For flag DumpService.includeUsers export contains only system users #214
Comments
|
Hi Tomek, in theory we could easily add a property that would also dump regular users. The problem is that this would include passwords in plain text if implemented naively. Usually the PWs are in LDAP or even SSO is used for our projects, but if AEM is the main source for users, the users will have "production passwords" configured. On the other hand, if AEM is not the main source for users, there is not much point for this feature since non-existing users are created on the fly anway for the LDAP/SAML case. How would you deal with Passwords here? |
|
Hi @ghenzler, Basically idea behind of using this feature is for cloning or migrating instances but honestly i dont want to use plain password at all because for each case expecting that YAML file will contains user password hash. In this case any export & import round trip would ONLY work if the etc/key (crypto key) is consistent between instances source and target which resulting that target instance will be able to decrypt migrated/imported password. Regards, |
|
Hi Georg, it could be configurable, with plain passwords and password hash. Some biggest clients still don't use LDAP and create users directly in AEM. We need Dump with Users for migration, inclusive all user props and membership. The result YAML will be updated after that. Best regards, |
|
I personally would only implement the password hash - master key management needs to be in place anyway (e.g. for cloud config passwords). Since #251 we have the dependency to cryptoService, so it should be straight forward to implement. |
|
Hi Georg, |
Hello @ghenzler ,
While testing this tool for my migration found bug in AC Tool that once i set flag for
in
export/dump contains only system users, but i'm expecting that dump will contains all users and passwords.
Thanks
Tomek
The text was updated successfully, but these errors were encountered: