HI Benoit, In short you need the password in clear text to synchronize it to AD:
From: http://lsc-project.org/wiki/documentation/howto/activedirectory, the approach you would probably interested in : Store passwords in your source repository, either in clear text or in a two-way encryption scheme (LSC includes tools to encrypt and decrypt such an algorithm: see here <http://lsc-project.org/wiki/documentation/latest/configuration/syncoptions/security>), then use LSC's AD tool-class <http://lsc-project.org/javadoc/latest/org/lsc/utils/directory/AD.html#getUnicodePwd(java.lang.String)> to update the password in AD. here <http://lsc-project.org/wiki/documentation/latest/configuration/syncoptions/activedirectory> an example how to do this. Regards, Sebastien BAHLOUL 2017-01-26 3:10 GMT-08:00 ROSELIER Benoit <[email protected]>: > Hello, > > > > I use LSC to synchronize an active directory from an openldap. > > > > I am perfectly able to synchronize my users and my groups but I block on > the synchronization of the passwords. > > > > My passwords are hash in ssha in my OpenLdap, and I do not know how to > retrieve them to pass them to Active directory. > > > > PS: My users use self-service password to change their password. I do not > know if I can use it to indicate two destinations for changing the password > (openldap and Active directory). > > > > Thanks for any suggestion. > > > > Regards > > > > > > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > http://lists.lsc-project.org/listinfo/lsc-users >
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
