Could you please take a look at the Pull Request that I've created for the task https://connid.atlassian.net/projects/AD/issues/AD-65?filter=allopenissues
Would be great if the fix will be also for connid.version 1.4.5.0. This will allow us to have the fix in Apache Syncope 2.0.12. Kind Regards, Dmitriy Brashevets From: Brashevets, Dmitriy Sent: Wednesday, February 27, 2019 4:15 PM To: '[email protected]' <[email protected]> Subject: How to provision value into "pwdLastSet" AD field correctly? Hi Apache Syncope guys. We're using version 2.0.12 of Apache Syncope. I'm trying to provision value into "pwdLastSet" field in AD server. I have tried to do the provisioning by adding additional schema and corresponding provisioning mapping in resource as described it these steps: https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+change+password+at+next+logon+in+Active+Directory The value is successfully provisioned into AD when I create a new user. Also value is provisioned when I update the user and update value of "changePwd" plain schema from "false" to "true". When I want to update the value of "changePwd" schema from "true" to "false" the value is not provisioned (At least the checkbox in AD "User must change password at next logon" is still enabled). Do you have any idea why it happens? I found that according to documentation, to disable the "User Must Change Password at Next Logon" feature the value should be "-1" https://docs.microsoft.com/en-us/windows/desktop/adsi/user-must-change-password-at-next-logon. PS: I also tried to add the provisioning mapping against "mustChangePassword" field which is a part of JPAUser entity. If I use this field in mapping for provisioning, then the provisioning never happens, because org.apache.syncope.core.provisioning.api.PropagationByResource is never updated when ```userPatch.getMustChangePassword()``` is set (See https://github.com/DmitriyBrashevets/syncope/blob/b3c4433434cf08415c25dec23fb96a290e47f4e7/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java#L349). Theoretically, org.apache.syncope.common.lib.patch.UserPatch#mustChangePassword should be of type that also takes into consideration list of resources (as org.apache.syncope.common.lib.patch.PasswordPatch#resources does have) Kind Regards, Dmitriy Brashevets
smime.p7s
Description: S/MIME cryptographic signature
