Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Installing Core

This section explains the process for installing the Identity Synchronization for Windows Core on Solaris, Linux, and Windows operating systems.

Before you install Core, you should be aware of the following requirements:

Note –

You must install the program as root, but after installation you can configure the software to run Solaris and Linux services as a non-root user. (See Appendix B, Identity Synchronization for Windows LinkUsers XML Document Sample)

You must install Core into a directory that has an existing server root managed by an Administration Server (version 5 2004Q2 or higher) or the installation program will fail. (You can install Administration Server using the Directory Server 5 2004Q2 installation program.)

Note –

With Identity Synchronization for Windows 6.0, the installer checks for an existing Sun Java System Administration Server. If it is not installed, the installer will install Sun Java System Administration Server as a part of Core installation.

ProcedureTo Install Identity Synchronization for Windows Core Components Using the Installation Wizard

  1. When the Welcome screen is displayed, read the information provided and then click Next to proceed to the Software License Agreement panel.

  2. Read the license agreement, then select

    • Yes (Accept License) to accept the license terms and go to the next panel.

    • No to stop the setup process and exit the installation program.

  3. The Configuration Location panel is displayed, specify the configuration directory location.

    Figure 3–1 Specifying the Configuration Directory Location

    Enter the configuration directory host name, port, and
root suffix.

    Provide the following information:

    • Configuration Directory Host: Enter the fully qualified domain name (FQDN) of a Sun Java System Directory Server instance (affiliated with the local Administration Server) where Identity Synchronization for Windows configuration information will be stored.

      You can specify an instance on the local machine or an instance that is running on a different machine.

      Identity Synchronization for Windows allows Administrator Server to access the remotely installed instance of Directory Server.

    Note –

    To avoid warnings about invalid credentials or host names, be sure to specify a host name that is DNS-resolvable to the machine on which the installation program is running.

    • Configuration Directory Port: Specify the port where the configuration directory is installed. (Default port is 389)

      To enable secure communication, enable the Secure Port option and specify an SSL port. (Default SSL port is 636).

      Once the program determines that the configuration directory is SSL-enabled, all Identity Synchronization for Windows components will use SSL to communicate with the configuration directory.

    Note –

    Identity Synchronization for Windows encrypts sensitive configuration information before sending it to the configuration Directory Server.

    However, if you want additional transport encryption between the Console and configuration directory, be sure to enable SSL for both Administration Server and the configuration Directory Server. Then, configure a secure connection between the Administration Server to which you will be authenticating the Directory Server Console. (For information, see the Sun Java System Administration Server 5 2004Q2 Administration Guide).

    Sun Java System Administration Server installed (and configured) as a part of the core components, is installed in a non-SSL mode.

    • Configuration Root Suffix: Select a root suffix from the menu in which to store the Identity Synchronization for Windows configuration.

    Note –

    If the program could not detect a root suffix, and you have to enter the information manually (or if you change the default value), you must click Refresh to regenerate a list of root suffixes. You must specify a root suffix that exists on the configuration Directory Server.

  4. Click Next to open the Configuration Directory Credentials panel.

    Figure 3–2 Specifying the Administrator Credentials

    Enter your Administrator's credentials.

  5. Enter the configuration directory Administrator’s user ID and password.

    • If you specify admin as the user ID, you will not be required to specify the User ID as a DN.

    • If you use any other user ID, then you must specify the ID as a full DN. For example, cn=Directory Manager.

      Note –

      If you are not using SSL to communicate with the configuration directory (see Installing Core), these credentials will be sent without encryption.

  6. When you are finished, click Next to open the Configuration Password panel.

    Figure 3–3 Specifying a Configuration Password

    Enter a configuration password.

  7. You must enter and confirm a password that will be used to encrypt sensitive configuration information, such as credentials. When you are done, click Next.

    Note –

    Be sure to remember this password as it will be required whenever you want to

    • Access the Identity Synchronization for Windows Console

    • Create or edit a configuration

    • Install components

    • Run any of the command line utilities

      For information about changing the configuration password see Using changepw.

      The Select Java Home panel is displayed (see Installing Core). The program automatically inserts the location of the Java Virtual Machine directory to be used by the installed components.

    Figure 3–4 Specifying the Java Home Directory

    Enter JAVA_HOME directory.

  8. Verify the Java Home Directory (must be a JDK/JRE 1.5.0_09 or later):

    • If the location is satisfactory, click Next to proceed to the Select Installation Directories panel (Installing Core).

    • If the location is not correct, click Browse to search for and select a directory where Java is installed, for example:

    • On Solaris : /var/java

    • On Linux: /usr/bin/java

    • On Windows: C:\Program Files\j2sdk1.5

    Figure 3–5 Specifying the Installation Directories

    Enter server root directory, installation directory,
and instance directory.

  9. Enter the following information in the text fields provided or click Browse to search for and select available directories:

    • Server Root Directory: Specify the path and directory name of the Administration Server installation server root. The Console will be installed in this location.

    • Installation Directory (available only when you are installing Core on Solaris or Linux): Specify the path and directory name of the installation directory. Core binaries, libraries, and executable will be installed in this directory.

    • Instance Directory (available only when you are installing Core on Solaris or Linux): Specify the path and directory name of the instance directory. Configuration information that changes (such as log files) will be stored in this directory.

    Note –

    There is only one server root directory available on Windows operating systems, and all products will be installed in that location.

    Note –

    If an Administration Server corresponding to the Configuration Directory Host and Port number provided in step 3 is not found, the installer Administration Server will install the Administration Server as part of the core installation. The default port number for the Administration Server port assigned would be the configuration directory port plus one.

  10. Click Next to proceed to the Message Queue Configuration panel.

    Note –

    You should have installed Message Queue 3.6 Enterprise Edition before starting the Identity Synchronization for Windows installation.

    On Solaris systems: Do not install Message Queue and Identity Synchronization for Windows in the same directory.

    On Linux system: Do not install Message Queue and Identity Synchronization for Windows in the same directory.

    On Windows systems: You must close any open Service Control Panel windows before continuing, or the Core installation will fail.

    Figure 3–6 Configuring Message Queue

    Enter installation directory, configuration directory,
local host name, and broker port number.

  11. Enter the following information in the text fields provided or click Browse to search for and select available directories:

    • Installation Directory: Specify the path of the Message Queue installation directory.

    • Configuration Directory: Specify the path and directory name of the Message Queue instance directory.

    • Fully Qualified Local Host Name : Specify the fully qualified domain name (FQDN) of the local host machine. (There can only be one Message Queue broker instance running per host.)

    • Broker Port Number : Specify an unused port number for the Message Queue broker to use. (Default port is 7676)

  12. Click Next and the Ready to Install panel is displayed.

    This panel provides information about the install, such as the directory where Core will be installed and how much space is required to install Core.

    • If the displayed information is satisfactory, click Install Now to install the Core component (where the installation program installs the binaries, files, and packages).

    • If the information is not correct, click Back to make changes.

      An “Installing” message is displayed briefly, and then the Component Configuration panel is displayed while the installation program adds configuration data to the specified configuration Directory Server. This operation includes:

      • Creating a Message Queue broker instance

      • Uploading the schema to the configuration directory

      • Uploading deployment-specific configuration information to the configuration directory

        This operation will take several minutes and may pause periodically, so do not be concerned unless the process exceeds ten minutes. (Watch the progress bar to monitor the installation program’s status.)

  13. When the component configuration operation is complete, the Installation Summary panel is displayed to confirm that Identity Synchronization for Windows installed successfully.

    You can click the Details button to see a list of the files that have been installed, and where they are located.

  14. Click Next and the program will determine the remaining steps you must perform to successfully install and configure Identity Synchronization for Windows.

    A “Loading...” message, and then a Remaining Installation Steps panel each display briefly, and then the following panel (Installation Overview) is displayed. This panel contains a “To Do” list of the remaining installation and configuration steps. (You also can access this panel from the Console’s Status tab.)

    Figure 3–7 To Do List for Identity Synchronization for Windows Installation and Configuration

    This panel lists the remaining installation/configuration
steps you must perform.

    The “To Do” panel will re-display throughout the installation and configuration process. The program greys-out all completed steps in the list.

    Up to this point, the To Do list will contain a generic list of steps. After you save a configuration, the program provides a list of steps that are customized for your deployment (for example, which connectors you must install).

  15. After reading the list of steps, click Next and the Start Console Option panel is displayed to indicate you have finished the Core installation.

    Figure 3–8 Starting the Console

    Enable the box to start the Sun Java System Console.

  16. Next, you must configure the Core component, which you can do from the Sun Java System Console (the Start the Sun Java System Console option is enabled by default).

    If you are migrating from Identity Synchronization for Windows version 1.0 or SP1 to Sun Java System Identity Synchronization for Windows 6.0, you can import an exported version 1.0 or SP1 configuration XML document using the idsync importcnf command line utility.

  17. Click Finished.

  18. If you elected to use the Console, the Sun Java System Console Login dialog box is displayed (seeInstalling Core).

    Figure 3–9 Logging into the Console

    Enter Localhost Name and Port Number for Sun Java System
Message Queue.

    You must enter the following information to log into the Console:

    • User ID: Enter the Administrator’s user ID you specified when you installed the Administration Server on your machine.

    • Password: Enter the Administrator’s password specified during Administration Server installation.

    • Administration URL: Enter the Administration Server’s current URL location using the following format:



      • hostname.your_domain.domain is the computer host name you selected when you installed Administration Server.

      • port_number is the port you specified for Administration Server.

  19. After providing your credentials, click OK to close the dialog box.

  20. You will then be prompted for the configuration password. Enter the password and click OK.

    When the Sun Java System Server Console window is displayed, you can start configuring Core. Continue to Chapter 4, Configuring Core Resources for instructions.