[midPoint] Trying the AD Password Filters

Ezequiel Alonso ealonso at identicum.com
Fri Jan 25 20:02:48 CET 2019


Sorry,

I forgot to mention a manual installation step. With regedit you must add
"ADPasswordFilter" in "Notification Packages" in
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa".

I take the opportunity to say that we have in our roadmap the idea of
encrypting the passwords and also adding a queue of password for storing
password changes when there is no connectivity.

Thank you guys!

El vie., 25 de ene. de 2019 a la(s) 15:29, Ezequiel Alonso (
ealonso at identicum.com) escribió:

> Hi,
>
> Thank you for trying our password filter version!
>
> We wrote our own version because the one contributed in 2014 was outdated
> and
> didn't meet our requirements.
>
> This version is more modular. The DLL will pass the user and password as
> parameters to the agent placed in the path specified in the registry in the
> "Agent" entry in "HKLM\SOFTWARE\ADPasswordFilter"
>
> You can try to compile the client and the dll using Visual Studio 15 with
> the WiX Toolset plugin for building the installer.
>
> For manually installing the filter you must follow the next steps:
>
>    - Copy the DLL to "C:\Windows\System32\ADPasswordFilter.dll"
>    - Copy the Agent to "C:\Program
>    Files\ADPasswordFilter\ADPasswordAgent.exe"
>    - Create the file "C:\Program
>    Files\ADPasswordFilter\ADPasswordAgent.exe.config" containing:
>       - <?xml version="1.0" encoding="utf-8"?>
>       <configuration>
>         <appSettings>
>           <add key="BASEURL" value="
>       http://your-midpoint-instance:8080/midpoint"/>
>           <add key="AUTHUSR" value="administrator"/>
>           <add key="AUTHPWD" value="5ecr3t"/>
>         </appSettings>
>       <startup><supportedRuntime version="v4.0"
>       sku=".NETFramework,Version=v4.5"/></startup></configuration>
>
>
>    - Run the following command as admin in the command prompt:
>       - reg add "HKLM\SOFTWARE\ADPasswordFilter" /v "Agent" /d
>       "C:\Program Files\ADPasswordFilter\ADPasswordAgent.exe"
>    - Reset the domain controller
>
>
> I also commited the installer to the github repository recently.
>
> Let me know if you have any issues with the password filter.
>
> Thank you!
>
> El vie., 25 de ene. de 2019 a la(s) 13:58, Jason Everling (
> jeverling at bshp.edu) escribió:
>
>> although we don't use password sync since our users have to change their
>> passwords through our password app which syncs it every where else, I
>> tested the one from Identicum. The one donated to Evolveum is very
>> outdated, like 5+ years
>>
>> JASON
>>
>>
>> On Fri, Jan 25, 2019 at 10:47 AM Wojciech Staszewski <
>> wojciech.staszewski at diagnostyka.pl> wrote:
>>
>>> Hi All!
>>>
>>> There are 2 independend midPoint password-agents for AD.
>>>
>>> First made by Radovan from Evolveum:
>>> https://github.com/Evolveum/midpoint-password-agent-ad
>>>
>>> Second made by Identicum:
>>> https://github.com/Identicum/midPointADPasswordAgent
>>>
>>> I want to play with them, but unfortunately I cannot compile the
>>> installers. Exe and dll files are compiled ok.
>>> But I don't know how to install it manually (win2012 x86_64)
>>>
>>> I put MidPointPasswordFilter.dll into c:\windows\system32 dir,
>>> then installed Microsoft Visual C++ 2010 x64 Redistributable,
>>> and modified registry
>>> HKLM->SYSTEM->CurrentControlSet->Control->Lsa->Notification Packages,
>>>
>>> but the Dll cannot be load:
>>> "The password notification DLL MidPointPasswordFilter failed to load
>>> with error 126." <- most likely missing some dependencies.
>>>
>>> Does any of you have any experience with these agents?
>>> Maybe you have the installers compiled (for x86_64) and can share them?
>>>
>>> Thanks
>>> WS
>>> --
>>> Wojciech Staszewski
>>> Administrator Systemów Sieciowych
>>> www.diagnostyka.pl
>>> Diagnostyka Sp. z o. o.
>>> ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
>>> Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie,
>>> XI Wydział Gospodarczy KRS)
>>> NIP: 675-12-65-009; REGON: 356366975
>>> Kapitał zakładowy: 33 756 500 zł.
>>>
>>> Pomyśl o środowisku zanim wydrukujesz ten e-mail.
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
> *Ezequiel Alonso*
> Identicum S.A.
> Jorge Newbery 3226, Buenos Aires, Argentina
> <https://maps.google.com/?q=Jorge+Newbery+3226>
> Tel: +54 (11) 4552-3050
> www.identicum.com
>


-- 
*Ezequiel Alonso*
Identicum S.A.
Jorge Newbery 3226, Buenos Aires, Argentina
<https://maps.google.com/?q=Jorge+Newbery+3226>
Tel: +54 (11) 4552-3050
www.identicum.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190125/0600613c/attachment.htm>


More information about the midPoint mailing list