Windows AD Adapter and AD Passwd Sync Plugin fail to allow passwords to be changed due settings that are not by default enabled in enRole.properties.
Resolving The Problem
In order for the Windows AD Adapter and AD Password Sync Plugin to be able to change password, the following must be set in the $ITIM_HOME/data/enRole.properties file:
- enrole.passwordsynch.enabledonresource - This property when set to 'true' will enable a password change or restore request from ISIM may result in a reverse password synch\validation request from the plugin installed on resource. The default value of this property is 'false'.
- enrole.passwordsynch.toleranceperiod - This property specifies the maximum duration in seconds between a password change request sent from ISIM to remote agent, and receiving a reverse password synch request from the plugin installed on the remote resource. The default value set is 60 (in seconds).
- enrole.PasswordSynchStoreMonitor.heartbeat - The value set to this property, in hours, specifies the password synch transaction monitor heartbeat. The default value set is 1 (in hour).
tivoli identity manager itim tim isim sim
16 June 2018