Highlighted
Respected Contributor.
Respected Contributor.
200 views

IDM 4.7 - Force sync password from idm to connected system

Jump to solution

Hello everyone. This time i need to, in some how, force the sync of the password of one user from eDirectory to an LDAP OID connected system with the generic LDAP Driver. This is because, the 10 version of OID does not support reverse sync with the generic LDAP driver, and in this system, some users are going to continue changing the password in OID, but is in this scenario we need that idm re-send the password  from eDirectory to OID so enforce the OID user to change the password from idm to persist the change in the identity.

So i am have some ideas, but nothing decisive. Maybe i can update the filter attribute nspmDistributionPassword to get notifications from an atribute in OID and set the eDirectory the merge authority. But i'm not sure that is going to work. The other idea that i have is to trigger the operations in a driver policy to set the password in OID, but to do this i need a way to retrieve the user password from the source, and so far i dont get which xml code use to acomplish that.

Waiting for your comments, thanks in advance!

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Knowledge Partner
Knowledge Partner

If you can find some attribute in OID that changes when the user does this, then the rest is easy. Put the attribute in the filter, with it set to publisher/notify subscriber/ignore.

Then create a policy with a rule like:

<rule>
 <description>Reset Source Password</description>
 <conditions>
  <and>
   <if-association op="associated"/>
   <if-op-attr name="MyFlagAttrGoesHere" op="available"/>
  </and>
 </conditions>
 <actions>
  <do-set-src-password>
   <arg-string>
    <token-dest-attr name="nspmDistributionPassword"/>
   </arg-string>
  </do-set-src-password>
 </actions>
</rule>

View solution in original post

0 Likes
2 Replies
Highlighted
Knowledge Partner
Knowledge Partner

If you can find some attribute in OID that changes when the user does this, then the rest is easy. Put the attribute in the filter, with it set to publisher/notify subscriber/ignore.

Then create a policy with a rule like:

<rule>
 <description>Reset Source Password</description>
 <conditions>
  <and>
   <if-association op="associated"/>
   <if-op-attr name="MyFlagAttrGoesHere" op="available"/>
  </and>
 </conditions>
 <actions>
  <do-set-src-password>
   <arg-string>
    <token-dest-attr name="nspmDistributionPassword"/>
   </arg-string>
  </do-set-src-password>
 </actions>
</rule>

View solution in original post

0 Likes
Highlighted
Respected Contributor.
Respected Contributor.

Solved. Thanks for you answer!

Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.