• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 95 subscribers
  • Views 3040 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAP: Suppress Password Provisioning for Users Imported by Initial Synchronization

Matthias
over 7 years ago

Hello Forum

we want to import users from an existing LDAP into Identity Manager using the "Initial Synchronization" functionality. Later, attribute changes of imported users in Identity Manager should be provisioned to the same LDAP again.

Since we cannot obtain the user passwords stored on LDAP, the password attributes in Identity Manager will not be set after the sync. But the intention is to leave the passwords on LDAP untouched. However, although the password mapping from Identity Manager to LDAP is conditioned on LDAPAccount.UserPassword <> '', the provisioning of (non-password-)changes now raises a ConstraintViolation on "unicodePwd". As soon as we set the password in Identity Manager, the violaton disappears.

Is there a way to maintain the provisioning of attribute changes by ignoring the password attribute?

Thanks in advance

Matthias

Parents
  • 0 over 7 years ago
    Hi Matthias,

    You don't mention which version you are using but I am going to assume you are on V7 or higher given the contents of your post.

    Can you confirm the condition for password mapping ...... you have said LDAPAccount.UserPassword <> '' but in my system it is Left.UserPassword <> '' ?

    Have you changed the provided mapping for InetOrgPerson in any way or are you using it as supplied?

    Thanks, Barry.
Reply
  • 0 over 7 years ago
    Hi Matthias,

    You don't mention which version you are using but I am going to assume you are on V7 or higher given the contents of your post.

    Can you confirm the condition for password mapping ...... you have said LDAPAccount.UserPassword <> '' but in my system it is Left.UserPassword <> '' ?

    Have you changed the provided mapping for InetOrgPerson in any way or are you using it as supplied?

    Thanks, Barry.
Children
No Data