We are wanting to sync password changes across multiple applications; primarily between Active Directory and the iSeries. We have two ways we are currently exploring. We had some questions and would appreciate any feedback from anyone. We will only select one official path and make everyone change their passwords to confirm to the the process.
1) Password Change Initiated by IBMi: Users will change their, through the green screen. There will be a hook in the password change program that will call a PHP Web Service, pass the username and password. This Web Service will then change Active Directory. I currently have the PHP Web Service running and can hit a web page that will change the Active Directory password. The questions I have on this route is: A) How can I call this web service and pass variables from an RPG program? I have the RPG program calling the web service, but can't figure out how to get the variables in the URL string. B) Is there a way for the RPG to recieve a success or error XML response from the web service for further processing on the RPG side?
2) Password Change initiated by Web Service: Users would visit a web page and be prompted for username, current password and new password. On submit, a call is initiated to Active Director for the password change (currently working), and then would call the IBMi to initiate the password change. Is there a way for PHP to initiate a call to the IBMi, pass the username and password to initiate the change? I wasn't sure if there were any IBMi APIs, but through about writing another web service located on the Zend Server that will call an RPG program; passing the username and password to that program.
Note: The current PHP Web Service I have referred to is currently running on a Linux Server. We tried placing this script on the Zend Server/IBMi, but could not get the LDAP to bind. Had no issues when we moved the script to a Linux/NginX server. I would eventually like to get this running from the IBMi, but taking small steps!
I would prefer the 2nd method and have the PHP Web Service initiate the password change. This way, I can easily adapt other applications we have and bring those into the password change system. Most of our users have iSeries and AD accounts, but there are a few that have one or the other. We also have another application that I would like to write a hook to change the password on it, too.
Any help or guidance is appreciated.
JA
1) Password Change Initiated by IBMi: Users will change their, through the green screen. There will be a hook in the password change program that will call a PHP Web Service, pass the username and password. This Web Service will then change Active Directory. I currently have the PHP Web Service running and can hit a web page that will change the Active Directory password. The questions I have on this route is: A) How can I call this web service and pass variables from an RPG program? I have the RPG program calling the web service, but can't figure out how to get the variables in the URL string. B) Is there a way for the RPG to recieve a success or error XML response from the web service for further processing on the RPG side?
2) Password Change initiated by Web Service: Users would visit a web page and be prompted for username, current password and new password. On submit, a call is initiated to Active Director for the password change (currently working), and then would call the IBMi to initiate the password change. Is there a way for PHP to initiate a call to the IBMi, pass the username and password to initiate the change? I wasn't sure if there were any IBMi APIs, but through about writing another web service located on the Zend Server that will call an RPG program; passing the username and password to that program.
Note: The current PHP Web Service I have referred to is currently running on a Linux Server. We tried placing this script on the Zend Server/IBMi, but could not get the LDAP to bind. Had no issues when we moved the script to a Linux/NginX server. I would eventually like to get this running from the IBMi, but taking small steps!
I would prefer the 2nd method and have the PHP Web Service initiate the password change. This way, I can easily adapt other applications we have and bring those into the password change system. Most of our users have iSeries and AD accounts, but there are a few that have one or the other. We also have another application that I would like to write a hook to change the password on it, too.
Any help or guidance is appreciated.
JA
Comment