Force change password on LDAP account

Can someone help me?

Hi, Giuseppe,

First of all, do your ldap server support that attribute? If it does not , you should contact your isam ldap support in order to find out how to force a password change.

If it does, then make sure:

1. It is present in your sync project target system schema. 
2. The user in your ldap server connection (Target System->Edit connection) has rw permissions on it.
3. If you cant see it then you might add it , according to the documentation (for v92) : https://support.oneidentity.com/es-es/technical-documents/identity-manager/9.2/target-system-synchronization-reference-guide/5#TOPIC-2079339
4. Finally, you can extend the LDAPAccount table for that attribute and add it in your mappings.

HtH!

Hi Juan Carlos,

Yes this parameter is present on the target system, but from the LDAP connector that I've created I can't see it from Target System view.

If I use "Browse" button to see all the parameter into Target System I can't see "ShadowLastChange" parameter but the customer can see it on his LDAP system.

Do I add this parameter to the schema in someway?

Thanks,

Giusepppe

Hi, 

Yes, please have a look at the documentation that I've included on my first post:

Here: https://support.oneidentity.com/es-es/technical-documents/identity-manager/9.2/target-system-synchronization-reference-guide/5#TOPIC-2079339

and for mappings: https://support.oneidentity.com/es-es/technical-documents/identity-manager/9.2/target-system-synchronization-reference-guide/13#TOPIC-2079370

Update the target system schema first hand, just in case the attribute could be found prior to adding it manually.  Also the user connecting to your target system must have permissions to access it.

Eventualy, if this fails and this force change is a one time operation, something you would like to run on a scheduled basics and not tied to other processes ,  instead of a sync project, you might consider running a script that connects to your server via powershell or  other, and makes the changes. You'll need some insight on your ldap server, api and related.

Regards!

It might be an obvious one but to you reload the schema on the LDAP connector?

Hi Markus,

Do you mean with update schema on the Target System?

yes

I've tried to use update schema but I still don't see the pwdReset parameter

Is this property coming from an auxillary class?

I check and on the LDAP connector we can't find all the table that our customer sees on LDAP. I've just try with "Update schema", but it doesn't solve the problem. How can I add the other table to see if "pwdParameter" comes from that table?