Preface
This guide describes how to plan and implement an Identity Synchronization for
Windows system.
Who Should Use This Book
This book is meant for system administrators who manage user identities on various
directory resources. You must understand directory technologies and be familiar with directory servers,
databases, and the Lightweight Directory Access Protocol (LDAP).
Once you understand the concepts described in this guide, you will be ready
to plan and deploy an Identity Synchronization for Windows solution for your
particular environment.
Before You Read This Book
Before trying to deploy Identity Synchronization for Windows, read the following publications:
Directory Server Enterprise Edition Documentation Set
This Directory Server Enterprise Edition documentation set explains how to use Sun
Java System Directory Server Enterprise Edition to evaluate, design, deploy, and administer directory
services. In addition, it shows how to develop client applications for Directory Server
Enterprise Edition. The Directory Server Enterprise Edition documentation set is available at http://docs.sun.com/coll/1224.4.
For an introduction to Directory Server Enterprise Edition, review the following documents
in the order in which they are listed.
Table P-1 Directory Server Enterprise Edition Documentation
|
|
|
Contains the latest information about
Directory Server Enterprise Edition, including known problems. |
|
Contains links to key areas of
the documentation set that help you to quickly locate the key information. |
|
Introduces the
key features of this release. Demonstrates how these features work and what they
offer in the context of a deployment that you can implement on a
single system. |
|
Explains how to plan and design highly available, highly scalable directory services
based on Directory Server Enterprise Edition. Presents the basic concepts and principles
of deployment planning and design. Discusses the solution life cycle, and provides high-level examples
and strategies to use when planning solutions based on Directory Server Enterprise
Edition. |
|
Explains how to install the Directory Server Enterprise Edition software. Shows how
to configure the installed software and verify the configured software. |
|
Provides upgrade instructions to
upgrade the version 6 installation and migration instructions to migrate version 5.2 installations. |
|
Provides
command-line instructions for administering Directory Server Enterprise Edition. For hints and instructions about
using the Directory Service Control Center, DSCC, to administer Directory Server Enterprise
Edition, see the online help provided in DSCC. |
|
Shows how to develop directory client
applications with the tools and APIs that are provided as part of Directory
Server Enterprise Edition. |
|
Introduces technical and conceptual foundations of Directory Server Enterprise Edition.
Describes its components, architecture, processes, and features. |
|
Describes the command-line tools, schema objects,
and other public interfaces that are available through Directory Server Enterprise Edition. Individual
sections of this document can be installed as online manual pages. |
|
Provides information for
defining the scope of the problem, gathering data, and troubleshooting the problem areas
by using various tools. |
|
Provides general guidelines and best practices for planning
and deploying Identity Synchronization for Windows. |
|
Describes how to install and configure Identity
Synchronization for Windows. |
|
Provides additional installation instructions in context of Directory Server Enterprise
Edition 11.1.1. |
|
Related Reading
The SLAMD Distributed Load Generation Engine is a Java application that is designed
to stress test and analyze the performance of network-based applications. It was originally
developed by Sun Microsystems, Inc. to benchmark and analyze the performance of LDAP
directory servers. SLAMD is available as an open source application under the Sun
Public License, an OSI-approved open source license. To obtain information about SLAMD, go
to http://www.slamd.com/. SLAMD is also available as a java.net project. See https://slamd.dev.java.net/.
Java Naming and Directory Interface (JNDI) technology supports accessing the Directory Server using
LDAP and DSML v2 from Java applications. For information about JNDI, see http://java.sun.com/products/jndi/.
The JNDI Tutorial contains detailed descriptions and examples of how to use JNDI. This
tutorial is at http://java.sun.com/products/jndi/tutorial/.
Directory Server Enterprise Edition can be licensed as a standalone product, as
a component of Sun Java Enterprise System, as part of a suite of
Sun products, such as the Sun Java Identity Management Suite, or as an
add-on package to other software products from Sun. Java Enterprise System is a
software infrastructure that supports enterprise applications distributed across a network or Internet environment.
If Directory Server Enterprise Edition was licensed as a component of Java Enterprise
System, you should be familiar with the system documentation at http://docs.sun.com/coll/1286.3.
Identity Synchronization for Windows uses Message Queue with a restricted license. Message Queue
documentation is available at http://docs.sun.com/coll/1307.2.
Identity Synchronization for Windows works with Microsoft Windows password policies.
Redistributable Files
Directory Server Enterprise Edition does not provide any files that you can
redistribute.
Default Paths and Command Locations
This section explains the default paths used in the documentation, and gives the
locations of commands on different operating systems and deployment types.
Default Paths
The table in this section describes the default paths that are used in
this document. For complete descriptions of the files installed, see the following product
documentation.
Table P-2 Default Paths
|
|
|
install-path |
Represents the base installation directory for Directory Server Enterprise Edition software. The
software is installed in directories below this base install-path. For example, Directory
Server software is installed in install-path/ds6/. |
When you install from a zip distribution
using dsee_deploy(1M), the default install-path is the current directory. You can set the
install-path using the -i option of the dsee_deploy command.
When you install from a
native package distribution, such as you would using the Java Enterprise System installer,
the default install-path is one of the following locations:
Solaris systems - /opt/SUNWdsee/.
Red Hat systems - /opt/sun/.
Windows systems - C:\Program Files\Sun\JavaES5\DSEE.
|
instance-path |
Represents the full path to
an instance of Directory Server or Directory Proxy Server. The documentation uses /local/ds/
for Directory Server and /local/dps/ for Directory Proxy Server. |
No default path exists.
Instance paths must nevertheless always be found on a local file system. The following
directories are recommended: /var on Solaris systems /global if you are using Sun Cluster |
serverroot |
Represents the
parent directory of the Identity Synchronization for Windows installation location |
Depends on your
installation. Note the concept of a serverroot no longer exists for Directory
Server. |
isw-hostname |
Represents the Identity Synchronization for Windows instance directory |
Depends on your installation |
/path/to/cert8.db |
Represents the
default path and file name of the client’s certificate database for Identity Synchronization
for Windows |
current-working-dir/cert8.db |
serverroot/isw-hostname/logs/ |
Represents the default path to the Identity Synchronization for Windows local logs
for the System Manager, each connector, and the Central Logger |
Depends on your installation |
serverroot/isw-hostname/logs/central/ |
Represents the
default path to the Identity Synchronization for Windows central logs |
Depends on your
installation |
|
Command Locations
The table in this section provides locations for commands that are used in
Directory Server Enterprise Edition documentation. To learn more about each of the
commands, see the relevant man pages.
Table P-3 Command Locations
|
|
|
cacaoadm |
Solaris - /usr/sbin/cacaoadm |
Solaris - install-path/dsee6/cacao_2/usr/sbin/cacaoadm |
Red Hat
- /opt/sun/cacao/bin/cacaoadm |
Red Hat, HP-UX - install-path/dsee6/cacao_2/cacao/bin/cacaoadm |
Windows - install-path\share\cacao_2\bin\cacaoadm.bat |
Windows - install-path\dsee6\cacao_2\bin\cacaoadm.bat |
certutil |
Solaris - /usr/sfw/bin/certutil |
install-path/dsee6/bin/certutil |
Red Hat - /opt/sun/private/bin/certutil |
|
install-path/dps6/bin/dpadm |
install-path/dps6/bin/dpadm |
|
install-path/dps6/bin/dpconf |
install-path/dps6/bin/dpconf |
|
install-path/ds6/bin/dsadm |
install-path/ds6/bin/dsadm |
|
install-path/dscc6/bin/dsccmon |
install-path/dscc6/bin/dsccmon |
|
install-path/dscc6/bin/dsccreg |
install-path/dscc6/bin/dsccreg |
|
install-path/dscc6/bin/dsccsetup |
install-path/dscc6/bin/dsccsetup |
|
install-path/ds6/bin/dsconf |
install-path/ds6/bin/dsconf |
|
Not provided |
install-path/dsee6/bin/dsee_deploy |
|
install-path/ds6/bin/dsmig |
install-path/ds6/bin/dsmig |
|
install-path/ds6/bin/entrycmp |
install-path/ds6/bin/entrycmp |
|
install-path/ds6/bin/fildif |
install-path/ds6/bin/fildif |
|
Not provided |
At the
root of the unzipped zip distribution |
|
install-path/ds6/bin/insync |
install-path/ds6/bin/insync |
|
install-path/ds6/bin/ns-accountstatus |
install-path/ds6/bin/ns-accountstatus |
|
install-path/ds6/bin/ns-activate |
install-path/ds6/bin/ns-activate |
|
install-path/ds6/bin/ns-inactivate |
install-path/ds6/bin/ns-inactivate |
|
install-path/ds6/bin/repldisc |
install-path/ds6/bin/repldisc |
|
install-path/ds6/bin/schema_push |
install-path/ds6/bin/schema_push |
smcwebserver |
Solaris, Linux - /usr/sbin/smcwebserver |
This command pertains only to
DSCC when it is installed using native packages distribution. |
Windows - install-path\share\webconsole\bin\smcwebserver |
wcadmin |
Solaris, Linux - /usr/sbin/wcadmin |
This command
pertains only to DSCC when it is installed using native packages distribution. |
Windows - install-path\share\webconsole\bin\wcadmin |
|
Typographic Conventions
The following table describes the typographic changes that are used in this book.
Table P-4 Typographic Conventions
|
|
|
AaBbCc123 |
The
names of commands, files, and directories, and onscreen computer output |
Edit your .login file. Use
ls -a to list all files. machine_name% you have mail. |
AaBbCc123 |
What you type, contrasted with onscreen computer output |
machine_name%
suPassword: |
AaBbCc123 |
A placeholder to be replaced with a real name or value |
The
command to remove a file is rm filename. |
AaBbCc123 |
Book titles, new terms, and
terms to be emphasized (note that some emphasized items appear bold online) |
Read Chapter
6 in the User's Guide. A cache is a copy that is stored locally. Do
not save the file. |
|
Shell Prompts in Command Examples
The following table shows default system prompts and superuser prompts.
Table P-5 Shell Prompts
|
|
C shell on
UNIX and Linux systems |
machine_name% |
C shell superuser on UNIX and Linux systems |
machine_name# |
Bourne shell
and Korn shell on UNIX and Linux systems |
$ |
Bourne shell and Korn shell
superuser on UNIX and Linux systems |
# |
Microsoft Windows command line |
C:\ |
|
Symbol Conventions
The following table explains symbols that might be used in this book.
Table P-6 Symbol Conventions
|
|
|
|
[ ] |
Contains
optional arguments and command options. |
ls [-l] |
The -l option is not required. |
{ | } |
Contains a set
of choices for a required command option. |
-d {y|n} |
The -d option requires that you
use either the y argument or the n argument. |
${ } |
Indicates a variable reference. |
${com.sun.javaRoot} |
References
the value of the com.sun.javaRoot variable. |
- |
Joins simultaneous multiple keystrokes. |
Control-A |
Press the Control key
while you press the A key. |
+ |
Joins consecutive multiple keystrokes. |
Ctrl+A+N |
Press the Control key,
release it, and then press the subsequent keys. |
-> |
Indicates menu item selection in
a graphical user interface. |
File -> New -> Templates |
From the File menu, choose
New. From the New submenu, choose Templates. |
|
Documentation, Support, and Training
The Sun web site provides information about the following additional resources:
Third-Party Web Site References
Third-party URLs are referenced in this document and provide additional, related information.
Note - Sun is not responsible for the availability of third-party web sites mentioned in
this document. Sun does not endorse and is not responsible or liable for
any content, advertising, products, or other materials that are available on or through
such sites or resources. Sun will not be responsible or liable for any
actual or alleged damage or loss caused or alleged to be caused by
or in connection with use of or reliance on any such content,
goods, or services that are available on or through such sites or resources.
Searching Sun Product Documentation
Besides searching for Sun product documentation from the docs.sun.com web site, you can
use a search engine of your choice by typing the following syntax in
the search field:
search-term site:docs.sun.com
For example, to search for Directory Server, type the following:
"Directory Server" site:docs.sun.com
To include other Sun web sites in your search, such as java.sun.com, www.sun.com,
and developers.sun.com, use sun.com in place of docs.sun.com in the search field.
Sun Welcomes Your Comments
Sun is interested in improving its documentation and welcomes your comments and suggestions.
To share your comments, go to http://www.oracle.com/technetwork/indexes/documentation/index.html and click Send Comments. In
the online form, provide the full document title and part number. The part
number is a 7-digit or 9-digit number that can be found on the
book's title page or in the document's URL. For example, the part number
of this book is 820-0386.