Identity Synchronization for Windows 6.0 Service Pack 1 Release Notes 11g Release 1 (11.1.1.5.0) Part Number E27423-01 |
|
|
View PDF |
This chapter provides information about tasks you must complete before you can start the Identity Synchronization for Windows 6.0 Service Pack 1 installer. The chapter contains the following sections:
This release of Identity Synchronization for Windows 6.0 Service Pack 1 contains updated versions of the JDK, NSS and Message Queue components. No change has been made to Identity Synchronization for Windows 6.0 Service Pack 1 itself.
This release of Identity Synchronization for Windows 6.0 Service Pack 1 is available and downloadable only as a component of Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1.5.0) and later releases.
Customers running Identity Synchronization for Windows 6.0 SP1 through Directory Server Enterprise Edition 7.0 should upgrade to the Identity Synchronization for Windows 6.0 Service Pack 1 that is bundled with Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1.5.0).
Identity Synchronization for Windows 6.0 Service Pack 1 is supported on the platforms listed here.
Note:
Installing Identity Synchronization for Windows 6.0 Service Pack 1 on an unsupported platform will have unpredictable results. Installing Identity Synchronization for Windows 6.0 Service Pack 1 in a Solaris zone is not supported.
Certain operating systems require additional service packs or patches, as shown in Table 1-1, "Supported Platforms" and Table 1-2, "Minimum Patch Level Requirements".
Table 1-1 Supported Platforms
Operating System | Supported OS Versions | Architecture | Additional Required Software |
---|---|---|---|
Solaris Operating System |
Solaris 10 Operating System for SPARC, x86 and AMD 64 architectures |
64–bit |
No additional software is required. |
Solaris 9 Operating System for SPARC architectures |
64–bit |
No additional software is required. |
|
Solaris 9 Operating System for x86 architectures |
32–bit |
No additional software is required. |
|
Red Hat Linux |
Red Hat Advanced Server 3.0 Red Hat Advanced Server 4.0 |
32–bit and 64–bit |
|
Microsoft Windows |
Windows 2003 Server Enterprise and Standard Edition |
32–bit |
See Section 1.4.1, "Add Missing LICENSE.txt file on Windows," and Section 1.4.6, "Resolve DNS Dependencies." |
Note:
Windows Server 2008 is not a supported installation platform for Identity Synchronization for Windows. So, although you can synchronize with Active Directory 2008 data, installing this release of Identity Synchronization for Windows 6.0 Service Pack 1 on Windows Server 2008 or 2008R2 is not supported.
Identity Synchronization for Windows 6.0 Service Pack 1 is a part of the Oracle Directory Server Enterprise Edition 11g R1 (11.1.1.5.0) bundle. The Directory Server Enterprise Edition Certification Matrix, which contains a frequently updated list of hardware and software compatible with Directory Server Enterprise Edition, is available at http://www.oracle.com/technetwork/middleware/downloads/odsee-11gr1certmatrix-161592.xls
Go to the download page for Oracle Identity Management 11g at http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html
.
Directory Server Enterprise Edition 11g Release 1 (11.1.1.5.0) is available in the following distributions:
Native package distribution (for Solaris only)
Zip distribution (for all platforms)
Use the following table to identify the required patch numbers for each supported operating system.
Table 1-2 Minimum Patch Level Requirements
Operating System | Patch Number |
---|---|
Solaris 9 SPARC |
119211-25, 125358-13 |
Solaris 9 x86 (32-bit) |
125359-13, 119212-25 |
Solaris 10 SPARC (64-bit) |
119213-25, 125358-13 |
Solaris 10 x86, AMD64, I64 (64-bit) |
125359-13, 119214-25 |
Linux RH 3.0U4 (x86 & AMD64) |
142506-06 |
Linux RH 4.0U2 (x86 & AMD64) |
121656-24 |
The following table lists the contents of the ODSEE_Identity_Synchronization_for_Windows
directory after you have unzipped the Identity Synchronization for Windows download bundle.
Table 1-3 Contents of ODSEE_Identity_Synchronization_for_Windows Directory
Operating System | Identity Synchronization for Windows Files |
---|---|
Solaris 9, 10 SPARC (64-bit) |
README.txt 144589-01/isw.6.0.sp1.solaris.sparc.zip 144589-01/README.144589-01 144589-01/patchinfo jdk/* mq4_3-installer/* packages/SunOS5.9/SUNWjss packages/SunOS5.9/SUNWpr packages/SunOS5.9/SUNWprd packages/SunOS5.9/SUNWtls packages/SunOS5.9/SUNWtlsu patches/125358-13 patches/SunOS5.10/119213-25 patches/SunOS5.9/119211-25 |
Solaris 9 x86 (32-bit) |
README.txt 144590-01/ jdk/* mq4_3-installer/* packages/SUNWjss packages/SUNWpr packages/SUNWprd packages/SUNWtls packages/SUNWtlsu patches/119212-25 patches/125359-13 |
Solaris 10 x86, AMD64, I64 (64-bit) |
144590-01/isw.6.0.sp1.solaris.x86.zip 144590-01/LEGAL_LICENSE.TXT 144590-01/patchinfo 144590-01/README.144590-01 README.txt jdk/* mq4_3-installer/* patches/119214-25 patches/125359-13 |
Linux RH 3.0U4 (x86 & AMD64) (32-bit) Linux RH 4.0U2 (x86 & AMD64) (32-bit) |
README.txt 144589-01/* jdk/* mq4_3-installer/* packages/* patches/125358-13 patches/SunOS5.10/119213-25 patches/SunOS5.9/119211-25 |
Windows (Server Enterprise & Standard Edition) |
144592-01\README.144592-01 144592-01\LEGAL_LICENSE.TXT 144592-01\isw.6.0.sp1.windows.zip jdk\jdkfb-1_5_0_29-windows-i586-p.exe mq4_3-installer\* README.txt |
The following is a checklist of issues you must resolve before you run the Identity Synchronization for Windows 6.0 Service Pack 1 installer. These tasks are not optional, they are required for a successful installation. Details for each task are included in sections immediately following the checklist.
When you install Identity Synchronization for Windows 6.0 Service Pack 1 on a Windows system, the core installation fails when installing the bundled Administration Server.
The Administration Server installation checks for the presence of a LICENSE.txt
file in the same directory as the setup.exe
file associated with the administration server in the admserv_package
subtree.To work around this issue, create a file named LICENSE.txt
file in same directory where the setup.exe
file associated with the administration server in the admserv_package
subtree is located.
Create a suffix such as ou=isw-config
for storing Identity Synchronization for Windows configuration data. In production environments, create this suffix on a Directory Server other than the Directory Server that contains your user data. See the chapter that suits your need:
For Windows, see Chapter 5, "Creating Required Data Stores in Directory Server."
For Solaris, see Chapter 7, "Creating Required Data Stores in Directory Server."
For Linux, see Chapter 9, "Creating Required Data Stores in Directory Server."
The following is a list of properties for which you must enter values when running the Identity Synchronization for Windows 6.0 Service Pack 1 installer. In the following table, an asterisk (*) indicates that a default value is automatically provided.
Table 1-4 Property Values Required by Identity Synchronization for Windows Core Installation
Attribute | Description |
---|---|
Configuration Directory Host |
Fully qualified domain name (FQDN) of a Directory Server instance (affiliated with the local Administration Server) where Identity Synchronization for Windows configuration information will be stored |
Configuration Directory Port* |
Port where the Identity Synchronization for Windows configuration directory is installed. (Default port is 389) |
Configuration Root Suffix |
Root suffix in which to store the Identity Synchronization for Windows configuration |
Administrator User ID* |
Configuration directory Administrator's user ID |
Administrator Password |
Configuration directory Administrator's password |
Configuration Password |
Password that will be used to encrypt sensitive parts of the configuration. You must enter this password when you use the console, use command line utilities, or install other components. |
Java Home* |
Location of the Java Virtual Machine to be used by installed components. Make sure this value matches the JAVA_HOME value. See Section 1.4.5, "Verify JDK Compatibility" for the required JDK release level included with Identity Synchronization for Windows. |
Server Root Directory* |
Path and directory name of the Administration Server installation server root. The Console will be installed in this location. |
Installation Directory (on Solaris or Linux platforms) |
Path and directory name of the Identity Synchronization for Windows installation directory. Core binaries, libraries, and executable will be installed in this directory. |
Instance Directory (on Solaris or Linux platforms) |
Path and directory name of the Identity Synchronization for Windows instance directory. Configuration information that changes (such as log files) will be stored in this directory. |
Message Queue Installation Directory |
Location of an existing Message Queue instance and fully qualified host name and port of the new Broker instance. |
Message Queue Configuration Directory |
Path and directory name of the Message Queue instance directory |
Message Queue Local Host Name |
Fully qualified domain name (FQDN) of the local host machine. |
Broker Port Number* |
Unused port number for the Message Queue broker to use. (Default port is 7676) |
Active Directory Host* |
Fully qualified domain name (FQDN) of the host that stores Active Directory configuration data. |
Active Directory Port |
Port number of the host that stores Active Directory user data |
Active Directory User |
User with permission to read and modify Active Directory entries. If object deletion is configured, then the user must be a domain administrator. |
Active Directory User password |
Password of the user with permission to modify Active Directory configuration |
The JDK must be installed from RPM, and it must be first in the path. Insert the following before /usr/bin
in your environments PATH:
/usr/java/jdk<java_version>/bin
For example:export PATH=/usr/java/jdk1.5.0_29/bin:$PATH
Before starting the Java console, any installers or uninstaller, set the LD_LIBRARY_PATH in your environment. For example:
LD_LIBRARY_PATH=/opt/sun/private/lib:/opt/sun/isw/lib:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH
A compatible JDK version must be installed properly to ensure a successful Identity Synchronization for Windows installation. Follow these guidelines.
For Identity Synchronization for Windows 6.0 and 6.0 SP1 (including ODSEE 11.1.1.3.0), use JDK 1.5.0_9.
For Identity Synchronization for Windows bundled in ODSEE 11.1.1.5.0, use JDK 1.5.0_29.
On Linux, install the JDK from the RPM.
Set JAVA_HOME to your installed JDK before starting installation or starting the Java console.
On Solaris, install all the included JDK packages, starting with SUNWj5rt
and SUNWj5rtx.
Install SUNWj5cfg
last.
Identity Synchronization for Windows uses the first entry from the hosts file. In the hosts file, be sure to put the FQDN of the Identity Synchronization for Windows host server immediately following the IP address. This eliminates host-only references that come up during installation or configuration. For example:
1192.168.0.10
host.example.com host host-alias
The system Identity Synchronization for Windows is being installed on must be able to resolve its domain and host fully-qualified domain name (FQDN).
Any Windows host that will have Identity Synchronization for Windows core installed on it must be a member of an Active Directory domain. Installation on a workgoup system is not supported.
The Linux system ISW must have the rpm-build tools and compat-lib*
libraries present as provided by the "developer" standard bundle and "legacy-developer" bundles from the RHEL/OEL sofware additions. These are available from the installation media. The compat-libstdc++296.i386
and libtermcap.i386
libraries must be installed
JDK must be installed from the RPM. See the Linux section in Section 1.4.4, "(Linux Only) Verify Environment Settings."
Identity Synchronization for Windows must be installed as root. You can install Identity Synchronization for Windows as root and then reconfigure Identity Synchronization for Windows to run as a non-root user after initial installation and configuration are complete.
In the course of upgrading, migrating or installing Identity Synchronization for Windows, you may have to perform basic server or service operations. This section provides the following instructions:
In the course of installing or migrating Identity Synchronization for Windows, you may want to use the administration console.
To open the administration console, run the following command:
On Solaris
/var/mps/serverroot/startconsole
On Linux
/var/Sun/mps/startconsole
On Windows
C:\Program Files\Sun\MPS\startconsole.exe
Starting and stopping synchronization does not start or stop individual Java processes, daemons, or services. Once you begin synchronization, stopping synchronization only pauses the operation. When you restart synchronization, the program resumes synchronization from where it stopped and no change will be lost.
In the Oracle Directory Server Enterprise Edition Server Console navigation pane, select the Identity Synchronization for Windows instance.
When the Identity Synchronization for Windows pane is displayed, click the Open button in the upper right corner.
When you are prompted, enter the configuration password.
Select the Tasks tab.
You can use the startsync
or stopsync
subcommands from the command line.
/opt/SUNWisw/bin/idsync
/opt/sun/isw/bin/idsync
C:\Program Files\Sun\MPS\isw instance-name\bin\idsync
To start synchronization, open a terminal window (or a Command Window) and type the idsync startsync
command as follows:
idsync startsync [-D bind-DN] -w bind-password | - [-h Configuration Directory-hostname] [-p Configuration Directory-port-no] [-s rootsuffix] -q configuration_password [-Z] [-P cert-db-path] [-m secmod-db-path]
idsync startsync -w admin_password -q configuration_password
The following table describes the arguments that are unique to startsync
.
You can use the stopsync
subcommand to stop synchronization from the command line.
To stop synchronization, open a terminal window (or a Command Window) and type the idsync stopsync
command as follows:
idsync stopsync [-D bind-DN] -w bind-password | - [-h Configuration Directory-hostname] [-p Configuration Directory-port-no] [-s rootsuffix] -q configuration_password [-Z] [-P cert-db-path] [-m secmod-db-path]
idsync stopsync -w admin_password -q configuration_password
Identity Synchronization for Windows and Message Queue are installed as daemons on Solaris and Linux, and as services on Windows. These processes start automatically when the system boots, but you can also start and stop them manually.
Note:
When starting or restarting services, be sure you start the services in this order: first start Message Queue, then start Identity Synchronization for Windows and Directory Server.
Start Message Queue.
From the command line, enter /etc/init.d/
imq start
.
From the command line, enter /etc/init.d/
imq start
.
Select Start > Settings > Control Panel > Administrative Services.
When the Administrative Services dialog box is displayed, double-click the Services icon to open the Services dialog box.
Select Message Queue Broker, and then select Action > Start from the menu bar.
From the command line, enter the net
command to control the services.
To check the Message Queue status:
You can verify that Message Queue is stopped on Linux or Solaris.
# cd /usr/jdk/jdk1.5.0_29/bin # jps -mlv | grep -i broker
You will see Java command line with broker
in the name return if Message Queue is running.
The jps
command is part of the JDK installation and is located in the bin
directory of your JDK. For example: /usr/java/jdk1.5.0_29/bin/jps
Use the windows services management console to monitor the status of the IMQ process. The services management console is under Administrative Tools in the Windows Start menu. You can also access it from Administrative Tools in the Control Panel.
Start Identity Synchronization for Windows .
From the command line, enter /etc/init.d/
isw start
.
From the command line, enter /etc/init.d/
isw start
.
Select Start > Settings > Control Panel > Administrative Services.
When the Administrative Services dialog box is displayed, double-click the Services icon to open the Services dialog box.
Select Identity Synchronization for Windows and then select Action > Start from the menu bar.
From the command line, enter the net
command to control the services.
Start Directory Server Enterprise Edition.
# install-root/dsee7/bin/dsadm start instance-path
C:\ install-root\dsee7\bin\dsadm start instance-path
If any single service among Identity Synchronization for Windows, Message Queue, or Directory Server Enterprise Edition is down for longer than 15 minutes, then you must stop and then restart all three services.
Stop Directory Server Enterprise Edition.
# install-root/dsee7/bin/dsadm stop instance-path
C:\ install-root\dsee7\bin\dsadm stop instance-path
Stop Identity Synchronization for Windows.
Note:
Pause 30 seconds after stopping the service before starting it again. Connectors can take several seconds to cleanly shut themselves down. You can Telnet to the Identity Synchronization for Windows port to determined whether it stopped.
From the command line, enter /etc/init.d/i
sw stop
.
From the command line, enter /etc/init.d/i
sw stop
.
Select Start > Settings > Control Panel > Administrative Services.
When the Administrative Services dialog box is displayed, double-click the Services icon to open the Services dialog box.
Select Identity Synchronization for Windows and then select Action > Stop from the menu bar.
Stop Message Queue.
Note:
Pause 30 seconds after stopping the service before starting it again. Connectors can take several seconds to cleanly shut themselves down. You can Telnet to the Message Queue port to determined whether it stopped.
From the command line, enter /etc/init.d/
imq stop.
From enter /etc/init.d/
imq stop.
Select Start > Settings > Control Panel > Administrative Services.
When the Administrative Services dialog box is displayed, double-click the Services icon to open the Services dialog box.
Select Message Queue, and then select Action > Stop from the menu bar.
Verify that Message Queue is stopped by checking the output of the jps
command.
# cd /usr/jdk/jdk1.5.0_29/bin # jps -mlv | grep -i broker
Use the Windows services management console (MMC) to monitor the status of the IMQ process. To start the MCC, from the Start menu, go to Administrative Tools. As an alternative, you can go Control Panel > Administrative Tools.