| Oracle® Identity Manager Password Synchronization Module for Microsoft Active Directory Installation and Configuration Guide Release 9.0.3 Part Number B32179-01 |
|
|
| Oracle® Identity Manager Password Synchronization Module for Microsoft Active Directory Installation and Configuration Guide Release 9.0.3 Part Number B32179-01 |
|
|
Oracle Identity Manager is an advanced user account provisioning system for automatically granting and revoking access to enterprise applications and managed systems. The modular architecture of Oracle Identity Manager can handle most IT requirements, without requiring changes to existing infrastructure, policies, or procedures.
This chapter contains the following sections:
Components for Connecting Oracle Identity Manager to Microsoft Active Directory
Files and Directories That Comprise the Password Synchronization Module
Determining the Release Number of the Password Synchronization Module
Oracle Identity Manager provides the following components to link with Microsoft Active Directory:
Connector for Microsoft Active Directory
Password synchronization module for Microsoft Active Directory
Depending on your specific needs, you can deploy one or both of these components to connect Oracle Identity Manager and Microsoft Active Directory. Deployed together (along with LDAP over SSL), the connector and the password synchronization module provide full, bidirectional synchronization of all user attributes, including passwords.
The connector for Microsoft Active Directory updates user account attributes bidirectionally. However, password changes are updated only when the password is changed through Oracle Identity Manager, and not when it is changed through Microsoft Active Directory.
In contrast, the password synchronization module for Microsoft Active Directory updates Oracle Identity Manager with passwords changed in Microsoft Active Directory. This is achieved as follows:
The password synchronization module intercepts a password change event in Microsoft Active Directory and sends the new password to Oracle Identity Manager. Now, if the password change in Oracle Identity Manager fails because, for example, the password does not meet the password policy, then the password change is not allowed in Microsoft Active Directory. However, if the password change in Oracle Identity Manager succeeds, then the password change is allowed in Microsoft Active Directory.
The following table compares the functionality offered by both tools.
| Functionality | Module | Connector |
|---|---|---|
| Updates Microsoft Active Directory with user account attributes (except for passwords) changed in Oracle Identity Manager | No | Yes |
| Updates Oracle Identity Manager with user account attributes (except for passwords) changed in Microsoft Active Directory | No | Yes |
| Updates Microsoft Active Directory with passwords changed in Oracle Identity Manager (requires LDAP over SSL) | No | Yes |
| Updates Oracle Identity Manager with passwords changed in Microsoft Active Directory | Yes | No |
The installation files for the module are compressed in the following ZIP file on the installation media:
Directory Servers\Microsoft Active Directory\Microsoft Active Directory Password Sync
These files and directories are listed in the following table.
| File in the Installation Media Directory | Description |
|---|---|
setup_ad.exe |
This file is used to install the password synchronization module. |
set_ad.jar |
This JAR file is used during the installation process. |
Files in the com\oracle\xl\installer directory |
Each of these resource bundle files contains language-specific information that is used by the connector.
Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console. |
Files in the jpclient\lib directory |
These are password synchronization library files. |
Files in the xlhome\ext directory |
These are third-party JAR files. |
Files in the xlhome\install directory |
These JAR files are required by the password synchronization module installer. |
To determine the release number of an existing password synchronization module:
Extract the contents of the xliADSync.jar file. This file is copied into the ADSYNC_HOME\lib directory after you perform the installation process described in Chapter 2.
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliADSync.jar file.
In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.
