https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6963632#M3778 <P>Did you set up the virtual computer?</P><P>The user synch with AD, which uses a credential configured in the LDAP server setup, gets user information from the <SPAN>domain controller&nbsp;</SPAN>and set up user accounts.&nbsp;</P><P>But as Peter describes above the user credentials do not come across from the <SPAN>domain controller</SPAN>.</P><P>The virtual computer is used by UAM to proxy the authentication request to the domain controller when a user logs in. You have to add the virtual computer to the domain so it is trusted for this purpose.&nbsp;</P> Mon, 08 May 2017 19:04:47 GMT NeilR 2017-05-08T19:04:47Z https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6018475#M546 <P>Going to ask what might be considered a silly question...</P><P>&nbsp;</P><P>Why does the AD LDAP userPassword attribute not appear in the list of LDAP Sync attributes? What am i supposed to map the sync'd password field to in order to use the AD User Password with UAM?</P><P>&nbsp;</P> Tue, 02 Apr 2013 22:53:42 GMT https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6018475#M546 MartiBarber 2013-04-02T22:53:42Z https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6019545#M547 <P>Hi,</P><P>&nbsp;</P><P>Some LDAP servers store the user password in the password field (I know, that sounds obvious :) ), so external authorized users (admin/service accounts) could read the password and sync it for example.</P><P>&nbsp;</P><P>The Microsoft AD (MS LDAP server), stores the password with a 1way algoritm, so a password can be validated, but not reverse de-crypted. Due to this (good) decision, any external system can sync all the ldap objects and their attributes, but not the password.</P><P>&nbsp;</P><P>So IMC UAM can sync the new/existing users and their attributes, but not the password. This is why the AD LDAP sync does not allow the ldap password sync.</P><P>&nbsp;</P><P>For IMC UAM to authenticate users with their password, the IMC UAM server must be joined to the domain, (see domain controller assisted PEAP auth), so it can validate the user pass at the moment the user actually logs in.</P><P>&nbsp;</P><P>Best regards,Peter.</P><P>&nbsp;</P> Wed, 03 Apr 2013 18:55:03 GMT https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6019545#M547 Peter_Debruyne 2013-04-03T18:55:03Z https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6019651#M548 <P>Thanks Peter, very helpful. I'll move onto to the domain assisted section and keep reading.&nbsp;</P><P>&nbsp;</P> Wed, 03 Apr 2013 20:54:11 GMT https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6019651#M548 MartiBarber 2013-04-03T20:54:11Z https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6963333#M3775 <P>Hi,</P><P>Did you get this resolved? We have v7.2 and I have the same issue. It says :</P><P>Failure Reason: Incorrect Password.</P><P>It syncs no problem with AD.</P> Mon, 08 May 2017 01:32:23 GMT https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6963333#M3775 WayneWIlson 2017-05-08T01:32:23Z https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6963632#M3778 <P>Did you set up the virtual computer?</P><P>The user synch with AD, which uses a credential configured in the LDAP server setup, gets user information from the <SPAN>domain controller&nbsp;</SPAN>and set up user accounts.&nbsp;</P><P>But as Peter describes above the user credentials do not come across from the <SPAN>domain controller</SPAN>.</P><P>The virtual computer is used by UAM to proxy the authentication request to the domain controller when a user logs in. You have to add the virtual computer to the domain so it is trusted for this purpose.&nbsp;</P> Mon, 08 May 2017 19:04:47 GMT https://community.hpe.com/t5/imc/uam-ldap-sync-setup/m-p/6963632#M3778 NeilR 2017-05-08T19:04:47Z