IBM Support

AD Adapter and Passwd Sync plugin in fail to allow passwords to be changed



Windows AD Adapter and AD Passwd Sync Plugin fail to allow passwords to be changed due settings that are not by default enabled in

Resolving The Problem

In order for the Windows AD Adapter and AD Password Sync Plugin to be able to change password, the following must be set in the $ITIM_HOME/data/ file:

  • enrole.passwordsynch.enabledonresource - This property when set to 'true' will enable a password change or restore request from ISIM may result in a reverse password synch\validation request from the plugin installed on resource. The default value of this property is 'false'.
  • enrole.passwordsynch.toleranceperiod - This property specifies the maximum duration in seconds between a password change request sent from ISIM to remote agent, and receiving a reverse password synch request from the plugin installed on the remote resource. The default value set is 60 (in seconds).
  • enrole.PasswordSynchStoreMonitor.heartbeat - The value set to this property, in hours, specifies the password synch transaction monitor heartbeat. The default value set is 1 (in hour).

[{"Product":{"code":"SSRMWJ","label":"IBM Security Identity Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Adapters","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"All Versions;6.0;7.0","Edition":"Advanced","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Historical Number

PMR 58824

Product Synonym

tivoli identity manager itim tim isim sim

Document Information

Modified date:
16 June 2018