[midPoint] Override LDAP resource password with user schema extension value in role inducement
Rene Zeipelt
zeipelt at uni-wuppertal.de
Thu Nov 26 10:57:59 CET 2020
Hello, problem solved by attribute mapping. But schema read on OpenLDAP
does not import userPassword attribut, so it have to add to config after
first schema read (test connection).
Best Rene Zeipelt
Am 11.11.2020 um 11:29 schrieb Rene Zeipelt via midPoint:
> Hello, again, not really solved because mp does not send out the extra
> password to the resource (but it saves a hash).
> At your wiki
> https://wiki.evolveum.com/display/midPoint/Custom+Schema+Extension the
> ProtectedStringType is listed (as a secondaryPassword).
> So how can I implement this to sync to a LDAP (OpenLDAP) resource account?
> Changes of other (extension) attributes are detected and are provided
> to the resource in contrast to that type.
> Thanks for any help.
> Regards
> Rene Zeipelt
>
> Am 10.11.2020 um 08:08 schrieb Rene Zeipelt via midPoint:
>> Hello, solved by a extra resource definition with its own credentials
>> sync:
>> ...
>> <credentials>
>> <password>
>> <outbound>
>> <source>
>> <path>$focus/extension/fa_vpn_pwd_1</path>
>> </source>
>> </outbound>
>> </password>
>> </credentials>
>> ...
>> Role inducement for extra account link to the new resource and
>> correlation aims to the new extra uid.
>> Sorry for noise.
>> Best Regards
>> Rene Zeipelt
>>
>> Am 09.11.2020 um 14:44 schrieb Rene Zeipelt via midPoint:
>>> Hello,
>>> we are testing to save a second accounts with extra uid and password
>>> for a LDAP resource.
>>> So we extend the UserType to save the values and define a role with
>>> the inducement
>>> account construction. In the LDAP resource schema handling we set
>>> ...
>>> <credentials>
>>> <password>
>>> <outbound/>
>>> </password>
>>> </credentials>
>>> ...
>>> Now we want to override that password by the role inducement account
>>> construction.
>>> Is this handle by the userPassword attribute or is it not possible
>>> to change it in that way?
>>> Thanks for any help.
>>> Regards
>>> Rene Zeipelt
>>>
>>>
>>> _______________________________________________
>>> midPoint mailing list
>>> midPoint at lists.evolveum.com
>>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201126/5b6e06b5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5341 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201126/5b6e06b5/attachment.bin>
More information about the midPoint
mailing list