Project and Portfolio Management Practitioners Forum
cancel

KConvertUserPasswords.sh

Highlighted
Lizabeth
Super Contributor.

KConvertUserPasswords.sh

Hello,

We would like to change the passwords for all the users in PPM, they are all LDAP authenticated. Would the script kConvertUserPasswords.sh convert passwords for users that are authenticated by LDAP, or would it work on PPM authentication only.

Thanks for your help
5 REPLIES
Cris Robin
Respected Contributor.

Re: KConvertUserPasswords.sh

Hello Lizabeth.

When you do an authenticated by LDAP, this is a report that run every day (or so), to keep the users passwords sync.

Every change you will do, will be over-ride on the next LDAP import.
Even if you choose a user and change is password manually from LDAP to ppm, the next import will change it back.

Have you done the import as a one time only?

The kConvertUserPasswords.sh will work on a password (PPM or LDAP) but you will need to write a code to do it.

Hope it help

Sagi
Jim Esler
Acclaimed Contributor.

Re: KConvertUserPasswords.sh

When you specify LDAP authentication in a user's entry, PPM will connect to the LDAP directory to validate the password value. PPM validates the user's password by connecting with the user's identity and password.

We use AD as our LDAP directory. AD does not allow the password to be read. PPM does not have the authority to change the password values in AD, and probably would not be allowed to do this with other LDAP directories, either. Password maintenance in the LDAP directory is a function that will be managed by the owner of the directory, not PPM.

The user import report can set the users to use PPM authentication but cannot set the users' passwords to the value in LDAP. The report does allow you to specify a default password that will be applied to all users.

I have not used the kConvertUserPasswords.sh script, but it could only be changing the password values in the PPM user table. These values are used only when PPM authentication is used and are ignored if LDAP authentication is specified.
Lizabeth
Super Contributor.

Re: KConvertUserPasswords.sh

Thanks Jim,

We actually had a Database Refresh from Production to our Dev Instance and all users are LDAP authenticated, we do not want users to start using Dev for any purpose, hence I wanted to check if I use the script to change passwords, would it actually change all passwords in the database, or would not since they are LDAP authenticated.

We do not want the passwords in the LDAP server to be updated. ( which PPM should not allow too).

Thanks again.
Cris Robin
Respected Contributor.

Re: KConvertUserPasswords.sh

Hello Lizabeth

Now your question is clearer.

Yes. You can do so.
Do not forget to stop the report from running again in the Dev environment and you can use your script to do a password change no matter what Authentication (PPM, LDAP) you use.

Hope it help

Sagi
Jim Esler
Acclaimed Contributor.

Re: KConvertUserPasswords.sh

In the User Workbench, you could select all users that should not have access and disable them. This locks them out entirely until their entry is reenabled.