cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting passwords in AD

Former Member

on ‎05-14-2009 1:13 AM

0 Kudos

I'm seeing some strange behaviour setting passwords in AD using a toLDAP pass.

- The password is being sent.

- The job completes successfully with no errors.

- The password is not set.

- There are no errors in any of the event logs on the DC.

Has anyone encountered this before?

Thanks

Peter Wass

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-14-2009 12:44 PM
0 Kudos

Thanks Matt. Jogged my memory re: secure connection. I'd set it but then unset it when trying something else.

Sorted now.

Peter

Show replies
Show replies
Former Member
‎06-25-2009 8:11 AM
0 Kudos

Peter/Matt,

Could you please explain how the connection between IDM and AD can be secured? Do we need to install the certificates ?

Thanks in advance,

Biju.

Former Member
‎06-25-2009 8:54 AM
0 Kudos

Biju

Make sure that you select secure ldap rather then default ldap when talking to the directory. I don't have it in front of me but I think thats it.

Peter

Former Member
‎06-26-2009 11:32 AM
0 Kudos

Thanks, Peter.

I thought we would have to do some configurations at the IdM side as well to secure the connection.

Regards,

Biju.

Former Member
‎05-14-2009 8:38 AM
0 Kudos

Hi Peter,

I believe I have encountered this before. What are the attributes for the pass, specifically the password attribute? There are three columns in the pass defention, can you tell me the value in all three?

Best Regards,

Matt

Show replies
Show replies
Former Member
‎05-14-2009 8:47 AM
0 Kudos

Hi Matt

The following are in the destination columns.

Col1 | Col2 | Col3

<blank> | dn | <dnvalue>

<blank> | changetype | modify

<blank> | userPassword | $FUNCTION.decryptPassword(%MX_ENCRYPTED_PASSWORD%)$$

The decryptPassword function works and successfully decrypts the password.

Peter

Former Member
‎05-14-2009 9:06 AM
0 Kudos

Hi Peter,

For the userPassword field, try changing the <blank> to <.> (Write only when adding entry) in the first column and let me know the result.

Best Regards,

Matt

Former Member
‎05-14-2009 10:26 AM
0 Kudos

Matt

Got exactly the same result. The password remains unchanged and again there were no errors.

Thanks

Peter

Former Member
‎05-14-2009 12:19 PM
0 Kudos

Hi Peter,

Ok...that was the solution to some other problem then ;-)...

Did you create this job manually, or copy it from the SAP Provisioning Framework? It is best to copy the ones from the SAP Provisioning Framework as we have already gone to the trouble of some development and debugging :-). Look at the "Provision ADS" jobs. You will see that this job does both "create" and "enable" the AD user, and the "enable" sets the password. For AD security reasons, it must run with the Windows runtime engine using VBScript and a secure connection.

Let me know if you have any questions.

Best Regards,

Matt

Ask a Question