Software Dependency Requirements
Directory Server relies on the Network Security Services, NSS, layer for cryptographic algorithms. NSS has been validated to work with the Sun cryptographic framework provided on Solaris 10 systems, which supports cryptographic acceleration devices.
On Windows systems, Directory Server requires ActivePerl software to use account activation and manual schema replication commands. Directory Server Enterprise Edition does not provide ActivePerl. The dependency concerns the following commands.
On Windows, you must disable the pop-up blocker to make Directory Service Control Center work properly.
Directory Proxy Server requires a Java runtime environment, JRE, version of at least 1.5.0_09 on Solaris, Red Hat and Windows systems. The zip distribution installs JRE. When you install from the zip distribution with the JAVA_HOME environment variable set, the Java runtime environment specified by JAVA_HOME is used. If JAVA_HOME is set for your environment, make sure the version is up to date.
Directory Proxy Server will work with any LDAPv3 compliant directory servers, but it is tested only with Sun Java System Directory Server.
For virtualization, Directory Proxy Server has been validated with the following JDBC data sources, using the drivers mentioned below. Though Directory Proxy Server works with all the JDBC 3 compliant drivers.
|
JDBC Data Source |
JDBC Driver |
|---|---|
|
DB2 v9 |
IBM DB2 JDBC Universal Driver Architecture 2.10.27 |
|
JavaDB 10.2.2.0 |
Apache Derby Network Client JDBC Driver 10.2.2.0 |
|
MySQL 5.0 |
MySQL-AB JDBC Driver mysql-connector-java-5.0.4 |
|
Oracle 9i Database Oracle 10g Database |
Oracle JDBC driver 10.2.0.2.0 |
On Windows systems, the dsee_deploy command cannot properly register software with the Common Agent Container, cacao, when you run the command from an MKS shell. This can occur when your MKS PATH does not include the system-drive:\system32 folder. Alternatively, run the command on the Windows native command line.
On Solaris 10, rc.scripts are deprecated so commands like dsadm autostart are not supported. Instead use Solaris 10 Service Management Facility (SMF) to handle these types of requests. For example, dsadm enable-service. For more information on SMF, see Solaris documentation.
Before you can install Identity Synchronization for Windows, you must install the prerequisite Sun Java System software components, including JRE and Message Queue.
-
No JRE is provided with Identity Synchronization for Windows.
Identity Synchronization for Windows installer requires J2SE or JRE 1.5.0_09.
Identity Synchronization for Windows requires JRE 1.5.0_09 on Windows NT.
-
The Identity Synchronization for Windows bundle for this release includes Message Queue 3.6.
When installing Identity Synchronization for Windows, you must specify the path to the version of Message Queue to use. The Identity Synchronization for Windows installation program then installs a required broker into Message Queue, so that Identity Synchronization for Windows can use Message Queue for synchronization.
On Windows systems, Identity Synchronization for Windows supports only Message Queue 3.6. You therefore install Message Queue 3.6 provided with the Identity Synchronization for Windows bundle.
Message Queue 3.7 is, however, installed as a Java Enterprise System shared component. On Windows systems by default you can therefore end up with both Message Queue 3.6 and Message Queue 3.7 installed. If you install Java Enterprise System components alongside Identity Synchronization for Windows on a Windows system, be sure Message Queue 3.7 is not selected.
On Windows systems, the JRE installed with Console and Administration Server does not include fixes for daylight savings time changes. You must apply fixes for daylight savings time changes after installation. To fix the JRE, use the tzupdater tool, described at http://java.sun.com/javase/tzupdater_README.html. The JRE to fix is found after installation under ServerRoot/bin/base/jre/ where you installed the Console and Administration Server.
Identity Synchronization for Windows Requirements in a Firewall Environment
You can run Identity Synchronization for Windows in a firewall environment. The following sections list the server ports that you must expose through the firewall.
Message Queue Requirements
By default, Message Queue uses dynamic ports for all services except for its port mapper. To access the Message Queue broker through a firewall, the broker should use fixed ports for all services.
After installing the core, you must set the imq.<service_name>.<protocol_type>.port broker configuration properties. Specifically, you must set the imq.ssljms.tls.port option. Refer to the Message Queue documentation for more information.
Installer Requirements
The Identity Synchronization for Windows installer must be able to communicate with the Directory Server acting as the configuration directory.
-
If you are installing an Active Directory connector, the installer must be able to contact Active Directory’s LDAP port, 389.
-
If you are installing a Directory Server connector or a Directory Server plug-in (subcomponent), the installer must be able to contact the Directory Server LDAP port, default 389.
Core Component Requirements
The Message Queue, system manager, and command line interface must be able to reach the Directory Server where the Identity Synchronization for Windows configuration is stored.
Console Requirements
The Identity Synchronization for Windows console must be able to reach the following:
-
Active Directory over LDAP, port 389, or LDAPS, port 636
-
Active Directory Global Catalog over LDAP, port 3268, or LDAPS, port 3269
-
Each Directory Server over LDAP or LDAPS
-
Administration Server
-
Message Queue
Connector Requirements
All connectors must be able to communicate with Message Queue.
In addition, the following connector requirements must be met.
-
The Active Directory connector must be able to access the Active Directory Domain Controller over LDAP, port 389, or LDAPS, port 636.
-
The Directory Server connector must be able to access Directory Server instances over LDAP, default port 389, or LDAPS, default port 636.
Directory Server Plug-in Requirements in a Firewall Environment
Each Directory Server plug-in must be able to reach the Directory Server connector’s server port, which was chosen when the connector was installed. Plug-ins that run in Directory Server Master replicas must be able to connect to Active Directory’s LDAP, port 389, or LDAPS, port 636. The plug-ins that run in other Directory Server replicas must be able to reach the master Directory Server LDAP and LDAPS ports.
Supported Browsers for Directory Service Control Center
The following table displays the browsers for each operating system that supports Directory Service Control Center.
|
Operating System |
Supported Browser |
|---|---|
|
Solaris 10 and Solaris 9 (SPARC and x86) |
NetscapeTM Communicator 7.1, MozillaTM 1.7.12, and Firefox 1.0.7, 1.5, and 2.0 |
|
Red Hat Linux 4, Red Hat Linux 3 and SuSE Linux |
Mozilla 1.7.12 and Firefox 1.0.7, 1.5, and 2.0 |
|
Windows XP |
Netscape Communicator 8.0.4, Microsoft Internet Explorer 6.0SP2, Mozilla 1.7.12, and Firefox 1.0.7, 1.5, and 2.0 |
|
Windows 2000/2003 |
Netscape Communicator 8.0.4, Microsoft Internet Explorer 6.0SP1, Mozilla 1.7.12, and Firefox 1.0.7, 1.5, and 2.0 |
- © 2010, Oracle Corporation and/or its affiliates