It is, I double checked after I missed putting the attrib in the destination before.
I did some more digging, and it seems I was misinformed about the OpenLDAP setup I'm connecting to. The userPassword is being stored as an MD-5 hash, which would explain why all the unicodePwd's are being updated as "IgAiAA==" I know the various approaches for encryption are covered in the manual, so I'll read up and see whether I can figure it out. Thanks, aaron On Sun, Jun 9, 2013 at 11:48 AM, Clément OUDOT <[email protected]> wrote: > 2013/6/9 Aaron Hardy at AC <[email protected]>: > > Thanks to you both for your quick response. > > > > Sébastien - You were correct, I forgot to add unicodePwd as a string in > the > > fetchedAttributes section of the destination service. It appears to be > > working now. > > > > That also remedied the msDS-AccountDisabled issue - the accounts are now > > enabled on creation when they're given a valid unicodePwd. > > > > Clément - If I understand you correctly, as long as the userPassword is > > stored in clear text in OpenLDAP (and I have that attribute in the > > fetchedAttributes section of the source service), I would use something > > like: > > > > <dataset> > > <name>unicodePwd</name> > > <policy>FORCE</policy> > > <createValues> > > > > > <string>AD.getUnicodePwd(srcBean.getDatasetFirstValueById("userPassword"))</string> > > </createValues> > > </dataset> > > > > The above throws an exception for me - I'm assuming it's a syntax error? > > Verify that userPassword is in fetchedAttributes of the source. > > Clément. >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
