[midPoint] Trying the AD Password Filters

Ezequiel Alonso ealonso at identicum.com
Fri Jan 25 19:29:20 CET 2019


Hi,

Thank you for trying our password filter version!

We wrote our own version because the one contributed in 2014 was outdated
and
didn't meet our requirements.

This version is more modular. The DLL will pass the user and password as
parameters to the agent placed in the path specified in the registry in the
"Agent" entry in "HKLM\SOFTWARE\ADPasswordFilter"

You can try to compile the client and the dll using Visual Studio 15 with
the WiX Toolset plugin for building the installer.

For manually installing the filter you must follow the next steps:

   - Copy the DLL to "C:\Windows\System32\ADPasswordFilter.dll"
   - Copy the Agent to "C:\Program
   Files\ADPasswordFilter\ADPasswordAgent.exe"
   - Create the file "C:\Program
   Files\ADPasswordFilter\ADPasswordAgent.exe.config" containing:
      - <?xml version="1.0" encoding="utf-8"?>
      <configuration>
        <appSettings>
          <add key="BASEURL" value="
      http://your-midpoint-instance:8080/midpoint"/>
          <add key="AUTHUSR" value="administrator"/>
          <add key="AUTHPWD" value="5ecr3t"/>
        </appSettings>
      <startup><supportedRuntime version="v4.0"
      sku=".NETFramework,Version=v4.5"/></startup></configuration>


   - Run the following command as admin in the command prompt:
      - reg add "HKLM\SOFTWARE\ADPasswordFilter" /v "Agent" /d "C:\Program
      Files\ADPasswordFilter\ADPasswordAgent.exe"
   - Reset the domain controller


I also commited the installer to the github repository recently.

Let me know if you have any issues with the password filter.

Thank you!

El vie., 25 de ene. de 2019 a la(s) 13:58, Jason Everling (
jeverling at bshp.edu) escribió:

> although we don't use password sync since our users have to change their
> passwords through our password app which syncs it every where else, I
> tested the one from Identicum. The one donated to Evolveum is very
> outdated, like 5+ years
>
> JASON
>
>
> On Fri, Jan 25, 2019 at 10:47 AM Wojciech Staszewski <
> wojciech.staszewski at diagnostyka.pl> wrote:
>
>> Hi All!
>>
>> There are 2 independend midPoint password-agents for AD.
>>
>> First made by Radovan from Evolveum:
>> https://github.com/Evolveum/midpoint-password-agent-ad
>>
>> Second made by Identicum:
>> https://github.com/Identicum/midPointADPasswordAgent
>>
>> I want to play with them, but unfortunately I cannot compile the
>> installers. Exe and dll files are compiled ok.
>> But I don't know how to install it manually (win2012 x86_64)
>>
>> I put MidPointPasswordFilter.dll into c:\windows\system32 dir,
>> then installed Microsoft Visual C++ 2010 x64 Redistributable,
>> and modified registry
>> HKLM->SYSTEM->CurrentControlSet->Control->Lsa->Notification Packages,
>>
>> but the Dll cannot be load:
>> "The password notification DLL MidPointPasswordFilter failed to load with
>> error 126." <- most likely missing some dependencies.
>>
>> Does any of you have any experience with these agents?
>> Maybe you have the installers compiled (for x86_64) and can share them?
>>
>> Thanks
>> WS
>> --
>> Wojciech Staszewski
>> Administrator Systemów Sieciowych
>> www.diagnostyka.pl
>> Diagnostyka Sp. z o. o.
>> ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
>> Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie,
>> XI Wydział Gospodarczy KRS)
>> NIP: 675-12-65-009; REGON: 356366975
>> Kapitał zakładowy: 33 756 500 zł.
>>
>> Pomyśl o środowisku zanim wydrukujesz ten e-mail.
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>


-- 
*Ezequiel Alonso*
Identicum S.A.
Jorge Newbery 3226, Buenos Aires, Argentina
<https://maps.google.com/?q=Jorge+Newbery+3226>
Tel: +54 (11) 4552-3050
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190125/db2af0fc/attachment.htm>


More information about the midPoint mailing list