<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Univers Com 55";
panose-1:2 11 6 3 2 2 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;
mso-fareast-language:DE;}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;
color:black;
mso-fareast-language:EN-US;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;
mso-fareast-language:DE;}
span.E-MailFormatvorlage21
{mso-style-type:personal;
font-family:"Univers Com 55",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage22
{mso-style-type:personal;
font-family:"Univers Com 55",sans-serif;
color:#1F497D;}
span.E-MailFormatvorlage23
{mso-style-type:personal-reply;
font-family:"Univers Com 55",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">Dear Ivan and Redovan,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">thanks for your reply.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">I saw a few minutes ago that there is no loop. The LDAP-Value will be overwritten with the password-value from midpoint and in the second step it will be deleted.
Also with exceptChannel – LiveSync in outbound.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">Can you help?
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">The problem is that the second system has another padding for passwords so we need to decrypt and encrypt the passwords within the script because midpoint
only supports AES/CBC/ISO10126Padding and not PKCS5Padding.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">CONFIG:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <c:ref>ri:password</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <limitations><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <ignore>false</ignore><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <access><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <read>true</read><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <add>true</add><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <modify>true</modify><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </access><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </limitations><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <tolerant>false</tolerant><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <exclusiveStrong>false</exclusiveStrong><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <authoritative>false</authoritative><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <exclusive>false</exclusive><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <strength>normal</strength><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <exceptChannel>http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#liveSync</exceptChannel><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <c:path>$focus/credentials/password/value</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <inbound><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <authoritative>false</authoritative><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <exclusive>false</exclusive><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <strength>strong</strength><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <code><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> import java.util.Arrays;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> import java.util.Base64;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> import javax.crypto.Cipher;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> import javax.crypto.SecretKey;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> import javax.crypto.spec.IvParameterSpec;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> import javax.crypto.spec.SecretKeySpec;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> int ivLength = 128/8;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> if (input != null) {
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> log.info(input);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> byte[] cipherWithIV = Base64.getDecoder().decode(input.getBytes("UTF8"));<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> byte[] cipherText = Arrays.copyOfRange(cipherWithIV, ivLength, cipherWithIV.length);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> byte[] iv = Arrays.copyOfRange(cipherWithIV, 0, ivLength);
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> SecretKeySpec secretKey = new SecretKeySpec("sdfsdf”.getBytes(), "AES");<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> IvParameterSpec ivSpec = new IvParameterSpec(iv);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> String decryptedString = new String(cipher.doFinal(cipherText),"UTF-8");<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> return decryptedString;<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> }<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </code><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <target><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <c:path>$focus/credentials/password/value</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </target><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> <code><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> basic.isEmpty(input)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </code><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </inbound><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"> </attribute><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D">LOG:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">2016-11-21 14:30:44,910 [] [Thread-219] TRACE (com.evolveum.polygon.connector.ldap.sync.ModifyTimestampSyncStrategy): method: null msg:Found
entry: Entry<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> dn: cn=0034280,ou=user,dc=test,dc=de<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> …<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> uid: adicsn2<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> password: 1pvAmuWsk…<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> …<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> createTimestamp: 20161010080815Z<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> modifyTimestamp: 20161121133039Z<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> 2016-11-21 14:30:46,578 [] [midPointScheduler_Worker-4] DEBUG (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:ldaps://idvault1.test.de/
Search RES Entry<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> dn: cn=0034280,ou=user,dc=test,dc=de<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">
</span></i><i><span style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">entryUUID: 70cda5c0-230c-1036-9d21-d1e8d82e4893<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">2016-11-21 14:30:46,580 [] [midPointScheduler_Worker-4] DEBUG (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:ldaps://idvault1.test.de/
Modify REQ cn=0034280,ou=user,dc=test,dc=de: [replace:password: 0ZHSxmFY…….,], control=null<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">2016-11-21 14:30:46,658 [] [midPointScheduler_Worker-4] DEBUG (com.evolveum.polygon.connector.ldap.OperationLog): method: null msg:ldaps://idvault1.test.de/
Modify RES cn=0034280,ou=user,dc=test,dc=de: Ldap Result<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> Result code : (SUCCESS) success<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> Matched Dn : ''<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> Diagnostic message : ''<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">###[ CLOCKWORK SUMMARY ]######################################<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">Channel: http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#liveSync<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">Triggered by absolute state of account(ID {.../resource/instance-3}entryUUID = [ 70cda5c0-230c-1036-9d21-d1e8d82e4893 ], type 'default',
resource:9bedbf46-7577-4b62-ab05-db2e133bca85(IDVault)): LINKED -> LINKED<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">Focus: focus(user:412bc288-fb14-45e3-9be1-57860a894fb3(adicsn2))<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">Projections (1):<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> account(ID {.../resource/instance-3}entryUUID = [ 70cda5c0-230c-1036-9d21-d1e8d82e4893 ], type 'default', resource:9bedbf46-7577-4b62-ab05-db2e133bca85(IDVault)):
KEEP<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">Executed:<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span lang="EN-US" style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D"> ObjectDelta(ShadowType:21416d6e-eb14-4c21-8ea0-29c8a174ca80,MODIFY: PropertyDelta(attributes / {.../resource/instance-3}password, DELETE),
PropertyDelta(metadata / {.../common/common-3}modifyChannel, REPLACE), PropertyDelta(metadata / {.../common/common-3}modifyTimestamp, REPLACE), ReferenceDelta(metadata / {.../common/common-3}modifierRef, REPLACE)): SUCCESS<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="font-size:10.0pt;font-family:"Univers Com 55",sans-serif;color:#1F497D">##############################################################<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Univers Com 55",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="color:windowtext;mso-fareast-language:DE">Von:</span></b><span style="color:windowtext;mso-fareast-language:DE"> midPoint [mailto:midpoint-bounces@lists.evolveum.com]
<b>Im Auftrag von </b>Ivan Noris<br>
<b>Gesendet:</b> Montag, 21. </span><span lang="EN-US" style="color:windowtext;mso-fareast-language:DE">November 2016 14:50<br>
<b>An:</b> midpoint@lists.evolveum.com<br>
<b>Betreff:</b> Re: [midPoint] Short question "password sync"<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p><span lang="EN-US">Hi Christopher,</span><span lang="EN-US" style="font-size:12.0pt;mso-fareast-language:DE"><o:p></o:p></span></p>
<p><span lang="EN-US">another thing is that you can limit mapping to be executed only for specific channel (or all other than specific channel), so e.g. the outbound mapping would not push password to OpenLDAP when it comes from livesync.<o:p></o:p></span></p>
<p><span lang="EN-US">Would be this a workaround/solution for you?<o:p></o:p></span></p>
<p><span lang="EN-US">Also I remember the connector has configuration property "modifiersNamesToFilterOut" - so if you configure this with DN of the user midPoint is using for provisioning, the loop will not be endless, because after midPoint modifies the password
in OpenLDAP, the change will be then ignored by livesync...<o:p></o:p></span></p>
<p><span lang="EN-US">Regards,<o:p></o:p></span></p>
<p><span lang="EN-US">Ivan<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">On 11/21/2016 01:23 PM, Menke, Christopher wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">Dear Ivan,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">we used an OpenLDAP Server and we want to synchronize real passwords encrypted over this LDAP.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">You can find my configuration within the appendix.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">In inbound I decrypt an existing AES Password with an key from Keystore and in outbound I want to send the encrypted string to LDAP.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Problem is the live-sync. If I change the password in LDAP, midpoint overwrites it directly and there is an endless loop.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal">Best regards,<br>
Christopher<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="color:windowtext;mso-fareast-language:DE">Von:</span></b><span style="color:windowtext;mso-fareast-language:DE"> midPoint [</span><a href="mailto:midpoint-bounces@lists.evolveum.com"><span style="mso-fareast-language:DE">mailto:midpoint-bounces@lists.evolveum.com</span></a><span style="color:windowtext;mso-fareast-language:DE">]
<b>Im Auftrag von </b>Ivan Noris<br>
<b>Gesendet:</b> Montag, 21. </span><span lang="EN-US" style="color:windowtext;mso-fareast-language:DE">November 2016 12:01<br>
<b>An:</b> </span><a href="mailto:midpoint@lists.evolveum.com"><span lang="EN-US" style="mso-fareast-language:DE">midpoint@lists.evolveum.com</span></a><span lang="EN-US" style="color:windowtext;mso-fareast-language:DE"><br>
<b>Betreff:</b> Re: [midPoint] Short question "password sync"</span><span lang="EN-US"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<p><span lang="EN-US">Hi Christopher,<o:p></o:p></span></p>
<p><span lang="EN-US">what is your setup? What LDAP server are you using and what's the password algorithm/storage in the LDAP server? Are you synchronizing real passwords from LDAP server to midPoint, or generating random passwords in midPoint?<o:p></o:p></span></p>
<p><span lang="EN-US">Can you also paste the corresponding mappings for credentials/password (probably you have outbound as well as inbound)?<o:p></o:p></span></p>
<p><span lang="EN-US">Thanks,<o:p></o:p></span></p>
<p><span lang="EN-US">Ivan<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">On 11/21/2016 11:41 AM, Menke, Christopher wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif">Dear all,</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif">we want to sync an encrypted password between midpoint and a second system (LDAP).</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif">If we change the password within the LDAP (live-sync), midpoint encrypts the password (Groovy Script) and overwrites the internal password.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif">But then midpoint overwrites the password again in LDAP.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif">Is there a loopback-protection to prevent that tasks coming from LDAP-LiveSync overwrites the password again in LDAP?</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Univers Com 55",sans-serif"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.5pt">Best regards,</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.5pt">Christopher</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt"><br>
<br>
<br>
<br>
</span><span lang="EN-US"><o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">midPoint mailing list<o:p></o:p></span></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a><span lang="EN-US"><o:p></o:p></span></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">http://lists.evolveum.com/mailman/listinfo/midpoint</span></a><span lang="EN-US"><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt"><br>
<br>
<br>
</span><span lang="EN-US"><o:p></o:p></span></p>
<pre><span lang="EN-US">-- <o:p></o:p></span></pre>
<pre><span lang="EN-US">Ivan Noris<o:p></o:p></span></pre>
<pre><span lang="EN-US">Senior Identity Engineer<o:p></o:p></span></pre>
<pre><span lang="EN-US">evolveum.com<o:p></o:p></span></pre>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:DE"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">midPoint mailing list<o:p></o:p></span></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com"><span lang="EN-US">midPoint@lists.evolveum.com</span></a><span lang="EN-US"><o:p></o:p></span></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint"><span lang="EN-US">http://lists.evolveum.com/mailman/listinfo/midpoint</span></a><span lang="EN-US"><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span lang="EN-US" style="font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:DE"><br>
<br>
<o:p></o:p></span></p>
<pre><span lang="EN-US">-- <o:p></o:p></span></pre>
<pre><span lang="EN-US">Ivan Noris<o:p></o:p></span></pre>
<pre><span lang="EN-US">Senior Identity Engineer<o:p></o:p></span></pre>
<pre><span lang="EN-US">evolveum.com<o:p></o:p></span></pre>
</div>
</body>
</html>