Tuesday, October 27, 2009

Identity Manager PasswordSync


We are still preparing for the IdM tender I mentioned in my previous post.

Today, we hit a problem - Sun Java System Identity Synchronization for Windows 6.0 cannot synchronize with Microsoft Active Directory 2008.

Identity Synchronization for Windows provides bidirectional password and user attributes synchronization between the Sun Java System Directory Server 6.0 and the following:

* Windows 2000 or Windows 2003 Server Active Directory
* Windows NT SAM Registry

Read here.


Luckily, we have a fallback plan - PasswordSync.

The PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager. PasswordSync must be installed on each domain controller in the domains that will be synchronized with Identity Manager. PasswordSync must be installed separately from Identity Manager.

PasswordSync consists of a DLL (lhpwic.dll) that resides on each domain controller. This DLL receives password update notifications from Windows, encrypts them, and sends them over HTTPS to the PasswordSync servlet. The PasswordSync servlet is located on the application server running Identity Manager.




The recommended deployment is to configure with JMS connection.

The JMS method is recommended for more complex environments that have a high volume requirement, need messages delivered to multiple systems, and require guaranteed message delivery. The JMS Message Queue can be made highly available. As long as a message gets into the queue, if message delivery to Identity Manager should fail, the queue will keep the change until the message can be delivered to Identity Manager.



Read here.

No comments:

Post a Comment