Sun Java System Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Common Features

The Identity Synchronization for Windows command line utilities share the following features:

Common Arguments to the Idsync Subcommands

This section describes the arguments (options) that are common to most of the command line utilities. The information is organized into the following tables:

Table A–1 Arguments Common to All Subcommands



-h Configuration Directory-hostname

Specifies the configuration directory hostname. This argument defaults to the values specified during Core installation. 

-p Configuration Directory-port

Specifies the configuration directory LDAP port number. 

-D bind-DN

Specifies the configuration directory bind distinguished name (DN). This argument defaults to the values specified during Core installation. 

-w bind-password | -

Specifies the configuration directory bind password. The - value reads the password from standard input (STDIN).

-s rootsuffix

Specifies the configuration directory rootsuffix. Where rootsuffix is a distinguished name such as dc=example,dc=com. This argument defaults to the values specified during Core installation.

-q configuration_password | -

Specifies the configuration password. The - value means the password will be read from standard input (STDIN).

This argument is mandatory for all subcommands except prepds.

Table A–2 SSL-Related Arguments Common to All Subcommands




Specifies that SSL be used to provide secure communication. Provides certificate-based client authentication when connecting to the configuration directory accessing the command line interface or the preferred/secondary Directory Servers.

-P cert-db-path

Specifies the path and file name of the client’s certificate database.

This certificate database must contain the CA certificate used to sign the Directory Server’s certificate database. 

If you specify -Z but do not use -P, the cert-db-path defaults to current-working-directory /cert8.db.

Note: If Identity Synchronization for Windows does not find the certificate database file in the specified directory, the program creates an *empty* database in that directory, which consists of three files: cert8.db, key3.db, and secmod.db.

-m secmod-db-path

Specifies the path to the security module database. For example: 

/var/Sun/MPS/slapd-serverID /secmod.db

Specify this argument only if the security module database is in a different directory than the certificate database itself. 

Table A–3 Configuration Directory Arguments



-a ldap_filter

Use with forcepwchg and resync subcommands

Specifies the LDAP filter to use when retrieving users from the source SULs, and allows the operation to retrieve a focused subset of users from the directory source, prior to determining whether the users fall within the specified SULs.

-f filename

Use with export10cnf, importcnf, and resync subcommands

Specifies the name of a Configuration XML Document file. 


Use with forcepwchg, importcnf, and resetconn subcommands

Runs in safe mode so you can preview the effects of an operation with no actual changes. 

Entering Passwords

Wherever a password argument is required (such as -w bind-password or -q configuration_password), you can use the “ -” argument to tell the password program to read the password from STDIN.

If you use the “-” value for multiple password options, idsync will prompt you for passwords based on the arguments’ order.

In this case, the program would expect the bind-password first, and then for the configuration-password.

Getting Help

You can use one of the following commands to display usage information about idsync or any of its subcommands in the command Console:

For usage information