On 27/09/20 22:44, Henri44 wrote: > Hi, > > any way to attach Apples OD? The Ldap Connector works so far well, but the > password is not stored in the LDAP schema. So the pull function get's an > "org.apache.syncope.core.persistence.api.attrvalue.validation.InvalidEntityException: > User [InvalidPassword]". > To retrieve the password, the key of the password server is stored in > "authAuthority" and to get the hash a "mkpassdb -dump id" from root is > necessary. For sure, a Kerberos solution would be better, or even not to > retrieve the password, just the prompte a new one. > > Thanks > > Henri > > P.S. Unfortunately the AD connector does not work.
Hi Henry, honestly, this is the very first time I hear someone attempting to integrate Syncope with Apple OD; nevertheless, I've just learned that it is "built around OpenLDAP" [1] and this explains quite well how you could successfully setup the ConnId LDAP connector for it, not the AD connector. About password retrieval, I think you could give a sping to the OTB LDAPPasswordPullActions. In case this does not work, according to what you write above, it seems you will either need to inject some custom logic into the pull process [2] or to built a whole different strategy around Kerberos. HTH Regards. [1] https://images.apple.com/server/docs/Open_Directory_TB_v10.4.pdf [2] http://syncope.apache.org/docs/2.1/reference-guide.html#pullactions -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/