HPE Community
IMC
1753310 Members
6398 Online
108792 Solutions
New Discussion

Re: UAM LDAP Sync setup

 
SOLVED
Go to solution
MartiBarber
Occasional Contributor

‎04-02-2013 03:53 PM

‎04-02-2013 03:53 PM

UAM LDAP Sync setup

Going to ask what might be considered a silly question...

 

Why does the AD LDAP userPassword attribute not appear in the list of LDAP Sync attributes? What am i supposed to map the sync'd password field to in order to use the AD User Password with UAM?

 

0 Kudos
4 REPLIES 4
Peter_Debruyne
Honored Contributor

‎04-03-2013 11:55 AM

‎04-03-2013 11:55 AM

Solution

Re: UAM LDAP Sync setup

Hi,

 

Some LDAP servers store the user password in the password field (I know, that sounds obvious :) ), so external authorized users (admin/service accounts) could read the password and sync it for example.

 

The Microsoft AD (MS LDAP server), stores the password with a 1way algoritm, so a password can be validated, but not reverse de-crypted. Due to this (good) decision, any external system can sync all the ldap objects and their attributes, but not the password.

 

So IMC UAM can sync the new/existing users and their attributes, but not the password. This is why the AD LDAP sync does not allow the ldap password sync.

 

For IMC UAM to authenticate users with their password, the IMC UAM server must be joined to the domain, (see domain controller assisted PEAP auth), so it can validate the user pass at the moment the user actually logs in.

 

Best regards,Peter.

 

0 Kudos
MartiBarber
Occasional Contributor

‎04-03-2013 01:54 PM

‎04-03-2013 01:54 PM

Re: UAM LDAP Sync setup

Thanks Peter, very helpful. I'll move onto to the domain assisted section and keep reading. 

 

0 Kudos
WayneWIlson
Frequent Visitor

‎05-07-2017 06:30 PM - edited ‎05-07-2017 06:32 PM

‎05-07-2017 06:30 PM - edited ‎05-07-2017 06:32 PM

Re: UAM LDAP Sync setup

Hi,

Did you get this resolved? We have v7.2 and I have the same issue. It says :

Failure Reason: Incorrect Password.

It syncs no problem with AD.

0 Kudos
NeilR
Esteemed Contributor

‎05-08-2017 12:04 PM

‎05-08-2017 12:04 PM

Re: UAM LDAP Sync setup

Did you set up the virtual computer?

The user synch with AD, which uses a credential configured in the LDAP server setup, gets user information from the domain controller and set up user accounts. 

But as Peter describes above the user credentials do not come across from the domain controller.

The virtual computer is used by UAM to proxy the authentication request to the domain controller when a user logs in. You have to add the virtual computer to the domain so it is trusted for this purpose. 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.