|Oracle® Identity Manager Connector Guide for Microsoft Active Directory Password Synchronization
|PDF · Mobi · ePub|
This chapter provides an overview of the updates made to the software and documentation of the Microsoft Active Directory Password Synchronization connector in release 220.127.116.11.
The updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software. This section also points out the sections of this guide that have been changed in response to each software update.
This section describes major changes made to this guide. For example, the relocation of a section from the second chapter to the third chapter is a documentation-specific update. These changes are not related to software updates.
The following sections discuss software updates:
The following are software updates in release 9.1.0:
The password synchronization connector has separate installers for Microsoft Active Directory running on 32-bit and 64-bit Microsoft Windows.
An Oracle Identity Manager flag field is used to track password changes propagated by the connector. In earlier releases, you had to manually create this field in Oracle Identity Manager. From this release onward, the field is automatically created in Oracle Identity Manager when you install the Microsoft Active Directory User Management connector.
The password synchronization connector supports signature-based authentication. This is an alternative to password-based authentication for connecting to Oracle Identity Manager during password synchronization operations.
Information specific to signature-based authentication has been provided at various places in this guide.
The following is a software update in release 18.104.22.168:
A single installer has been developed for Microsoft Active Directory running on 32-bit and 64-bit Microsoft Windows. Corresponding changes have been made in this release of the guide.
The following are software updates in release 9.1.1:
The architecture of the password synchronization connector has been completely modified. Major changes made in the new, fault-tolerant architecture of the connector are discussed in the subsequent sections.
In earlier releases, you had to install the Microsoft Active Directory User Management connector before you could start using the password synchronization connector. From this release onward, the password synchronization connector does not use any component of the user management connector. At the same time, password propagation from Microsoft Active Directory to Oracle Identity Manager can be configured to complement the features offered by the user management connector.
In earlier releases, the connector used the Oracle Identity Manager APIs for password propagation from Active Directory to Oracle Identity Manager. From this release onward, the connector uses SPML Web service for password propagation to Oracle Identity Manager.
The connector stores all configuration parameters of the connector in the Microsoft Windows Registry. This enables you to reconfigure the configuration parameters without reinstalling the connector. This feature also replaces the xlconfig.xml file that was used to store configuration parameters in earlier releases.
See "Reconfiguring the Connector" for more information.
In the earlier releases, if Oracle Identity Manager was not available, then the connector did not retry propagating the password to Oracle Identity Manager. From this release onward, the connector retries password propagation if Oracle Identity manager is not available.
See "Connector Architecture" for more information.
In earlier releases, the connector required an attribute to be created in Microsoft Active Directory to act as a flag for tracking password changes initiated by Oracle Identity Manager. From this release onward, this attribute is not required.
In earlier releases, if you had changed the password of the account that the connector used to log in to Oracle Identity Manager during a password synchronization operation, then you had to reinstall the connector with the changed password. From this release onward, you can reconfigure the connector whenever you change the login credentials of the account that the connector uses for logging in to Oracle Identity Manager during a password synchronization operation. This eliminates the need for reinstalling the connector.
See "Reconfiguring the Connector" for more information.
The following are issues resolved in release 9.1.1:
IT resource name in the adsynch.log file was not localized.
This issue does not apply for this release of the connector. In this release, the IT resource name is not recorded in the log file.
7272742 and 7293723
After you installed the connector, logging was automatically enabled. You could not disable it. In addition, you could not specify or change or the log level.
This issue has now been resolved. You can now enable and disable logging for the password synchronization connector.
See "Enabling and Disabling Logging" for more information.
In the "Known Issues" chapter, the following items has been added:
Information about events that occur during connector installation are recorded in the oimpwdsync.log file, which is located in the %TEMP% directory.
The oimpwdsync.log file is not deleted when you reinstall or reconfigure the password synchronization connector.
The following are software updates in release 22.214.171.124:
From this release onward, you can customize the location of OU (Persistent Store) only while installing the connector. You can now create it under a different OU. However, once the OU is created, you cannot change its location.
See Section 2.2.1, "Installing the Connector" for more information about Persistent Store.
The following are issues resolved in release 126.96.36.199:
The connector did not allow the setting of time delay to less than one minute.
If the connector was installed on two Domain Controllers, and the password change operations were initiated on both within one minute, then the order in which the password reset operations were processed was incorrect.
This issue has now been resolved. The password change operations are now carried out in the correct sequence.
The following is a software update in release 188.8.131.52:
From this release onward, the connector can be installed and used on a target system that can access a running instance of Oracle Identity Manager 11g release 1 (11.1.1). Where applicable, instructions specific to this Oracle Identity Manager release have been added in the guide.
See Section 1.2, "Certified Components" for more information.
The following sections discuss documentation-specific updates:See "Roadmap for Deploying and Using the Connector" for detailed information about the organization of content in this guide.
The following are documentation-specific updates in release 184.108.40.206:
In the Deploying the Connector chapter, the "Determining the Release Number of the Connector" section has been removed.
In the Known Issues chapter:
Bug 7155390 has been removed as the bug had been resolved in release 220.127.116.11 of the connector.
Known issue has been added.
In the "Verifying Deployment Requirements" section, changes have been made in the "Target systems and target system host platforms" row.
The following are documentation-specific updates in release 18.104.22.168:
Section 2.1.1, "Verifying Deployment Requirements" has been updated.
An attribute has been added in Table 2-1, "Microsoft Active Directory Configuration Parameters".
Appendix B, "PrepAD.ldif" has been added to provide information about the PrepAD.ldif file.
The following are documentation-specific updates in release 22.214.171.124:
In Section 2.2.1, "Installing the Connector," step number 12 has been updated for time interval after which password synchronization happens with OIM (in Seconds).
Information has been added to step 15 in Section 2.2.1, "Installing the Connector."
Information has been added to step 7 in Section 126.96.36.199.4, "Configuring Custom Identity Keystore in Oracle WebLogic Server."
Information has been added to the "Descripiton" column in the "OIM User Atrribute" row, in Table 2-2, "Oracle Identity Manager Configuration Parameters".
In Section 188.8.131.52.2, "Signing the Certificate," information about importing the self-signed certificate as a trusted entry in the Java standard store has been added.
Chapter 4, "Troubleshooting the Connector" has been added.
Instructions specific to Oracle Identity Manger release 11.1.2.x have been added throughout the guide, wherever applicable.
The "Verifying Deployment Requirements" section has been removed. However, the contents of that section have been moved to Section 1.2, "Certified Components."
The "Target systems and target system host platforms" row of Table 1-2, "Certified Components" has been modified.