Thanks for the information, it saved me much time. The mirrored AD will have similar policies but more lenient.
Thanks, Mark On Wed, Mar 23, 2016 at 4:03 AM, Fabio Martelli <[email protected]> wrote: > Il 22/03/2016 19:17, Mark Pope ha scritto: > > We use Active Directory for enterprise authentication. We are building a > portal for external users. I would like to use AD to store external users > credentials. This will allow internal users outside access as well(desired). > > > > Our AD policy locks out accounts after 3 invalid attempts and requires a > lengthy validation process to re-enable. Because of this, anyone with our > employee list could lockout all employees with a simple exploit. > > > I would like to create an AD mirror for external authorization where I can > eliminate policies. > > > > Does Syncope offer a component that can mirror and sync credentials from > Active Directory? > > Hi Mark, unfortunately syncope does not provide this component. > Actually, as far as I know you cannot sync credentials from AD because you > cannot read passwords. > What you can do at most is to install a DLL to capture change password > requests, extract provided new passwords and ask syncope to synchronize > them on external AD. > ... But in this case you have to ask users to change password before to be > able to use the new one from outside. > > > BTW, are you sure you are not introducing a security issue? > > Kind regards, > F. > > -- > Fabio > Martellihttps://it.linkedin.com/pub/fabio-martelli/1/974/a44http://blog.tirasa.net/author/fabio/index.html > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Apache Syncope PMChttp://people.apache.org/~fmartelli/ > >
