<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
As far as I know OpenLDAP will produce hashes in salted-SHA form,
e.g. {SSHA}xxxxxxxxxx ... or maybe with a different algorithm
(depends on settings), but similar format. I do not have any
special experience with ApacheDS deployment and settings in this
area. But my guess would be that ApacheDS can work with hashes
like that. However, this is just a guess. I would recommend
checking that in your testing ApacheDS deployment. It should be
quite easy. Or you can try ApacheDS mailing list.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com</pre>
<br>
<br>
On 10/13/2016 11:29 AM, Patrick Brunmayr wrote:<br>
</div>
<blockquote
cite="mid:aec16d8a-ca59-6f92-0f27-35897a5a4220@linzag.at"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<p>Thank you that helped a lot. I was expecting some kind of
answer regarding the different password hadling in LDAP
implementations. My primary LDAP is OpenLDAP and i want to
transfert it to an ApacheDS.
<br>
</p>
<br>
<div class="moz-cite-prefix">Am 13.10.2016 um 11:19 schrieb
Radovan Semancik:<br>
</div>
<blockquote
cite="mid:3d3e1077-1d8d-79a3-2a4d-ae621dcde3c2@evolveum.com"
type="cite">
<div class="moz-cite-prefix">Hi,<br>
<br>
Yes and maybe. <br>
<br>
Yes, midPoint can sync almost anything with almost anything
else, it just a matter of connector. We have good LDAP
connector. So if your LDAP servers are at least a tiny bit
reasonable you should be able to do that synchronization. Even
including things like DN rewriting and value transformations.
And you can keep those LDAP servers in sync for a long time.
That's what midPoint is built for.<br>
<br>
But when it comes to passwords the answer is "maybe". It may
work or it might not. All the LDAP servers that I have seen
store the passwords in a hashed forms. That hash is for all
practical purposes irreversible. While it is usually quite
easy to read the hashed value, some servers might have trouble
storing the hashed values (instead of cleartext password).
Some servers require special settings or privilege, other may
not be able to do it at all. You have to check that with your
LDAP server. Also the hashing schemes are only de-facto
agreement implemented by some servers, it is not a real
standard. So the hashing in your old LDAP a new LDAP might not
be compatible. And then there is a small chance of some
potential issues in our LDAP connector and/or midPoint. We
have done something similar in the past. But it was a
different LDAP connector then. We haven't tested this with the
new LDAP connector so there may be some bugs. But I'm quite
confident that we can easily fix any bugs there if needed.
There may be also some tricks that we have to use, so midPoint
will not interpret the hash as a password cleartext and it
won't try to hash it again. But I believe this is possible to
do if the hash is stored in a custom property. Or by using
some similar trick.<br>
<br>
So, given that your LDAP servers are OK then I'm quite
confident that midPoint can do this.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
On 10/06/2016 11:10 AM, Patrick Brunmayr wrote:<br>
</div>
<blockquote
cite="mid:6c8d4fd2-ee12-4354-87ff-c98c10a46de1@linzag.at"
type="cite">
<p><font size="-1">Hello</font></p>
<p><font size="-1">We have multiple departments in our company
each owing its own LDAP Tree with accounts. We want to use
midpoint as a global IDM and merge them together<br>
into one big LDAP Tree. So my question is can we sync data
from multiple directories into one big directory ? This
directory should be used for SSO so bacically<br>
passwords should be synced too!</font></p>
<p><font size="-1">Thank you; Jay<br>
</font></p>
<font size="-1"><br>
</font><span style="FONT-SIZE: 10pt"><font size="2"
face="Arial">
<p style="margin-top: 10px"> </p>
<span style="FONT-SIZE: 10pt">
<div style="border-top: 1px dashed #808080;
border-bottom: 1px dashed #808080">
<font size="3"><span style="FONT-SIZE: 12pt"><font
size="2" face="Courier New" color="gray">LINZ AG
für Energie, Telekommunikation, Verkehr und
Kommunale Dienste<br>
A-4021 Linz, Wiener Straße 151, Postfach 1300,
Tel. +43/732/3400-0, E-Mail: <a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:info@linzag.at">
info@linzag.at</a></font></span></font></div>
</span>
<p style="margin-top: 10px"> </p>
</font></span><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Patrick
Brunmayr</span></b><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:green;mso-fareast-language:DE-AT">LINZ
AG TELEKOM</span></b><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:green;mso-fareast-language:DE-AT"><br>
</span><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Infrastruktur
& Netzwerktechnik</span><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Internet
Services</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"> </span><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Die
LINZ AG TELEKOM ist ein Geschäftsbereich der LINZ STROM GmbH<br>
für Energieerzeugung, -handel, -dienstleistungen und
Telekommunikation.</span><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"> </span><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">4021
Linz, Wiener Straße 151, Austria<br>
Tel.: +43(0)732/3400-5639<br>
Fax: +43(0)732/3400-155639<br>
E-Mail: </span><u><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:blue;mso-fareast-language:DE-AT"><a
moz-do-not-send="true"
href="mailto:p.brunmayr@linzag.at">p.brunmayr@linzag.at</a></span></u><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"><br>
<span style="color:black">Internet: </span><a
moz-do-not-send="true" href="http://www.linzag-telekom.at">www.linzag-telekom.at</a><br>
<span style="color:black"><br>
FN 199533 g des Landesgerichtes Linz</span></span><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">Zertifiziert
nach:</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">EN
ISO 9001 Qualitätsmanagement (QM)</span><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">OHSAS
18001 Arbeitsschutzmanagementsystem</span><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">ISO/IEC
27001 Informationssicherheits-Managementsystem (ISMS)</span><span
style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<span style="FONT-SIZE: 10pt"><font size="2" face="Arial">
<p style="margin-top: 10px"> </p>
<span style="FONT-SIZE: 10pt">
<div style="border-top: 1px dashed #808080; border-bottom:
1px dashed #808080"><font size="3"><span style="FONT-SIZE:
12pt"><font size="2" face="Courier New" color="gray">LINZ
AG für Energie, Telekommunikation, Verkehr und
Kommunale Dienste<br>
A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel.
+43/732/3400-0, E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:info@linzag.at">info@linzag.at</a></font></span></font></div>
</span>
<p style="margin-top: 10px"> </p>
</font></span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>