News
Abstract
The user is unable to synchronize Active Directory password when the client workstation's domain does not trust the Active Directory domain that is configured as IMS enterprise directory. Enable this feature to synchronize Active Directory passwords in the non-trusted environment.
Content
If SSL is enabled, ensure that:
- the client workstation trusts the Active Directory certificate
- the FQDN or the DNS of the Active Directory that is configured in IMS Server matches the Subject or the SubjectAlternativeName of the certificate
- IBM Security Access Manager for Enterprise Single Sign-On IMS Server Fix Pack 5 or later
- IBM Security Access Manager for Enterprise Single Sign-On AccessAgent Fix Pack 8 or later
- Upload the following policies using webconf or UploadSync CLT:
- com.ibm.tamesso.ims-delhi.build.boot\src\config\data\config\ldapBindPolicy\policy_mgmnt_objects.xml
- com.ibm.tamesso.ims-delhi.build.boot\src\config\data\config\ldapBindPolicy\policy_sync_data.xml
- Run the CLT to enable this feature: <IMS_INSTALL_FOLDER>\bin\enableNonTrustedDomainPwdSync.bat <wasadminuser> <wasadminpassword> true
Note: This CLT needs to be run whenever there is a change in IMS enterprise directory configuration.
With this feature enabled, the user is now able to synchronize Active Directory passwords in both the trusted environment and the non-trusted environment.
To disable this feature, run <IMS_INSTALL_FOLDER>\bin\enableNonTrustedDomainPwdSync.bat <wasadminuser> <wasadminpassword> false.
Ensure that the client workstation can resolve the Active Directory FQDN and domain name.
Requirements and compatibility
Before enabling the Active Directory password synchronization in a non-trusted environment, ensure that you have installed the following versions of IMS Server and AccessAgent:
Enabling the Active Directory password synchronization in a non-trusted environment
Note: If you are using webconf, select Data file as the file type to be uploaded.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21691116