To update two resources with different passwords simultaneously, you must generate a separate password field for each assigned resource. For example, you can have an AD password field on the AD resource Attribute area (on the Accounts page) that still conforms to password policies that can be set separately from other resources.
By default, Identity Manager displays password policy information on the Accounts > Identity tab, as shown below.
To move the password fields from their default position on the Identity area to the Attribute area, you must disable the default Identity Manager password synchronization mechanism by following these three steps:
Set the manualPasswordSynchronization checkout property
Add Field and FieldLoop components to the Tabbed User form
Add resource-specific password fields to the Tabbed User form
These steps are described in more detail below.
Specify the manualPasswordSynchronization view check out option by adding the following property to the form:
<Form> <Properties> <Property name=’manualPasswordSynchronization’ value=’true’/> ... </Properties> ... </Form>
When manualPasswordSynchronization is set to true, Identity Manager displays per-resource password fields rather than using the password synchronizer.
You can disable password synchronization by turning off the selectAll flag under the Password view. To do this, add the following fields to the default forms:
<Field name=’password.selectAll’> <Comments> Force the selectAll flag off so we do not attempt synchronization. Necessary because it sometimes is set to true by the view handler. </Comments> <Expansion><s>false</s></Expansion> </Field> <FieldLoop for=’res’> <expression> <remove> <ref>password.targets</ref> <s>Lighthouse</s> </remove> </expression> <Comments> Also must force the individual selection flags to false and display a password prompt for each resource since the view handler will default to true for new accounts. </Comments> <Field name=’password.accounts[$(res)].selected’> <Expansion><s>false</s></Expansion> </Field> </FieldLoop>
Write resource specific password fields for each resource as follows: