Sun Identity Manager 8.1 Resources Reference

Step 2: Enable Password Synchronization Features

To enable password synchronization in the LDAP resource adapter, Identity Manager provides a custom JSP page that allows the administrator to

The LDIF file contains 3 entries:

Use the following steps to implement these features.

ProcedureImplementing Password Synchronization Features

  1. Open the Identity Manager Configure Password Synchronization page, which is located at http://PathToIdentityManager/configure/passwordsync.jsp .

  2. Select the LDAP resource that will be used to synchronize passwords from the Resource menu.

  3. Select Enable Password Synchronization from the Action menu.

  4. Click OK. The page refreshes to display a new item in the Action menu.

  5. Select Download plug-in configuration LDIF from the Action menu.

  6. Click OK. The page refreshes to display several new options.

  7. Select a version from the Directory Server version menu.

  8. Select the resource’s operating system from the Operating System Type menu.

  9. In the Plugin Installation Directory field, enter the directory on the host where the plug-in will be installed.

  10. Click OK to generate and download the LDIF file. If necessary, you may now regenerate an encryption key.

  11. Select Regenerate encryption key from the Action menu.

  12. Click OK. The encryption parameters are updated.

    Note –

    If your Directory Server users do not have the default objectclasses (person, organizationalPerson or inetorgperson), then you must edit the LDIF file created when you selected Download plugin configuration LDIF. You must replace the default value assigned in the idm-objectclass attribute with an objectclass implemented in your environment so that the plug-in can capture the password change.

    For example, if your users are defined with the account, posixaccount and shadowaccount objectclasses, replace the default value assigned in the idm-objectclass attribute with one or more of these classes.

    For example:

    idm-objectclass: account
          idm-objectclass:  posixaccount

    Note that multivalued attributes should not be represented as comma-separated strings. Each value for the idm-objectclass that you want to match must be entered on a separate line on the LDIF configuration. Passwords are captured for entries that match any of the idm-objectclass values.

    After password synchronization is enabled, the following attributes on the Resource Specific Settings page on Active Sync wizard parameters page of the resource will be displayed.

    • Enable password synchronization

    • Password encryption key

    • Password encryption salt

    Only the Enable password synchronization field may be changed on this page. The encryption attributes should only be updated using the JSP page.