[midPoint] Password two-way updating from AD

Wed Jun 9 20:14:44 CEST 2021

Hi,

please read this:
https://docs.evolveum.com/midpoint/reference/security/credentials/initial-password-management-discussion/#active-directory-password-synchronization

best regards,

Gustav

st 9. 6. 2021 o 20:08 Rod Holman via midPoint <midpoint at lists.evolveum.com>
napísal(a):

> Hi All,
>
>
>
> We have been able to set up attribute updating for both inbound and
> outbound, but can it also be setup for passwords?  I have one attribute
> listed below that we use with Active Directory that allows us to change it
> in AD or Midpoint.  We are trying to do the same thing with the password,
> allow it to be updated in either midpoint or Active Directory and sync it
> with any other system the user is attached to.  When we update the password
> in Active Directory it doesn’t update to the same password in Midpoint, but
> it removes the password completely.  I’m pretty sure it’s because Active
> Directory has it encrypted.  Is there a way to do this?  Thanks in advance
> for any help with this.
>
>
>
> <attribute id="104">
>
>                 <c:ref xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3
> ">ri:mail</c:ref>
>
>                 <tolerant>false</tolerant>
>
>                 <exclusiveStrong>false</exclusiveStrong>
>
>                 <outbound>
>
>       <strength>normal</strength>
>
>                     <source>
>
>                         <c:path>emailAddress</c:path>
>
>                     </source>
>
>                 </outbound>
>
>                 <inbound id="117">
>
>                     <strength>strong</strength>
>
>                     <target>
>
>                         <c:path>emailAddress</c:path>
>
>                     </target>
>
>                 </inbound>
>
>             </attribute>
>
>
>
> <password xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> xsi:type="c:ResourcePasswordDefinitionType">
>
>                     <outbound>
>
>                         <authoritative>false</authoritative>
>
>                         <exclusive>false</exclusive>
>
>                         <strength>normal</strength>
>
>                     </outbound>
>
>                     <inbound>
>
>                         <authoritative>false</authoritative>
>
>                         <exclusive>false</exclusive>
>
>                         <strength>strong</strength>
>
>                     </inbound>
>
>          </password>
>
>
>
> Thanks,
>
> Rod Holman
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>

-- 
s pozdravom

Gustáv Pálos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210609/1cebc912/attachment-0001.htm>