Before starting the plug-in installation, make sure you completed the resource configuration. See Configuring Identity Manager for LDAP Password Synchronization for more information.
If the Directory Server instances are set up in a multi-master replicated environment, then the plug-in must be installed and configured on each master replica.
To install the Password Capture plug-in, you must perform the following general steps. See the product documentation for detailed information about performing these tasks.
Upload the configuration LDIF file into the target Directory Server. You can use the LDAP command line utilities bundled with the Directory Server. For example,
/opt/iPlanet/shared/bin/ldapmodify -p 1389 -D "cn=directory manager" -w secret -c -f /tmp/pluginconfig.ldif
For Directory Server versions 5.2 P4 and earlier only, place the plug-in binary (idm-plugin.so) on the host where the Directory Server is running. In this example, /opt/SUNWidm/plugin. Make sure that the user running the directory server is able to read the plug-in library. Otherwise, the Directory Server will fail to start.
Restart the Directory Server. (For example, /opt/iPlanet/slapd-examplehost/restart-slapd). The Password Capture plug-in is not loaded after Directory Server is restarted.
In a multi-master replicated environment, new plug-in configuration must be generated for each installation (unless the operating system type and the plug-in installation directory are the same on each host). In this type of environment, repeat the procedure described in Step 2: Enable Password Synchronization Features on each installation.
Directory Server must be restarted whenever you make changes to the plug-in configuration.
After the Password Capture plug-in is enabled, clients must have the MODIFY right to both the userPassword and the idmpasswd attribute to make password changes. Adjust the access control information settings in your directory tree accordingly. This is usually necessary if administrators other than the directory manager have the ability to update the password of other users.