[midPoint] Password Inbound from Database Table

Martin Marchese mmarchese at identicum.com
Fri Oct 7 20:00:05 CEST 2016


I traced the org.identityconnectors.framework package and I can confirmed
that the connector is not bringing the password back to midpoint.

For this particular case we'll try to figure out something else.

Thanks again for your help Ivan and Radovan

Regards

*Ing. Martín Marchese*
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050
mmarchese at identicum.com
www.identicum.com

On Fri, Oct 7, 2016 at 2:31 PM, Martin Marchese <mmarchese at identicum.com>
wrote:

> Thanks Radovan, I'll give it a try and let you know the results.
>
> *Ing. Martín Marchese*
> Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050
> mmarchese at identicum.com
> www.identicum.com
>
> On Fri, Oct 7, 2016 at 2:21 PM, Radovan Semancik <
> radovan.semancik at evolveum.com> wrote:
>
>> Hi,
>>
>> Maybe just a couple of clarifications:
>>
>> Firstly, password is usually considered to be write-only by the ConnId
>> connectors. This is the default setting that we have inherited from the Sun
>> Microsystems. As we are quite keen about compatibility this setting was not
>> changed in ConnId. Connectors can override this default setting. But only a
>> very few connectors actually do that.
>>
>> Secondly, the DatabaseTable connector is also inherited from Sun
>> Microsystems. The connector is old and it is well ripe for rewrite. I would
>> be happy to rewrite it personally. But we were not able to secure any
>> funding for this rewrite yet. As far as I know we have never really tried
>> to read passwords with this connector, so I'm not sure it is capable of
>> reading passwords at all. But you can check by setting TRACE log level for
>> org.identityconnectors.framework. That will turn on tracing of all
>> connector operations and they you can see if the connector is sending
>> password to midPoint or not.
>>
>> --
>> Radovan Semancik
>> Software Architectevolveum.com
>>
>>
>>
>>
>> On 10/07/2016 08:26 AM, Ivan Noris wrote:
>>
>> Hi Martin,
>>
>> I have not tried this with DB Table, but for OpenLDAP resource I'm using
>> the following:
>>
>> 1)
>>
>> ...
>>
>>          <credentials><!-- here in my example is no weak, I'm syncing
>> passwords everytime! -->
>>             <password>
>> *               <fetchStrategy>explicit</fetchStrategy>*
>>                <inbound/>
>>             </password>
>>          </credentials>
>> ...
>>
>> 2)
>>
>> ...
>>
>>    <capabilities>
>>       <configured xmlns:cap="http://midpoint.evo
>> lveum.com/xml/ns/public/resource/capabilities-3"
>> <http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3>>
>>
>>          <cap:credentials>
>> *            <cap:password>*
>> *               <cap:returnedByDefault>false</cap:returnedByDefault>*
>> *            </cap:password>*
>>          </cap:credentials>
>>       </configured>
>> ...
>>
>> Could you please try if it helps?
>>
>> Regards,
>>
>> Ivan
>> On 10/06/2016 10:55 PM, Martin Marchese wrote:
>>
>> Hi All,
>>
>> We are using a Database table connector (using PostgreSQL 9.5) to create
>> users into midpoint, and we are facing a problem while we try to set their
>> password.
>>
>> Connector version is 1.4.2.0 and MidPoint version is 3.4.1
>>
>> We have configured a password policy that complies with all passwords
>> within the database.
>>
>> Password column is configured correctly in the connector configuration. I
>> was looking into the samples and I see that every samples uses the
>> <generate> option as it follows:
>>
>> <credentials>
>> <password>
>> <outbound/>
>> <inbound>
>> <strength>weak</strength>
>> <expression>
>> <generate/>
>> </expression>
>> </inbound>
>> </password>
>> </credentials>
>>
>>
>> My first thought was that replacing the expression as it follows it will
>> work:
>>
>> <credentials>
>> <password>
>> <outbound/>
>> <inbound>
>> <strength>weak</strength>
>> <expression>
>> <asIs/>
>> </expression>
>> </inbound>
>> </password>
>> </credentials>
>>
>> However, when I run an import or livesync task i receive the following
>> error:
>>
>> Provided password does not satisfy password policies. Required minimal
>> size (4) of password is not met (password length: 0)
>>
>> As if the password was not coming from the database. Also, when I look
>> into the resource object thru the UI, the password attribute is empty.
>>
>> I took a look at this bug just in case: https://jira.evolveum.co
>> m/browse/MID-2405, but it was a different behavior since for me, it
>> fails with every password I try.
>>
>> Any ideas on what I'm missing here?
>>
>> Thanks in advance.
>>
>> *Ing. Martín Marchese*
>> Identicum S.A.
>> Jorge Newbery 3226
>> Tel: +54 (11) 4552-3050
>> mmarchese at identicum.com
>> www.identicum.com
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> --
>> Ivan Noris
>> Senior Identity Engineerevolveum.com
>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20161007/888ee3b0/attachment.htm>


More information about the midPoint mailing list