This topic has 1 reply, 1 voice, and was last updated 5 years, 2 months ago by cristianoburgo.

  • Author
  • #17473

    I need to update the password from openidm to AD only if this is changed on OPENIDM.
    In fact if the password is set into a mapping this is changed on AD even if it is not changed.
    This has a weird behaviour because the password changed on AD change also automatically the AD attribute pwdLastset and so the user cannot change its password because this was already changed the same day.

    So what i would like to do is to insert a conditional update into the mapping like:

    "target": "__PASSWORD__",
    "source": "password",
    "condition": {
            "type": "text/javascript",

    But i cannot write a condition on the new value comparing the old value because the object: oldSource is not avalaible.
    The documentation say different (Table F.2. Script Triggers Defined in sync.json), for “condition” are avalaible the following object:
    object, linkQualifier, target, oldTarget,
    oldSource – when available, generally during an update


    Just solved using a “flag” field to store if the password is changed on openidm.
    Then use this field during a conditional update:
    object.adpwdchg == ‘1’;

    After the update this field is then restored to ‘0’ so during the next update the password is not changed again.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?