Hi, I'd like to use PWM for Password Self-service management, but that will only let me set passwords for users in an LDAP server.
https://code.google.com/p/pwm/ How would I make (Open)LDAP password leading for all passwords, but keep Syncope for propagating users (including passwords) to target applications? Of course, I could make all client applications authenticate agains LDAP, but that would solve the problem only in application layer and needs suitable applications. I'm trying to see if this problem also has a solution in data layer. This hypothetical excercise would require a 2-way encrypted password setup between OpenLDAP and Syncope. Is this a possible scenario? Would PLAINTEXT Passwords in LDAP be the only solution? Maybe changing PWM so that the password would be AES encrypted into a pwd transport attribute, which could be picked up by Syncope and propagated to LDAP and other applications? Of course, I'm looking at NetIQ/eDir/SSPR as a commercial example IdM system for my question. It would be nice if Syncope+OpenLDAP+PWM could do this trick as well ;) Regards, Martin -- If 'but' was any useful, it would be a logic operator
