Hi Jesus, I'm not sure to understand when do you encrypt the password through the following method AD.getUnicodePwd() ? This method encrypts the password from a clear text format to the AD accepted password format (escaped accent, ...). Does you mean that only clear text passwords going through this method are successfully provisionned inside AD ?
Kind regards, Sebastien BAHLOUL IAM / Security specialist Ldap Synchronization Connector : http://lsc-project.org Blog : http://sbahloul.wordpress.com/ 2013/4/22 Santisteban Fernandez, Jesus <[email protected] > > ** > > Hi Sébastien, > > Thank for you answer. But I don't understand that you want to say me. > > Maybe I didn't explain well, we want AD users can have the same password > than OpenLDAP users. > > Actually, the OpenLDAP users use CRYPT encrypted and if I use this line in > the lsc.xml: > > > <string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById("userPassword"))</string> > > the password values are wrong. But if the OpenLDAP users use CLEAR > passwords, the values are right. > > Any suggestion?? > > King regards. > > -- > > Jesús Santisteban Fernández > System Administrator / Researcher > c/ Sola nº 1; 10200 TRUJILLO, SPAIN > Tel: +34 927 65 93 17 Fax: +34 927 32 32 37 > > > > -----Mensaje original----- > De: Sébastien Bahloul > [mailto:[email protected]<[email protected]> > ] > Enviado el: lun 22/04/2013 9:37 > Para: Santisteban Fernandez, Jesus > CC: lsc-users > Asunto: Re: [lsc-users] encrypted password in AD > > > Hi Jesus, > > The best secured way to achieve such configuration is to setup a password > authentication delegation between openldap and Active Directory if you can > afford the dependency. If you still want to do encrypt it yourself in > openldap, look at the following page: > > http://lsc-project.org/wiki/documentation/2.1/configuration/syncoptions/security > > Kind regards, > Le 20 avr. 2013 19:55, "Santisteban Fernandez, Jesus" < > [email protected]> a écrit : > > > ** > > > > > Hi, > > > > I'm using the LSC connector for synchronize data from OpenLDAP to Active > > Directory. > > In OpenLDAP server, the passwords of users are encrypted like CRYPT and > > these passwords > > aren't valid for AD. I have also done other test, I changed the type of > > encrypted to CLEAR > > (in OpenLDAP server) and in this case, the passwords are right. > > > > How can I changed the type of encrypted in the lsc.xml? Is it possible? > > > > Regards, > > > > Jesús Santisteban Fernández > > System Administrator / Researcher > > c/ Sola nº 1; 10200 TRUJILLO, SPAIN > > Tel: +34 927 65 93 17 Fax: +34 927 32 32 37 > > > > > > > > > > > > ---------------------------- Confidencialidad: Este mensaje y sus > > ficheros adjuntos se dirige exclusivamente a su destinatario y puede > > contener información privilegiada o confidencial. Si no es vd. el > > destinatario indicado, queda notificado de que la utilización, > divulgación > > y/o copia sin autorización está prohibida en virtud de la legislación > > vigente. Si ha recibido este mensaje por error, le rogamos que nos lo > > comunique inmediatamente respondiendo al mensaje y proceda a su > > destrucción. Disclaimer: This message and its attached files is intended > > exclusively for its recipients and may contain confidential information. > If > > you received this e-mail in error you are hereby notified that any > > dissemination, copy or disclosure of this communication is strictly > > prohibited and may be unlawful. In this case, please notify us by a reply > > and delete this email and its contents immediately. > > ---------------------------- > > > > _______________________________________________________________ > > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > > > lsc-users mailing list > > [email protected] > > http://lists.lsc-project.org/listinfo/lsc-users > > > > > >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
