[midPoint] Setting password expiration date from midpoint to active directory

Igor Farinic ifarinic at evolveum.com
Tue Oct 18 10:45:07 CEST 2016


Hi Andreas,

currently, there is a way how to set LDAP/AD maxPwdAge attribute, however you cannot take the value from values policies as those are not visible in the scripting. 
There is a Jira for that: https://jira.evolveum.com/browse/MID-3327 waiting for a subscriber.

We have been working with one customer, who was using the modified SaaS story (https://wiki.evolveum.com/display/midPoint/Multitenant+User+Management+for+SaaS), which we enhanced.
The idea was to extend customer/tenant org unit with new custom attributes to map to password policies attributes in OpenLDAP.
The solution was to avoid a limitation in midPoint, where the value policies are set only through debug pages for now, which is not user friendly. 

best regards,
Igor Farinic 
Evolveum

----- Original Message -----
From: "Andreas Küstner" <andreas.kuestner at daasi.de>
To: midpoint at lists.evolveum.com
Sent: Friday, September 30, 2016 2:29:31 PM
Subject: [midPoint] Setting password expiration date from midpoint to active	directory

Hello list,

is it posible to provision the value policies from midpoint to active
directory?
Ther is an attribute in AD called maxPwdAge, which can be set for the
domain but not for user or a group.

We want to manage the value policies in midpoint and update the active
directory setting.


Thanks for info!

Best regards
Andreas


_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint



More information about the midPoint mailing list