none
389 Directory Server / FIM/AD Two way Password Syncing? RRS feed

  • Question

  • Hi

    Were trying to solve the issue of two way passwords syncing between AD and 389 Directory Server.   Can some one tell me if they seen it done with FIM?    From my reading FIM would need a Managment Agent that can talk to "389 Directory Server".    And then we would need to be an Agent on the "389 Directory Server" that talks to FIM.  

    Is there a Managment Agent for FIM that works with 389 Directory Server to push passwords?

    Is there a Agent for for 389 Directory Server to push passwords to FIM?


    Eric (Trying to be truly Wise by leaning form the mistakes of others, based on my success rate, I need to work harder at that.)

    Wednesday, March 6, 2013 2:54 PM

Answers

  • FIM can only accept password synchronization from AD management agent if you want to use standard Password synchronization which comes with FIM. YOu can't push into password synchronization password from other source than AD. If you can capture your directory server to capture user password in clear text and store it for user you might try to push it to data sources through export_password attribute, however it won't work for AD (at least this is what I remember :) ). 

    For MA - I don't know what kind of LDAP are you using. Trying to adjust OpenLDAP XMA to your use might be best choice. http://sourceforge.net/projects/openldap-xma/


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Wednesday, March 6, 2013 3:02 PM

All replies

  • FIM can only accept password synchronization from AD management agent if you want to use standard Password synchronization which comes with FIM. YOu can't push into password synchronization password from other source than AD. If you can capture your directory server to capture user password in clear text and store it for user you might try to push it to data sources through export_password attribute, however it won't work for AD (at least this is what I remember :) ). 

    For MA - I don't know what kind of LDAP are you using. Trying to adjust OpenLDAP XMA to your use might be best choice. http://sourceforge.net/projects/openldap-xma/


    Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl

    Wednesday, March 6, 2013 3:02 PM
  • Wow.  That seems to make FIM really not that useful of a tool if there is no way for it to take password updates from Non-AD LDAP systems.    Our Non-AD LDAP is the Higher level system.    And two-way Password change Sync-ing is what we need.   

    Kind of supprised.  


    Eric (Trying to be truly Wise by leaning form the mistakes of others, based on my success rate, I need to work harder at that.)

    Wednesday, March 6, 2013 8:06 PM