Sun Identity Manager 8.1 Resources Reference

Resource Configuration Notes

The LDAP adapter supports Active Sync for the Sun JavaTM System Directory Server resource using the resource's Retro change log. On the Identity Manager side, use either the LDAPActiveSyncForm.xml or LDAPPasswordActiveSyncForm.xml as input forms for synchronization. See the Chapter 4, Data Loading and Synchronization, in Sun Identity Manager Deployment Guide and Chapter 51, Synchronizing LDAP Passwordsfor details on configuring Identity Manager.

To configure the Sun Java System Directory Server to enable the change log and tracking of modifier information, use the following instructions as guide (the actual procedure depends on the Directory Server version).

ProcedureConfiguring Directory Server for Use with the LDAP Adapter

  1. From the directory server configuration tab, click on the Replication folder, then select the “Enable change log” box. For 5.0 and later servers, you must also enable the RetroChangelog Snapin. On the configuration tab go to the plugin object, select the Retro change log plugin and enable it.

  2. To verify that the server is configured to maintain special attributes for newly created or modified entries, in the Directory Server console, click the Configuration tab, then select the root entry in the navigation tree in the left pane.

  3. Click the Settings subtab and verify that the Track Entry Modification Times box is checked.

    The server adds the following attributes to a newly created or modified entry to determine if an event was initiated from Identity Manager.

    • creatorsName: The DN of the person who initially created the entry.

    • modifiersName: The DN of the person who last modified the entry.

  4. Connect to a directory server through SSL in which a self-signed certificate has been implemented by performing the following procedure:

    • Export the CA certificate from the directory server to a temporary file. For example, on Sun Java System Directory Server, enter the following command:

      certutil -L -d DB_Directory -P slapd-HostName- -n Nickname -a > ds-cert.txt
    • Import this certificate into your keystore.

    • cd $JAVA_HOME/jre/lib/security
      keytool -import -file PathTo/ds-cert.txt -keystore ./cacerts
       -storepass changeit -trustcacerts