Anonymous_User Absent Member.
Absent Member.
1273 views

User Password Attribute in eDirectory


Hi,

Please let me know which eDirectory attribute is used to store user
password?

*Use case: *Create user using a workflow and provide a Password field in
the request form. Which will be the eDirectory attribute that can be
used to store the user's password?

As I browsed through other Cool solutions link, I found that
'userPassword', a writeOnly attribute is used through LDAP connection.

How I can achieve this through workflows?

Thanks & Regards,
Neha


--
neha_gupta
------------------------------------------------------------------------
neha_gupta's Profile: https://forums.netiq.com/member.php?userid=1249
View this thread: https://forums.netiq.com/showthread.php?t=49508

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: User Password Attribute in eDirectory


neha_gupta;238304 Wrote:
> Hi,
>
> Please let me know which eDirectory attribute is used to store user
> password?
>
> *Use case: *Create user using a workflow and provide a Password field in
> the request form. Which will be the eDirectory attribute that can be
> used to store the user's password?
>
> As I browsed through other Cool solutions link, I found that
> 'userPassword', a writeOnly attribute is used through LDAP connection.
>
> How I can achieve this through workflows?
>
> Thanks & Regards,
> Neha


You cannot directly.

There are several ways to achieve what you are asking for.
The one that is the most customizeable, is this:

Create a DAL entity (eg. "New User") based on the "User" class.
Add the attributes of your choosing (The attributes you needs for all
newly created users) minus the password attribute.
Add any single valued string attribute (Description is a multivalue
field, but that can be changed later on in the DAL editor in designer)
and save the Entity.

Export the entity as xml and edit the xml with any editor (NOT designer.
Notepad++, Textpad, notepad, XML IDE etc.) and find the random attribute
you added (eg. description).
Change all references to "description" to "userPassword" and save the
XML file.

Delete the Entity in designer and save the project.

Import the XML as a new entity.

Open the entity in designer and make sure that the userPassword
attribute is single valued and string.

That should do it.

I might have forgotten a step or so but I am sure that someone can
correct me here.

Good luck.


--
Kerasit
------------------------------------------------------------------------
Kerasit's Profile: https://forums.netiq.com/member.php?userid=6043
View this thread: https://forums.netiq.com/showthread.php?t=49508

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Password Attribute in eDirectory


The way I've just used, similar to Kerasit's answer is to go to the IDM
Outline and Manage Vault Schema. Add a new attribute:

Name: userPassword
ASN1: 2.5.4.35
Type: Octet String

Add to User Class....then you should be able to add this attribute in
the DAL.

userPassword is a hidden attribute, so Designer can't read it in when
you import Schema.


--
ScorpionSting
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=49508

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Password Attribute in eDirectory

On 12/18/2013 07:14 AM, ScorpionSting wrote:
>
> The way I've just used, similar to Kerasit's answer is to go to the IDM
> Outline and Manage Vault Schema. Add a new attribute:
>
> Name: userPassword
> ASN1: 2.5.4.35
> Type: Octet String
>
> Add to User Class....then you should be able to add this attribute in
> the DAL.
>
> userPassword is a hidden attribute, so Designer can't read it in when
> you import Schema.
>
>

I am sure the Geoffrey has at least 10 articles on this.

The question comes down to if you are allowing the user who requests the
WF to set the password or are you going to set it to a default (be that
really a default value or a generated password).

The approach you are taking will determine your different options.



--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Knowledge Partner
Knowledge Partner

Re: User Password Attribute in eDirectory

> I am sure the Geoffrey has at least 10 articles on this.

Oddly, not this specific use case. 🙂 The concept of how passwords are
stored in eDirectory and normally used by IDM, why yes, yes I do. 🙂

http://www.novell.com/communities/node/1474/password-transformation-rule-sets
http://www.novell.com/communities/node/9661/password-transformation-rules-publisher-channel
http://www.novell.com/communities/node/13394/password-tunneling-model-identity-manager


> The question comes down to if you are allowing the user who requests the
> WF to set the password or are you going to set it to a default (be that
> really a default value or a generated password).


I forget, can you write to nspmDistributionPassword via workflow? I
thought you could. If so, use that instead of userPassword.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Password Attribute in eDirectory

On Wed, 18 Dec 2013 14:08:07 +0000, Geoffrey Carman wrote:

> I forget, can you write to nspmDistributionPassword via workflow? I
> thought you could. If so, use that instead of userPassword.


If not, you could write the intended password value to another attribute,
then use a Null driver to write it to nspmDistributionPassword, deleting
the other attribute in the process.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User Password Attribute in eDirectory


I've used this cool solution to set PW in WF:

http://tinyurl.com/qxsojjg

Gary


--
gholdefe
------------------------------------------------------------------------
gholdefe's Profile: https://forums.netiq.com/member.php?userid=318
View this thread: https://forums.netiq.com/showthread.php?t=49508

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.