| Author |
Message
|
| jpmorales |
 Posted: Wed Mar 24, 2004 3:48 pm Post subject: LDAP-FDL Mapping Passwords |
 |
|
Novice
Joined: 13 Nov 2003
Posts: 21
Location: Bogotá, Colombia
|
I am trying to map my users' password from FDL to LDIF and viceversa
To that end, inside my XML file I put
| Code: |
<FDLAttribute Name="PASSWORD">
<DirectAttributeMapping>
<LDAPAttribute Name="userPassword"/>
</DirectAttributeMapping>
</FDLAttribute>
|
However, this maps the encoded versions of my passwords (which is what is stored in the fdl). How can I map the real ones?
Thanks in advance
_________________
"Entia non sund multiplicanda praeter necesitatem" |
|
| Back to top |
|
 |
| Ratan |
| Posted: Wed Mar 24, 2004 4:12 pm Post subject: |
|
|
Grand Master
Joined: 18 Jul 2002
Posts: 1245
|
Passwords are one way hashed. So if you are trying to get the password from WF runtime they will be hashed, and you wont be able to reverse them.
_________________
-Ratan |
|
| Back to top |
|
|
| jpmorales |
| Posted: Thu Mar 25, 2004 4:24 am Post subject: What can I do then? |
|
|
Novice
Joined: 13 Nov 2003
Posts: 21
Location: Bogotá, Colombia
|
Does this mean it is not possible to map LDAP passwords to MQWF passwords ?
This means I would have one password on the LDAP and another (or none) on workflow. Since authentication is being performed via an authentication exit it is not a problem on logon (via web client, using logon4). Is it a problem elsewhere (logon via Buildtime or runtime client), or can I just leave the password unmapped without any further worries?
_________________
"Entia non sund multiplicanda praeter necesitatem" |
|
| Back to top |
|
|
| Ratan |
| Posted: Thu Mar 25, 2004 7:30 am Post subject: |
|
|
Grand Master
Joined: 18 Jul 2002
Posts: 1245
|
you can have your MQWF user passwords same as your LDAP passwords.
From the FDL extracted from runtime you cant say what the password was.
_________________
-Ratan |
|
| Back to top |
|
|
| jpmorales |
| Posted: Fri Mar 26, 2004 5:59 am Post subject: |
|
|
Novice
Joined: 13 Nov 2003
Posts: 21
Location: Bogotá, Colombia
|
You have stated that passwords cannot be extracted from workflow. It is possible the other way around? From LDIF I can extract the password?
I don't want a dual password changing scheme. I want the LDAP password to be the only password. If I leave the Workflow passwords at say, random strings, for security's sake, will it present a problem of any kind?
_________________
"Entia non sund multiplicanda praeter necesitatem" |
|
| Back to top |
|
|
| Ratan |
| Posted: Fri Mar 26, 2004 8:48 am Post subject: |
|
|
Grand Master
Joined: 18 Jul 2002
Posts: 1245
|
if you are using Authentication exit, WF passwords do not matter.
_________________
-Ratan |
|
| Back to top |
|
|
| vennela |
| Posted: Fri Mar 26, 2004 8:51 am Post subject: |
|
|
Jedi Knight
Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
|
| Quote: |
| Is it a problem elsewhere (logon via Buildtime or runtime client), |
Buildtime doesn't matter but runtime client matters (for fat client only. I think you can customize the web client to use auth exit) |
|
| Back to top |
|
|
| basil beltran |
| Posted: Fri Mar 26, 2004 10:58 am Post subject: Log into MQWF with LDAP PWD |
|
|
Newbie
Joined: 26 Mar 2004
Posts: 1
Location: Boulder, CO IBM
|
I have code that queries LDAP for values (including PWD), formats in FDL, drops to the OS (from a UPES) and executes at bat containing
fmcibie -uADMIN -ppassword -iC:\TEMP\user.fdl -o
this work very well and my MQWF users log in with thier LDAP passwords. |
|
| Back to top |
|
|
| jpmorales |
| Posted: Thu Apr 29, 2004 6:12 am Post subject: Re: Log into MQWF with LDAP PWD |
|
|
Novice
Joined: 13 Nov 2003
Posts: 21
Location: Bogotá, Colombia
|
| basil beltran wrote: |
| I have code that queries LDAP for values (including PWD), formats in FDL, drops to the OS (from a UPES) and executes at bat containing |
How do you manage to export passwords from LDAP? As far as I know, they too are one way hashed. Or does this depends on a particular feature being enabled for the LDAP server, or a particular flavor of LDAP server?
_________________
"Entia non sund multiplicanda praeter necesitatem" |
|
| Back to top |
|
|
|
|
