Sun Java System Directory Server Enterprise Edition 6.3 Installation Guide

Chapter 7 Installing Connectors

This chapter provides instructions for installing the Identity Synchronization for Windows Connectors. The information is organized as follows:

Identity Synchronization for Windows uses Connectors to synchronize user passwords between directory sources, and uses subcomponents to enhance the Connector’s change-detection and bidirectional synchronization support.

Before You Begin

Before starting the Connector configuring process, you should be aware of the following:

You must run the installation program each time you install a Connector.

For example, if you are installing a Directory Server Connector and an Active Directory Connector, you will run the installation program twice after the Core is installed.

Running the Installation Program

Repeat the following steps each time you install a Connector.

ProcedureTo Restart and Run the Installation Program

  1. Run the installation program again on the machine where you want to install the Connector, as follows:

    • On Solaris: Change to the installer directory and then type ./runInstaller.sh to execute the installation program.


      Note –

      To run the installation program in text-based mode, type ./runInstaller.sh -nodisplay.

      When you run the runInstaller.sh program, Identity Synchronization for Windows automatically masks passwords so they will not be echoed in the clear.


    • On Linux: Change to the installer directory and then type ./installer.sh to execute the installation program.


      Note –

      To run the installation program in text-based mode, type ./installer.sh -nodisplay.

      When you run the installer.sh program, Identity Synchronization for Windows automatically masks passwords so they will not be echoed in the clear.


    • On Windows: Change to the installer directory and then type setup.exe to execute the installation program.

  2. When the Welcome screen is displayed, read the information provided and then click Next to proceed to the Software License Agreement panel.

  3. Read the license agreement, then select

    • Yes (Accept License) to accept the license terms and go to the next panel.

    • No to stop the setup process and exit the installation program.

  4. The Sun Java System Directory Server panel is displayed. Specify the configuration directory location as follows:

    • Configuration Directory Host: Enter the fully qualified domain name (FQDN) of a Sun Java System Directory Server instance (affiliated with an Administration Server) where Identity Synchronization for Windows configuration information is stored. You must specify the same instance that you specified during the Core installation.

    • Configuration Directory Port ( Defaults to port 389): Specify a port for the configuration directory. You can leave the port set to the default or change to a different, available port.

      To enable SSL (Secure Socket Layer) between Core and the configuration directory, enable the Secure Port option and specify an SSL port ( default SSL port is 636). Enabling this option prevents sensitive information from being passed in the clear over the network.

    • Configuration Root Suffix: Select the root suffix that you specified during the Core installation from the menu. The Identity Synchronization for Windows configuration will be stored in this root suffix.


      Note –

      If the program could not detect a root suffix, and you enter the server information manually, you must click Refresh to repopulate the list of root suffixes.


  5. Click Next to open the Configuration Directory Credentials panel.

  6. Enter the configuration directory Administrator’s user ID and password.

    • If you specify admin as the user ID, you will not be required to specify the User ID as a DN.

    • If you use any other user ID, then you must specify the ID as a full DN. For example, cn=Directory Manager.


      Note –

      These credentials will be sent without encryption unless you enabled SSL in.


  7. Click Next to open the Configuration Password panel where you must enter the configuration password you specified when you installed Core.

    Also, if Core has not been installed on this machine, you will be prompted to provide the location of the Java Home directory (see Installing Core).

  8. When you are finished, click Next.


    Note –

    At this point, the installation process becomes specific to the type of Connector you are installing.


Installing Connectors

This section explains how to install the three types of Identity Synchronization for Windows Connectors, as follows


Note –

You are not required to install Connectors in any particular order, but do not attempt to install any Connectors simultaneously.


Installing the Directory Server Connector

After completing the steps described in Running the Installation Program

Figure 7–1 Selecting the Directory Server Connector

Select a connector to install

The Select components to install list contains only those Connector components that have not yet been installed. For example, after you install the Directory Server Connector (dc=example,dc=com), the program will remove the entry from the list pane.

The following table contains some example directory source entries.

Table 7–1 Directory Source Examples

Directory Source 

Example Entry 

Sun Java System Directory Server 

dc=example,dc=com

Windows Active Directory

example.com

Windows NT SAM 

EXAMPLE

ProcedureTo Install the Directory Server Connector

  1. Enable the button next to the Directory Server Connector component and then click Next.

    The Directory Server Connector Credentials panel is displayed.

    Provide your User DN and password for the primary Directory
Server, and for the secondary server (if applicable).
    Note –

    The program automatically completes the User DN fields with your fully qualified Directory Manager distinguished name, but you can change the information if necessary.


    Enter the following information:

    • Primary Directory Server User DN: If necessary, change the default user DN by entering a fully qualified Directory Manager distinguished name.

    • Primary Directory Server Password: Enter your Directory Manager password.

      If you are using a secondary master, the Secondary Directory Server User Name and Password fields will be active. The program automatically completes the Directory Manager DN field with the same entries provided for the Primary Directory Server User DN and Password fields. You can change this information if necessary.

      The program will verify that the Directory Server was prepared and ready to synchronize data. When you prepared Directory Server (Preparing Sun Directory Source), the program creates an account that the Connector will use to connect to Directory Server (for example, uid=PSWConnector,suffix).

  2. Click Next to proceed to the Connector Port Configuration pane.

    Enter your fully qualified local host name and a connector
port number.
  3. Enter the Fully Qualified Local Host Name with the domain and an available port number where the Connector will listen. (Specifying a port already in use will result in an error message.)

  4. Click Next and the Ready to Install pane is displayed to provide information about the Connector’s installation location and how much disk space is required for the installation. When you are ready, click the Install Now button.

    This pane reports which connector is being installed,
the directory location, and the amount of disk space required for the installation.
    Note –

    If you installed Core on the local machine, the Ready to Install pane will indicate that zero space is required to install the Connector. This situation occurs because the Core installation has already installed the Connector binaries. Because there are no additional binaries to install, no additional space is required.

    If you are installing the Connector on a machine other than where you installed Core, then the Ready to Install pane will indicate how much space is required to complete the Connector installation on the local machine.


    The Connector installation is accomplished in two steps:

    • An Installing pane is displayed, with a progress bar, while the program installs the binaries.

    • Next, the Component Configuration pane displays a progress bar. This step takes several minutes to complete.


      Note –

      If you did not close the Console before starting the installation, the following warning displays (Installing the Directory Server Connector). Click Reset in the Console to reload the Connector’s configuration settings.


      This pane reports which connector is being installed,
the directory location, and the amount of disk space required for the installation.

      When both steps are complete, an Installation Summary pane is displayed.


    Note –

    Directory Server plugin gets configured for preferred and secondary hosts (if any).


    Installation of Directory Server Plug-in
    Note –
    1. Clicking Yes configures the Directory Server plugin in all the hosts (preferred and secondary).

    2. Clicking No enables you to configure the plugin later using command line idsync dspluginconfig. For more information, see Appendix A, Using the Identity Synchronization for Windows Command Line Utilities.


  5. Click the Details button if you want to review the installation log.

    • On Solaris: Installation logs are written to /var/sadm/install/logs/

    • On Linux: Installation logs are written to /var/sadm/install/logs/

    • On Windows: Installation logs are written to the %TEMP% directory, which is usually a subdirectory of the Local Settings folder located underC:\Documents and Settings\Administrator


      Note –

      On some Windows systems (such as Windows 2000 Advanced Server), the Local Settings folder is a hidden folder.

      To view this folder and the Temp subdirectory, open your Windows Explorer and select Tools -> Folder Options from the menu bar. When the Folder Options dialog box is displayed, select the View tab and enable the Show Hidden Files option.


  6. Click Next to display the “To Do list” panel, which shows the list of successfully completed and pending steps.

    This panel reports which steps are finished and which
steps remain.
  7. When you are done with the panel, click Finished.

    After installing the Directory Server Connector, you can install other Connectors that you configured when you configured the resources (Chapter 6, Configuring Core Resources):

Configuring Identity Synchronization for Windows Plug-in when Chained Suffix exists

This configuration is needed only when the chained suffix exists in the Directory Server instance where Identity Synchronization for Windows Plug-in is installed. If Identity Synchronization for Windows Plug-in is not configured to search on chained suffix, MODIFY and BIND operations performed on the Directory Server where the Identity Synchronization for Windows Plug-in is installed, will fail.

In the Directory Server instance where the chained suffix is created, perform the following operations:

Execute the following LDIF script using ldapmodify utility:

dn: cn=config,cn=chaining database,cn=plugins,cn=config 
changetype: modify 
add: nspossiblechainingcomponents 
nspossiblechainingcomponents: cn=pswsync,cn=plugins,cn=config 

You can perform the similar operation by using the following procedure:

  1. Select the Configuration tab.

  2. Click the Data node that displays in the left pane.

  3. Select the Chaining tab in the right pane.

  4. Add Identity Synchronization for Windows Plug-in (cn=pswsync,cn=plugins,cn=config) to the components that are allowed to chain.

  5. Save the changes and exit.

Installing an Active Directory Connector

After you install the Directory Server Connector and if you have other configured Connectors to install, the installation program will give you the option of installing the Connectors before you see the Connector Configuration pane.

Figure 7–2 Selecting the Connector

Select a connector to install.

The component list contains only those Connector components that have not yet been installed. For example, if you already installed the Directory Server Connector (dc=example,dc=com in this case), it will not be listed.

ProcedureTo Install an Active Directory Connector

  1. Enable the Connector button and click Next.

    The Connector Configuration panel displays.

    Select a connector to install.

    The Select components to install list contains only those Connector components that have not yet been installed. For example, after you install the Directory Server Connector (dc=example,dc=com in this case), the program will remove the entry from this list pane.

  2. Enable the button next to the Active Directory component and then click Next.

    The Ready to Install pane is displayed to provide information about the Connector’s installation location and how much disk space is required for the installation.

    This pane reports which connector is being installed,
the directory location, and the amount of disk space required for the installation.
    Note –

    If you installed Core on the local machine, the Ready to Install pane will indicate that zero space is required to install the Connector. This situation occurs because the Core installation has already installed the Connector binaries. Because there are no additional binaries to install, no additional space is required.

    If you are installing the Connector on a machine other than where you installed Core, then the Ready to Install pane will indicate how much space is required to complete the Connector installation on the local machine.


  3. When you are ready, click the Install Now button.

    An Installing pane is displayed, with a progress bar, while the program installs the binaries, and then an Installation Summary pane is displayed to confirm the installation is finished.

  4. Click the Details button if you want to review the installation log.

    • On Solaris: Installation logs are written to /var/sadm/install/logs/

    • On Linux: Installation logs are written to /var/sadm/install/logs/

    • On Windows: Installation logs are written to the %TEMP% directory, which is a subdirectory of the Local Settings folder located underC:\Documents and Settings\Administrator


      Note –

      On some Windows systems (such as Windows 2000 Advanced Server), the Local Settings folder is a hidden folder.

      To view this folder and the Temp subdirectory, open your Windows Explorer and select Tools -> Folder Options from the menu bar. When the Folder Options dialog box is displayed, select the View tab and enable the Show Hidden Files option.


  5. Click Next to display the “To Do list” panel, which shows the list of successfully completed and pending steps.

    This panel reports which steps are finished and which
steps remain.
  6. When you are done with the panel, click Finished to exit the installation program.

    After installing the Active Directory Connector, you can install other Connectors that you configured when you configured resources (Chapter 6, Configuring Core Resources):

Installing the Windows NT Connector

You must install the Windows NT Connector on the Primary Domain Controller (PDC) of the domain you configured.

ProcedureTo Install a Windows NT Connector and the NT subcomponents

  1. Enable the Windows NT Connector button and click Next.

  2. When the Connector Port Configuration pane is displayed, enter the Fully Qualified Local Host Name with the domain and an available port number where the Connector will listen. (Specifying a port already in use will result in an error message.)

  3. When you are done, click Next.

    The Ready to Install pane is displayed to provide information about the Connector’s installation location and how much disk space is required.

  4. When you are ready, click the Install Now button.

    The Connector installation is accomplished in two steps:

    • An Installing pane is displayed, with a progress bar, while the program installs the binaries.

    • Next, the Component Configuration pane displays a progress bar. This step takes several minutes to complete.


      Note –

      If you did not close the Console before starting the installation, a warning displays (see Installing the Directory Server Connector). Click Reset in the Console to reload the Connector’s configuration settings.


      When both steps are complete, an Installation Summary pane is displayed.

  5. Click the Details button if you want to review the installation log.

    Installation logs are written to the %TEMP% directory, which is C:\TEMP on most Windows NT systems.

  6. Click Close to exit the installation program.

    After installing the Windows NT Connector, you can install other Connectors that you configured when you configured resources (Chapter 6, Configuring Core Resources):