The Directory Server Connector examines the Directory Server retro changelog over LDAP to detect user entry and password change events. The Directory Server Plug-in helps the Connector do the following:
For more information about retro changelog, see Replication and the Retro Change Log Plug-In in Sun Directory Server Enterprise Edition 7.0 Reference.
Capture clear-text passwords by encrypting them and then making them available in the retro changelog. Without the Plug-in, only hashed passwords appear in the retro changelog, and hashed passwords cannot be synchronized.
Perform on-demand password synchronization with Active Directory. No Identity Synchronization for Windows components need to be installed in a Windows topology (See Using On-Demand Password Synchronization to Obtain Clear-Text Passwords.