Parameterized Active Sync Form generating random password

Hi im looking for an sample of an Parameterized Active Sync Form which generates a random password.
Thanks!
Michael

--I think password from AD not put in to activeSync.
--Why?
You cannot change the user's password from the activeSync RA. The password is encrypted in Active Directory and you can't decrypt it.
You can read the Idm Resources Reference - Active Directory. There's a table with all the supported fields; the userPassword field is write-only.
If you want to take the AD password and send it to IDM, you want to use Password Sync.
Good luck

Similar Messages

Sun idm 8.0.0.3: generate random password according to policy

Hi all,
probably a stupid question: using sun idm 8 I have an active-sync-source, containing employees but no passwords. So I should generate a new password in my active-sync-form and search for a way to export the password so new employees can be sent a letter "welcome at company, here is your password". Something like that.
However, I fail to generate a password in the first place. I think I read about a PasswordGenerator once, but can't find it.
So, what's the preferred way to generate a new password, if possible according to a selected password-policy?
CU,
Patrick.

OK, OK if the policy is set to generate my troubles go away.... I thought that was gone with metaview?
Anyway, what if I'd like to choose a special Policy for creation that differs from normal operations?
CU,
Patrick.

How Create LDAP Group Inside Active Sync Form?

I have an Active Sync form that is working well to synchronize (and slightly massage) data from an Active Directory source to a Sun Directory Server destination.
I need to synchronize group information from AD to DS. It must automatically create groups during the Active Sync processing. It can't be done externally using another scripting language; it must be done within IdM.
I have the following code...
<Action id='0' application='com.waveset.provision.WorkflowServices'>
<Argument name='op' value='createResourceObject'/>
<Argument name='object'>
<Object>
<Attribute name='resourceId' value='DS'/>
<Attribute name='resourceName' value='DS'/>
<Attribute name='resourceType' value='LDAP'/>
<Attribute name='objectName' value='abcd'/>
<Attribute name='attributes'>
    <Object>
    <Attribute name='cn' value='abcd'/>
    <Attribute name='groupType' value='abcd'/>
    </Object>
</Attribute>
<Attribute name='objectType' value='group'/>
<Attribute name='objectId' value='CN=abcd,ou=Groups,dc=blah,dc=com>
</Object>
</Argument>
<Argument name='objectType' value='group'/>
<Argument name='resourceId' value='DS'/>
</Action>However with that code inside the <Field><Expansion>...</Expansion><Field> section the group is not created. I've enabled tracing and as best I can determine the code isn't even executed.
I have created resource schemas for accounts[DS].ldapGroups and accounts[AD].groups and that works well. I can read group memberships from those lists. However I can't simply append to those lists to automatically create groups (which would be nice). That's why I've gone down this path of attempting to create the groups programatically.
I've scoured the groups and the course notes and found nothing relevant here. The examples all refer to creating the groups within an interactive form. I'm trying to do the same within the <Field> section of an Active Sync form.

TTSLSAB wrote:
Hi Vladimir,
can you please tell me what should i import in the java class inorder to avoid the below error (session) for the line
          Resource resource = (Resource)session.getObject(Type.RESOURCE, resId);
         ResourceAdapter ra = ResourceOp.findAdapter(resource, session.getCache());Error, which i am getting is
Exception in thread "main" java.lang.Error: Unresolved compilation problems:
     session cannot be resolved
     session cannot be resolvedsession is your LighthouseContext handle so depending on how you are implementing the class you quoted, you will either need to pass it in, for example via the invoke tag from your form/workflow, or get your own - don't know how this is done but I'm assuming authenticating to IdM would have to be done.
For all those interested, I have implemented the Java code snippet listed by Vladimir in XPRESS.
idmSessionHandle - is the LighthouseContext for the current session
currentOUDN - is a string representing the AD DN of the OU to be created
                <defvar name='resourceAdapterHandle'/>
                <set name='resourceAdapterHandle'>
                  <invoke name='findAdapter' class='com.waveset.provision.ResourceOp'>
                    <ref>resourceObject</ref>
                    <invoke name='getCache'>
                      <ref>idmSessionHandle</ref>
                    </invoke>
                  </invoke>
                </set>
                <defvar name='newOUGenericObject'/>
                <set name='newOUGenericObject'>
                  <new class='com.waveset.object.GenericObject'>
                    <map>
                      <s>objectId</s>
                      <ref>currentOUDN</ref>
                      <s>objectType</s>
                      <s>Organizational Unit</s>
                    </map>
                  </new>
                </set>
                <invoke name='createObject'>
                  <ref>resourceAdapterHandle</ref>
                  <ref>newOUGenericObject</ref>
                  <new class='java.util.HashMap'/>
                </invoke>
[...]Although the above works well, to create OUs in AD, I have not yet tested its real life application with regards to the initial mass loading of users (from LDAP (auth source) to IdM to AD) and ActiveSyncing. My concerns are two threads attempting to create the OU at roughly the same time, the first succeeds, and second one fails because AD will reply with the fact that the object already exists. The workaround would be to do a recheck of the existence of the OU, after a failure was encountered. This ties into exception handling in general in this approach.
If anyone can contribute exception handling and possibly a create with retries approach, to the above code, I'd appreciate it.
Cheers.

Passing A Variable From Active Sync Form To WorkFlow

Hi All,,
I am calling a Workflow from the Active Sync form, Which is fine.
But, the problem is , i am having a variable "xxx" in the active sync form, but, i am unable to use this in the workflow.
So, Please any one can tell how to use a variale in Workflow, passed from a Form.
Waiting for reply....

Thank you for your response.
Do you have a code snippet or other example that shows how to do this?
Thanks
Tim

How to create a javabean that generate random password?

May i know how to create a javabean that can generate random password?
that include character and string
and length of 10.

i created a class file for my java bean
package autogenerate;
import java.util.*;
public class GeneratePwId
private int MemId;
private String Passwd;
public GeneratePwId(){}
public String getPasswd()
return this.Passwd;
public void setPasswd()
char[] letters = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'J', 'K', 'L', 'M', 'N', 'P', 'R', 'T',
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c',
'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k',
'm', 'n', 'p', 'q', 'r', 's', 't', 'u',
'v', 'w', 'x', 'y', 'z', '0', '1', '2',
'3', '4', '5', '6', '7', '8', '9' } ;
String pwd = "" ;
while( pwd.length() < 10 )
pwd += letters[ (int)( Math.random() * letters.length ) ] ;
this.Passwd = pwd;
i successfully compile my java file. and try to test it by writing a jsp file.
here is my jsp code
<html>
<head>
<title>
Try retrieving password
</title>
</head>
<body>
<jsp:useBean class"autogenerate.GeneratePwId" id="bean0" scope="page"/>
<%=bean0.getPasswd()%>
</body>
</html>
but i encounter this error
org.apache.jasper.compiler.ParseException: /jsp/GetPasswd.jsp(7,18) Attribute class has no value
anyone can teach me how to solve this problem?
thanks a alot!

How can I generate random password

Hello...
I use oracle 10g for windows,,,I have an employee table , there are a lot of colunms , their names are employee_name , employee_id ,employee_pass .....
employee_pass colunm is empty
I want to generate random password for employee_pass colunm
How can I generate random password for employee_pass colunm
thanks
omer faruk akyuzlu
in Turkey

SQL> exec dbms_random.seed(to_char(sysdate, 'sssss'))
PL/SQL procedure successfully completed.
SQL> select dbms_random.string('X', 8) from dual
2 /
DBMS_RANDOM.STRING('X',8)
4YT1H150
SQL> select dbms_random.string('X', 8) from dual
2 /
DBMS_RANDOM.STRING('X',8)
WIA3QCIP
SQL> Please be aware that storing the actual passwords in a the EMPLOYEES table is a very bad idea. Oracle has a pretty good password implementation. It's not perfect but it's a darn site better than hand-rolling our own.
Cheers, APC

How to generate random password

Hi Experts,
i using some cmdlets to generate random password.
$ascii=$NULL;
For ($a=97;($a –le 122);$a++) {$ascii+=,[char][byte]$a }
$No_of_password = 6
$length_of_password = 10
$TempPassword=$NULL     # To store single password
$Morepassword=@() # Variable to 'X' no. of passwords
for ($lp=0; $lp -le $count; $lp++ )
For ($loop=1; $loop –le $length; $loop++)
    $TempPassword+=($ascii | GET-RANDOM)   # this generate the random password
$morepassword[$lp]= $TempPassword
$morepassword    # This should give the all random password
Output is like ---
=zM;HFuElY
=zM;HFuElYp88<kqTOVM
=zM;HFuElYp88<kqTOVMfS1xR01VzY
=zM;HFuElYp88<kqTOVMfS1xR01VzY4<$wG%Z>ft
=zM;HFuElYp88<kqTOVMfS1xR01VzY4<$wG%Z>ft=a&ME7>&3T
=zM;HFuElYp88<kqTOVMfS1xR01VzY4<$wG%Z>ft=a&ME7>&3T$98v$b>jSU
This is not required output. It should give the output like
=zM;HFuElY
p88<kqTOVM
fS1xR01VzY
4<$wG%Z>ft
=a&ME7>&3T
$98v$b>jSU
Total 6 passwords with a length of 10
How do create a array like this ?

I agree with Fred but here i shwo to manage two loops with PowerShell.
$pwdchars=33..122|%{[char]$_}
1..6|
ForEach-Object{
$pwd=''
1..10 |
ForEach-Object{
$pwd+=$pwdchars | GET-RANDOM
$pwd
It is usually always better to write less code and to use the code correctly. YOu have guessed at mmost of the code but have not used consistent variables. My guess is that you have tried to modify somecode you found. Look at this code
to see how easy it is to build loops in PowerShell
¯\_(ツ)_/¯

How to generate random password as per password policy by knowing the resou

Hi,
Any body tell me, how to generate random password as per password policy by knowing the resource object in OIM11g
Regards,
Nishith Nayan

Hi Nayan,
You can try below code snippet:
UserRepository ur = new DBUserRepository();
UserInfo user = ur.getUserInfo(userKey);
               ResourceRepository rrepo = new ResourceDBRepository();
               Resource resource = rrepo.findResource(resourceName);
               PasswordPolicyAssignmentsRepository par = new PasswordPolicyAssignmentsDBRepository();
               PasswordPolicyRepository ppr = new DBPasswordPolicyRepository();
               List passwordPolicyAssignments = par.getPasswordPolicyAssigments(resource);
               PasswordPolicy passwordPolicy;
                                        PasswordPolicyAssignment passwordPolicyAssignment = (PasswordPolicyAssignment) passwordPolicyAssignments.get(0);
                         if (isApplicable(passwordPolicyAssignment, getMappedAttributes(userInfo.getAttributes()))) {
                              passwordPolicy = ppr.find(passwordPolicyAssignment.getPasswordPolicyID());
                                             RandomPasswordGeneratorImpl rpg = new RandomPasswordGeneratorImpl();
                         password = rpg.generatePassword(userInfo, passwordPolicy);
regards,
gyan

Generate Random Password by policy

Hey guys,
I'm trying to put together some code to randomly generate a password for new users that would match up with the user's associated password policy. I have this code mapped as a entity adapter on the pre-insert. The problem i am having is trying to retrieve the password policy that is associated with the new user.....the tcPasswordOperationsIntf utility class has a method called getUserPasswordPolicy which takes the usr_key as an argument.....but since the user hasn't been created yet the method fails with an usr_key not found error.
anyone know how i can get the password policy for a new user? has anyone done anything like this before?
Thanks in advance!

Well if you are trying to set the password for the Users created in OIM then the password policy must be attached to Xellerate Users resource object. So you have an option of fetching the password policy using another API getObjectPasswordPolicyDescription of the same interface. You need to pass the Object Key in this case. This must return the ResultSet for the same thing you are expecting.
The you can validate the password accordingly.
Thanks
Sunny

Active sync with Active Directory. activeSync.password

AD - OS - Win2k3
IDM -6.0SP1
I am using active sync with Active Directory.
Form for Active Sync make with Wizard Active Sync.
Make user in AD with correct password.Excecute StartActiveSync.
User not make in Lighthouse.
In log file appears the following:
<WavesetResult>
<ResultItem type='error' status='error'>
<ResultError throwable='com.waveset.exception.PolicyViolation'>
<Message id='PL_POLICY_VIOLATION_HEADER'>
<String>password</String>
<String>Lighthouse User</String>
</Message>
<Message id='PL_STRING_MIN_CHARACTERS'>
<String>4</String>
</Message>
<StackTrace>com.waveset.exception.PolicyViolation: Policy Violation (password on Lighthouse User):
Must contain at least 4 valid characters.
     at com.waveset.policy.StringQualityPolicy.check(StringQualityPolicy.java:1090)
     at com.waveset.provision.PolicyProcessor.checkPolicy(PolicyProcessor.java:716)
     at com.waveset.provision.PolicyProcessor.checkLighthousePasswordPolicy(PolicyProcessor.java:651)
     at com.waveset.provision.PolicyProcessor.checkPasswordPolicies(PolicyProcessor.java:574)
     at com.waveset.provision.PolicyProcessor.checkAccountPolicies(PolicyProcessor.java:232)
     at com.waveset.provision.Provisioner.checkPolicies(Provisioner.java:1102)
     at com.waveset.view.UserViewer.checkPolicies(UserViewer.java:1559)
     at com.waveset.view.UserViewer.checkPoliciesAndConstraints(UserViewer.java:1415)
     at com.waveset.view.UserViewer.checkinView(UserViewer.java:1159)
     at com.waveset.object.ViewMaster.checkinView(ViewMaster.java:725)
     at com.waveset.sync.IAPIUserImpl.submitCreate(IAPIUserImpl.java:559)
     at com.waveset.sync.IAPIUserImpl.submit(IAPIUserImpl.java:657)
     at com.waveset.adapter.ADSIResourceAdapter.processUpdates(ADSIResourceAdapter.java:1419)
     at com.waveset.adapter.ADSIResourceAdapter.getAndProcessChanges(ADSIResourceAdapter.java:1456)
     at com.waveset.adapter.ADSIResourceAdapter.poll(ADSIResourceAdapter.java:1546)
     at com.waveset.adapter.SARunner.doRealWork(SARunner.java:268)
     at com.waveset.task.Executor.execute(Executor.java:159)
     at com.waveset.task.TaskThread.run(TaskThread.java:119)
</StackTrace>
</ResultError>
</ResultItem>
</WavesetResult>
2006-11-09T13:19:07.904+0500: lastname: Bogdanov9, accountId: Bogdanov9, objectGUID: <GUID=fb4016ebb4851b43af59763d6094932d>, isDisabled: false, identity: cn=Alexey L. Bogdanov9,ou=Users,ou=Test,dc=aut,dc=tst, uSNChanged: 78587, firstname: Alexey, AccountLocked: false, fullname: Alexey L. Bogdanov9, Initials: L
Policy Violation (password on Lighthouse User):
Must contain at least 4 valid characters.
But, when i use sample active sync form from ...sample/forms/ActiveDirectoryActiveSyncForm user make in Ligthhouse with password change12345.
Logicaly, from this code:
<Field name='waveset.password'>
<Comments>
Make up a password for accounts that are being
created. This makes it a constant
</Comments>
<Disable>
          <neq>
          <ref>feedOp</ref>
               <s>create</s>
          </neq>
     </Disable>
<Expansion>
<cond>
          <notnull>
               <ref>activeSync.password</ref>
          </notnull>
<ref>activeSync.password</ref>
<s>change12345</s>
</cond>
</Expansion>
</Field>
I think password from AD not put in to activeSync.
Why?
With MBR
Bogdanov Alexey.

--I think password from AD not put in to activeSync.
--Why?
You cannot change the user's password from the activeSync RA. The password is encrypted in Active Directory and you can't decrypt it.
You can read the Idm Resources Reference - Active Directory. There's a table with all the supported fields; the userPassword field is write-only.
If you want to take the AD password and send it to IDM, you want to use Password Sync.
Good luck

Active Sync Password Lock Requirement

Hello,
I have been using the iPhone 3g with Exchange the past month or so and everything has been working great. When the phone is first configured to work with Active Sync we have a password requirement and the device will automatically lock after 5 minutes if not being used. This weekend I decided to do a firmware restore and after it was complete I chose to restore the phone from a backup. Everything restored as expected but I noticed that it wasn't getting the forced 5 minute lockout or password requirement. I went into settings and sure enough Passcode Lock was set to off and when I selected this option, it prompted me for a new password. After I set the password it then resumed the 5 minute lockout as expected and I wasn't able to turn it back off again as expected. The concern I have is that from a security standpoint anyone we deploy an iPhone to in our company can easily bypass the password requirement by simply reloading the firmware and restoring from a backup that contains the active sync information. Has anyone else seen this issue? I personally verified it on 2 of our iPhones. It is bad enough that the iPhone doesn't have full disk encryption but with a way to bypass our security requirements this easily it is likely our security team will ban iPhones in our workplace completely.

Hi Wildpacket,
As said by m0j0m1k once
active sync establishes continuous sync (direct push) it takes 8 to 24 hours to recognize the changed
password.
Any update on this ?
Sathish

Random password

dear friends,
please tell me how to generate random password using empno from emp table both from frontend forms and through plsql.

Look at this.. I wrote this to generate password for one of the jobs that we run every 90 days..
CREATE OR REPLACE procedure GENERATE_RANDOM
IS
cursor c1 is
select username
from password_age where FLAG='Y';
V_Random_number binary_integer;
V_Prefix varchar2(4);
V_Password varchar2(9);
begin
FOR crec IN c1
LOOP
V_Random_number := dbms_random.random;
V_Password := substr(to_char(abs(V_Random_number)),1,5);
V_Prefix := substr(to_char(sysdate,'DAY'),2,1)||to_char(add_months(sysdate,substr(V_Random_number,2,3)),'MON');
Update password_age set passwd = V_Prefix||V_Password where username = crec.username;
commit;
END LOOP;
end;
/

Role updation during Flat File Active Sync

Hi
I have defined a role which assigns default values to some attributes for a particular resource.
And this role am assigning it to the user in the Flat File Active Sync form during user creation.
But the problem is the attribute-values defined in the Role are not getting updated in the user data during the creation process. The next time there is an update, the values get reflected.
I want this to be reflected during the first creation process itself. Please let me know what changes needs to be done in the following code -
<Field name='accounts[Lighthouse].roles'>
<Expansion>
<filterdup>
<appendAll>
<ref>accounts[Lighthouse].roles</ref>
<s>Initial-Provision-Role</s>
</appendAll>
</filterdup>
</Expansion>
</Field>
This is done after assigning the user to the resources.
Please help asap
Thanks
Bushra

no....what i mean is that instead of using the user forms to set all the values, call a workflow instead. I believe the field in the configuration is called "process workflow" or something like that. this will be called instead of the forms. inside that workflow create a view, or get the existing view...set the new role....refresh the view...then call the create/update/delete user etc.
a create view is s provisioning task...so you cant call it from a workflow. take the "provisioning task" part out of the header of the create user workflow and it should work just fine.
this may be much more complicated than what you actually need. Its just the way i would handle it. I dont like using the user forms and always call a workflow instead. gives me much more flexibility
dana

Flat File Active Sync - Notify admin incase of data processing errors

Dear Friends,
We have couple of Requirements to use OOTB flat file active sync adapter
1. To read data from a flat file and update the records in Sun Identity Manager system
2. Notify admin if there are any data processing errors while reading data from a flat file. The data processing errors can occur if there is an invalid data. for example, lets say the input flat file has 3 columns defined, but the file conatins records which has four values.
firstname,lastname,email
testfirst,testlast,[email protected],12345
Req#1 is working fine. There are no issues with that.
Req#2: if the file contains invalid data, i noticed that the active sync adapter throws an Array Index out of bound exception. so, we need to send an email notification to the admin whenever data processing errors occurs.
I noticed that whenever the data processing exception occurs, the active sync adapter stops processing records and the active sync input form was not triggered. Unless active sync form was triggered, it's very difficult to determine whether the data was read successfully or not.
Please let me know if there are any configurations/customizations to me made on OOTB flat file active sync adapter to handle data processing errors and send email notifications to administrators.
Appreciate your help
Thanks
Vijay

Hi,
We have same requirement that
"Notify admin if there are any data processing errors from a flat file.
The data processing errors can occur if there is an invalid data or account is locked etc..."
In short notify admin if any error logged in Active sync Log file while active sync runs.
Yes,I noticed same that whenever the data processing exception occurs, the active sync adapter stops processing records and the active sync input form was not triggered. Unless active sync form was triggered, it's very difficult to go ahead to meet the requirement.
Please let me know if there are any configurations/customizations to me made on flat file active sync adapter to send email notifications to administrators.
Thanks,
Sudheer

Active Sync error

Hi,
When i change any attribute of a user in the Authoritative Directory the Active Sync configured senses this chnage and calls the Update User Workflow and the chnages get refelcted in Identity Manager.
But when the user to be updated has some capability and controlled organisation then the Active Sync is not callling the Update User Workflow. In the Active Sync logs i can see the error as "Since you have directly assigned one or more capabilities to testuser, you must also directly assign at least one Contolled Organistaion.
Can anyone tell me where am i goin wrong and what changes i would need to make for this?
Thanks in advance,
deep

my suggestion was based on the error message you got.... and i use the strategy.. using adminRoles usually, instead of assigning directly ... but wont be feasible in all cases.
from the error message, its clear that some how the forms/ process involved does not find the controlled organization.
try adding to the following to form....
<Field name='waveset.controlledOrganizations'>
     <Default>
          <ref>waveset.controlledOrganizations</ref>
     </Default>
</Field>
<Field name='waveset.capabilities'>
     <Default>
          <filterdup>
               <appendAll>
                    <ref>waveset.capabilities</ref>
                    
               </appendAll>
          </filterdup>
     </Default>
</Field>and these fileds should have a disable like the following..... in case yoou want these fields to be processed during an update only.
<Disable>
   <neq>
      <ref>feedOp</ref>
      <s>update</s>
   </neq>
</Disable>Make sure u r using the same type - default / derivation / expansion for both the capability and controlled organizations in your Active Sync forms / rules etc....
that's all what i could suggest....
Thanks
Nishad

Parameterized Active Sync Form generating random password

Similar Messages

Maybe you are looking for