Copyright      Index      Next
Sun Java System Identity Synchronization for Windows 1 2004Q3 Deployment Planning Guide

Contents

List of Figures

List of Tables

Preface

Who Should Use This Book

Before You Read this Book

Conventions Used in this Book

Typographic Conventions

Symbols

Shell Prompts

Related Documentation

Books in This Documentation Set

Other Documentation

Accessing Sun Resources Online

Contacting Sun Technical Support

Related Third-Party Web Site References

Sun Welcomes Your Comments

Chapter 1   Introduction

Deployment Considerations

Chapter 2   Case Study: Deploying in an Multi-Master Replication Environment

Overview

Existing Example Bank’s Architecture

Directory Server Information

Windows NT Information

Active Directory Information

Understanding Example Bank’s Technical Requirements

Identity Synchronization for Windows Features Discussed in this Case Study

Deploying the Solution

Creating a Special Active Directory User for Identity Synchronization for Windows

Configuring the Identity Synchronization for Windows Core

Configuring Directory Sources

Configuring the Sun Java System Directory Server Source

Configuring the Active Directory Source

Configuring the Windows NT Source

Configuring the Synchronization Settings

Configuring the Attribute Modification Settings

Configuring the Attributes Settings

Configuring the Object Creation Settings

Adding the ShadowAccount Objectclass

Configuring the Creation Attributes

Configuring the Synchronization User Lists

Installing the Connectors and Directory Server Plugin

Running idsync resync

Running Resynchronization Procedure When Directory Server is Authoritative

Configuration and Installation Summary

Multiple Domains

PAM LDAP

WAN Deployment

Migrating Users from Windows NT to Active Directory

Unlinking Migrated Windows NT Entries

Linking Migrated Active Directory Entries

Moving Users between Active Directory Organizational Units

When Contractors Change to Full-Time Employees

Chapter 3   Case Study: Deploying in a High-Availability Environment Over a Wide Area Network Using SSL

Global Telco Deployment Information

Directory Server Setup

Active Directory Information

Requirements

Installation and Configuration Overview

Primary and Secondary Installations

Periodically Linking New Users

Large Deployment Considerations

Configuration Walkthrough

Primary Installation

Failover Installation

Setting Up SSL

Increasing Connector Worker Threads

Aligning Primary and Failover Configurations

Setting Multiple Passwords for uid=PSWConnector

Initial idsync resync Operation

Initial idsync resync Operation for Primary Installation

Initial idsync resync Operation for Failover Installation

Periodic idsync resync Operations

Periodic idsync resync Operation for Primary Installation

Periodic idsync resync Operation for Failover Installation

Configuring Identity Manager

Understanding the Failover Process

Directory Server Connector

Active Directory Connector

Initializing the Connector State

Failover Installation Maintenance

When to Failover

Failing Over

Stopping Synchronization at the Primary Installation

Starting Synchronization at the Failover Installation

Re-installing the Directory Server Plugins

Changing the PDC FSMO Role Owner

Monitoring the Logs

Failing Back to the Primary installation

Appendix A   Pluggable Authentication Modules

Overview

Configuring PAM and Identity Synchronization for Windows

Step 1: Configure an LDAP Repository for PAM

Step 2: Configuring Identity Synchronization for Windows

Step 3: Populating the LDAP Repository

Step 4: Configuring a Solaris Host to Use PAM

Installing and Configuring a Solaris Test System

Configuring the Client Machine

Specifying Rules for Authentication and Password Management

Step 5: Verifying that PAM is Interoperating with the LDAP Store

Step 6: Demonstrating that User Changes are Flowing to the Reciprocal Environment

Case 1

Case 2

Case 3

Case 4

Configuring Systems to Prevent Eavesdropping

Introducing Windows NT into the System

Example /etc/pam.conf File

Appendix B   Identity Manager and Identity Synchronization for Windows Cohabitation

Overview

Identity Manager and Identity Synchronization for Windows Functionality

Password Changes on Active Directory

Password Changes on Directory Server

Password Changes and Provisions Originating from Identity Manager Console

Configuring Identity Manager and Identity Synchronization for Windows

Setting Up Identity Manager 5.0 SP2 and Later

Configuring the Form Property

Configuring pwsync to Not Propagate Passwords to Directory Server

Setting Up Identity Manager 5.0 SP1 and Earlier

Configuring Identity Synchronization for Windows

Handling Identity Manager-Provisioned Users

Appendix C   Logging and Debugging

Audit Logging and Action IDs

Actions

Connector Layers - Accessor, Controller, and Agent

Directory Server Plugin

Debug Logging

In Java Components

In the Installer

In the Console

Windows NT Change Detection

Changing Central Logs File Location

Changing Component Logs File Location

Isolating Problems in Directory Server

Isolating Problems in Message Queue

Isolating Problems in Active Directory

Glossary

Index

Copyright      Index      Next

---

Part No: 817-6200.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.