Home > Identity Management > Identity Manager Fun

Identity Manager Fun

We are in the final stretch before deploying our Deltek Vision setup. One of the outstanding items left is getting Novell Identity Manager setup to replicate eDirectory users into Vision as Vision login accounts. That way our users will be able to use their everyday login IDs in Vision.

Vision is built on Microsoft SQL Server 2005, and it stores it’s user accounts as rows in a SQL table. The passwords are stored as SHA1 hashes. We have a fair amount of experience with Identity Manager, because we use it to maintain a centralized enterprise-wide eDirectory with all our user credentials in it and we also use it to automatically provision our GroupWise accounts. We’ve never used it before though to synchronize user credentials with a database using the IDM JDBC driver, so this is a bit of a learning experience.

It took me a few days to get a grasp of how the Identity Manager driver for JDBC works, learn how to configure it and install JDBC drivers, learn how to work with SQL server (I have very little recent experience with SQL Server), and figure out how to get eDirectory to spit up clear passwords. We manage passwords in GroupWise, upon initial account creation, but we don’t synchronize passwords except between eDirectory instances, which is easy, so figuring out password synchronization was a bit of work.

Last night I had the “A-Ha!” moment and figured out how to get eDirectory to cough up passwords in the clear upon a password change, and now I have everything synchronizing over to our Vision SQL Server. The only thing left to do is to transform the output so that the clear text password is replaced with a SHA1 hash of itself, in lower case, before the data is stuffed into SQL Server 2005. Then it’s a matter of me working with Bart so he can write some triggers and stored procedures in SQL to take my data from eDirectory which I’m synchronizing to a transfer table, and inserting it into the proper Vision tables.

Categories: Identity Management
  1. Shannon Clyde
    2007-02-27 at 08:53


    Will you be using LDAP authentication for access to the SQL Server 2005 database and financial system? Have you had any issues integrating SQL 2005 and eDirectory? I was under the impression that SQL 2005 pretty much locks you into activedirectory.


  2. 2007-02-27 at 15:21

    The way Deltek Vision works is that the user accounts are just rows in a table in the SQL server. The user IDs that manage the SQL server can be either AD users or SQL Server user IDs. Either way works fine. In our case, the web server and the report server from Vision are the only two entities that need to directly access the database, so there are two IDs to configure, and we never have to look at Active Directory again.

    Our regular users are stored in eDirectory, and we’re using Identity Manager’s jdbc driver to sychronize to a table in the database.

  3. Jimmy Parker
    2008-01-08 at 03:32

    I’m trying to connect IDM to SQL 2005 any help would be appreciated


  4. 2008-01-14 at 15:59

    That’s a bit vague Jim. What do you want to know specifically?

  5. Hardik
    2008-07-28 at 08:30

    I am trying to make a connector for Deltek Vision with IDM….so can u tell me how to start with…

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: