| Oracle® Fusion Middleware Release Notes for Identity Synchronization for Windows 6.0 Service Pack 1 11g Release 1 (11.1.1.7.0) Part Number E28964-01 |
|
|
PDF · Mobi · ePub |
| Oracle® Fusion Middleware Release Notes for Identity Synchronization for Windows 6.0 Service Pack 1 11g Release 1 (11.1.1.7.0) Part Number E28964-01 |
|
|
PDF · Mobi · ePub |
When you migrate from Identity Synchronization for Windows 6.0, you first export the existing configuration and uninstall Identity Synchronization for Windows 6.0. Then you install Identity Synchronization for Windows 6.0 Service Pack 1 , and apply the configuration exported from Identity Synchronization for Windows 6.0. This chapter contains the following sections:
Obtaining the Latest Identity Synchronization for Windows Release
Uninstalling Identity Synchronization for Windows 6.0 Components
Installing Identity Synchronization for Windows 6.0 Service Pack 1
See Section 1.4, "Obtaining the Software as Part of Directory Server Enterprise Edition."
The following is a checklist of required tasks you must complete before you can successfully migrate Identity Synchronization for Windows 6.0 Service Pack 1 .
Unpack the Identity Synchronization for Windows 6.0 Service Pack 1 patch content
Add a clear text password to the exported configuration file
Stop the Identity Synchronization for Windows 6.0 Service Pack 1 services
Start the Identity Synchronization for Windows 6.0 Service Pack 1 services
Schedule an appropriate time for migration.
Migration typically requires four to eight hours, depending on your system's performance and the configuration of Identity Synchronization for Windows 6.0 Service Pack 1 .
You can use either the administration console or the command-line interface to complete these tasks.
Open the administration console.
# /var/mps/serverroot/startconsole
Go to Configuration > Groups, and deselect the Enable Group Synchronization checkbox.
Go to Configuration > Account Lockout, and deselect the Enable Account Lockout Synchronization checkbox.
Click Save.
Use the idsync command in the following directory: /opt/SUNWisw/bin/idsync
To disable group synchronization:
# idsync groupsync -d -D Directory-Manager-DN -w bind-password [-h Configuration-Directory-hostname] [-p Configuration-Directory-port-number] -s rootsuffix [-Z] -q configuration-password -t AD-group-type
To disable account lockout:
# idsync accountlockout -d -D Directory-Manager_DN -w bind-password -h Configuration Directory-hostname -p Configuration-Directory-port-number -s rootsuffix [-Z] [-P cert-db-path [-m secmod db path] -q configuration-password -t max-lockout-attempts
Unpack the Identity Synchronization for Windows 6.0 Service Pack 1 patch content which is located here: ODSEE_Identity_Synchronization_for_Windows/144590-01
# unzip isw.6.0.sp1.solaris.x86.zip
After the patch files are unzipped, the migration subdirectory contains the migration tools:
export11cnf.jar
checktopics.jar
Export the current Identity Synchronization for Windows 6.0 Service Pack 1 configuration setting to an XML file.
Change the current directory to migration and run the export11cnf.jar file with the following usage:
# java -jar export11cnf.jar -D bind_DN -w bind_password | - [-h configuration_directory_hostname] [-p configuration_directory_port_number] -s root_suffix [-Z] -q configuration_password | - -f xml_configuration_filename_to_export
The following example shows a typical use:
# java -jar export11cnf.jar -D "cn=directory manager" -w - -h "test.example.com" -p 389 -s "ou=isw_config" -q - -f export.cfg
Add clear text passwords to the exported configuration file.
Edit the exported configuration file, and enter a password between the double quotation marks for each of six cleartextPassword fields. You must provide three passwords for the Directory Server user, and three passwords for the Active Directory user.
You can either use the administration console, or run the idsync stopsync command. See Section 1.6.2, "Starting and Stopping Synchronization."
Make sure that the current directory is migration, and run the checktopics.jar file with the following usage:
java -jar checktopics.jar -D bind_DN -w bind_password | - [-h configuration_directory_hostname] [-p configuration_directory_port_number] -s root_suffix [-Z] -q configuration_password | -
The following example shows a typical use:
java -jar checktopics.jar -D "cn=directory manager" -w - -h "test.example.com" -p 389 -s "ou=isw_config" -q -
If the system is in a quiescent state, checktopics.jar displays the following message:
There are no synchronization messages currently in the Message Queue
If checktopics.jar does not display this message, follow these steps:
Restart synchronization. See Section 1.6.2, "Starting and Stopping Synchronization."
Wait until the synchronization messages are applied to the destination connector.
Stop synchronization again. See Section 1.6.2, "Starting and Stopping Synchronization."
Run the checktopics.jar file again.
Stop the Identity Synchronization for Windows 6.0 Service Pack 1 services. See Section 1.6.3, "Starting and Stopping Services."
Save the connector states by backing up the persist and etc directories from the existing 6.0 installation tree.
Change the current directory to the server_instance_root directory and run the following command:
$ tar cf /var/tmp/connector-state.tar persist etc
Note:
To identify the server_instance_root on Solaris systems, run:
pkginfo -l SUNWiswfc | grep BASEDIR
Repeat the following procedure for each of the Identity Synchronization for Windows components installed on your system in this order: First uninstall Active Directory Connectors, then uninstall Directory Server Connectors and Plug-ins, and finally uninstall the Identity Synchronization for Windows Core.
Caution:
Before running the uninstaller, see Bug Number 6529349 in Chapter 3, "Known Bugs and Limitations."
Run the uninstaller located at /opt/SUNWisw/runUninstaller.sh.
If the installer fails with a "No DN entered" error, then run the installer in text mode the following way :
# /opt/SUNWisw/runUninstaller.sh -nodisplay
Provide the requested passwords.
Each time you run the uninstaller, remove only one component. If you remove more than one component at a time, results may be unpredicatable.
See "Chapter 9, Removing the Software" in Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide for more information.
To install Identity Synchronization for Windows 6.0 Service Pack 1 complete these steps:
Prepare for installation as described in Section 7.3, "Preparing for Identity Synchronization for Windows Installation."
Install the Identity Synchronization for Windows 6.0 Service Pack 1 core, as described in Chapter 3, Installing Core, in Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
When installation is complete, do not start the console. Proceed directly to the next step.
Install the HotFix-6.0SP1_COMBO_5_20110722 patch included within the 11.1.1.7.0 ODSEE release. Follow the instructions conainted in the README file within the hotfix path. For example on Solaris:
# unzip -q isw-generic.zip # ./Install /opt/SUNWisw /var/mps/serverroot
To import your version 6.0 configuration XML file, run the idsync importcnf from the following path:
/opt/SUNWisw/bin/
# idsync importcnf -w admin_password -q configuration_password -f xml_configuration_filename_to_import
For more information about using idsync importcnf, see Using importcnf in Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
(Optional) Install the group synchronization and deletion flow features as described in these sections:
Install the Identity Synchronization for Windows 6.0 Service Pack 1 connectors as described in Chapter 5, Installing Connectors, in Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
(Optional) Configure account lockout.
# cd /opt/SUNWisw/bin/idsync
# idsync accountlockout -d -D Directory-Manager_DN -w bind-password -h Configuration Directory-hostname -p Configuration-Directory-port-number -s rootsuffix [-Z] [-P cert-db-path [-m secmod db path] -q configuration-password -t max-lockout-attempts
Configure the Identity Synchronization for Windows 6.0 Service Pack 1 plug-in as described in "Using dspluginconfig " in theOracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
Stop Identity Synchronization for Windows services. See Section 1.6.3, "Starting and Stopping Services."
Delete the Identity Synchronization for Windows 6.0 Service Pack 1 persist and etc directories and all their contents from the instance directory, and replace them with Identity Synchronization for Windows version 6.0 persist and etc directories that you backed up in Section 6.2.9, "Save the connector states".
On Solaris and Linux systems, use these commands:
# cd server-instance-root
# rm -rf etc persist
# tar xf /var/tmp/connector-state.tar
Note:
To identify the server_instance_root on Solaris systems, run:
# pkginfo -l SUNWiswfc | grep BASEDIR
Start the Identity Synchronization for Windows 6.0 Service Pack 1 services.
Start synchronization.
To confirm that the Identity Synchronization for Windows 6.0 Service Pack 1 installation has been successful, run the following command:
$/opt/sun/isw/bin/idsync -V
The output should be the same as the following:
common.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) connector.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) install.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) registry.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) ui.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) watchdog.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) manager.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld)
|
 Copyright © 2001, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|