Pwd Synchroniser allows for the event-based synchronisation of passwords from an Active Directory domain controller to other directories, such as OpenLDAP. This happens simultaneously with the change (not retroactively) either in plain text, asymmetrically encrypted, as a hash or by calling a REST service. The simple installation as a Windows service, the encrypted caching on the domain controller as well as the synchronisation activity log complete Pwd Synchroniser as an effective IAM module.
didmos Pwd Synchroniser
Run-Through of a Standard Workflow
An event-based synchronisation “intercepts” a password change at an Active Directory domain controller.
- While a user chooses a new password, it is verified that the password meets all conformity requirements.
- The new password is sent to the selected directory, either as hash (SSHA, MD5), reversibly encrypted (RSA over X509 certificate) or in plain text.
- Information is transferred via LDAP protocol, a REST service, or an external local script.
- If a password cannot be transferred immediately, it is encrypted and cached.
- The process is logged in an audit file (CSV) and can also be passed on to an external logging script.