Echoing Marian, I'd also like to say thanks for the software as it's been working great.
> There is no mechanism in LSC to generate a random password and send it by > mail. > We generally set the same password for everyone and enable the flag that > forces > user to change it at next login, but this indeed do not prevent a user to > steal > the account of a recently created user. I'm working on this right now as well. I didn't like using the same password for all new accounts created/synced in AD so I've been working on a way to set the password to something random. Currently, I'm including some javascript to do this which I learned how to do from here: https://lsc-project.org/documentation/latest/scripting/start The script I'm testing with is: $ cat randpass.js function generate_password() { passVal = ((Math.random().toString(36)+Math.random().toString(36).toUpperCase()).split('').sort(function(){return 0.5-Math.random()}).join('')); return passVal; } //console.log(generate_password()); Then in lsc.xml, I've included it in the AD.getUnicodePwd() unicodePwd dataset for the AD sync task: <snip>.. <dataset> <name>unicodePwd</name> <policy>KEEP</policy> <createValues> <string>AD.getUnicodePwd(generate_password())</string> </createValues> </dataset> <snip>... </propertiesBasedSyncOptions> <scriptInclude> <string>randpass.js</string> </scriptInclude> </task> </tasks> </lsc> -Aaron -- Aaron Cayard-Roberts System and Security Administrator Information Technology Services Earlham College 801 National Road West Richmond, IN 47374 Phone: 765-983-1851 _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list lsc-users@lists.lsc-project.org https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
