<div dir="ltr"><div dir="ltr">There is also this other good little password filter, can be used to write the password for the user just about anywhere, works great, have tested send to sql, opendj, openldap,etc.. just write your script and configure passwdhk to run it.<div><br></div><div><a href="https://sourceforge.net/projects/passwdhk/files/passwdhk/" target="_blank">https://sourceforge.net/projects/passwdhk/files/passwdhk/</a></div><div><br clear="all"><div><div dir="ltr" class="m_-3572841525177527370gmail_signature"><div dir="ltr"><br></div></div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail-m_-3572841525177527370gmail_attr">On Sun, Jan 27, 2019 at 11:32 AM Wojciech Staszewski <<a href="mailto:wojciech.staszewski@diagnostyka.pl" target="_blank">wojciech.staszewski@diagnostyka.pl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hello!</p>
<p>Thank you for uploading the installer binary.<br>
The filter and agent provided by this installer are working
correctly.<br>
</p>
<p>Thanks!<br>
WS<br>
</p>
<div class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-cite-prefix">W dniu 26.01.2019 o 11:36, Wojciech
Staszewski pisze:<br>
</div>
<blockquote type="cite">
<p>Hi!</p>
<p>Thank you very much for your reply.<br>
I compiled the packgage using VisualStudio 2017 community + Wix
3.11 + Wix extension,<br>
I changed in the solution properties to compile for 64-bit
architecture (filter dll was marked as 32bit).</p>
<p>Compilation went fine with no error nor warning.</p>
<p>Installation on the server succeeded, I checked registry
entries and the file locations for the agent and filter, all
fine,<br>
but the filter dll cannot be load:</p>
<p>The password notification DLL
C:\Windows\System32\ADPasswordFilter.dll failed to load with
error 126. Please verify that the notification DLL path defined
in the registry,
HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages,
refers to a correct and absolute path
(<drive>:\<path>\<filename>.<ext>) and
not a relative or invalid path. If the DLL path is correct,
please validate that any supporting files are located in the
same directory, and that the system account has read access to
both the DLL path and any supporting files. Contact the
provider of the notification DLL for additional support. Further
details can be found on the web at <a class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-txt-link-freetext" href="http://go.microsoft.com/fwlink/?LinkId=245898" target="_blank">http://go.microsoft.com/fwlink/?LinkId=245898</a>.<br>
</p>
<p>I tried to add into the "Notification Packages" registry key
values:<br>
</p>
<p>ADPasswordFilter<br>
and with the full path:<br>
C:\Windows\System32\ADPasswordFilter.dll<br>
<br>
But it changes nothing.<br>
What are other requirements to make it work? C++ runtime? .Net
in specified version?<br>
I have installed Microsoft Visual C++ 2017 Redistributable and
.Net 4.5 and 3.5 but it still doesn't work.</p>
<p>Thanks!<br>
WS<br>
</p>
<div class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-cite-prefix">W dniu 25.01.2019 o 20:02, Ezequiel
Alonso pisze:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Sorry,</div>
<div><br>
</div>
<div>I forgot to mention a manual installation step. With
regedit you must add "ADPasswordFilter" in "Notification
Packages" in
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa".</div>
<div><br>
</div>
<div>I take the opportunity to say that we have in our roadmap
the idea of encrypting the passwords and also adding a queue
of password for storing password changes when there is no
connectivity.</div>
<div><br>
</div>
<div>Thank you guys!<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail-m_-3572841525177527370gmail-m_-261221655598291836gmail_attr">El vie., 25 de ene. de 2019
a la(s) 15:29, Ezequiel Alonso (<a href="mailto:ealonso@identicum.com" target="_blank">ealonso@identicum.com</a>)
escribió:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Hi,</div>
<div><br>
</div>
<div>Thank you for trying our password filter
version!</div>
<div><br>
</div>
<div>We wrote our own version because the one
contributed in 2014 was outdated and <br>
didn't meet our requirements.</div>
<div><br>
</div>
<div>This version is more modular. The DLL will
pass the user and password as parameters to
the agent placed in the path specified in the
registry in the "Agent" entry in
"HKLM\SOFTWARE\ADPasswordFilter" </div>
<div><br>
</div>
<div>You can try to compile the client and the
dll using Visual Studio 15 with the WiX
Toolset plugin for building the installer.</div>
<div><br>
</div>
<div>For manually installing the filter you must
follow the next steps:</div>
<div>
<ul>
<li>Copy the DLL to
"C:\Windows\System32\ADPasswordFilter.dll"</li>
<li>Copy the Agent to "C:\Program
Files\ADPasswordFilter\ADPasswordAgent.exe"</li>
<li>Create the file "C:\Program
Files\ADPasswordFilter\ADPasswordAgent.exe.config"
containing:</li>
<ul>
<li><?xml version="1.0"
encoding="utf-8"?><br>
<configuration><br>
<appSettings><br>
<add key="BASEURL" value="<a href="http://your-midpoint-instance:8080/midpoint" target="_blank">http://your-midpoint-instance:8080/midpoint</a>"/><br>
<add key="AUTHUSR"
value="administrator"/><br>
<add key="AUTHPWD"
value="5ecr3t"/><br>
</appSettings><br>
<startup><supportedRuntime
version="v4.0"
sku=".NETFramework,Version=v4.5"/></startup></configuration><br>
</li>
</ul>
</ul>
<ul>
<li>Run the following command as admin in
the command prompt:</li>
<ul>
<li>reg add
"HKLM\SOFTWARE\ADPasswordFilter" /v
"Agent" /d "C:\Program
Files\ADPasswordFilter\ADPasswordAgent.exe"</li>
</ul>
<li>Reset the domain controller<br>
</li>
</ul>
<div><br>
</div>
</div>
<div>I also commited the installer to the github
repository recently.</div>
<div><br>
</div>
<div>Let me know if you have any issues with the
password filter.<br>
</div>
<div><br>
</div>
<div>Thank you!<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail-m_-3572841525177527370gmail-m_-261221655598291836gmail-m_4322760203267745434gmail_attr">El vie.,
25 de ene. de 2019 a la(s) 13:58, Jason Everling (<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>)
escribió:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">although we don't use password sync since
our users have to change their passwords through our
password app which syncs it every where else, I tested
the one from Identicum. The one donated to Evolveum is
very outdated, like 5+ years
<div><br clear="all">
<div>
<div dir="ltr" class="gmail-m_-3572841525177527370gmail-m_-261221655598291836gmail-m_4322760203267745434gmail-m_-590174702570220403gmail_signature">
<div dir="ltr">JASON</div>
</div>
</div>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail-m_-3572841525177527370gmail-m_-261221655598291836gmail-m_4322760203267745434gmail-m_-590174702570220403gmail_attr">On
Fri, Jan 25, 2019 at 10:47 AM Wojciech Staszewski
<<a href="mailto:wojciech.staszewski@diagnostyka.pl" target="_blank">wojciech.staszewski@diagnostyka.pl</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi All!<br>
<br>
There are 2 independend midPoint password-agents for
AD.<br>
<br>
First made by Radovan from Evolveum:<br>
<a href="https://github.com/Evolveum/midpoint-password-agent-ad" rel="noreferrer" target="_blank">https://github.com/Evolveum/midpoint-password-agent-ad</a><br>
<br>
Second made by Identicum:<br>
<a href="https://github.com/Identicum/midPointADPasswordAgent" rel="noreferrer" target="_blank">https://github.com/Identicum/midPointADPasswordAgent</a><br>
<br>
I want to play with them, but unfortunately I cannot
compile the installers. Exe and dll files are
compiled ok.<br>
But I don't know how to install it manually (win2012
x86_64)<br>
<br>
I put MidPointPasswordFilter.dll into
c:\windows\system32 dir,<br>
then installed Microsoft Visual C++ 2010 x64
Redistributable,<br>
and modified registry
HKLM->SYSTEM->CurrentControlSet->Control->Lsa->Notification
Packages,<br>
<br>
but the Dll cannot be load:<br>
"The password notification DLL
MidPointPasswordFilter failed to load with error
126." <- most likely missing some dependencies.<br>
<br>
Does any of you have any experience with these
agents?<br>
Maybe you have the installers compiled (for x86_64)
and can share them?<br>
<br>
Thanks<br>
WS<br>
-- <br>
Wojciech Staszewski<br>
Administrator Systemów Sieciowych<br>
<a href="http://www.diagnostyka.pl" rel="noreferrer" target="_blank">www.diagnostyka.pl</a><br>
Diagnostyka Sp. z o. o.<br>
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków<br>
Numer KRS: 0000381559 (Sąd Rejonowy dla
Krakowa-Śródmieścia w Krakowie, XI Wydział
Gospodarczy KRS)<br>
NIP: 675-12-65-009; REGON: 356366975<br>
Kapitał zakładowy: 33 756 500 zł.<br>
<br>
Pomyśl o środowisku zanim wydrukujesz ten e-mail.<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<br clear="all">
<br>
-- <br>
<div dir="ltr" class="gmail-m_-3572841525177527370gmail-m_-261221655598291836gmail-m_4322760203267745434gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><b>Ezequiel Alonso</b><br>
<span style="color:rgb(102,102,102)">Identicum
S.A.<br>
<a href="https://maps.google.com/?q=Jorge+Newbery+3226" target="_blank">Jorge
Newbery 3226, Buenos Aires, Argentina</a><br>
Tel: +54 (11) 4552-3050<br>
<a href="https://www.identicum.com/" target="_blank">www.identicum.com</a></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br clear="all">
<br>
-- <br>
<div dir="ltr" class="gmail-m_-3572841525177527370gmail-m_-261221655598291836gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr"><b>Ezequiel Alonso</b><br>
<span style="color:rgb(102,102,102)">Identicum
S.A.<br>
<a href="https://maps.google.com/?q=Jorge+Newbery+3226" target="_blank">Jorge
Newbery 3226, Buenos Aires, Argentina</a><br>
Tel: +54 (11) 4552-3050<br>
<a href="https://www.identicum.com/" target="_blank">www.identicum.com</a></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="gmail-m_-3572841525177527370gmail-m_-261221655598291836mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-quote-pre">_______________________________________________
midPoint mailing list
<a class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-signature" cols="72">--
Wojciech Staszewski
Administrator Systemów Sieciowych
tel. kom: 663 680 236
<a class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-txt-link-abbreviated" href="http://www.diagnostyka.pl" target="_blank">www.diagnostyka.pl</a>
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.
Pomyśl o środowisku zanim wydrukujesz ten e-mail.</pre>
<br>
<fieldset class="gmail-m_-3572841525177527370gmail-m_-261221655598291836mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-quote-pre">_______________________________________________
midPoint mailing list
<a class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<pre class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-signature" cols="72">--
Wojciech Staszewski
Administrator Systemów Sieciowych
<a class="gmail-m_-3572841525177527370gmail-m_-261221655598291836moz-txt-link-abbreviated" href="http://www.diagnostyka.pl" target="_blank">www.diagnostyka.pl</a>
Diagnostyka Sp. z o. o.
ul. Prof. M. Życzkowskiego 16, 31-864 Kraków
Numer KRS: 0000381559 (Sąd Rejonowy dla Krakowa-Śródmieścia w Krakowie, XI Wydział Gospodarczy KRS)
NIP: 675-12-65-009; REGON: 356366975
Kapitał zakładowy: 33 756 500 zł.
Pomyśl o środowisku zanim wydrukujesz ten e-mail.</pre>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>