 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
|
|
||||||||
|
|
|||||||||
|
Windows
Integration: OID Reversible Password In order to synchronize passwords from OID to AD it is necessary to to setup a reversible encrypted password for users. This password is in addition to the "userpassword" attribute which already exists for all users. Whenever a user changes their password on the OID side, the password is typically stored using a one way hash algorithm such as SSHA. This form of the password is not compatible with the proprietary "Unicodepassword" attribute in AD. So we need to have a clear text password to send to the AD server. This Unicode hashing algorithm is proprietary to Microsoft. When synchronizing with other LDAP server such as iPlanet from Sun, this step is not necessary as this LDAP server support the more open and commonly used hashing algorithm such as SHA, SSHA, MD5, MD4, and Crypt to name a few, which are also supported in OID. By enabling the password policy in OID for "User Password Reversible Encryption", OID will enable you to store the password in new attribute that will store an encrypted version of the password that can also be decrypted by the DIP server. The attribute that stores this reversible password is called "orclreversiblepassword". PREREQUISITES OID 10g AS infrastructure must be installed The OID server must be running
Configure the Reversible Password Option Step 1. Start the Oracle Directory Manager. Step 2. Navigate to the "Password Policy for Realm" folder which is under the "Password Policy Management" folder. Step 3. In the "General" tab you will see an option called "User Password Reversible Encryption". Change the value of this option to "Enable". Step 4. Apply the change. This new password attribute will not be populated until the user changes their password. |
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
