-- here in my example is no weak, I'm syncing
> passwords everytime! -->
>             <password>
> *               <fetchStrategy>explicit</fetchStrategy>*
>                <inbound/>
>             </password>
>          </credentials>
> ...
>
> 2)
>
> ...
>
>    <capabilities>
>       <configured xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/
> resource/capabilities-3"
> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>
>          <cap:credentials>
> *            <cap:password>*
> *               <cap:returnedByDefault>false</cap:returnedByDefault>*
> *            </cap:password>*
>          </cap:credentials>
>       </configured>
> ...
>
> Could you please try if it helps?
>
> Regards,
>
> Ivan
> On 10/06/2016 10:55 PM, Martin Marchese wrote:
>
> Hi All,
>
> We are using a Database table connector (using PostgreSQL 9.5) to create
> users into midpoint, and we are facing a problem while we try to set their
> password.
>
> Connector version is 1.4.2.0 and MidPoint version is 3.4.1
>
> We have configured a password policy that complies with all passwords
> within the database.
>
> Password column is configured correctly in the connector configuration. I
> was looking into the samples and I see that every samples uses the
> <generate> option as it follows:
>
> <credentials>
> <password>
> <outbound/>
> <inbound>
> <strength>weak</strength>
> <expression>
> <generate/>
> </expression>
> </inbound>
> </password>
> </credentials>
>
>
> My first thought was that replacing the expression as it follows it will
> work:
>
> <credentials>
> <password>
> <outbound/>
> <inbound>
> <strength>weak</strength>
> <expression>
> <asIs/>
> </expression>
> </inbound>
> </password>
> </credentials>
>
> However, when I run an import or livesync task i receive the following
> error:
>
> Provided password does not satisfy password policies. Required minimal
> size (4) of password is not met (password length: 0)
>
> As if the password was not coming from the database. Also, when I look
> into the resource object thru the UI, the password attribute is empty.
>
> I took a look at this bug just in case: https://jira.evolveum.
> com/browse/MID-2405, but it was a different behavior since for me, it
> fails with every password I try.
>
> Any ideas on what I'm missing here?
>
> Thanks in advance.
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050
> mmarchese at identicum.com
> www.identicum.com
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
> Ivan Noris
> Senior Identity Engineerevolveum.com
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161007/c5204088/attachment.htm>


More information about the midPoint mailing list