IBM Tivoli Directory Integrator 6.0.0-TIV-ITDI-IF0012

Downloadable files


Abstract

Cumulative fix package for Windows Password Plugin.

Download Description

+-----------------------------------------------------+
Interim Fix 6.0.0-TIV-ITDI-IF0012 README
Tivoli Directory Integrator 6.0.0
Interim Fix 12
(Windows)
Date: March, 2006
+-----------------------------------------------------+

COPYRIGHT STATEMENT
====================

March 2006

References in this publication to IBM products, programs, or services do
not imply that IBM intends to make these available in all countries in
which IBM operates. Any reference to an IBM program product in this
publication is not intended to state or imply that only IBM's program
product may be used. Any functionally equivalent program may be used
instead.

IBM is a trademark of the International Business Machines
Corporation.

Copyright International Business Machines Corporation 2005. All rights
Reserved.


Fix For
========
APAR - IO00884, IO01968, IO03227, IO03871
PMR - 19462,999,000 23110,033,000 58401,033,000 86578,033,000


General Description:
====================

Cumulative fix package for Windows Password Plugin.

Details:
========
The intent behind this Interim fix is to come up with a cumulative package for Windows Password Plugin,
which will contain number of fixes made to Windows password Sync and can be applied directly on TDI Windows Password Sync Plugin (GA) installation.
This interim fix has fixes of Interim fix 6.0.0-TIV-ITDI-IF0002, IF0006 and LA0010 and some more defects.
Following are the fixes that are part of this interim fix.

IO00884 : Windows password plugin update for MS password history requirement and using third party filters.
The TDI Windows password plugin processes incorrectly when MS password history requirements are not met and when using another third party filter.

IO01968 : Security and network enhancements related to the TDI MQe password store.
This fix addresses a number of security and network enhancement requests related to the TDI MQe password store option available with the TDI password plugins. Following are the issues addressed.
- Authenticated access to the MQe runtime environment used by the Active Directory Password interceptor. The TDI MQe configuration utility has been enhanced to enable the use of the MQe queue authenticator with MQe Mini-Certificates. Using this deployment option prevents anonymous MQe applications and Queue Manager from submitting change password messages.
- Support for DNS names in the configuration of the remote queue.
- Configuration of HA for MQe transport of password changes.

IO03227 : Avoid reboot for Windows Password Synchronizer proxy reconfiguration.
Re-configuration of the Java proxy used to require a reboot of the Windows machine. This issue has been taken care of so that now the Windows machines does not have to be rebooted in order to reconfigure the Java proxy.
This has been taken care by introducing a new command line tool - pwsync_admin.exe. For more details about this tool and its use, refer readme_winpwsync_ismp.htm.

IO03871 : TDI IDS password plugin appears to hang the TDS server, enable Plugin's Proxy Component to handle corrupt data.
The TDI IDS plugin hangs or the proxy server behaves incorrectly when usernames and/or passwords contain null characters, or when data is corrupt.

Prerequisites:
==============
- TDI Windows Password Sync Plugin (GA) must be installed.
- Tivoli Directory Integrator 6.0 Fixpack 2 must be installed. (This is required, when using TDI password plugin with TDI server).


Platforms:
==========
Windows.

Sizes of Files Included in this Fix:
============================
26,352 ibmjms.jar
24,283 idipwsync.jar
264,844 MQeBase.jar
16,839 mqeconfig.jar
111,167 MQeJMS.jar
10,196 mqepwstore.jar
75,028 MQeSecurity.jar
17,830 proxy.jar
45,056 pwsync_admin.exe
52,146 readme_mqepwstore_ismp.htm
63,381 readme_password_sync_ismp.htm
22,011 readme_winpwsync_ismp.htm
984 setWinPwSyncAccTypes.reg
49,152 timpwflt.dll
7,781 timpwflt.jar

Applying the Fix:
=================

Unzip the fix fix zip file into a temporary directory.

BACKUP Following files inside any folder from TDI plugin installation directory.

<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/timpwflt.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/readme_winpwsync_ismp.htm
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/idipwsync.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/mqepwstore.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/mqeconfig.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/readme_mqepwstore_ismp.htm
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/jms.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/MQeBase.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/MQeJMS.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/proxy.jar
readme_password_sync_ismp.htm
-Back up timpwflt.dll file from system install directory WINNT\system32.

where, <TDI_PLUGIN_INSTALL_ROOT> is the TDI plugin installation directory.


REPLACE Following files from the corresponding fix files from temporary directory where fix is unzipped.

<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/timpwflt.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/readme_winpwsync_ismp.htm
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/idipwsync.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/mqepwstore.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/mqeconfig.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/readme_mqepwstore_ismp.htm
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/MQeBase.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/MQeJMS.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/proxy.jar
readme_password_sync_ismp.htm


Add the following files which are included in the fix to the location as mentioned below.

<TDI_PLUGIN_INSTALL_ROOT>/IDI/pwsync_admin.exe
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/MQeSecurity.jar
<TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/ibmjms.jar


Add following Registry

- Add Registry setWinPwSyncAccTypes.reg

To replace timpwflt.dll, follow the steps mentioned below.

- Remove the password filter name (timpwflt) from the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification
Packages" Windows registry key.
- Reboot the System.
- Once system comes up, replace the "timpwflt.dll" file with the updated one. This dll is to be found in the system32 folder
of Windows.
- Remove <TDI_PLUGIN_INSTALL_ROOT>/IDI/_jvm/jre/lib/ext/jms.jar
- Add the password filter name (timpwflt) to the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification
Packages" Windows registry key.
- Reboot the System.

Refer the readme files for more details on the fixes, instructions etc.


Confirming the Fix has been applied successfully:
=================================================
The problem must be resolved.

md5sum of Files Included in this Fix:
=====================================
58948ab251967e66d72d4b2d82b2979c *ibmjms.jar
0461c21cc582288f1da002aa9923cb94 *idipwsync.jar
60cb242c6a23ad3fae6e69e528301464 *MQeBase.jar
351a3ac8c781c9bbca3a3ff11241a2b1 *mqeconfig.jar
706ae4bdd9ff00658e161bf487fd60df *MQeJMS.jar
a195a45fad371c295c08ab8f2a818fbd *mqepwstore.jar
6051eefcffdb64c3443d110d6d438002 *MQeSecurity.jar
47471aeeb4370c2dce2ac59a3ea33845 *proxy.jar
93e8cf3f425cabe79108d09cb6d96151 *pwsync_admin.exe
b2a72ceb898e0e64fa5a49de2d3673dc *readme_mqepwstore_ismp.htm
5d18e6498c1771ee180ad61e8c7f7b50 *readme_password_sync_ismp.htm
cbc99059597c2c9740c2f65ddd1f576d *readme_winpwsync_ismp.htm
2376bb802341ec3384b5e6001e0f0edb *setWinPwSyncAccTypes.reg
77df1fbe3bdf06e574708a381f661ae9 *timpwflt.dll
20861f3a45b9198ecd31e629847ca914 *timpwflt.jar

Prerequisites

- TDI Windows Password Sync Plugin (GA) must be installed.
- Tivoli Directory Integrator 6.0 Fixpack 2 must be installed. (This is required, when using TDI password plugin with TDI server).

Installation Instructions

Please refer the README for installation instructions.

URL LANGUAGE SIZE(Bytes)
6.0.0-TIV-ITDI-IF0012.README US English 7750

Download package

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is DD?
6.0.0-TIV-ITDI-IF0012 3/3/2006 US English 598129 FTP DD

Problems (APARS) fixed
IO00884, IO01968, IO03227, IO03871

Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security Directory Integrator
General

Software version:

6.0

Operating system(s):

Windows 2000

Reference #:

4011803

Modified date:

2014-02-18

Translate my page

Machine Translation

Content navigation