You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@syncope.apache.org by Mihai R <mi...@gmail.com> on 2013/11/01 11:32:50 UTC

Manage ldap passwords with syncope

Hi,


I need some help with two issues.

1. Every time I make a change to an attribute of an ldap user, using
syncope, the users password is also cleared /reseted.  I wish to be abble
to modify users attributes but keep their passwords unchanged.

2. Is there any possibility to force users to choose (set) only strong
passwords (minimum 8 characters, symbols etc)?

Thank you very much.

Mihai

Re: Manage ldap passwords with syncope

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 01/11/2013 11:32, Mihai R wrote:
> Hi,
> I need some help with two issues.
>
> 1. Every time I make a change to an attribute of an ldap user, using 
> syncope, the users password is also cleared /reseted.  I wish to be 
> abble to modify users attributes but keep their passwords unchanged.

When updating an user via REST, you have several options to define 
whether password should not updated at all, updated only on Syncope or 
on one of connected resources: take a look at UserMod [1] and to its 
'pwdPropRequest' attribute [2].

Naturally, if using admin console, it will take care of these aspects on 
your behalf.

> 2. Is there any possibility to force users to choose (set) only strong 
> passwords (minimum 8 characters, symbols etc)?

Of course: either define a global password policy or a specific policy 
targeted to a role or an external resource (LDAP, in your case): see [3] 
for how to do this via admin console.

If I remember correctly, you are only interacting with Syncope via REST, 
and not using SyncopeClient: I'd suggest to deploy the admin console 
anyway, at least in you dev environment, to set the 'org.apache.cxf' 
console logger to DEBUG and then, while watching the log files, to 
perform the operations you need via admin console, to look at the 
generated (XML or JSON) payloads.

HTH
Regards.

[1] 
http://svn.apache.org/repos/asf/syncope/branches/1_1_X/common/src/main/java/org/apache/syncope/common/mod/UserMod.java
[2] 
http://svn.apache.org/repos/asf/syncope/branches/1_1_X/common/src/main/java/org/apache/syncope/common/to/PropagationRequestTO.java
[3] 
https://cwiki.apache.org/confluence/display/SYNCOPE/Policies#Policies-PasswordPolicies

-- 
Francesco Chicchiriccò

ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/