Monday, March 23, 2009

Pre requisit - Installation and configuration -- for PWD-SYNC

In my Previous post i have installed the PWD SYNC on domain control and explained you why we need password sysncronization, and i installed also.

there is the 2 way to do the password Syncronization functional one is Direct Method and 2nd is Through JMS Methos,

Through JMS methos is mor secure and more common now a days in enterprise, because its safe - because it provide the security feature for preventing lost password. and till that password not reach to the destination, it will be in Queoe, and on certain period of second update will be done. Now one more thing i want to tell you that, Password Sysnchronization will prefer HTTPS:// Protocol, in place of HTTP://, because its Secure and work with SSL also, will explain exvery thing, but i am writing you the Step for this JMS Method Based Password Syncronization.
Install - Password Syncronization Tools on Domain Controller (finished in previous )
Configure - Sun Message Queue
Create - Broker
Connect Broker
Configure Queue
Create Storing Object
Configure - Destination
Configure - Connection Factory
because Its All required when we configure the JMS Listner Adaptor in Identity Management like
java.naming.Provider.url = " "
java.naming.factory.initial = " "
So that first i am going to configure "Sun Message Queue"---- i have downloaded this Software from http://www.sun.com/software/products/message_queue/get.jsp (Download)
The Latest Version of JMQ is 4.2, but here i am cretaing Video on 3.7 - Update - 1, version.
Sun Java System Message Queue 3.7 UR1 Administration Guide
Starting Brokers
First Download the Software and Copy on Any where in The Directory, and see the Directory Structure, you will get the Main Directory in "MQ", and that is the parent Directory for that.
We use yhe utilty to configure "mq\bin\imqbrokerd" (A broker’s configuration is governed by a set of configuration files)
You can start a broker interactively from the command line, using the Broker utility (imqbrokerd). (Alternatively, on Windows, you can start a broker from the Start menu.) You cannot use the Administration Console (imqadmin) or the Command utility (imqcmd) to start a broker; the broker must already be running before you can use these tools.
Create Broker & Connect - (Video Below)
Broker Name ----- "idmBroker"
Host ----- "" or localhost
port Numebr ----- " 7676"
user name ----- "admin"
password ----- "admin"
When Broker Created then right Click on Broke and click on connect Broker, then it will connected after that.

next posting will upload destination and Object Store --(Destination and Connection Factory)

pre-requisit configuration for password sysncronization for Sun IDM

Some More FAct About Installed Password Sync































After Installation of Password Syncronization Tools on Domain Controller you can check all these files is avaliable or not? And you can see all the above Screen also as its you can fouund in previous video also.

files that are installed on each domain controller
Installed Component Description
%$INSTALL_DIR$%\configure.exe PasswordSync configuration program
%$INSTALL_DIR$%\configure.exe.manifest Data file for the configuration program
%$INSTALL_DIR$%\passwordsyncmsgs.dll DLL that handles PasswordSync messages
%SYSTEMROOT%\SYSTEM32\lhpwic.dll Password Notification DLL that implements
the Windows PasswordChangeNotify()
function
To Configure PasswordSync
Start the PasswordSync configuration application??? through program file or you can use command prompt also. to configure.
"Program Files -> Sun Identity Manager PasswordSync -> Configuration"
before its mentioned that password Sync. through 2 diffrent way one is Direct method or second one is through JMS methods
for direct method we can use the below command on command prompt>>>
C:\InstallDir\Configure.exe -direct

Installation of Password Syncronization Tools

Password Syncronization Tools you can find in the Installation Directory of Sun IDM 8.0.0 or 8.1.0 version >> "Dive"\Sun IDM\8.1\IDM_8_1_0_0\pwsync.

We just install PWSYNC where is your Domain Controller like Windows 2003 Server or any where where is the Domain Controler and want to access Resources through Active Directory.

So i have installed PWSYNC -- You can Find Video Below.

Now in this Vide we can see password syncronization installed. in next Post will configure the password Synchronization and prerequiset adaptor will install and configure through Sun IDM "configurator" login will deployee All


Password Synchronization in Sun IDM 8.1











PasswordSync :--

You can find this Important Topic in Sun IDM 8.1 Documentation of Business Administration - Chapter - 11

Here i am Trying to synchronize password with Active Directory - IDM and Other Resources.

PasswordSync (Tools) detects user password changes initiated on Windows domains and forwards those changes to Identity Manager.

Identity Manager then synchronizes password changes with the other resources defined in Identity Manager.( So that there no need to change the password on every where, and through Single User ID and password we can access All Resources which is connected through IDM with Active Directory. - Same Domain Controller..

What is PasswordSync?

PasswordSync feature keeps user password changes made on Windows Active Directory domains synchronized with other resources defined in Identity Manager.

Password Synchronization Tools must installed on All the Domain Controller where Resources will be connected through IDM with Active DIrectory

And password Sync installation means "lhpwic.dll" file be presant on All the Domain Controller Machine.

How it Work--

"lhpwic.dll" DLL receives password update notifications from Windows, encrypts them, and sends them over HTTPS to the PasswordSync servlet. The PasswordSync servlet is located on the application server running Identity Manager.

this notification can be send through HTTP:// & HTTPS:// Protocol to the Password Sync Servlet that must presant on Sun IDM.

This Transfer has to by 2 Ways:--

1. Direct Methods
2. Through JMS

Direct Method is not implementing every time, its for small Enterprise, and where no need to worry about the Message Delivery Notification.. and this has to be implemented through IDM Native class.

And for the Security and message Delivery COnfirmation we use Through JMS, --

Password Sync. Servlet sends the password information to Identity Manager using JMS (Java Message Service). The servlet submits password changes to the JMS Message Queue.

Identity Manager’s JMS Listener Resource Adapter checks the Queue for new messages. If a password change message is found waiting on the Queue, the JMS Listener Adapter takes the message off the Queue and imports it into Identity Manager

So that if we have to try password Sync. through JMS Method we must implemet JMS Listner in our Existing Identity Manager Environment through Managed resources.