Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide

Configuring pwsync to Not Propagate Passwords to Directory Server

The passwordSyncExcludeList system configuration attribute lists resources that should not be updated when the Active Directory pwsync DLL detects a password change. In an Identity Manager and Identity Synchronization for Windows environment, this attribute should include Directory Servers that are being synchronized, to prevent unwanted interaction between Identity Manager and Identity Synchronization for Windows.

  1. Go to the /debug page, for example, http://applicationserverhost:port/idm/debug)

  2. List objects of type Configuration

  3. Add the following attributes to the system configuration file:

    <Attribute name='passwordSyncExcludeList' value='Directory Server Resource'/\>

    where Directory Server Resource is the name of the resource to be excluded during a pwsync password change. If you need to exclude more than one resource, use a comma-separated list.)