IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2.2

Enabling Active Directory password synchronization in a non-trusted environment

The user is unable to synchronize Active Directory password when the client workstation's domain does not trust the Active Directory domain that is configured as IMS enterprise directory. Enable this feature to synchronize Active Directory passwords in a non-trusted environment.

Before you begin

Install the following versions of IMS Server and AccessAgent:

About this task

If SSL is enabled, ensure that:
  • The client workstation trusts the Active Directory certificate
  • The FQDN or the DNS of the Active Directory that is configured in IMS Server matches the Subject or the SubjectAlternativeName of the certificate.

Ensure that the client workstation can resolve the Active Directory FQDN and domain name.

Procedure

  1. Upload the following policies by using webconf or UploadSync CLT:
    Note: If you are using webconf, select Data file as the file type to be uploaded.
    • com.ibm.tamesso.ims-delhi.build.boot\src\config\data\config\ldapBindPolicy\policy_mgmnt_objects.xml
    • com.ibm.tamesso.ims-delhi.build.boot\src\config\data\config\ldapBindPolicy\policy_sync_data.xml
  2. Run the <IMS_INSTALL_FOLDER>\bin\enableNonTrustedDomainPwdSync.bat <wasadminuser> <wasadminpassword> true CLT to enable this feature: .
    Note: Run this CLT when there is a change in IMS enterprise directory configuration.

    With this feature enabled, the user is now able to synchronize Active Directory passwords in both the trusted environment and the non-trusted environment.

    To disable this feature, run <IMS_INSTALL_FOLDER>\bin\enableNonTrustedDomainPwdSync.bat <wasadminuser> <wasadminpassword> false.

Parent topic: Other installation and configuration tasks

Feedback