This content has been marked as final. Show 3 replies
The behavious you see is absolutely fine. Meta-Directory doesnt sync passwords! You have 2 ways forward for doing that, from Sun:
1. Use Identity Manager (aka Waveset Lighthouse): With this users can use the admin pages to set thier new passwords on any of the connected resources. You could also sych password changes from AD (ctrl+alt+del) to any of the connected resources.
2. Use Identity Sync for Windows (ISW): With this you can sync passwords between AD and SJDS 5.2, bi directionally. This software is a part of Sun Directory Server Enterprise Edition (DSEE).
Pls contact your Sun rep for more details.
So you mean I can use ISW(Identity Sync for Windows) to sync password between AD and SJDS 5.2, and my AD password don't need re-writre?
I confuse this. Microsoft tole me that the password in AD can't pick up. Now ISW can do this ?
Whatyou heard from Microsoft is right...but what I wrote is also right!!
Ok, heres a brief explaination...typically, all repositories store passwords in a hash format -- that is one way encryption. So once stored, you cant get it back to clear text. And these hashing algos used by each respository is unique, so you can simply copy the has valu across (using Meta) and be happy.
BUT, ISW does a cool thing, through which it can sync a password stored in AD, to SJS-DS, and that too without installing any DLL on the AD box. Contact your Sun rep for more.