You can synchronize the NDS password between two Identity Vaults by using the eDirectory driver. This scenario does not require Universal Password to be implemented, and can be used with eDirectory 8.6.2 or later. Another name for this kind of password synchronization is synchronizing the public/private key pair.
Figure A-1 Using NDS Password to Synchronize between Two Identity Vaults
This method should be used only to synchronize passwords from Identity Vault to Identity Vault. It does not use NMAS and therefore cannot be used to synchronize passwords to connected applications.
Table A-1 eDirectory to eDirectory Password Synchronization Using NDS Password
To set up this kind of password synchronization, configure the driver.
Not necessary.
None.
None. The settings on the Password Synchronization page for a driver have no effect on this method of synchronizing the NDS password.
Make the following changes in the eDirectory driver’s filter. This must be done for both eDirectory drivers involved in the synchronization.
Remove the nspmDistributionPassword attribute from the User class in the filter.
Add the Public Key and Private Key attributes for all object classes (typically, the User class) for which passwords should be synchronized. The following figure shows an example.
Figure A-2 Synchronizing the Private and Public Key Attributes
Turn on the DSTrace option.
Check the driver Filter to make sure the Public Key and Private Key attributes are being synchronized, not ignored.
See also the tips in Section 7.0, Troubleshooting Password Synchronization.