3 Replies Latest reply: Nov 12, 2004 5:59 AM by 807573 RSS

    Password flow between Active Directory and Netscape Directory

    807573
      Hello all,

      I have a problem when using Active Directory Connector of Sun One Meta-Directory 5.1 to replicate information of users between MS Active Directory 2000 and Netscape Directory 6.1. I have all information replicated through except the user password. I just used the non-SSL port of Netscape Directory Server to accept data back and forth. Then I even installed the SSL within Netscape Directory; however, I don't know how to configure to have data flowing through the SSL port of Netscape Directory using the Active Connector of Sun One Meta Directory 5.1. Could anyone help me to have password replicated between Active Directory 2000 and Netscape Directory 6.1 please? Thank you very much.
        • 1. Re: Password flow between Active Directory and Netscape Directory
          807573
          Hi,

          The behavious you see is absolutely fine. Meta-Directory doesnt sync passwords! You have 2 ways forward for doing that, from Sun:

          1. Use Identity Manager (aka Waveset Lighthouse): With this users can use the admin pages to set thier new passwords on any of the connected resources. You could also sych password changes from AD (ctrl+alt+del) to any of the connected resources.

          2. Use Identity Sync for Windows (ISW): With this you can sync passwords between AD and SJDS 5.2, bi directionally. This software is a part of Sun Directory Server Enterprise Edition (DSEE).

          Pls contact your Sun rep for more details.

          Cheers
          Suveer Chainani
          • 2. Re: Password flow between Active Directory and Netscape Directory
            807573
            So you mean I can use ISW(Identity Sync for Windows) to sync password between AD and SJDS 5.2, and my AD password don't need re-writre?

            I confuse this. Microsoft tole me that the password in AD can't pick up. Now ISW can do this ?
            • 3. Re: Password flow between Active Directory and Netscape Directory
              807573
              Whatyou heard from Microsoft is right...but what I wrote is also right!!
              Ok, heres a brief explaination...typically, all repositories store passwords in a hash format -- that is one way encryption. So once stored, you cant get it back to clear text. And these hashing algos used by each respository is unique, so you can simply copy the has valu across (using Meta) and be happy.
              BUT, ISW does a cool thing, through which it can sync a password stored in AD, to SJS-DS, and that too without installing any DLL on the AD box. Contact your Sun rep for more.
              Reg/Suveer