The following connected systems can accept passwords from Identity Manager to some degree but cannot provide a user’s actual password to Identity Manager.
Although they can’t provide the user’s actual password, they can be configured to create a password in the Identity Vault by using a policy on the Publisher channel. The password would be based on other user data in the connected system. The basic driver configurations provided for the connected systems include a default password based on the surname.
Table 3-2 Systems That Accept Passwords from Identity Manager
Connected System Driver |
Subscriber Channel |
Subscriber Channel |
Subscriber Channel |
Publisher Channel |
---|---|---|---|---|
Application Can Accept Setting of Initial Password |
Application Can Accept Modification of Password |
Application Supports Check Password |
Application Can Provide (Sync) Password |
|
Groupwise |
Yes |
Yes |
No |
No1 |
JDBC |
Yes2 |
No3 |
No |
No4 |
LDAP |
Yes5 |
Yes5 |
Yes |
No |
Lotus Notes |
Yes |
Yes6 |
Yes7 |
No |
SAP User Management |
Yes |
Yes |
No |
No |
1GroupWise supports two authentication methods:
GroupWise provides its own authentication and maintains user passwords.
GroupWise authenticates against eDirectory by using LDAP and does not maintain passwords.
When you use this option, GroupWise ignores driver-synchronized passwords.
2The ability to set an initial password is available on all databases where the OS user account is distinct from the database user account, such as Oracle, MS SQL, MySQL, and Sybase.
3The Identity Manager Driver for JDBC can be used to modify a password on the connected system, but that feature is not demonstrated in the sample driver configuration.
4Passwords can be synchronized as data when stored in a table.
5If the target LDAP server allows setting the userpassword attribute.
6The Notes driver can accept a password modification and check passwords only for the
field in Lotus Notes.