AD Ldap password synchronization

AD Ldap password synchronization using OpenIDM as a black box :

OpenIDM provides 2 password synchronization plugins (AD and OpenDJ) which allows to synchronize passwords between the source (AD or OpenDJ) and OpenIDM.

Each of this plugin intercept the password update before its get hashed, and propagates it to openIDM in clear text format. As the exchange between the source and openIDM takes place in clear format, the communication needs to be encrypted using TLS.

As a consequence the following deployments are available:

• Bidirectional password synchronization between openDJ and AD through openIDM.
• Password Synchronization between openDJ (where openDJ is teh source) to any LDAP Directory through openIDM
• Password Synchronization between AD (where AD is the source) to any LDAP Directory through openIDM.

OpenIDM allows also synchronization of attributes between directories, as described in article, using the change log, where attributes changes are recorded into it.
But password synchronization is more restrictive, as password changes/updates are not provided to the changelog.

https://wikis.forgerock.org/confluence/display/openidm/DSEE+and+OpenDJ+system+to+system+sync

• À propos
• Articles récents

janua

Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.

Les derniers articles par janua (tout voir)

• New Keycloak online training - 19 janvier 2022
• Sizing Keycloak or Redhat SSO projects - 8 juin 2021
• Keycloak.X Distribution - 28 janvier 2021