is it possible to sync and use a third system resource for one attribute?

This topic has 0 replies, 1 voice, and was last updated 4 months, 2 weeks ago by [email protected].

  • Author
    Posts
  • #27665

    I am migrating from IDM 2.1.1 to IDM 6.0.5.2.

    In the 2.1.1 version existing Managed User is stored in an Oracle DB, and synced with a system LDAP resource.

    Oracle stores the user password with IDM reversible encryption, while LDAP stores the same data using a one-way hash.

    The user has attributes is stored in Oracle using the managedobjects json field, in this field the user password is stored using reversible encryption, the same field is stored in LDAP using PKCS5S2 which is a one-way hash not natively supported by IDM as far as I know. It’s natively supported by OpenDJ.

    I have setup the new IDM 6.0.5.2 Managed User store using MySQL, and it’s syncing with the same LDAP system resource as the old IDM 2.1.1. Right now it gets the hashed field as it should, but since the PKCS5S2 hashing algorithm isn’t supported by IDM it doesn’t work when authenticating users.

    What I would like to do during the sync is have the attribute use the openidm.decrypt function, but call the Old Oracle DB for this one attribute since the same attribute is stored there in a reversible encryption format. I have exported the private key used to encrypt this field from the old IDM 2.1.1 instance and imported it into the new IDM 6.0.5.2 instance. I just need to have my java script make that call for that one attribute to Oracle and not LDAP.

    Is this possible? Is there another way to accomplish this that might be better?

    The following section describes how to called managed user end-points.
    https://backstage.forgerock.com/docs/openidm/4.5/integrators-guide/#data-scripts

    Can I have a sync.conf section for New MySQL and Existing LDAP use a third resource?

    Something like the following

    userpass_manageduser = openidm.read(“managed/organization/accounts”)
    userpass_ldap = openidm.read(“system/ldap/accounts”)
    userpass_oldoracle_manageduser = openidm.read(“system/oldoracle/accounts”)

    Thanks
    Zach

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?