Enterprise applications and network operating system environments often employ disparate, heterogeneous information security models -- which can lead to inefficiencies through redundant administration. The simple task of authentication is a widely varying experience in most enterprise environments. Any user with access to multiple enterprise software applications faces the fact that different applications use different authentication mechanisms. For example, access to Microsoft Windows applications is controlled via the Microsoft Windows native authentication, while access control to enterprise Web-based applications often uses Lightweight Directory Access Protocol (LDAP) authentication to a Sun Java System Directory Server.
Enterprise users comply with a login policy that, at a minimum, enforces users to change passwords periodically. Because applications are controlled by different credential authorities, users are forced to modify passwords multiple times, once in each authentication environment. Ideally, the enterprise user should only have to remember a single password. Whenever the user changes this value, the update should be valid across all applications available to that user.
Sun Java System Identity Synchronization for Windows software synchronizes password and other identity attributes bi-directionally between the Sun Java System Directory Server and Windows 2000 Active Directory (AD) and Windows NT Security Account Manager (SAM) Registry.
Enterprise users comply with a login policy that, at a minimum, enforces users to change passwords periodically. Because applications are controlled by different credential authorities, users are forced to modify passwords multiple times, once in each authentication environment. Ideally, the enterprise user should only have to remember a single password. Whenever the user changes this value, the update should be valid across all applications available to that user.
Sun Java System Identity Synchronization for Windows software synchronizes password and other identity attributes bi-directionally between the Sun Java System Directory Server and Windows 2000 Active Directory (AD) and Windows NT Security Account Manager (SAM) Registry.
Users accessing applications that use the Sun Java System Directory Server, Windows 2000 AD, or Windows NT for login authentication need only remember a single password, and when applying periodic password updates, the users need to change their password update only once in either environment.
Sun Java System Identity Synchronization for Windows software consists of a set of components, including connectors. These individual connectors allow for the synchronization of identity attributes between Sun Java System Directory Server and Windows 2000 AD and Windows NT directories.
A connector interfaces directly with one or more directories/domains, and is responsible for propagating password updates between directory/domain instances. The connectors communicate with each other over a secure and persistent message bus.
When users change identity attributes in either Sun Java System Directory Server or Microsoft Windows directory environments, Sun Java System Identity Synchronization for Windows software immediately propagates these changes from one directory to the other. Password updates can be performed via a Microsoft Windows interface (for example, using Ctrl-Alt-Delete) or via some other password- change interface native to either operating environment.
So, if synchronization between Microsoft Active Directory and Sun Java System Directory Server is what you are looking for, Sun Java System Identity Synchronization for Windows is the solution you are looking for.
For more information on the Identity Synchronization Service for Windows, visit the Action Identity website at http://www.actionidentity.com.
Submitted by: Scott Heger, Principal Consultant
