Skip Navigation Links | |
Exit Print View | |
Oracle Identity Synchronization for Windows 6.0 Deployment Planning Guide |
2. Case Study: Deploying in a Multimaster Replication Environment
3. Case Study: Deploying in a High-Availability Environment Over a Wide Area Network Using SSL
Global Telco Deployment Information
Installation and Configuration Overview
Primary and Secondary Installations
Periodically Linking New Users
Large Deployment Considerations
Increasing Connector Worker Threads
Aligning Primary and Failover Configurations
Setting Multiple Passwords for uid=PSWConnector
Initial idsync resync Operation
Initial idsync resync Operation for Primary Installation
Initial idsync resync Operation for Failover Installation
Periodic idsync resync Operations
Periodic idsync resync Operation for Primary Installation
Periodic idsync resync Operation for Failover Installation
Understanding the Failover Process
Failover Installation Maintenance
Stopping Synchronization at the Primary Installation
Starting Synchronization at the Failover Installation
Re-enabling the Directory Server Plugins
Changing the PDC FSMO Role Owner
Failing Back to the Primary installation
A. Pluggable Authentication Modules
B. Identity Manager and Identity Synchronization for Windows Cohabitation
To initialize the connector state for the failover configuration, synchronization must be started. Before synchronization can be started, the Identity Synchronization for Windows Plugin must be enabled on both master3-eu.gt.com and master4-eu.gt.com to point to the failover configuration. Once the plugin has been enabled and the directory servers have been restarted, synchronization can be started. Verify that both connectors have entered the SYNCING state using the console or the idsync printstat command:
bash-2.05# ./idsync printstat -w <password omitted\> -q <password omitted\> Exploring status of connectors, please wait Connector ID: CNN100 Type: Sun Java(TM) System Directory Manages: dc=gt,dc=com (ldaps://master3-eu.gt.com:636) (ldaps://master4-eu.gt.com:636) State: SYNCING Installed on: connectors-eu.gt.com Plugin SUBC100 is installed on ldaps://master3-eu.gt.com:636 Plugin SUBC101 is installed on ldaps://master4-eu.gt.com:636 Connector ID: CNN101 Type: Active Directory Manages: gt.com (ldaps://ad1-us.gt.com:636) (ldaps://ad2-us.gt.com:636) (ldaps://ad4-eu.gt.com:636) (ldaps://ad3-eu.gt.com:636) State: SYNCING Installed on: connectors-eu.gt.com Sun Java(TM) System Message Queue Status: Started Checking the System Manager status over the Sun Java(TM) System Message Queue. System Manager Status: Started SUCCESS
Once synchronization has started, modify a user password both in Active Directory and in Directory Server and it will force the connectors to persist their state. To verify, do the following:
Directory Server Connector: Check for the presence of the /var/opt/SUNWisw/persist/ADP100/accessor.state file. And check that the highestacknowledgedchangenumber value stored in the file is not -1. (To determine the appropriate ADP subdirectory of persist, find the connector ID using the console or idsync printstat, and then replace CNN with ADP in the connector ID.)
Active Directory Connector: Check that the Active Directory Connector actually propagated the change. There should be an INFO message in the central log that includes the usnchanged value, for example,
[05/Nov/2004:14:07:38.982 -0600] INFO 18 CNN101 connectors-eu "The agent is sending the following inbound action to MQ: Type: MODIFY SUL: GT_USERS {Data Attrs: } {Other Attrs: cn: Jane Test dn: CN=Jane Test,CN=Users,DC=gt,DC=com objectclass: top,person, organizationalPerson, user dspswuserlink: Rwyr9YEFk0WYxbFP5Nnrjg== pwdlastset: 127441696561778218 samaccountname: 3aa00test100001 sn: test100001 usnchanged: 120831 whenchanged: 20041105230736.0Z passwordchanged: TRUE}." (Action ID=CNN102-1000A5846CB-5, SN=2)
Once you have verified that both the connectors have check-pointed their state, stop synchronization for the failover installation, and then reinstall the Directory Server Plugins on master3-eu.gt.com and master4-eu.gt.com to point to the primary configuration.