[
https://issues.apache.org/jira/browse/SYNCOPE-313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14026286#comment-14026286
]
Francesco Chicchiriccò commented on SYNCOPE-313:
------------------------------------------------
{quote}
a) By "synchronization actions" are you referring to the existing Actions class
that you can select in the Resource configuration? (e.g.
LDAPMembershipPropagationAction), or something new that would be associated
with the Connector itself?
{quote}
I mean the [action
class|https://cwiki.apache.org/confluence/display/SYNCOPE/SyncActionsClass]
that can be configured for Sync Tasks - (so {{LDAPMembershipSyncActions}} for
what you refer above).
Since we already provide {{LDAPMembershipSyncActions}} and we are about to
provide {{LDAPPasswordSyncActions}}, it might be also an idea to allow
associating a list of Sync Actions classes to a Sync Task - and correspondingly
a list of Propagation Actions classes to a Resource.
{quote}
We still have the problem with BASE-64/HEX encoding that I raised. What do you
think of my first two points?
{quote}
I am at the moment working on the {{PasswordEncoder}} (locally renamed as
{{Encryptor}} as I am working on SYNCOPE-270) but I have to admin I am not able
to see the problem you report above. Can you please provide more details?
> Support synchronizing non-cleartext passwords from external resources
> ---------------------------------------------------------------------
>
> Key: SYNCOPE-313
> URL: https://issues.apache.org/jira/browse/SYNCOPE-313
> Project: Syncope
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.2.0
>
>
> Currently we can synchronize cleartext passwords from external resources.
> However, we can't handle non-cleartext passwords, as they get treated as if
> they are plaintext passwords when imported into Syncope, and hence hashed
> again according to user.cipherAlgorithm().
> This task is to treat an imported password as hashed according to a give
> cipher algorithm configured on the connector (for example via 'Password
> Cipher Algorithm' for the DB Connector).
> This is specific to each individual connector, as for example for the DB
> Connector, it might just be a hashed value stored in a table, whereas for
> LDAP it'll be of the form "CIPHER}VALUE" etc.
> Note that we we cannot refer to any specific connector bundle from inside the
> SyncopeSyncResultHandler, hence we should find the cleanest place to
> encapsulate the following logic:
> if (password.isClearText()) {
> // do as currently done
> } else {
> if (connector.isLDAP()) {
> // extract cipher and value
> } else if (connector.isDBTable()) {
> // treat value as ciphered with the cipher defined in connector
> configuration
> } else {
> ...
> }
> }
--
This message was sent by Atlassian JIRA
(v6.2#6252)
