IBM Tivoli Directory Integrator
To register the plug-in, edit the IBM Directory Server configuration
file ids_dir/etc/ibmslapd.conf.
Before editing the file, make sure the server is not running.
Find the section dn: cn=Directory, cn=RDBM Backends, cn=IBM
Directory, cn=Schemas, cn=Configuration and add the following
(as one line):
- Win32
- ibm-slapdPlugin: preoperation "TDI_Install_dir\pwd_plugins\tds\idspwsync.dll"
PWSyncInit "TDI_Install_dir\pwd_plugins\tds\pwsync.props"
- AIX64
- ibm-slapdPlugin: preoperation "TDI_Install_dir/pwd_plugins/tds/libidspwsync_64.a.so "PWSyncInit
"TDI_Install_dir/pwd_plugins/tds/pwsync.props"
- Linux32
- ibm-slapdPlugin: preoperation "TDI_Install_dir/pwd_plugins/tds/libidspwsync.so"
PWSyncInit "TDI_Install_dir/pwd_plugins/tds/pwsync.props"
Start the IBM Directory Server again.
The IBM Directory Server plug-in has a template configuration file
installed at TDI_Install_dir/pwd_plugins/sun/pwsync.props.
When the TDS plug-in is initialized, it will expect that the configuration
file is set as the last parameter of the plug-in's registration
line. The plug-in then reads the file. Some of the parameters in that
configuration file are shared between the plug-in and the Java Proxy.
For a complete list of the supported properties, check out Password plug-ins common configuration and utilities.
The property listed below is specific for the IBM Directory Server
Password Synchronizer:
- syncBase
- This optional property enables restricting the part of the directory
tree where passwords are intercepted. The string value specified is
the LDAP distinguished name (dn) of the root of the tree whose entry'
passwords we want to intercept. Specifying "o=ibm,c=us", for example, results in intercepting password update "cn=Kyle Nguyen,ou=Austin,o=IBM,c=US"
and skipping the password update "cn=Henry Nguyen,o=SomeOtherCompany,c=US".
Setting no value for this property results in the interception of
password updates in the whole directory tree.