Technology Platform Support LDAP

LDAP Integration

P-Synch®, a component of Hitachi ID Management Suite®, is enterprise password management software. It reduces the frequency of help desk calls, improves user productivity and strengthens security with password synchronization, self-service password reset, help desk password reset and simplified administration of other authentication factors, such as hardware tokens and biometric samples. P-Synch includes connectors to manage passwords on over 70 types of systems.

LDAP Directory Integration

P-Synch is tightly integrated with LDAP directories, as follows:

• Directory integration:

  P-Synch is normally configured to automatically define its own users based on the users that exist in an authoritative directory, which can be an LDAP directory. There is no need for duplicate administration or reconciliation of P-Synch, separately from LDAP.

  Users can be excluded from P-Synch by virtue of group membership in LDAP or wild-card string matches on short or fully qualified login names.

• User profile storage:

  All user profile data, including a list of login IDs per user, Q-A (Question-and-Answer) data used to authenticate users during P-Synch self-service password resets and other user attributes, can be managed by P-Synch directly in an LDAP directory. This means that searches for user data first go to LDAP and retrieved data is temporarily stored in the P-Synch identity cache. Updates to user profile data are written to both the identity cache and to LDAP.

• Transparent password synchronization:

  P-Synch can be configured to intercept native password changes on LDAP directories from Microsoft, Sun, Oracle and IBM and:

  • Apply a supplementary password policy beyond the one built into the LDAP server and potentially reject the initial password change.
  • Automatically synchronize the user's other passwords, on other systems, to the new LDAP password value.

  This optional process requires a shared object library or DLL to be installed on each LDAP server -- this can be done centrally in an automated fashion from the P-Synch server.

Triggering Password Synchronization

Native password changes made on LDAP directory servers from Microsoft, Sun and IBM can trigger transparent password synchronization.

© Hitachi ID Systems, Inc. 2008. All rights reserved.