Re: Active Directory password propagation
Il 27/01/2017 16:32, Fabio Martelli ha scritto: Il 27/01/2017 15:53, Tech ha scritto: Yes, we are connecting via SSL. We know that the connection is working because we are still able to propagate the user modification like firstname and lastname. We can change the password and internally is working, but it's not propagated to AD. When you performed the change password by using the administration console, did you select AD resource in the list provided after password fields? Are you sure that the user principal configured to perform updates into AD owns all the needed entitlements? Furthermore, please check into AD resource user mapping configuration: be sure about the correctness of the mapping provided for the password. You can attach a screenshot of your user mapping if you need my opinion about. Regards, F. the On 27/01/2017 15:42, Fabio Martelli wrote: Hi, find my comment in-line. Regards, F. Il 27/01/2017 12:12, Tech ha scritto: Hello, we are working on the password propagation using the AD connector. We are able to check the connectivity both using plain and SSL, we are able to create new users and to update information like email, first name and last name. We edit the connector: * We check SSL * we change the Server port to 636 * We enable Trust all certs We run again some modification and the first name and last name are still updated. We try now to change the password, both from user and admin interface. The user can correctly access to Syncope using the new credentials, while we detect that the password is not correctly propagated to the target system. Do you mean that you can still access with the previous one? Please note that you can change password by working in SSL only [1]. Regards, F. [1] https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482#ActiveDirectory(JNDI)-Configuration Any clues? Thanks! -- Fabio Martelli https://it.linkedin.com/pub/fabio-martelli/1/974/a44 http://blog.tirasa.net/author/fabio/index.html Tirasa - Open Source Excellence http://www.tirasa.net/ Apache Syncope PMC http://people.apache.org/~fmartelli/ -- Fabio Martelli https://it.linkedin.com/pub/fabio-martelli/1/974/a44 http://blog.tirasa.net/author/fabio/index.html Tirasa - Open Source Excellence http://www.tirasa.net/ Apache Syncope PMC http://people.apache.org/~fmartelli/ -- Fabio Martelli https://it.linkedin.com/pub/fabio-martelli/1/974/a44 http://blog.tirasa.net/author/fabio/index.html Tirasa - Open Source Excellence http://www.tirasa.net/ Apache Syncope PMC http://people.apache.org/~fmartelli/
Re: Active Directory password propagation
Il 27/01/2017 15:53, Tech ha scritto: Yes, we are connecting via SSL. We know that the connection is working because we are still able to propagate the user modification like firstname and lastname. We can change the password and internally is working, but it's not propagated to AD. When you performed the change password by using the administration console, did you select AD resource in the list provided after password fields? Are you sure that the user principal configured to perform updates into AD owns all the needed entitlements? the On 27/01/2017 15:42, Fabio Martelli wrote: Hi, find my comment in-line. Regards, F. Il 27/01/2017 12:12, Tech ha scritto: Hello, we are working on the password propagation using the AD connector. We are able to check the connectivity both using plain and SSL, we are able to create new users and to update information like email, first name and last name. We edit the connector: * We check SSL * we change the Server port to 636 * We enable Trust all certs We run again some modification and the first name and last name are still updated. We try now to change the password, both from user and admin interface. The user can correctly access to Syncope using the new credentials, while we detect that the password is not correctly propagated to the target system. Do you mean that you can still access with the previous one? Please note that you can change password by working in SSL only [1]. Regards, F. [1] https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482#ActiveDirectory(JNDI)-Configuration Any clues? Thanks! -- Fabio Martelli https://it.linkedin.com/pub/fabio-martelli/1/974/a44 http://blog.tirasa.net/author/fabio/index.html Tirasa - Open Source Excellence http://www.tirasa.net/ Apache Syncope PMC http://people.apache.org/~fmartelli/ -- Fabio Martelli https://it.linkedin.com/pub/fabio-martelli/1/974/a44 http://blog.tirasa.net/author/fabio/index.html Tirasa - Open Source Excellence http://www.tirasa.net/ Apache Syncope PMC http://people.apache.org/~fmartelli/
Re: Active Directory password propagation
Yes, we are connecting via SSL. We know that the connection is working because we are still able to propagate the user modification like firstname and lastname. We can change the password and internally is working, but it's not propagated to AD. the On 27/01/2017 15:42, Fabio Martelli wrote: > Hi, find my comment in-line. > Regards, > F. > > Il 27/01/2017 12:12, Tech ha scritto: >> >> Hello, >> >> we are working on the password propagation using the AD connector. >> >> We are able to check the connectivity both using plain and SSL, we >> are able to create new users and to update information like email, >> first name and last name. >> >> We edit the connector: >> >> * We check SSL >> * we change the Server port to 636 >> * We enable Trust all certs >> >> We run again some modification and the first name and last name are >> still updated. >> >> We try now to change the password, both from user and admin interface. >> >> The user can correctly access to Syncope using the new credentials, >> while we detect that the password is not correctly propagated to the >> target system. >> > > Do you mean that you can still access with the previous one? > Please note that you can change password by working in SSL only [1]. > > Regards, > F. > > [1] > https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482#ActiveDirectory(JNDI)-Configuration > > >> Any clues? >> >> Thanks! >> > > > -- > Fabio Martelli > https://it.linkedin.com/pub/fabio-martelli/1/974/a44 > http://blog.tirasa.net/author/fabio/index.html > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Apache Syncope PMC > http://people.apache.org/~fmartelli/
Re: Active Directory password propagation
Hi, find my comment in-line. Regards, F. Il 27/01/2017 12:12, Tech ha scritto: Hello, we are working on the password propagation using the AD connector. We are able to check the connectivity both using plain and SSL, we are able to create new users and to update information like email, first name and last name. We edit the connector: * We check SSL * we change the Server port to 636 * We enable Trust all certs We run again some modification and the first name and last name are still updated. We try now to change the password, both from user and admin interface. The user can correctly access to Syncope using the new credentials, while we detect that the password is not correctly propagated to the target system. Do you mean that you can still access with the previous one? Please note that you can change password by working in SSL only [1]. Regards, F. [1] https://connid.atlassian.net/wiki/pages/viewpage.action?pageId=360482#ActiveDirectory(JNDI)-Configuration Any clues? Thanks! -- Fabio Martelli https://it.linkedin.com/pub/fabio-martelli/1/974/a44 http://blog.tirasa.net/author/fabio/index.html Tirasa - Open Source Excellence http://www.tirasa.net/ Apache Syncope PMC http://people.apache.org/~fmartelli/
Active Directory password propagation
Hello, we are working on the password propagation using the AD connector. We are able to check the connectivity both using plain and SSL, we are able to create new users and to update information like email, first name and last name. We edit the connector: * We check SSL * we change the Server port to 636 * We enable Trust all certs We run again some modification and the first name and last name are still updated. We try now to change the password, both from user and admin interface. The user can correctly access to Syncope using the new credentials, while we detect that the password is not correctly propagated to the target system. Any clues? Thanks!