This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LDAP: Suppress Password Provisioning for Users Imported by Initial Synchronization

Hello Forum

we want to import users from an existing LDAP into Identity Manager using the "Initial Synchronization" functionality. Later, attribute changes of imported users in Identity Manager should be provisioned to the same LDAP again.

Since we cannot obtain the user passwords stored on LDAP, the password attributes in Identity Manager will not be set after the sync. But the intention is to leave the passwords on LDAP untouched. However, although the password mapping from Identity Manager to LDAP is conditioned on LDAPAccount.UserPassword <> '', the provisioning of (non-password-)changes now raises a ConstraintViolation on "unicodePwd". As soon as we set the password in Identity Manager, the violaton disappears.

Is there a way to maintain the provisioning of attribute changes by ignoring the password attribute?

Thanks in advance

Matthias

Parents

0 Matthias over 7 years ago

Problem solved.

Update: it turned out that the flow works OK with "Adhoc Provisioning" but not with explicit "Provisioning" from the Sync Editor. It seems that there is simply no way not touching the LDAP Password during explicit "Provisioning". Fine with me.
Cancel
Up 0 Down

Cancel

Reply

0 Matthias over 7 years ago

Problem solved.

Update: it turned out that the flow works OK with "Adhoc Provisioning" but not with explicit "Provisioning" from the Sync Editor. It seems that there is simply no way not touching the LDAP Password during explicit "Provisioning". Fine with me.
Cancel
Up 0 Down

Cancel

Children

No Data