You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@syncope.apache.org by Maurice Luizink <ma...@gmail.com> on 2014/03/24 14:51:31 UTC

Fwd: Syncope password propagation

Hi,

Question about user (password) propagation functionality, hope someone can
point me in the right direction.

My scenario:

I've setup two resources in Syncope, a ScriptedSQLConnector and a
ADconnector. The ADConnecor has a single propagation mapping set on the
password attribute. Users are linked to the ADConnector resource, I
expected the password attribute to be pushed only once the password gets
updated in Syncope however it appears the password gets pushed on each and
every change to the user schema. In this scenario the ScriptedSQLConnector
updates the users on regular interval, but does not update the password
itself. Users are allowed to change their passwords

Am I right to expect the password to be only propagated on change? if so
how can I configure/trace this? if not how can I manage selective password
changes?

Thanks and regards,

Maurice

Re: Fwd: Syncope password propagation

Posted by Fabio Martelli <fa...@gmail.com>.

Hi Maurice.

> Il 24/03/2014 14:51, Maurice Luizink ha scritto:
> Hi,
>
> Question about user (password) propagation functionality, hope someone 
> can point me in the right direction.
>
> My scenario:
>
> I’ve setup two resources in Syncope, a ScriptedSQLConnector and a 
> ADconnector. The ADConnecor has a single propagation mapping set on 
> the password attribute. Users are linked to the ADConnector resource, 
> I expected the password attribute to be pushed only once the password 
> gets updated in Syncope however it appears the password gets pushed on 
> each and every change to the user schema. In this scenario the 
> ScriptedSQLConnector updates the users on regular interval, but does 
> not update the password itself. Users are allowed to change their 
> passwords
>
> Am I right to expect the password to be only propagated on change? if 
> so how can I configure/trace this? if not how can I manage selective 
> password changes?

You are right, during update operation, password has to be propagate if 
and only if it has been explicitly changed.
You can trace operation by changing log levels: try with DEBUG level for 
org.apache.syncope.core.rest logger (change at: Configuration -> Logs -> 
Core).

Furthermore, be sure that your resource configuration is correct: did 
you check "Generate random passwords when missing" flag? Try to leave it 
unchecked.

If the wrong behavior persists, please provide some more info about your 
resource/connector/mapping configurations.

Best regards,
F.

-- 
Fabio Martelli

Tirasa - Open Source Excellence
http://www.tirasa.net/

Apache Syncope PMC
http://people.apache.org/~fmartelli/