Dear Sebastien, Thanks for your suggestion. I have figured out the problem, which is the AD password policy.
Thanks, CF On Mon, Jul 9, 2012 at 5:17 PM, Sébastien Bahloul < [email protected]> wrote: > Hi CF, > > Can you check some items : > > - Set and export the CA certificate used in AD (see > > http://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+Directory > ) > - Import the certificate in the JVM or in your own SSL truststore (see SSL > and TLS > activation<http://lsc-project.org/wiki/documentation/1.2/howtos/ssltls> > ) > - Use ldaps in the AD URI in lsc.properties (* > dst.java.naming.provider.url*) > > > The good settings should be : > > lsc.syncoptions.ADuser.unicodePwd.action = F > lsc.syncoptions.ADuser.unicodePwd.create_value = > AD.getUnicodePwd(srcBean.getAttributeValueById("initPassword")) > > Kind regards, > > -- > Sebastien BAHLOUL > IAM / Security specialist > Ldap Synchronization Connector : http://lsc-project.org > Blog : http://sbahloul.wordpress.com/ > > > > 2012/7/9 C.F. Yeung <[email protected]> > >> I have stored initial plain text password as "initPassword" in database. >> The following syntax are not working. What is correct syntax to generate >> the AD password via lsc 1.2.2? >> >> >> =========================================================================================== >> Description field shows that >> the srcBean.getAttributeValueById("initPassword") is the correct stored >> initial plain text password. >> >> =========================================================================================== >> lsc.syncoptions.MySyncTask.description.action = K >> lsc.syncoptions.MySyncTask.description.default_value = >> srcBean.getAttributeValueById("initPassword") >> ======================== >> End of description >> ======================== >> >> ================================== >> All of the followings are not working >> ================================== >> lsc.syncoptions.MySyncTask.unicodePwd.action = K >> lsc.syncoptions.MySyncTask.unicodePwd.create_value = >> AD.getUnicodePwd("srcBean.getAttributeValueById("initPassword")") >> lsc.syncoptions.MySyncTask.unicodePwd.action = K >> lsc.syncoptions.MySyncTask.unicodePwd. default _value = >> AD.getUnicodePwd("srcBean.getAttributeValueById("initPassword")") >> lsc.syncoptions.MySyncTask.unicodePwd.action = K >> lsc.syncoptions.MySyncTask.unicodePwd.create_value = >> AD.getUnicodePwd(srcBean.getAttributeValueById("initPassword")) >> lsc.syncoptions.MySyncTask.unicodePwd.action = K >> lsc.syncoptions.MySyncTask.unicodePwd. default _value = >> AD.getUnicodePwd(srcBean.getAttributeValueById("initPassword")) >> lsc.syncoptions.MySyncTask.unicodePwd.action = K >> lsc.syncoptions.MySyncTask.unicodePwd.create_value = >> AD.getUnicodePwd("changeit") >> lsc.syncoptions.MySyncTask.unicodePwd.action = K >> lsc.syncoptions.MySyncTask.unicodePwd.default_value = >> AD.getUnicodePwd("changeit") >> lsc.syncoptions.MySyncTask.unicodePwd.action = F >> lsc.syncoptions.MySyncTask.unicodePwd.force_value = >> AD.getUnicodePwd("changeit") >> ======================================== >> End. Many other combinations are not working either >> ======================================== >> >> It is very strange that the following syntax is working. But, the >> password becomes text >> string srcBean.getAttributeValueById("initPassword") instead of the plain >> text password stored in DB. >> ====================================== >> Working syntax, but not the password stored >> ====================================== >> lsc.syncoptions.MySyncTask.unicodePwd.action = F >> lsc.syncoptions.MySyncTask.unicodePwd.force_value = >> AD.getUnicodePwd('srcBean.getAttributeValueById("initPassword")') >> =================== >> End >> =================== >> >> Thanks, >> CF >> >> _______________________________________________________________ >> Ldap Synchronization Connector (LSC) - http://lsc-project.org >> >> lsc-users mailing list >> [email protected] >> http://lists.lsc-project.org/listinfo/lsc-users >> >> >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
