IBM Security Directory Server Password Synchronizer

The Security Directory Server Password Synchronizer intercepts changes to the LDAP passwords in the IBM Security Directory Server.

Components

We can build a solution that synchronizes passwords, but without using the IBM Security Directory Server plug-in. For more information about solution building, see Solution building. The SDI Password Synchronizer consists of the following parts:

IBM Security Directory Server plug-in

The plug-in is a native binary, which uses the plug-in API of the IBM Security Directory Server. The plug-in runs in the process of the IBM Security Directory Server.

Java Proxy

A separate Java process, which is started or stopped by the server plug-in. The main purpose of the process is to host the Password Storage component and communicate with the plug-in. For more information about the Java Proxy, see Password synchronization architecture and workflow.

Password Storage component

A Java component, which runs inside the Java Proxy process and stores passwords in a particular Password Store such as LDAP directory or message queue. For more information about the Password Storage components, see Specialized components.

Passwords in the IBM Security Directory Server are stored in the userPassword LDAP attribute. The Password Synchronizer intercepts updates of the userPassword LDAP attribute.

The IBM Security Directory Server Password Synchronizer intercepts modifications of the userPassword attribute of entries of any object class.

Password updates are intercepted for the following types of entry modifications:

• When a new entry is added in the directory, the entry contains the userPassword attribute.
• When an existing entry is modified, one of the modified attributes is the userPassword attribute. The entry includes the following cases:
  • The userPassword attribute is added. For example, the entry did not have a userPassword attribute.
  • The userPassword attribute is modified. For example, the entry had this attribute and its value is now changed.
  • The userPassword attribute is deleted from the entry.

Note:

1. Deletion of the entries (users) is not intercepted by the IBM Security Directory Server Password Synchronizer even when the entry contains the userPassword attribute.
2. The userPassword attribute in the IBM Security Directory Server is multi-valued. Users can have several passwords. The IBM Security Directory Server Password Synchronizer intercepts and reports the changes in any of the password values.

Supported platforms

The IBM Security Directory Server Password Synchronizer is available for the IBM Security Directory Server on the following platforms and for the following versions:

• Windows 2008 Standard Edition (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• Windows 2008 Enterprise Edition (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• Windows 2008 Datacenter Edition (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• Windows 2008 R2 Standard Edition (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• Windows 2008 R2 Enterprise Edition (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• Windows 2008 R2 Datacenter Edition (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• AIX® 6.1 (64 bit), IBM Security Directory Server 6.0 (64 bit), IBM Security Directory Server 6.1, 6.2, and 6.3 (64–bit)
• AIX 7.1 (64 bit), IBM Security Directory Server 6.0 (64 bit), IBM Security Directory Server 6.1, 6.2, and 6.3 (64–bit)
• Solaris 10 SPARC (64–bit), IBM Security Directory Server 6.1, 6.2, and 6.3 (64–bit)
• Solaris 11 SPARC (64–bit), IBM Security Directory Server 6.1, 6.2, and 6.3 (64–bit)
• RHEL ES/AS 5.0 (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• RHEL ES/AS 6.0 (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• SLES 10 (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• SLES 11 (x86/x86 – 64), IBM Security Directory Server 6.1, 6.2, and 6.3 (32/64–bit)
• RedFlag Data Center 5.0 SP1/Asianix 2.0 SP1, IBM Security Directory Server 6.1, 6.2, and 6.3 (32–bit)

• Deployment and configuration
  You must register the IBM Security Directory Server Password Synchronizer with the IBM Security Directory Server before you deploy and configure the plug-in.