<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
Yes and maybe. <br>
<br>
Yes, midPoint can sync almost anything with almost anything else,
it just a matter of connector. We have good LDAP connector. So if
your LDAP servers are at least a tiny bit reasonable you should be
able to do that synchronization. Even including things like DN
rewriting and value transformations. And you can keep those LDAP
servers in sync for a long time. That's what midPoint is built
for.<br>
<br>
But when it comes to passwords the answer is "maybe". It may work
or it might not. All the LDAP servers that I have seen store the
passwords in a hashed forms. That hash is for all practical
purposes irreversible. While it is usually quite easy to read the
hashed value, some servers might have trouble storing the hashed
values (instead of cleartext password). Some servers require
special settings or privilege, other may not be able to do it at
all. You have to check that with your LDAP server. Also the
hashing schemes are only de-facto agreement implemented by some
servers, it is not a real standard. So the hashing in your old
LDAP a new LDAP might not be compatible. And then there is a small
chance of some potential issues in our LDAP connector and/or
midPoint. We have done something similar in the past. But it was a
different LDAP connector then. We haven't tested this with the new
LDAP connector so there may be some bugs. But I'm quite confident
that we can easily fix any bugs there if needed. There may be also
some tricks that we have to use, so midPoint will not interpret
the hash as a password cleartext and it won't try to hash it
again. But I believe this is possible to do if the hash is stored
in a custom property. Or by using some similar trick.<br>
<br>
So, given that your LDAP servers are OK then I'm quite confident
that midPoint can do this.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
On 10/06/2016 11:10 AM, Patrick Brunmayr wrote:<br>
</div>
<blockquote
cite="mid:6c8d4fd2-ee12-4354-87ff-c98c10a46de1@linzag.at"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p><font size="-1">Hello</font></p>
<p><font size="-1">We have multiple departments in our company
each owing its own LDAP Tree with accounts. We want to use
midpoint as a global IDM and merge them together<br>
into one big LDAP Tree. So my question is can we sync data
from multiple directories into one big directory ? This
directory should be used for SSO so bacically<br>
passwords should be synced too!</font></p>
<p><font size="-1">Thank you; Jay<br>
</font></p>
<font size="-1"><br>
</font><span style="FONT-SIZE: 10pt"><font size="2" face="Arial">
<p style="margin-top: 10px"> </p>
<span style="FONT-SIZE: 10pt">
<div style="border-top: 1px dashed #808080; border-bottom:
1px dashed #808080"><font size="3"><span style="FONT-SIZE:
12pt"><font size="2" face="Courier New" color="gray">LINZ
AG für Energie, Telekommunikation, Verkehr und
Kommunale Dienste<br>
A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel.
+43/732/3400-0, E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:info@linzag.at">info@linzag.at</a></font></span></font></div>
</span>
<p style="margin-top: 10px"> </p>
</font></span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>