On 28/02/19 11:34, Dmitriy Brashevets wrote:
Could you please take a look at the Pull Request that I’ve created for
the task
https://connid.atlassian.net/projects/AD/issues/AD-65?filter=allopenissues
Would be great if the fix will be also for *connid.version 1.4.5.0.
*This will allow us to have the fix in Apache Syncope 2.0.12.
Hi Dmitriy,
your PR was merged on the AD connector bundle, and fix will be part of
release 1.3.7 there.
Once this happens, we will include that with Syncope 2.0.13 and 2.1.4.
In particular, Syncope 2.0.13 will be based on ConnId 1.4.5.1- which
fixes an important bug in 1.4.5.0 - so all you will have to do is
upgrade your deployment.
Regards.
*From:* Brashevets, Dmitriy
*Sent:* Wednesday, February 27, 2019 4:15 PM
*To:* '[email protected]' <[email protected]>
*Subject:* How to provision value into "pwdLastSet" AD field correctly?
Hi Apache Syncope guys.
We're using version 2.0.12 of Apache Syncope.
I'm trying to provision value into "pwdLastSet" field in AD server.
I have tried to do the provisioning by adding additional schema and
corresponding provisioning mapping in resource as described it these
steps:
https://cwiki.apache.org/confluence/display/SYNCOPE/Configure+change+password+at+next+logon+in+Active+Directory
The value is successfully provisioned into AD when I create a new user.
Also value is provisioned when I update the user and update value of
"changePwd" plain schema from "false" to "true".
When I want to update the value of "changePwd" schema from "true" to
"false" the value is not provisioned (At least the checkbox in AD
"User must change password at next logon" is still enabled).
Do you have any idea why it happens?
I found that according to documentation, to disable the "User Must
Change Password at Next Logon" feature the value should be "-1"
https://docs.microsoft.com/en-us/windows/desktop/adsi/user-must-change-password-at-next-logon.
PS:
I also tried to add the provisioning mapping against
"mustChangePassword" field which is a part of JPAUser entity.
If I use this field in mapping for provisioning, then the provisioning
never happens, because
org.apache.syncope.core.provisioning.api.PropagationByResource is
never updated when ```userPatch.getMustChangePassword()``` is set (See
https://github.com/DmitriyBrashevets/syncope/blob/b3c4433434cf08415c25dec23fb96a290e47f4e7/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/UserDataBinderImpl.java#L349).
Theoretically,
org.apache.syncope.common.lib.patch.UserPatch#mustChangePassword
should be of type that also takes into consideration list of resources
(as org.apache.syncope.common.lib.patch.PasswordPatch#resources does
have)
Kind Regards,
Dmitriy Brashevets
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
