IDIPasswordSynchronizer (IBM Tivoli Directory Integrator API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.ibm.di.plugin.idipwsync
Class IDIPasswordSynchronizer

java.lang.Object
  com.ibm.di.plugin.idipwsync.IDIPasswordSynchronizer

All Implemented Interfaces:: com.ibm.bim.pwfilt.IPasswordSynchronizer

public class IDIPasswordSynchronizer
extends Object
implements com.ibm.bim.pwfilt.IPasswordSynchronizer
extends Object
implements com.ibm.bim.pwfilt.IPasswordSynchronizer

A IDIPasswordSynchronizer is the class that by use of a properties file uses a zero-arg constructor to setup for connect to LDAP server optionally using ssl via specification of a client keystore file which contains both client's certificate and servers signer certification. When syncPassword(uid,userfullname,password) is invoked, the userId in the LDAP DIT is modified to have the specified password. If the userId doesn't exist and new one is created.

Constructor Summary
`IDIPasswordSynchronizer()` Creates and LDAPCHangePassword object and obtains connection to server.

Method Summary
`static void`	`main(String[] argv)` Use this main to test functionality.
`boolean`	`syncPassword(String uid, String userFullName, String newPassword, boolean setOperation)` Changes the password if the user id and password exists.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

IDIPasswordSynchronizer

public IDIPasswordSynchronizer()
                        throws IOException,
                               IDIPasswordStoreMissingPropertyException

Creates and LDAPCHangePassword object and obtains connection to server. Obtains ldap password and trust files from a properties file The properties file: idipwsync.prop must be located in a directory on the CLASSPATH environment setting. To generate a template properties file that encodes passwords for the keystore and ldap login use "java com.ibm.di.plugin.idipwsync.GenPropertiesFile"

Throws:: IOException - Thrown when attempting to load properties file; IDIPasswordSynchronizerMissingPropertyException - Thrown when attempting to load a required property; IDIPasswordStoreMissingPropertyException

Method Detail

syncPassword

public boolean syncPassword(String uid,
                            String userFullName,
                            String newPassword,
                            boolean setOperation)

Changes the password if the user id and password exists. Otherwise, create a new entry. Default behavior uses ibm-diPassword attribute on the ibm-diPerson object which allows the clear text password to be optionally encrypted (see properties file documentation) before LDAP server stores it, and a decryption method (see IDIPasswordCrypto class) is available for decrypting via an IDI assemblyline or other strategy. Other functional behavior controlled includes performing LDAP udates in async mode with a configurable delay time (necessary when dealing with certain AD configurations (due to locking mechanism).

Specified by:: syncPassword in interface com.ibm.bim.pwfilt.IPasswordSynchronizer

Parameters:: uid - A String representing the stored uid, must have lenth > 0, eg. bcampbell; userFullName - A String representing the username as displayed by Windows NT, eg. Bob Campbell; newPassword - A String representing stored, decoded password, must have length > 0, eg. secret; setOperation - A boolean indicating whether password is being set or modified (note: not relevent)
Returns:: boolean true if succesful

main

public static void main(String[] argv)

Use this main to test functionality. A properties file must be set up and placed in the Classpath. To set up a properties file use "com.ibm.di.plugin.idipwsync.GenPropertiesFile" It is also assumed that a sample directory setup has been made on the target LDAP server machine.

Parameters:: argv -