Migrating application users and passwords with Password Manager



Similar documents
Océ LDAP Adapter User Guide

ShoreTel Active Directory Import Application

Technical Overview. Active Directory Synchronization

EVERYTHING LDAP. Gabriella Davis

Using LDAP Authentication in a PowerCenter Domain

KACE Appliance LDAP Reference Guide V1.4

Introduction Installing and Configuring the LDAP Server Configuring Yealink IP Phones Using LDAP Phonebook...

VMware Identity Manager Administration

The following gives an overview of LDAP from a user's perspective.

Active Directory Synchronization Tool Architecture and Design

WHITE PAPER BT Sync, the alternative for DirSync during Migrations

Integrating With LDAP Directories

Automatic Deployment and Authentication Guide

Identity Management in Quercus. CampusIT_QUERCUS

ShoreTel Active Directory Import Application

Avaya Aura System Manager 6.2 LDAP Directory Synchronization Whitepaper

User Management Resource Administrator. Managing LDAP directory services with UMRA

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Directory Configuration Guide

Active Directory Account Provisioning (ADAP)

Step-by-Step Guide to Active Directory Bulk Import and Export

Steps to setup authentication and enrolment through LDAP protocol

Using YSU Password Self-Service

HELP DOCUMENTATION UMRA USER GUIDE

Configure Directory Integration

LDAP and Active Directory Guide

Integrating Webalo with LDAP or Active Directory

Novell Identity Manager

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Integrating Hitachi ID Suite with WebSSO Systems

LDAP connectivity to the REDDOXX-Appliance

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

SilkRoad Eprise Version: Eprise 2006 v 6.0. A Practical Guide to LDAP

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Avaya Aura System Manager 6.2 Feature Pack 3 LDAP Directory Synchronization Whitepaper

Active Directory LDAP Quota and Admin account authentication and management

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

LDAP Directory Integration with Cisco Unity Connection

Quick Introduction System Requirements Main features Getting Started Connecting to Active Directory... 4

Your Question. Article: Question: How do I Configure LDAP with Net Report?

Integrate with Directory Sources

Password Management Guide

BlackBerry Enterprise Server Resource Kit

Step-by-Step Guide to Bulk Import and Export to Active Directory

Driver for Active Directory Implementation Guide. Identity Manager 4.0.2

ProxySG TechBrief LDAP Authentication with the ProxySG

Installation and Configuration Guide

Section 1, Configuring Access Manager, on page 1 Section 2, Configuring Office 365, on page 4 Section 3, Verifying Single Sign-On Access, on page 5

Service Offering: Outsourced IdM Administrator Service

Technical Bulletin 005 Revised 2010/12/10

Open Source Identity Management

Configuring. SugarCRM. Chapter 121

Chapter 3 Authenticating Users


: IBM Tivoli Identity Manager V4.5 Implenentation

How To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

Novell to Microsoft Conversion: Identity Management Design & Plan

365 Services. 1.1 Configuring Access Manager Prerequisite Adding the Office 365 Metadata. docsys (en) 2 August 2012

VMware Identity Manager Administration

Password Self-Service for Novell edirectory. Brent McCormick Novell Corporate Technology Strategist

Novell Identity Manager

Preface. DirXmetahub Document Set

Active Directory Commands ( )

ADFS for. LogMeIn and join.me authentication

Active Directory Sync (AD) How it Works in WhosOnLocation

NetVanta Unified Communications. NetVanta Unified Communications Server. Configuration Guide

Technology Primer. OPS Manager, Release 7.4. Integrating Your Directory Server with our Directory Service Solution

AD SYNCHRONIZATION GUIDE

HOW TO: Customise the style of the display name in Active Directory Users and Computers and the GAL

LDAP / SSO Authentication

User Management Resource Administrator. UMRA tables. User Guide

Configuration Guide. BES12 Cloud

Configuration Guide BES12. Version 12.2

IPedge Feature Desc. 5/25/12

Information Systems Services. Configuring Entourage 2008 to connect to the University s Exchange service Version 2.2 February 2009

Best Practices for Breeze Directory Service Integration

identity management identified

Symprex Out-of-Office Manager

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Password Management Before User Provisioning

Connected Data. Connected Data requirements for SSO

Introducing MachPanel v.5

Configuration Guide BES12. Version 12.1

User manual for the AddOn Active Directory Synchronisation (ADSynchronisation)

Synchronization Tool. Administrator Guide

Self-Service, Anywhere

Self-Service Active Directory Group Management

Hitachi ID Password Manager Frequently Asked Questions for Help Desk Managers

[MS-FSADSA]: Active Directory Search Authorization Protocol Specification

LDAP/Active Directory Guide. Release 4.0

Avaya Aura System Manager (Avaya Aura 6.2 Feature Pack 4) LDAP Directory Synchronization Whitepaper

Adeptia Suite LDAP Integration Guide

Cloudwork Dashboard User Manual

Citrix EasyCall Gateway Pre-Installation Checklist

Administrator s Guide

SQL Server Automated Administration

4.0. Attribute Mapping Rules

SMART Directory Sync 5.0. User Guide for Windows Server Migration

Transcription:

Migrating application users and passwords with Password Manager 2015 Hitachi ID Systems, Inc. All rights reserved.

Contents 1 Introduction 1 2 Migrating Users 1 3 Initializing Passwords 2 4 Maintaining Passwords During the Transition 2 APPENDICES 3 A LDIF Example File 4 B SQL Example File 5 i

1 Introduction This document describes a number of ways in which Hitachi ID Password Manager can be used to ease system and directory migrations. Examples of migrations include, but are not limited to: 1. Upgrading a Novell NetWare / edirectory environment to Windows 2008 / Active Directory. 2. Moving from one mail system (e.g., Lotus Notes) to another (e.g., Microsoft Exchange). 3. Replacing one LDAP directory product with another. 4. Rolling out a new application that impacts a large user population, such as a self-service human resources (HR) portal. As will be described below, Password Manager can assist in the initial activation of the new system or directory and in the transition period where both the old and new systems are active. 2 Migrating Users As a part of its nightly automation process, Hitachi ID Password Manager extracts a list of users from every system where it manages passwords. When migrating users to a new directory, these user lists are a natural place to start to get a list of users that should be created on the new system. For example, the following command can be used to extract a list of user IDs and full names from the Password Manager database: c: cd "\Program Files\P-Synch\<instance>\db"..\util\dumpdb user -trim -delimited > c:\temp\users.txt This list of users can be manipulated into SQL commands to create database users or an LDIF file to create LDAP or AD users. Details of the LDIF or SQL files vary, but Section A on Page 4 and Section B on Page 5 include some examples: Another key advantage of using Password Manager in an application or directory migration project is the ability to create new login IDs with random initial password values and avoid distributing password values by e-mail. 2015 Hitachi ID Systems, Inc. All rights reserved. 1

3 Initializing Passwords A major problem in activating a new system is selecting a suitable initial password for users, and communicating that initial value to users securely. Setting the initial password value to a user s SSN or login ID is insecure. Setting a stronger password is better, but communicating that initial value to users by e-mail is also insecure. With Hitachi ID Password Manager, users need not know the initial password value to their new account. Instead, they can be instructed by e-mail to change all of their passwords, including the new one, with Password Manager. This way, they change their password from an initial random string (which they do not know) to a strong value securely, after proper authentication (with another system s password). For example, new users of an LDAP directory might receive an e-mail with the text: Acme, Inc. has activated a new corporate directory. New applications, and our Intranet, will verify your identity using a user ID and password on this directory. To activate your corporate directory account, click on the link below, enter your windows network login ID and password, and select a new password for all of your accounts. You will then be able to use the new password both for the systems with which you are already familiar, and for the new corporate directory. http://password.acme.com/psynch/nph-psf.exe Users would follow the link, type their existing Windows NT login ID and password, and select a new password. They will then be able to log into every system, including the new LDAP directory, with the new password. Thus migrating users can be done efficiently and securely. 4 Maintaining Passwords During the Transition In the event of a directory migration (for example, upgrading a domain from NetWare NDS to Windows 2008 Active Directory), it may be useful to keep running both systems for a transition period. In these cases, the password synchronization features of Hitachi ID Password Manager will significantly reduce the complexity for end users, as they won t really have to understand which resources use which directory (and hence which password). This will directly reduce the support load produced by the transition period. 2015 Hitachi ID Systems, Inc. All rights reserved. 2

APPENDICES 2015 Hitachi ID Systems, Inc. All rights reserved. 3

A LDIF Example File dn: CN=FRIT0000,CN=Corporate,DC=ad-idslite,DC=hitachi-id,DC=com changetype: add objectclass: top objectclass: person objectclass: organizationalperson objectclass: user cn: FRIT0000 description: Randell Fritz distinguishedname: CN=FRIT0000,CN=Corporate,DC=ad-idslite,DC=hitachi-id,DC=com userprincipalname: randell.fritzad-idslite.hitachi-id.com mail: randell.fritzad-idslite.hitachi-id.com givenname: Randell sn: Fritz displayname: Fritz, Randell telephonenumber: (972) 116-3406 homephone: (972) 116-3406 streetaddress: 822 Seventh Ave. l: Dallas st: Texas c: US postalcode: 44820 name: FRIT0000 useraccountcontrol: 514 samaccountname: FRIT0000 2015 Hitachi ID Systems, Inc. All rights reserved. 4

B SQL Example File insert into hrapp.person ( employeenum, loginid, firstname, lastname, streetaddress, city, state, zipcode, homephone, emailaddress, startdate, status ) values ( "E000001", "HOPK0000", "Wilber", "Hopkins", "123 Second St.", "San Antonio", "Texas", "48840", "(830) 941-6880", "wilber.hopkinsad-idslite.hitachi-id.com", "1996-09-10", "ACTIVE" ); insert into hrapp.pii ( employeenum, dateofbirth, socialsecuritynumber, driverslicensenumber, mothersmaidenname ) values ( "E000001", "1974-01-24", "262-46-5300", "823758-636", "Harris" ); 500, 1401-1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@hitachi-id.com www.hitachi-id.com Date: 2009-09-21 File: /pub/wp/documents/migration/psynch_in_migrations_5.tex

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information