<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 4. 7. 2014 14:23, Roman Pudil - AMI
Praha a.s. wrote:<br>
</div>
<blockquote cite="mid:53B69CCA.2070204@ami.cz" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi all,<br>
how to synchronize passwords between Active Directory and
MidPoint (<span id="result_box" class="short_text" lang="en"><span
class="hps">both</span> <span class="hps">directions</span></span>)?<br>
Name of resource attribute where actual AD password is stored?<br>
</div>
</blockquote>
<br>
Hello Roman,<br>
<br>
the midPoint -> AD direction is easy. You simply have to set up <br>
<br>
<credentials><br>
<password><br>
<outbound/><br>
</password><br>
</credentials> <br>
<br>
in the "account" section of the schema handling.<br>
<br>
As for AD -> midPoint, it is not possible to get actual passwords
from Active Directory. It is not a limitation of midPoint - it is a
security feature of AD.<br>
<br>
IDM solutions dealing with Active Directory traditionally use a
feature called password filter. It's a code sitting at AD domain
controller, listening for "password change" events and propagating
those events to the particular IDM.<br>
<br>
Guys from Salford Software created such a component for midPoint
some time ago and posted it here. It is available at <a
href="https://github.com/Evolveum/midpoint-password-agent-ad">https://github.com/Evolveum/midpoint-password-agent-ad</a>.
It has two parts: one collects password changes and stores them in a
file, and the other one sends the changes to midPoint via its SOAP
interface. However, I haven't tried this solution yet; e.g. I'm not
sure whether it is compatible with midPoint SOAP interface changes
introduced in 3.0. But you could easily try that.<br>
<br>
Best regards,<br>
Pavol<br>
<br>
<blockquote cite="mid:53B69CCA.2070204@ami.cz" type="cite">
<div class="moz-cite-prefix"> <br>
Thanks!<br>
Regards<br>
Roman Pudil<br>
<br>
<br>
<div class="moz-signature">
<table style="border-collapse:collapse;">
<tbody>
<tr>
<td colspan="2" style="font-family:Arial, sans-serif;
font-size:11px; color:#000000; vertical-align:bottom;">
<p><span style="font-size:14px; font-weight:bold;">Roman
Pudil</span><br>
solution architect<br>
<br>
gsm: [+420] 775 663 666<br>
e-mail: <a moz-do-not-send="true"
href="mailto:roman.pudil@ami.cz">roman.pudil@ami.cz</a>
</p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif;
font-size:11px; color:#000000; vertical-align:bottom;">
<p> AMI Praha a.s.<br>
Pláničkova 11<br>
162 00 Praha 6<br>
tel./fax: [+420] 274 783 239<br>
web: <a moz-do-not-send="true"
href="http://www.ami.cz">www.ami.cz</a> </p>
</td>
<td style="border-right:1px solid #cccccc;"> </td>
<td> </td>
<td style="font-family:Arial, sans-serif;
font-size:11px; color:#000000;">
<p> <img
src="cid:part4.06010206.09070804@evolveum.com"
alt="AMI Praha a.s." title="AMI Praha a.s."> </p>
</td>
</tr>
<tr>
<td colspan="8"><br>
<a moz-do-not-send="true"
href="http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management"><img
src="cid:part5.03050704.07010201@evolveum.com"
alt=""></a></td>
</tr>
<tr>
<td colspan="8" style="font-family:Arial, sans-serif;
font-size:11px; color:#808080;"> <br>
Textem tohoto e-mailu podepisující neslibuje uzavřít
ani neuzavírá za společnost AMI Praha a.s.<br>
jakoukoliv smlouvu. Každá smlouva, pokud bude
uzavřena, musí mít výhradně písemnou formu.</td>
</tr>
</tbody>
</table>
</div>
<br>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>