Integrate IBM Tivoli Directory Integrator Password Synchronizer with Tivoli Identity Manager

Strictly control how passwords are changed, validated, and synchronized across systems

Wouldn't it be great to validate password strength prior to synchronization? In this article, learn how to integrate the IBM Tivoli® Directory Integrator Password Synchronizer Plug-in with IBM Tivoli Identity Manger to validate password strength using Tivoli Identity Manager's password policies prior to synchronization. Detailed instructions walk you through the setup and configuration processes .

Mr. Nagesh Bhagwat (nagesh_bhagwat@in.ibm.com), Staff Software Engineer, IBM

Photo of Mr. Nagesh R. BhagwatNagesh Bhagwat is a staff software engineer currently working with the IBM Tivoli Directory Integrator Level 3 development support team at the IBM India Software Labs. He holds a bachelor of engineering degree in Computer Science from Shivaji University. Nagesh has more than seven years of IT experience.



Abhijit C. Dusane (abhijitdusane@in.ibm.com), Staff Software Engineer, IBM

Photo of  Abhijit DusaneAbhijit is currently leading the Tivoli Directory Integrator Level 3 support at IBM India Software Labs. Abhijit has completed his Masters degree in Computer Science from the University of Pune and has more than seven years of IT experience.



Raghavendra TA (raghavendra.ta@in.ibm.com), Staff Software Engineer, IBM

Photo of Raghavendar TARaghavendra T A is a staff software engineer with the IBM Tivoli Directory Integrator and IBM Tivoli Directory Server development team at the IBM India Software Labs. He holds a masters degree in Systems Engineering from Banaras Hindu University. Raghavendra is an IBM Certified Administrator - Tivoli Monitoring V6.2 and is certified in IBM Tivoli Netcool/Omnibus V7.2 Implementation.



14 May 2013

Introduction

IBM Tivoli Directory Integrator enables synchronization, transformation, and migration of generic and identity data across heterogeneous systems. Tivoli Directory Integrator helps organizations maintain consistent and trusted data across multiple resources and provides:

  • Plug-ins for several popular identity stores such as IBM Tivoli Directory Server, Domino (Http Password only), Microsoft™ Active Directory, and SunOne. These plug-ins securely capture passwords and make them available for processing for AssemblyLines.
  • An infrastructure and several ready-to-use components for solutions that synchronize user passwords in heterogeneous software environments.

A password synchronization solution built with Tivoli Directory Integrator can intercept password changes on several systems. Synchronization is achieved through the Tivoli Directory Integrator AssemblyLines, which can be configured to propagate the intercepted passwords to desired systems.

IBM Tivoli Identity Manager provides the software and services to deploy policy-based provisioning solutions. This product helps companies automate the process of giving employees, contractors, and business partners access rights to applications they need, whether in a closed enterprise environment or across a virtual or extended enterprise.

With Tivoli Identity Manager you can efficiently manage policies, which are sets of organizational rules and logic, for passwords. A password policy defines the password strength rules that are used to determine whether a new password is valid. Tivoli Identity Manager password policies let you control the way passwords can be changed or generated, synchronized, and set throughout the system.

The Tivoli Identity Manager integration for the password synchronizer allows intercepted passwords to be verified by a password management policy defined in Tivoli Identity Manager prior to synchronization. Password synchronization incorporates password complexity checking using Tivoli Identity Manager password policies.

In this article, learn how the Tivoli Directory Integrator Password Synchronizer Plug-in can be integrated with Tivoli Identity Manager for password strength validation through Tivoli Identity Manager's password policies prior to synchronization. Follow along with detailed steps for:

  • Installing and configuring Tivoli Directory Integrator password plug-ins
  • Configuring Tivoli Identity Manager middleware
  • Installing and configuring Tivoli Identity Manager
  • Configuring Tivoli Directory Integrator for password synchronizer
  • Configuring Tivoli Identity Manager password policies
  • Testing Tivoli Directory Integrator password plug-ins

Install and configure Tivoli Directory Integrator password plug-ins

This section describes how to install a Tivoli Directory Integrator password plug-in and configure the Tivoli Directory Integrator-based Tivoli Directory Server password synchronizer.

  1. Run the Tivoli Directory Integrator Installer. From the Choose Install Set window, select the Custom option, as in Figure 1, and click Next.
    Figure 1. Tivoli Directory Integrator installation wizard
    TDI Installation Wizard with left pane and typical and custom selection options.
  2. The Install Set window opens. Click Choose Install Set, then check the box for Password Synchronization Plugins, as in Figure 2. Complete the installation by following the rest of the instructions in the installation wizard.
    Figure 2. Select password plug-in
    Choose Install Set window with password synchronization plugins checked

The Tivoli Directory Integrator password plug-in installation is complete.

The Tivoli Identity Manager password synchronizer decorator classes are supported by the following password synchronizers:

  • Password Synchronizer for Windows™
  • Password Synchronizer for IBM Tivoli Directory Server
  • Password Synchronizer for Sun Directory Server
  • Password Synchronizer for UNIX® and Linux®

The Domino HTTP password synchronizer does not support integration with Tivoli Identity Manager. Custom password policies can be created on the Domino server. Using those password policies, the passwords can be validated before they are stored.

Configuring Tivoli Directory Server password plug-ins

The Tivoli Directory Server password synchronizer intercepts changes to LDAP passwords. The first step is to register the plug-in with the IBM Directory Server.

  1. Make sure the Tivoli Directory Server server is not running. Edit the IBM Directory Server configuration file <ids_dir>/etc/ibmslapd.conf.
  2. Find the section dn: cn=Directory, cn=RDBM Backends, cn=IBM Directory,cn=Schemas, cn=Configuration.

    Add the information in Listing 1 as one line.

    Listing 1. ibmslapd.conf
     Win32
    ibm-slapdPlugin: preoperation "<TDI_Install_dir>\pwd_plugins\tds\
    idspwsync.dll" PWSyncInit "<TDI_Install_dir>\pwd_plugins\tds\
    pwsync.props"
    
    
    
    AIX64
     ibm-slapdPlugin: preoperation "<TDI_Install_dir>/pwd_plugins/tds/
    libidspwsync_64.a.so "PWSyncInit "<TDI_Install_dir>/pwd_plugins/tds/
    pwsync.props"
    
    
    Linux32
    ibm-slapdPlugin: preoperation "<TDI_Install_dir>/pwd_plugins/tds/
    libidspwsync.so" PWSyncInit "<TDI_Install_dir>/pwd_plugins/tds/
    pwsync.props".
  3. Start a Tivoli Directory Server instance and ensure that Tivoli Directory Server is running in normal mode. It should not be running in Config mode.
  4. If the Tivoli Directory Server server is running in Config mode, check the Tivoli Directory Server log (plugin.log/proxy.log) for error details and take appropriate action.

Configure Tivoli Identity Manager middleware

This section describes how to configure the middleware (DB2 and Tivoli Directory Server) required for Tivoli Identity Manager installation and configuration.

  1. Ensure that DB2 and Tivoli Directory Server are installed correctly with the minimum fix pack required.
  2. Launch the Middleware Configuration Utility for Tivoli Identity Manager.
  3. The window entitled Middleware Configuration Utility for IBM Tivoli Identity Manager 5.1 displays. In this window, check the boxes for Configure IBM DB2 Universal Database and Configure IBM Tivoli Directory Server, then click Next, as in Figure 3.
    Figure 3. Middleware installation wizard
    Middleware Configuration Utility for IBM Tivoli Identity Manager 5.1 window with Configure IBM DB2 and Configure IBM Directory Server checked
  4. The next window entitled IBM DB2 Universal Database Configuration Options opens, as shown in Figure 4. In this window, complete the required details for IBM DB2 configuration with the following information, then click Next.
    • DB2 administrator ID/instance name: db2admin
    • DB2 administrator password: db2adminpasswd
    • DB2 server database home: E:, or wherever your DB server is installed
    • DB2 database name: itimdb
    • ITIM Database User ID: itimuser
    • Password for ITIM Database User ID: itimuserpasswd
    Figure 4. Configure IBM DB2
    Configure IBM DB2 window
  5. The prompt window to configure DB2 displays. In this window, click Yes, as shown in Figure 5.
    Figure 5. Select Yes to configure DB2
    Select Yes
  6. After DB2 configuration is complete, the Tivoli Directory Server configuration window opens, as shown in Figure 6. Complete the required details to configure the Tivoli Directory Server instance with the following information, then click Next.
    • Directory server administrator ID/Instance Name: itimldap
    • Directory server administrator password: itimldappasswd
    • Directory server database home: C:\
    • Directory server database name: ldapdb2
    • Encryption seed: ldapinstnaceforitimuser
    Figure 6. Configure Tivoli Directory Server
    Configure IBM Tivoli Directory Server
  7. The continuation of the Tivoli Directory Server instance configuration window displays. Complete the required details, as shown in Figure 7, using the following information, then click Next.
    • Administrator DN: cn=root
    • Administrator DN password: admindnpasswd
    • User-defined suffix: dc=com
    • Non-SSL port: 389
    Figure 7. Configure Tivoli Directory Server instance, continued
    Configure TDS instance
  8. The Summary window opens, as shown in Figure 8. In this window, click Next and wait for the Tivoli Identity Manager configuration to progress.
    Figure 8. Middleware installation summary
    Middleware Installation Summary Panel
  9. The window stating the process completed successfully displays, as shown in Figure 9. Click Finish.
    Figure 9. Middleware installation and configuration completed
    Middleware Installation and Configuration completed.

Your Tivoli Identity Manager middleware is now installed and configured.


Install and configure Tivoli Identity Manager

This section provides details on installing and configuring Tivoli Identity Manager.

  1. Ensure that the IBM WebSphere Application Server, with the required fixpack, is installed before launching the Tivoli Identity Manager installation wizard.
  2. Launch the Tivoli Identity Manager installation wizard, as shown in Figure 10. Select your language, then click OK.
    Figure 10. Tivoli Identity Manager installation wizard
    TIM Installation Wizard
  3. The Installation Directory window opens. In this window, specify the installation path, as shown in Figure 11, and click Next. The default path is: C:\Program Files\IBM\itim.
    Figure 11. Tivoli Identity Manager installation path
    TIM Installation Path
  4. In the resulting Installation Type window, shown in Figure 12, select Tivoli Identity Manager deployment on the Single WebSphere Application Server instance and click Next.
    Figure 12. Select Single WebSphere Application Server
    Select Single WebSphere Application Server
  5. The Installation Directory of WebSphere Application Server window opens, as shown in Figure 13. In this window, specify the path where WebSphere Application Server is installed and click Next. The default path is: C:\Program Files\IBM\WebSphere\AppServer.
    Figure 13. Specify WebSphere Application Server installation path
    Specify the WAS installation path
  6. The Database Type window opens, as shown in Figure 14. In this window, select IBM DB2 Universal Database as the server for the Tivoli Identity Manager data repository. Click Next.
    Figure 14. Configure DB2 as a repository
    DB2 as repository window
  7. The Keystore Password then opens, as shown in Figure 15. In this window, specify your Keystore password, confirm the password, and click Next.
    Figure 15. Keystore password
    KeyStore Password
  8. The Do you want to install Agentless Adapters? window opens, as shown in Figure 16. In this window, select Do Not Install Agentless adapters and click Next.
    Figure 16. Select non AgentLess Adapter
    Select Non Agentless Adapter
  9. The Single Server Pre-Installation Summary window opens, as in Figure 17. Review the summary and click Install.
    Figure 17. Tivoli Identity Manager installation summary
    TIM installation Summary
  10. The Installing IBM Tivoli Identity Manager window opens (Figure 18). Enter the appropriate values for the parameters listed below for the IBM DB2 database created in Configure Tivoli Identity Manager middleware and click Test.
    • DB2 Database Server Host Name
    • DB2 Database Port Number
    • DB2 Database Name
    • DB2 Database Admin ID
    • DB2 Database Admin Password
    Figure 18. Specify DB2 details
    Specify DB2 details
  11. After the DB2 connections test is successful, the window Configuring IBM Tivoli Identity Manager Database window opens, as in Figure 19. This window asks for the Tivoli Identity Manager user and password required for configuring DB2 for Tivoli Identity Manager. Specify the following values, then click Continue.
    • Tivoli Identity Manager User ID
    • Tivoli Identity Manager User password
    Figure 19. Configure DB2 for Tivoli Identity Manager
    Configure DB2 with TIM
  12. After the DB2 configuration is complete, the Tivoli Directory Server instance configuration window, Input LDAP Server Information, opens (Figure 20). Specify details for the Tivoli Directory Server instance for the following parameters. This information has to be the same information you specified when you installed and configured the middleware. Click Test.
    • Principal DN
    • Principal DN password
    • LDAP Server Host Name
    • LDAP Server Port
    Figure 20. Specify Tivoli Directory Server details
    Specify TDS Details
  13. After the Tivoli Directory Server test has run successfully, the Input Directory Information window opens. In this window, specify the Tivoli Identity Manager directory information for the following parameters for configuring with Tivoli Directory Server.
    • Number of hash buckets
    • Name of Your Organization
    • Default Org Short Name
    • Identity Manager DN Location

    Click Continue and wait until the installation is complete.

    Figure 21. Configure Tivoli Directory Server for Tivoli Identity Manager
    Configure TDS for TIM
  14. After the successful installation, the Install IBM Tivoli Identity Manager Completed window opens, as shown in Figure 22. Click Done.
    Figure 22. Tivoli Identity Manager installation and configuration complete
    TIM installation and Configuration complete LDAP

You've now completed the Tivoli Identity Manager installation and configuration.


Configure Tivoli Directory Integrator Password Synchronizer

This section explains how to integrate Tivoli Directory Integrator with Tivoli Identity Manager for the Tivoli Directory Server Password Synchronizer.

Tivoli Directory Integrator can be integrated with Tivoli Identity Manager for the Sun Directory Server password synchronizer, the IBM Tivoli Directory Server Password Synchronizer, the Windows password synchronizer, and password synchronizers for UNIX and Linux.

The Tivoli Identity Manager integration for the password synchronizers allows synchronized passwords to be verified by a Tivoli Identity Manager server's password strength servlet prior to synchronization. This allows password synchronization to incorporate password complexity checking using Tivoli Identity Manager password policies.

Before starting configuration, ensure that the Password Plugin for Tivoli Directory Server is installed.

  1. Edit the pwsync.props file from the <TDI_Install_Dir>/pwd_plugins/tds/ directory.
  2. Modify the Tivoli Identity Manager Integration section of the file, as shown in Figure 23, with the Tivoli Identity Manager URL, PrincipleName, password, and Tivoli Identity Manager service Name below.
    • itimPasswordUrl=http/s://<host>:<port>/passwordsynch/synch
    • itimPrincipalName=ITIM Manager
    • itimPrincipalPassword=ITIM Manager password is encrypted using the encryptPasswd.bat/sh utility (see EncryptPassword utility).
    • itimSourceDN=erservicename=TDIPasswordService, o=IBM, ou=IBM, dc=com
    Figure 23. pwsync.props
    pwsync.props

The Tivoli Identity Manager password URL can be either or https (SSL communication).

For Tivoli Directory Integrator to Tivoli Identity Manager communication over SSL, you need to create and extract certificates from Tivoli Identity Manager, which is deployed on WebSphere Application Server, and import these certificates into Tivoli Directory Integrator certificates.

  1. Click here for details on tasks to be performed on Tivoli Identity Manager (WebSphere Application Server).
  2. Click here for details on tasks to be performed on Tivoli Directory Integrator.

After you've completed the previous two steps, go to the pwsync.props file and modify the SSL configuration properties with appropriate values, as shown in Listing 2.

Listing 2. pwsync.props - SSL configuration properties
# SSL configuration properties
#
# javax.net.ssl.trustStore=
# javax.net.ssl.trustStorePassword=
# javax.net.ssl.trustStoreType=
# javax.net.ssl.keyStore=
# javax.net.ssl.keyStorePassword=
# javax.net.ssl.keyStoreType=

Restart the Tivoli Directory Server and Tivoli Directory Integrator server.

The passwords referenced in the pwsync.props file must be encrypted using the EncryptPassword utility, as shown in Listing 3.

Listing 3. EncryptPassword utility
<install dir>\pwd_plugins\bin/encryptPasswd.bat/sh

Similarly, the following should also be encrypted using the encryptPasswd.bat/sh script:

  • itimPrincipalPassword
  • javax.net.ssl.trustStorePassword
  • javax.net.ssl.keyStorePassword

If these values are not encrypted, you'll see the error shown in Listing 4.

Listing 4. Error while changing password
com.ibm.di.plugin.pwstore.itim.policy.MalformedResponseException: 
org.xml.sax.SAXParseException: Element type "SYNCH_PSWDS_RESP" must
be followed by either attribute specifications, ">" or "/>".

itimSourceDN/ServiceDN is the name of the service against which the password check would be performed. The format is: erservicename=nameofservice,o=organizationname,ou=organizationshortname,dc=com

Where:

erservicename
Specifies the name of the target service used by the IBM Tivoli Identity Manager server.
o
Specifies the name of the organization on the IBM Tivoli Identity Manager server.
ou
Specifies the short name defined for the organization during installation and configuration of the Tivoli Identity Manager server. If this value is not known, it can be determined by opening the LDAP configuration tool for your product. Locate the new root suffix created during the Tivoli Identity Manager installation.
dc=com
Specifies the root of the directory tree.

Although DN formatting is used for the Service DN value, this DN is not the DN of the service that is being monitored. These values are parameter values to the Password Synchronization plug-in.

For example, if you installed the Tivoli Identity Manager server in the root LDAP suffix called ISIM, and your Windows Active Directory service is named WinAD Corp Server and is installed in an organization named Finance Org, the Tivoli Identity Manager organization chart looks similar to Figure 24.

Figure 24. ITIMSourceDN/ServiceDN
ITIMSourceDN/ServiceDN

This Windows Active Directory Adapter example has the Service DN value shown in Listing 5.

Listing 5. ITIMSourceDN/ServiceDN example
erservicename=WinAD Corp Server,o=Finance Org, ou=ITIM,dc=com

Configure the Password Synchronizer to use a Tivoli Identity Manager Decorator by setting the syncClass property value within pwsync.props to one of the Decorator classnames in Listing 6.

Listing 6. pwsync.props
com.ibm.di.plugin.pwstore.ldap.LDAPPasswordStoreITIMDecorator
com.ibm.di.plugin.pwstore.ldap.JMSPasswordStoreITIMDecorator
com.ibm.di.plugin.pwstore.log.LogPasswordStoreITIMDecorator

For testing purposes, we selected LogPasswordStoreITIMDecorator, which should not be used in a production environment. You must configure LDAP/JMS for production use, as in Figure 25, using syncClass=com.ibm.di.plugin.pwstore.log.LogPasswordStoreITIMDecorator.

Figure 25. pwsync.props
pwsync.props

When Tivoli Identity Manager integration is enabled, checkRepository must be set to true in the Password Synchronizer configuration file (pwsync.props).

  1. After pwsync.props is updated, restart the Tivoli Directory Server instance. Ensure Tivoli Directory Server is running in normal mode; it should not be running in Config mode.
  2. If the Tivoli Directory Server server is running in Config mode, check the Tivoli Directory Server log plugin.log/proxy.log for error details.

Configure Tivoli Identity Manager password policies

Use the steps in this section to set up the password policies for Tivoli Identity Manager.

  1. Log in to the Tivoli Identity Manager console, as in Figure 26. Typically, the URL is http://<TIM_Server>/<port>/itim/console.
    Figure 26. Log in to Tivoli Identity Manager Console
    Login ITIM Console
  2. After you're logged in to the Tivoli Identity Manager console the Home window displays. In this window, select Manage policies > Manage Password Policies, then click Create to create a new password policy, as in Figure 27.
    Figure 27. Manage Password Policy
    Manage Password Policy
  3. The window entitled Manage Password Policies opens. From the General tab in this window, create a new password policy by entering TDIPasswordPolicy in the Name field and IBM in the Business Unit field, as shown in Figure 28. Click the Targets tab.
    Figure 28. Define password policy
    Define Password Policy
  4. The Targets window opens. In this window, select the available ITIM Service and click Add, as shown in Figure 29.

    This service name is the same one you'll be using in the Tivoli Directory Integrator pwsync.props in the itimSourceDN parameter.

    Figure 29. Add Target service
    Add Target Service
  5. The Rules window opens. In this window, define the new password policy by completing the fields using the following information, as shown in Figure 30. Some fields are intentionally left blank. Click Apply, then click OK.
    • Minimum length: 8
    • Maximum length:
    • Maximum repeated characters: 2
    • Minimum repeated characters: 1
    • Minimum alphabetic characters:
    • Minimum numeric characters: 1
    • Characters not allowed:
    • Required characters:
    • Restricted to characters:
    • Starts with characters:
    • Repeated history length:
    • Reversed history length:
    • Disallow username: No
    Figure 30. Define Policy Rules
    Define password Rules

The Tivoli Identity Manager password policy is now configured.


Test the Tivoli Directory Integrator password plug-ins

This section describes how the Tivoli Directory Server user password changes are intercepted by the Tivoli Directory Integrator password plug-in and how these passwords are validated by Tivoli Identity Manager using the password policies.

  1. Ensure that Tivoli Directory Server, the Tivoli Directory Integrator proxy, and the Tivoli Identity Manager services are running correctly.
  2. Using the LDAP Client, try to modify the user password for user test1. It should have userpassword as an attribute, as in Listing 7.
  3. The command will fail and provide the message ldap_modify:plugin function failed. The password for user test1 is test1, which is not a length of 8. It also doesn't have any special characters, which is defined in the Tivoli Identity Manager password policies section.
    Listing 7. ldapmodify command
    idsldapmodify.cmd -p 1389 -D cn=root -w password
    dn: cn=test1,o=ibm,c=in
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    cn: test1
    sn: test1
    userpassword: test1
    
    Results:-
    
    Operation 0 modifying entry cn=test1,o=ibm,c=in
    ldap_modify: Unknown error
    ldap_modify: additional info: plugin function failed
  4. Check the proxy.log file for details. You will see com.ibm.itim.policy.passwordpolicyAuthority.PASSWORD_RULE_VIOLATION, as shown in Figure 31.
    Figure 31. Proxy.log output
    Proxy.log
  5. Check the plugin.log file, which will show the following results, as shown in Figure 32.

    The Proxy response represents error.
    Pre-operation on modify:PWPROXY_ERROR_PROTOCOL_PASSWORD_OP_FAILED.
    Pre-operation on modify: Will cancel LDAP Modify operation for 'cn=test1,o=ibm,c=in'.

    Figure 32. Plugin.log output
    Plugin.log
  6. Try to change the Tivoli Directory Server user password with an appropriate password, per the policy, as shown in Listing 8.
    Listing 8. ldapmodify command
    idsldapmodify.cmd -p 1389 -D cn=root -w password
    dn: cn=nagesh,o=ibm,c=in
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    cn: nagesh
    sn: bhagwat
    userpassword: passw0rd#
    
    Results:-
    
    Operation 0 modifying entry cn=nagesh,o=ibm,c=in
  7. Check the proxy.log file, which will show the result Storing the password notification for user: 'cn=nagesh,o=ibm,c=in' with password: 'passw0rd#'', as shown in Figure 33.
    Figure 33. Proxy.log output
    Proxy.log
  8. Check the plugin.log file, which will show PostModOperation: Proxy response is successful, as shown in Figure 34.
    Figure 34. Plugin.log output
    Plugin.log

Similarly, users can specify syncClass as either com.ibm.di.plugin.pwstore.ldap.LDAPPasswordStoreITIMDecorator or com.ibm.di.plugin.pwstore.ldap.JMSPasswordStoreITIMDecorator.

com.ibm.di.plugin.pwstore.ldap.LDAPPasswordStoreITIMDecorator
Users need to configure LDAP as a password store in the pwsyn.props file. (See LDAP as a Password Store in Resources for more details.)

The password will be stored under the LDAP Server. Users can read the password from the LDAP Server using the Tivoli Directory Integrator LDAP connector and can update into other data sources, thus achieving password synchronization.

For more details on how to read the password from the LDAP Server, see Appendix A in Synchronizing users between Microsoft Active Directory Server and IBM Domino Server using Tivoli Directory Integrator.

com.ibm.di.plugin.pwstore.ldap.JMSPasswordStoreITIMDecorator
Users need to configure JMS as a password store in the pwsyn.props file. (For more details, see JMS Password Store.)

The password will be stored under MQe. Users can read the password from MQe using the Tivoli Directory Integrator MQe/JMS Password store connector and can update into other data sources, thus achieving password synchronization.

For more details and a sample solution that reads a password from MQe and updates it into the Active directory, see Section 4, "Creating Tivoli Directory Integrator AssemblyLine" in Password Synchronization between Microsoft Active Directories using Tivoli Directory Integrator.

You're now finished integrating the Tivoli Directory Integrator Password Plug-in with Tivoli Identity Manager for the password strength validation through Tivoli Identity Manager's password policies prior to synchronization.


Conclusion

This article walked you through a step-by-step solution for integrating the Tivoli Directory Integrator password synchronizer with Tivoli Identity Manager for password policy strength and validation before passwords get into the password store for further synchronization.

Resources

Learn

Get products and technologies

  • Evaluate IBM products in the way that suits you best: Download a product trial, try a product online, use a product in a cloud environment, or spend a few hours in the SOA Sandbox learning how to implement Service Oriented Architecture efficiently.

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Security on developerWorks


  • Bluemix Developers Community

    Get samples, articles, product docs, and community resources to help build, deploy, and manage your cloud apps.

  • Security

    Pragmatic, intelligent, risk-based IT Security practices.

  • DevOps Services

    Software development in the cloud. Register today to create a project.

  • IBM evaluation software

    Evaluate IBM software and solutions, and transform challenges into opportunities.

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Security
ArticleID=929393
ArticleTitle=Integrate IBM Tivoli Directory Integrator Password Synchronizer with Tivoli Identity Manager
publish-date=05142013