This topic has 1 reply, 2 voices, and was last updated 5 years, 11 months ago by ssripathy.

  • Author
    Posts
  • #6101
     meyerbro
    Participant

    Hello everyone!

    I have a LDAP connector with my OpenIDM database.

    I’m trying to add several users from a LDAP LDIF backup file including the users passwords.

    To do that, I just created several CURL commands but I’m having many problems with password thing.

    The password from LDIF is {SSHA}hash and I used base64encode to generate a string from it and then put this string on a curl command, in the “password” field.

    But OpenIDM keeps generating different password when it converts from userPassword (local openidm database) to password (ldap) each time I add the SAME password, I don’t know why this is happening. Why the same string can be encoded to a different crypto and then this crypto, when decrypted, generate a different string, not the same that I just added…

    In my sync.json file I just did this:
    {
    “condition” : {
    “type” : “text/javascript”,
    “source” : “object.password != null”
    },
    “transform” : {
    “type” : “text/javascript”,
    “source” : “openidm.decrypt(source);”
    },
    “source” : “password”,
    “target” : “userPassword”
    },

    and in the provisioner:

    “passwordHashAlgorithm” : null,
    “passwordAttribute” : “userPassword”,

    “userPassword” : {
    “nativeName” : “userPassword”,
    “type” : “string”,
    “required” : false,
    “nativeType” : “string”
    },

    Can someone help me?

    #6117
     ssripathy
    Participant

    You need to leave the password in LDIF as {SSHA}hash prior to the import. Don’t encode it to base64 before the import.
    I am guessing you have the option to import pre-encoded passwords in OpenDJ on.

    Before you do the import, just do a simple test against opendj with an ldif that has user dn and the hashed password. Take a look here http://opendj.forgerock.org/doc/admin-guide/index/ldappasswordmodify-1.html

    If that works your import should work as well.
    OpenDJ allows for either importing a plaintext password or a pre-encoded password (once that option is turned on).
    HTH

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?