Il 22/03/2016 19:17, Mark Pope ha scritto:
We use Active Directory for enterprise authentication. We are building
a portal for external users. I would like to use AD to store external
users credentials. This will allow internal users outside access as
well(desired).
Our AD policy locks out accounts after 3 invalid attempts and requires
a lengthy validation process to re-enable. Because of this, anyone
with our employee list could lockout all employees with a simple exploit.
I would like to create an AD mirror for external authorization where I
can eliminate policies.
Does Syncope offer a component that can mirror and sync credentials
from Active Directory?
Hi Mark, unfortunately syncope does not provide this component.
Actually, as far as I know you cannot sync credentials from AD because
you cannot read passwords.
What you can do at most is to install a DLL to capture change password
requests, extract provided new passwords and ask syncope to synchronize
them on external AD.
... But in this case you have to ask users to change password before to
be able to use the new one from outside.
BTW, are you sure you are not introducing a security issue?
Kind regards,
F.
--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
