<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi</p>
<p>Yeah i will give it a try. Thank you for the support<br>
</p>
<br>
<div class="moz-cite-prefix">Am 13.10.2016 um 11:48 schrieb Radovan Semancik:<br>
</div>
<blockquote cite="mid:f09536fa-d5f1-a949-d03f-24d0207d8ec0@evolveum.com" type="cite">
<div class="moz-cite-prefix">Hi,<br>
<br>
As far as I know OpenLDAP will produce hashes in salted-SHA form, e.g. {SSHA}xxxxxxxxxx ... or maybe with a different algorithm (depends on settings), but similar format. I do not have any special experience with ApacheDS deployment and settings in this area.
But my guess would be that ApacheDS can work with hashes like that. However, this is just a guess. I would recommend checking that in your testing ApacheDS deployment. It should be quite easy. Or you can try ApacheDS mailing list.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com</pre>
<br>
<br>
On 10/13/2016 11:29 AM, Patrick Brunmayr wrote:<br>
</div>
<blockquote cite="mid:aec16d8a-ca59-6f92-0f27-35897a5a4220@linzag.at" type="cite">
<p>Thank you that helped a lot. I was expecting some kind of answer regarding the different password hadling in LDAP implementations. My primary LDAP is OpenLDAP and i want to transfert it to an ApacheDS.
<br>
</p>
<br>
<div class="moz-cite-prefix">Am 13.10.2016 um 11:19 schrieb Radovan Semancik:<br>
</div>
<blockquote cite="mid:3d3e1077-1d8d-79a3-2a4d-ae621dcde3c2@evolveum.com" type="cite">
<div class="moz-cite-prefix">Hi,<br>
<br>
Yes and maybe. <br>
<br>
Yes, midPoint can sync almost anything with almost anything else, it just a matter of connector. We have good LDAP connector. So if your LDAP servers are at least a tiny bit reasonable you should be able to do that synchronization. Even including things like
DN rewriting and value transformations. And you can keep those LDAP servers in sync for a long time. That's what midPoint is built for.<br>
<br>
But when it comes to passwords the answer is "maybe". It may work or it might not. All the LDAP servers that I have seen store the passwords in a hashed forms. That hash is for all practical purposes irreversible. While it is usually quite easy to read the
hashed value, some servers might have trouble storing the hashed values (instead of cleartext password). Some servers require special settings or privilege, other may not be able to do it at all. You have to check that with your LDAP server. Also the hashing
schemes are only de-facto agreement implemented by some servers, it is not a real standard. So the hashing in your old LDAP a new LDAP might not be compatible. And then there is a small chance of some potential issues in our LDAP connector and/or midPoint.
We have done something similar in the past. But it was a different LDAP connector then. We haven't tested this with the new LDAP connector so there may be some bugs. But I'm quite confident that we can easily fix any bugs there if needed. There may be also
some tricks that we have to use, so midPoint will not interpret the hash as a password cleartext and it won't try to hash it again. But I believe this is possible to do if the hash is stored in a custom property. Or by using some similar trick.<br>
<br>
So, given that your LDAP servers are OK then I'm quite confident that midPoint can do this.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
On 10/06/2016 11:10 AM, Patrick Brunmayr wrote:<br>
</div>
<blockquote cite="mid:6c8d4fd2-ee12-4354-87ff-c98c10a46de1@linzag.at" type="cite">
<p><font size="-1">Hello</font></p>
<p><font size="-1">We have multiple departments in our company each owing its own LDAP Tree with accounts. We want to use midpoint as a global IDM and merge them together<br>
into one big LDAP Tree. So my question is can we sync data from multiple directories into one big directory ? This directory should be used for SSO so bacically<br>
passwords should be synced too!</font></p>
<p><font size="-1">Thank you; Jay<br>
</font></p>
<font size="-1"><br>
</font><span style="FONT-SIZE: 10pt"><font face="Arial" size="2">
<p style="margin-top: 10px"> </p>
<span style="FONT-SIZE: 10pt">
<div style="border-top: 1px dashed #808080;
border-bottom: 1px dashed #808080">
<font size="3"><span style="FONT-SIZE: 12pt"><font face="Courier New" color="gray" size="2">LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste<br>
A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:info@linzag.at">
info@linzag.at</a></font></span></font></div>
</span>
<p style="margin-top: 10px"> </p>
</font></span><br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Patrick Brunmayr</span></b><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:green;mso-fareast-language:DE-AT">LINZ AG TELEKOM</span></b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:green;mso-fareast-language:DE-AT"><br>
</span><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Infrastruktur & Netzwerktechnik</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Internet Services</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"> </span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Die LINZ AG TELEKOM ist ein Geschäftsbereich der LINZ STROM GmbH<br>
für Energieerzeugung, -handel, -dienstleistungen und Telekommunikation.</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"> </span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">4021 Linz, Wiener Straße 151, Austria<br>
Tel.: +43(0)732/3400-5639<br>
Fax: +43(0)732/3400-155639<br>
E-Mail: </span><u><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:blue;mso-fareast-language:DE-AT"><a moz-do-not-send="true" href="mailto:p.brunmayr@linzag.at">p.brunmayr@linzag.at</a></span></u><span style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"><br>
<span style="color:black">Internet: </span><a moz-do-not-send="true" href="http://www.linzag-telekom.at">www.linzag-telekom.at</a><br>
<span style="color:black"><br>
FN 199533 g des Landesgerichtes Linz</span></span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">Zertifiziert nach:</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">EN ISO 9001 Qualitätsmanagement (QM)</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">OHSAS 18001 Arbeitsschutzmanagementsystem</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">ISO/IEC 27001 Informationssicherheits-Managementsystem (ISMS)</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<span style="FONT-SIZE: 10pt"><font face="Arial" size="2">
<p style="margin-top: 10px"> </p>
<span style="FONT-SIZE: 10pt">
<div style="border-top: 1px dashed #808080; border-bottom:
1px dashed #808080">
<font size="3"><span style="FONT-SIZE: 12pt"><font face="Courier New" color="gray" size="2">LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste<br>
A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:info@linzag.at">
info@linzag.at</a></font></span></font></div>
</span>
<p style="margin-top: 10px"> </p>
</font></span><br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset> <br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.E-MailFormatvorlage18
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Patrick Brunmayr</span></b><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:green;mso-fareast-language:DE-AT">LINZ AG TELEKOM</span></b><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:green;mso-fareast-language:DE-AT"><br>
</span><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Infrastruktur & Netzwerktechnik</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Internet Services</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"> </span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">Die LINZ AG TELEKOM ist ein Geschäftsbereich der LINZ STROM GmbH<br>
für Energieerzeugung, -handel, -dienstleistungen und Telekommunikation.</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"> </span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:black;mso-fareast-language:DE-AT">4021 Linz, Wiener Straße 151, Austria<br>
Tel.: +43(0)732/3400-5639<br>
Fax: +43(0)732/3400-155639<br>
E-Mail: </span><u><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:blue;mso-fareast-language:DE-AT"><a href="mailto:p.brunmayr@linzag.at">p.brunmayr@linzag.at</a></span></u><span style="font-size:8.0pt;font-family:"Arial","sans-serif";mso-fareast-language:DE-AT"><br>
<span style="color:black">Internet: </span><a href="http://www.linzag-telekom.at">www.linzag-telekom.at</a><br>
<span style="color:black"><br>
FN 199533 g des Landesgerichtes Linz</span></span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">Zertifiziert nach:</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">EN ISO 9001 Qualitätsmanagement (QM)</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">OHSAS 18001 Arbeitsschutzmanagementsystem</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Arial","sans-serif";color:#333333;mso-fareast-language:DE-AT">ISO/IEC 27001 Informationssicherheits-Managementsystem (ISMS)</span><span style="mso-fareast-language:DE-AT"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<span style="FONT-SIZE: 10pt"><font size="2" face="Arial">
<p style="margin-top: 10px"> </p>
<span style="FONT-SIZE: 10pt">
<div style="border-top: 1px dashed #808080; border-bottom: 1px dashed #808080"><font size="3"><span style="FONT-SIZE: 12pt"><font color="gray" size="2" face="Courier New">LINZ AG für Energie, Telekommunikation, Verkehr und Kommunale Dienste<br>
A-4021 Linz, Wiener Straße 151, Postfach 1300, Tel. +43/732/3400-0, E-Mail: info@linzag.at</font></span></font></div>
</span>
<p style="margin-top: 10px"> </p>
<div></div>
</font></span>
</body>
</html>