After the Identity Synchronization for Windows Core is installed on config-us.gt.com, the Identity Synchronization for Windows Console is started. You configure the preferred Directory Server source first.
master2-us.gt.com is chosen as the secondary Directory Server. The connector communicates with Directory Server over SSL.
Because Global Telco requires the strictest security possible, the Directory Server Connector will require a trusted SSL certificate from the directory server, and the Identity Synchronization for Windows Directory Server Plug-ins will communicate over SSL to Active Directory.
Note that the Identity Synchronization for Windows Plug-ins inherit the SSL configuration of the directory server. Therefore, if the Directory Server requires trusted certificates, the plug-in can only communicate with Active Directory if it provides a trusted certificate. Enabling these enhanced security options implies the following additional installation actions.
Enabling this advanced security option implies additional installation steps as outlined below.
Only passwords are synchronized. No additional attributes are synchronized.
A single SUL, GT_USERS, is created as shown in Primary Installation.
Active Directory users are stored under the default cn=users,dc=gt,dc=com container. The existing users (Administrator, Guest, TsInternetUser, and iswUser) are excluded from synchronization.
The Directory Server users are stored in the default ou=people,dc=gt,dc=com container.
After the configuration is saved, each connector is installed on connectors-us.gt.com, and the Identity Synchronization for Windows Plug-in is installed.
bash-2.05# ./idsync printstat -w <password omitted\> -q <password omitted\> Exploring status of connectors, please wait... Connector ID: CNN100 Type: Sun Java(TM) System Directory Manages: dc=gt,dc=com (ldaps://master1-us.gt.com:636) (ldaps://master2-us.gt.com:636) State: READY Installed on: connectors-us.gt.com Plugin SUBC100 is installed on ldaps://master1-us.gt.com:636 Plugin SUBC101 is installed on ldaps://master2-us.gt.com:636 Plugin SUBC102 is installed on ldaps://master3-eu.gt.com:636 Plugin SUBC103 is installed on ldaps://master4-eu.gt.com:636 Plugin SUBC104 is installed on ldaps://replica1-us.gt.com:636 Plugin SUBC105 is installed on ldaps://replica2-us.gt.com:636 Plugin SUBC106 is installed on ldaps://replica3-eu.gt.com:636 Plugin SUBC107 is installed on ldaps://replica4-eu.gt.com:636 Connector ID: CNN101 Type: Active Directory Manages: gt.com (ldaps://ad2-us.gt.com:636) (ldaps://ad3-eu.gt.com:636) (ldaps://ad4-eu.gt.com:636) (ldaps://ad1-us.gt.com:636) State: READY Installed on: connectors-us.gt.com Sun Java(TM) System Message Queue Status: Started Checking the System Manager status over the Sun Java(TM) System Message Queue. System Manager Status: Started Remaining Installation and Configuration Steps: 1. Install the Sun Directory Server Plugin on every other master and read-only replica that manage users under dc=gt,dc=com. 2. Run 'idsync resync' to establish links between existing Directory Server and Windows users. 3. Start synchronization using the console or the 'idsync startsync' command. SUCCESS