Identity Synchronization for Windows Limitations (Sun Java System Directory Server Enterprise Edition 6.3 Release Notes)

Sun Java System Directory Server Enterprise Edition 6.3 Release Notes

Identity Synchronization for Windows Limitations

This section lists product limitations. Limitations are not always associated with a change request number.

Identity Synchronization for Windows requires sun-sasl-2.19-4.i386.rpm to install successfully.

On Linux, before installing Identity Synchronization for Windows, make sure that the sun-sasl-2.19-4.i386.rpm package is installed on your system. Otherwise the Identity Synchronization for Windows installation would fail. You can get the SASL package from the shared components of the JES 5 distribution or later.

Do not change file permissions by hand.

Changes to file permissions for installed Directory Server Enterprise Edition product files can in some cases prevent the software from operating properly.

To workaround this limitation, install products as a user having appropriate user and group permissions.

No failover for the Identity Synchronization for Windows core service.

If you loose the system where Identity Synchronization for Windows core services are installed, you need to install it again. There is no failover for the Identity Synchronization for Windows core service.

Take a backup of ou=services (configuration branch of Identity Synchronization for Windows DIT) in LDIF format and use this information while reinstalling Identity Synchronization for Windows.

Change in authentication behavior on Microsoft Windows 2003 SP1.

When you install Windows 2003 SP1, by default users are allowed one hour to access their accounts using their old passwords.

As a result, when users change their passwords on Active Directory, the on-demand sync attribute dspswvalidate is set to true, and the old password can be used to authenticate against Directory Server. The password synchronized on Directory Server is then the prior, old password, rather than the current Active Directory password.

See the Microsoft Windows support documentation for details on how to turn off this functionality.

Remove serverroot.conf before you remove Administration Server

To uninstall Administration Server, remove /etc/mps/admin/v5.2/shared/config/serverroot.conf before you remove the Administration Server package.

Mention the admin jars path in CLASSPATH

CLASSPATH should contain the location of the admin jars, otherwise a noClassDefFound error is displayed during resynchronization.