Sun Identity Manager 8.1 Business Administrator's Guide

Before You Install

The PasswordSync feature can be set up only on Windows 2008, Windows 2003, and Windows 2000 domain controllers. (Support for Windows NT domain controllers was discontinued in version 8.0 of Identity Manager.) You must install PasswordSync on each primary and backup domain controller in the domains that will be synchronized with Identity Manager. Configuring PasswordSync for HTTPS is highly recommended.

Note –

Versions of PasswordSync that are older than version 7.1.1 should be updated to at least version 7.1.1 on all domain controllers.

Support for the rpcrouter2 servlet has been deprecated in version 8.0, and will be removed in a future release. PasswordSync versions 7.1.1 and newer support the new protocol.

If using JMS, PasswordSync requires connectivity with a JMS server. See the JMS Listener resource adapter section in the Sun Identity Manager 8.1 Resources Referencefor more information about the requirements for the JMS system.

In addition, PasswordSync requires you to

Install at least Microsoft .NET 1.1 on each domain controller.
Remove any previous versions of PasswordSync.

These requirements are discussed in more detail in the following sections.

Install Microsoft .NET 1.1

To use PasswordSync, you must install at least the Microsoft .NET 1.1 Framework. This Framework is installed by default if you are using a Windows 2003 domain controller. The Microsoft .NET 2.0 Framework is installed by default on Windows 2008 domain controllers. If you are using a Windows 2000 domain controller, no Framework is installed by default. You can download the toolkit from the Microsoft Download Center at:

http://www.microsoft.com/downloads

Note –

Enter .NET Framework Redistributable in the Keywords search field to quickly locate the Framework toolkit.
The toolkit installs the .NET Framework.

Configure PasswordSync for SSL

Although sensitive data is encrypted before being sent to the Identity Manager server, Sun Microsystems recommends configuring PasswordSync to use a secure SSL connection (that is, an HTTPS connection).

For information on how to install imported SSL certificates, see this Microsoft Knowledge Base How-To article:

http://support.microsoft.com/kb/816794

Once you have installed PasswordSync, you can test that your SSL connection is properly configured by specifying an HTTPS URL in the PasswordSync Configuration dialog. See Testing Your Configuration for instructions.

Uninstall Previous Versions of PasswordSync

You must remove any previously installed instances of PasswordSync before installing a later version.

If the previously installed version of PasswordSync supports the IdmPwSync.msi installer, you can use the standard Windows Add/Remove Programs utility to remove the program.
If the previously installed version of PasswordSync does not support the IdmPwSync.msi installer, use the InstallAnywhere uninstaller to remove the program.