Pwd Synchronizer allows the event-based synchronization of passwords from an Active Directory domain controller to other directories, such as OpenLDAP. This happens at the time of the change (not subsequently) either in plain text, asymmetrically encrypted, as a hash or by calling a REST service. The simple installation as a Windows service, the encrypted caching on the domain controller as well as the recording of the synchronization processes complete Pwd Synchronizer as an effective IAM module.
Workflow and functions
A typical workflow is as follows:
- An event-based synchronization “intercepts” a password change at an Active Directory domain controller.
- The new password is sent to the desired directory, either as hash (SSHA, MD5), reversibly encrypted (RSA over X509 certificate) or in plain text.
- The transfer takes place via an LDAP directory, a REST service, or an external local script.
- Passwords that cannot be transfered immediately are generally encrypted and cached.
- After this, the module can write an audit file (CSV) and call an external logging script.
- While the user sets a new password, the password can be checked for compliance with password guidelines.