Identity Manager Fun
We are in the final stretch before deploying our Deltek Vision setup. One of the outstanding items left is getting Novell Identity Manager setup to replicate eDirectory users into Vision as Vision login accounts. That way our users will be able to use their everyday login IDs in Vision.
Vision is built on Microsoft SQL Server 2005, and it stores it’s user accounts as rows in a SQL table. The passwords are stored as SHA1 hashes. We have a fair amount of experience with Identity Manager, because we use it to maintain a centralized enterprise-wide eDirectory with all our user credentials in it and we also use it to automatically provision our GroupWise accounts. We’ve never used it before though to synchronize user credentials with a database using the IDM JDBC driver, so this is a bit of a learning experience.
It took me a few days to get a grasp of how the Identity Manager driver for JDBC works, learn how to configure it and install JDBC drivers, learn how to work with SQL server (I have very little recent experience with SQL Server), and figure out how to get eDirectory to spit up clear passwords. We manage passwords in GroupWise, upon initial account creation, but we don’t synchronize passwords except between eDirectory instances, which is easy, so figuring out password synchronization was a bit of work.
Last night I had the “A-Ha!” moment and figured out how to get eDirectory to cough up passwords in the clear upon a password change, and now I have everything synchronizing over to our Vision SQL Server. The only thing left to do is to transform the output so that the clear text password is replaced with a SHA1 hash of itself, in lower case, before the data is stuffed into SQL Server 2005. Then it’s a matter of me working with Bart so he can write some triggers and stored procedures in SQL to take my data from eDirectory which I’m synchronizing to a transfer table, and inserting it into the proper Vision tables.