-
[email protected] replied to the topic Community Edition in the forum General Discussion 5 years, 4 months ago
Yeroc is right. This kills community involvement.
-
[email protected] replied to the topic Error while integrating AD to openIDM using generic LDAP connector in the forum Identity Management 5 years, 6 months ago
and also added the path of trust store in system.properties
Add the certificate to $OPENIDM_HOME/security/truststore . Do not try to add different truststore (btw. the truststore location is in boot.properties).
-
[email protected] replied to the topic Error while integrating AD to openIDM using generic LDAP connector in the forum Identity Management 5 years, 6 months ago
Giving the configuration second look,
“ssl” : false,
seems quite suspicious as well. You are connecting to port 636, which should be SSL. -
[email protected] replied to the topic Error while integrating AD to openIDM using generic LDAP connector in the forum Identity Management 5 years, 6 months ago
Looking at the configuration second time, this looks quite suspicious as well –
“ssl” : false,
. You are connecting to port 636, which should be SSL. -
[email protected] replied to the topic Error while integrating AD to openIDM using generic LDAP connector in the forum Identity Management 5 years, 6 months ago
I think you should login with windows domain name, not the user DN. So change your principal to something like “administrator” or “DOMAINadministrator”.
-
[email protected] replied to the topic Howto.. best approach in the forum Identity Management 5 years, 8 months ago
I would go the easiest way, which I think is somewhere in the middle. Having higher level business roles (like junior account manager) is nice, but that additional level of abstraction needs to be managed. So as long as there are not that many roles needed, this is a good approach.
When you need to be able to assign the lower level application…[Read more]
-
[email protected] replied to the topic avoiding unnecessary password updates? in the forum Identity Management 5 years, 9 months ago
One possibility is to use password change timestamp, which is a common attribute in many systems. Then in the mapping you can compare if password in IdM is newer than password in the target system. Of course you need to make sure that the time within your environment is synced.
-
[email protected] replied to the topic Conditionally sync based on role in the forum Identity Management 6 years, 1 month ago
> However, I would say that the ‘Assignments’ method is probably a misunderstanding of the Assignments capability
That is an interesting point of view and I hope that is not how it is. Using assignments as indication whether the user is eligible to have account in the integrated system is in my opinion basic RBAC feature.
-
[email protected] replied to the topic How to not sync managed object if one of the properties is updated? in the forum Identity Management 6 years, 1 month ago
You can change that property directly via repository service (/repo/managed/user) so that the managed object service is not picking up on the event. Such call would need to be wrapped in a custom endpoint.
-
[email protected] replied to the topic Conditionally sync based on role in the forum Identity Management 6 years, 1 month ago
You can do something similar to this in
validSource
script:require(‘lib/lodash’).some(source.effectiveAssignments || , { mapping: ‘nameOfYourAdMapping’ })
-
[email protected] replied to the topic Conditionally sync based on role in the forum Identity Management 6 years, 1 month ago
You can do something similar to this in
validSource
script:`
require(‘lib/lodash’).some(source.effectiveAssignments || , { mapping: ‘nameOfYourAdMapping’ })
`
-
[email protected] replied to the topic Conditionally sync based on role in the forum Identity Management 6 years, 1 month ago
You can do something similar to this in
validSource
script:require('lib/lodash').some(source.effectiveAssignments || , { mapping: 'nameOfYourAdMapping' })
-
[email protected] replied to the topic OpenIDM error connecting to AD in the forum Identity Management 6 years, 7 months ago
Connection reset error can be caused by a lot of things. I would start checking the most simple issues like connectivity, then recheck provisioner configuration
“host” : “10.0.0.3”,
“port” : 636,
“ssl” : true,and last, but not least also the used credentials.
-
[email protected] replied to the topic Push user password to Active Directory in the forum Identity Management 6 years, 7 months ago
You should use standard
password
attribute. Do not set upunicodePwd
manually. Connector is able to do that for you.In provisioner config you should have something similar to this:
“passwordAttribute” : “unicodePwd”,
“passwordHashAlgorithm” : “WIN-AD”,“password” : {
“type” : “string”,…[Read more] -
[email protected] replied to the topic Push user password to Active Directory in the forum Identity Management 6 years, 7 months ago
You should use standard
password
attribute. Do not set upunicodePwd
manually. Connector is able to do that for you.In provisioner config you should have something similar to this:
`”passwordAttribute” : “unicodePwd”,
“passwordHashAlgorithm” : “WIN-AD”,“password” : {
“type” : “string”,…[Read more] -
[email protected] replied to the topic Push user password to Active Directory in the forum Identity Management 6 years, 7 months ago
You should use standard
password
attribute. Do not set upunicodePwd
manually. Connector is able to do that for you.In provisioner config you should have something similar to this:
`
“passwordAttribute” : “unicodePwd”,
“passwordHashAlgorithm” : “WIN-AD”,“password” : {
“type” : “string”,…[Read more] -
[email protected] replied to the topic Push user password to Active Directory in the forum Identity Management 6 years, 7 months ago
You should use standard
password
attribute. Do not set upunicodePwd
manually. Connector is able to do that for you.In provisioner config you should have something similar to this:
“passwordAttribute” : “unicodePwd”,
“passwordHashAlgorithm” : “WIN-AD”,“password” : {
“type” : “string”,…[Read more] -
[email protected] replied to the topic Push user password to Active Directory in the forum Identity Management 6 years, 7 months ago
You should use standard
password
attribute. Do not set upunicodePwd
manually. Connector is able to do that for you. -
[email protected] replied to the topic It's official. All of ForgeRock's projects are moving to Git! in the forum General Discussion 6 years, 11 months ago
Is there any possibility for an outsider to clone / connect to the GIT repository? Will you continue to publish commits to your GitHub?
-
[email protected] replied to the topic Broken UPDATE synchronization in 3.2.0 master in the forum Identity Management 7 years ago
Thank you for the information.
- Load More
show less
show more