Re: [lsc-users] Need help to sync Password

Thu, 26 Jan 2017 08:36:59 -0800 

Hi Sébastien,

Thanks for reply

I can’t store password in clear text due to corporate strategy and i’m 
interesting to use two-way encryption, but i don’t know how to do ?

Regards,


De : [email protected] 
[mailto:[email protected]] De la part de Sébastien Bahloul
Envoyé : jeudi 26 janvier 2017 17:07
À : lsc-users <[email protected]>
Objet : Re: [lsc-users] Need help to sync Password

HI Benoit,

In short you need the password in clear text to synchronize it to AD:

From: http://lsc-project.org/wiki/documentation/howto/activedirectory, the 
approach you would probably interested in :

Store passwords in your source repository, either in clear text or in a two-way 
encryption scheme (LSC includes tools to encrypt and decrypt such an algorithm: 
see 
here<http://lsc-project.org/wiki/documentation/latest/configuration/syncoptions/security>),
 then use LSC's AD 
tool-class<http://lsc-project.org/javadoc/latest/org/lsc/utils/directory/AD.html#getUnicodePwd(java.lang.String)>
 to update the password in AD. 
here<http://lsc-project.org/wiki/documentation/latest/configuration/syncoptions/activedirectory>
 an example how to do this.

Regards,

Sebastien BAHLOUL

2017-01-26 3:10 GMT-08:00 ROSELIER Benoit 
<[email protected]<mailto:[email protected]>>:
Hello,

I use LSC to synchronize an active directory from an openldap.

I am perfectly able to synchronize my users and my groups but I block on the 
synchronization of the passwords.

My passwords are hash in ssha in my OpenLdap, and I do not know how to retrieve 
them to pass them to Active directory.

PS: My users use self-service password to change their password. I do not know 
if I can use it to indicate two destinations for changing the password 
(openldap and Active directory).

Thanks for any suggestion.

Regards



_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]<mailto:[email protected]>
http://lists.lsc-project.org/listinfo/lsc-users


_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users

Reply via email to