System information
Identity Manager Resources Reference
Page 100 Identity Manager 7.1 Update 1 • Release Notes
In an environment with multiple trusted domains and Active Directory forests, the
authentication can fail using any of these configurations because the Global Catalog does
not contain cross-forest information. If a user supplies a wrong password, it could also lead
to account lockout in the user’s domain if the number of domains is greater than the
lockout threshold.
User management across forests is only possible when multiple gateways, one for each
forest, are deployed. In this case, you can configure the adapters to use a predefined
domain for authentication per adapter without requiring the user to specify a domain. To
accomplish this, add the following authentication property to the
<AuthnProperties>
element in the resource object’s XML:
<AuthnProperty name='w2k_domain' dataSource='resource attribute' value='MyDomainName'/>
Replace MyDomainName with the domain that will authenticate users.
Login failures will occur in domains if the user exists in the domain and the password is not
synchronized.
It is not possible to use multiple data sources for the domain information in one Login
Module Group.
Correction
In the Active Directory documentation, the “Managing ACL Lists” procedure of this guide contains
the following step: (ID-16476)
3. Edit the user in Identity Manager and on the Edit User form.
Replace this sentence with the following:
3. Edit the user in Identity Manager on the Edit User form.
Database Table
• In the Database Table adapter documentation, the example for the Last Fetched Predicate is
invalid. It should be defined as follows:
lastMod > '$(lastmod)'
Flat File Active Sync
• The Flat File Active Sync adapter discusses setting the sources.hosts property in the
Waveset.properties file. This configuration should now be accomplished using
synchronization policy.