Yes, we are using a third party product to do this.
I'm not the expert on how it works, but we installed an agent on each
partition from a company called Courion. When someone changes their AD
password, then each OS/400 partition is checked for that account and if
it exists, the password is sync'ed. This product also offers a self
service password reset function, but we do not allow IT staff to either
sync using active directory or to use the self service reset. It's
considered too high a risk for IT, so only our end users are getting to
use of this service.
HTH,
Glenn Birnbaum
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Mike Cunningham
Sent: Thursday, February 07, 2008 11:02 AM
To: 'Midrange Systems Technical Discussion'
Subject: i5/OS password sync with Windows Active Directory
Is anyone doing password syncing between i5/OS and Active Directory? By
that I mean when a users changes their password in Active Directory that
same password is sent to i5/OS and the matching userid is updated with
the same password. Not EIM. Not Kerberos. Just password syncing. Or is
there a way to tell i5/OS to authenticate a logon using a remote LDAP
directory? Searching has found some reference to this for Domino on
i5/OS but I am looking for 5250 logon to always use the same password
that the user has in active directory
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
