Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Identity Synchronization for Windows Installation and Configuration Guide

Chapter 5
Connector and Subcomponent Installation

This section contains Identity Synchronization for Windows connector and subcomponent installation procedures including:

Install connectors by running the setup program on the chosen machine.

The following connectors require a follow-up subcomponent installation:

After installing a Directory Server connector, run the setup program again to install the Directory Server plugin subcomponent. The Directory Server plugin must be installed in each Directory Server master and consumer that stores users being synchronized. After installing a Windows NT connector, run setup again on that machine to install the NT subcomponent. Active Directory connectors do not have subcomponents.

Note

For best performance, make sure the Java 2 Platform Standard Edition SDK (JDK) 1.4.1_03 or higher and not the Java Runtime Environment (JRE) is available on the host on which connector installation is being performed.

Directory Server Connector and Plugin Subcomponent

Use the setup program to install Directory Server connectors. After installing a Directory Server connector, run the setup program again to install the Directory Server plugin subcomponent.

Connectors can be installed in the same system as core or another system. the plugin must be installed on the system where Directory Server is installed.

Directory Server Connectors

  1. Run the setup program on the desired Directory Server. Find it in the directory installer where you untarred binary files. On Windows machines execute the setup executable in the installer directory:

    2. cd installer

  1. At the Welcome screen press Next.
  2. At the Software License Agreement screen read the license and press Yes (Accept License) to accept the license terms. Press No to exit setup.
  3. When prompted, enter the Configuration Directory URL.

    4. The configuration directory is the Directory Server instance where Identity Synchronization for Windows stores the core configuration information. Enter the following:

    ldap://Directory Server name:port number

  4. Select the root suffix for the configuration directory. Press Fetch Root Suffixes and a drop-down list will populate with choices. Select the desired root suffix.

    5. The root suffix that is chosen is the root suffix where the configuration is stored, which may be different than the rootsuffix being synchronized.


    Select a root suffix for the configuration directory.

  5. Press Next.
  6. Enter the Configuration Directory Server administrator name and password. Press Next.

    7. Note

    The credentials provided will be sent without encryption. Consider changing them in the Directory Server after installation if network traffic confidentiality may be compromised.

  7. Enter the configuration password. Press Next.

    8. If installing the connector on the same Solaris or Windows system as the core a message appears stating that setup has detected that core or connectors have already been installed on the system. All additional components will be installed under c:\Program Files\Sun\MPS\isw-hostname\. Press OK.

  8. Enter the Java home directory. Note that at a minimum this directory must contain a Java 1.4.1_03 installation and should be the Java 2 Platform Standard Edition SDK (JDK) and not the Java Runtime Environment (JRE) for best performance.

    9. For example on Windows platforms:

    C:\j2sdk1.4.1_04

    On UNIX platforms:

    /usr/j2sdk1.4.1_04/j2se


    Select directory resources from the list.

  9. Select the appropriate directory sources from the drop-down list.

    10. Identity Synchronization for Windows uses connectors to synchronize user passwords between directory sources. Example directory sources are:

    Directory Source

    Example Entry

    Sun ONE Directory Server

    dc=example,dc=com

    Windows Active Directory

    example.com

    Windows NT

    EXAMPLE

    Choose the directory source from a Sun ONE Directory Server with which you wish to connect. Press Next.

    The Directory Server Connector Installation window appears.

  10. Select the Primary Directory Server Connector URL shown in the window.

    11. This URL contains the LDAP port for the Directory Server being synchronized.

  11. Enter the Directory Server administrator name and password. Press Next.

    12. Note

    The credentials provided will be sent without encryption. Consider changing them in the Directory Server after installation if network traffic confidentiality may be compromised.


    Enter the Directory Server Connector administrator name and password.

    The Directory Port configuration window appears.

  12. Enter the fully qualified Localhost Name with domain.
  13. Enter the Port Number of the connector.

    14. Choose an available server port, which the connector will use to securely pass configuration information to the Directory Server plugin.Press next.

    Note

    Use a non-SSL, non-secure LDAP port number for the Directory Server(s) while installing connectors.

  14. The setup program checks for available disk space and an installation summary menu appears.

    15. Ensure that the following component appears in the summary menu.

    DSConnector

  15. When ready, click Install Now.

    16. An installation status bar and the Register Configuration Data window appears.

  16. When prompted, press Next to register with the selected Directory Server. This may take several minutes.
  17. An Installation Summary appears. Press Details if you wish to view the installation log. Press Close to exit setup.
  18. Perform Step 1 through Step 18 for each additional Directory Server connector.

Directory Server Subcomponent

  1. Run the setup program again from each machine where a directory server is installed.

    2. Note

    Only install a subcomponent from the machine which has the Directory Source for which the plugin is intended.

  2. At the Welcome screen press Next.
  3. At the Software License Agreement screen read the license and press Yes (Accept License) to accept terms of license. Press No to exit setup.
  4. When prompted enter the Configuration Directory URL.

    5. The configuration directory is the Directory Server instance where Identity Synchronization for Windows configuration information is stored. Enter the following:

    ldap://Directory Server name:port number

  5. Select the root suffix for the configuration directory. Press Fetch Root Suffixes and a drop-down list will populate with choices. Select the desired root suffix.

    6. The root suffix that is chosen is the root suffix where the configuration is stored, which may be different than the rootsuffix being synchronized.

  6. Press Next.
  7. Enter the Configuration Directory Server administrator name (cn=Directory Manager) and password. Press Next.

    8. Note

    The credentials provided will be sent without encryption. Consider changing them in the Directory Server after installation if network traffic confidentiality may be compromised.

  8. Enter the configuration password. Press Next

    9. If installing the subcomponent or connector on the same system as the core a message appears stating that setup has detected that core or connectors have already been installed on the system. All additional components will be installed under the installation directory. Press OK.

  9. Select Subcomponents and press Next.
  10. Select the directory source for this subcomponent installation. Press Next.


    11. Press Next to register Password Synchronization for Windows with the selected Directory Server.

  11. Select the appropriate Host Type from the drop-down menu.
    • Preferred
    • Secondary
    • Other

      • Note

      All Directory Server replicas (those other than preferred/secondary servers) also need a Directory Server subcomponent installed. Choose Other as the Host Type for these Directory Server replicas.

  12. Enter the Directory Server administrator’s name and password. Press Next.

    13. Note

    The credentials provided will be sent without encryption. Consider changing them in the Directory Server after installation if network traffic confidentiality may be compromised.

  13. The setup program checks for available disk space and an installation summary screen appears.

    14. Ensure that the following subcomponent appears in the summary menu.

    DSSubcomponents

  14. When ready, press Install Now.

    15. An installation status bar and the Register Configuration Data window appears.

  15. When prompted, press Next to register with the selected Directory Server. This may take several minutes.

    16. A window appears stating that you must restart the Directory Server where the plugin has been installed. Press OK.

  16. An Installation Summary appears. Press Details if you wish to view the installation log. Press close to exit setup.
  17. Restart the Directory Server where the plugin has been installed.

Windows Active Directory Connector

Note

Verify network functionality before proceeding. Specifically, determine whether servers in your network can communicate with the Configuration Directory Server.

  1. Download Identity Synchronization for Windows to each system on which you wish to install a connector. Refer to "Starting the Installer".
  2. Run the setup program on the desired server. Find it in the directory where you untarred binary files. On Windows machines, execute the setup executable in the installer directory:

    3. cd installer

    setup.exe

    Execute the installer on UNIX machines:

    cd installer

    ./runInstaller.sh

  3. At the Welcome screen press Next.
  4. At the Software License Agreement screen read the license and press Yes (Accept License) to accept terms of license. Press No to exit setup.
  5. When prompted, enter the Configuration Directory URL.

    6. The configuration directory is the Directory Server instance where Identity Synchronization for Windows configuration information is stored. Enter the following:

    ldap://Directory Server name:port number

    Press Fetch Root Suffixes and a drop-down list will populate with choices. Select the desired root suffix. Press Next.

    The root suffix that is chosen is the root suffix where the configuration is stored, which may be different than the rootsuffix being synchronized.

  6. Enter the Configuration Directory Server administrator name and password. Press Next.

    7. Note

    The credentials provided will be sent without encryption. Consider changing them in the Directory Server after installation if network traffic confidentiality may be compromised.

  7. Enter the configuration password. Press Next.

    8. If installing the connector on the same Windows system as core, a message appears stating that setup has detected that core or connectors have already been installed on the system. All additional components will be installed under the installation directory. Press OK.

  8. Select Connector and press Next.
  9. Enter the Java home directory. Note that at a minimum this directory must contain a Java 1.4.1_03 installation and should be the Java 2 Platform Standard Edition SDK (JDK) and not the Java Runtime Environment (JRE) for best performance.
  10. Select the appropriate directory source from the list.

    11. Identity Synchronization for Windows uses connectors to synchronize user passwords between directory sources. Example directory sources are:

    Table 5-1  

    Directory Source

    Example Entry

    Sun ONE Directory Server

    dc=example,dc=com

    Windows Active Directory

    example.com

    Directory Source Examples

    Choose the directory source from a Windows Active Directory with which you wish to connect.

  11. Press Next.
  12. If the connector is configured to use LDAP over SSL to communicate with Active Directory, enter the Administrator’s password.

    13. Note

    The credentials provided will be sent without encryption. Consider changing them in the Directory Server after installation if network traffic confidentiality may be compromised.

    Note

    The default prompt for the user is Administrator. You can use the cn of any user under cn=users in Active Directory (for example cn=<user>,cn=users,dc=domain,dc=com).

    However, the user value has to exist in the cn=users container in Active Directory.

  13. Press Get Certificate Authorities. Select the Certificate Authority from the drop-down menu. Press Next
  14. The setup program checks for available disk space and an installation summary menu appears.

    15. Ensure that the following component appears in the summary menu.

    ADConnector

  15. When ready press Install Now.

    16. An installation status bar and the Register Configuration Data window appears.

  16. When prompted, press next to register with the selected Directory Server. This may take several minutes.


    17. Press Next to register Password Synchronization for Windows with the selected Directory Server.

  17. An Installation Summary appears. Press Details if you wish to view the installation log. Press Close to exit setup.
  18. Perform Step 1 through Step 17 for each additional Active Directory domain where you wish to install a connector.

Windows NT Connector and Subcomponent

Use the setup program to install Windows NT connectors. After installing a Windows NT connector, run the setup program again to install the Windows NT subcomponents.

Note

The Windows NT connector and subcomponents must be installed on the machine where the Windows NT directory source is installed. The Windows NT directory source must be on a machine that is a primary domain controller.

Windows NT Connector

  1. Download Identity Synchronization for Windows to the primary domain controller of each Windows NT domain to be synchronized. Refer to "Starting the Installer".
  2. Run the setup program on the desired server. Find it in the directory where you untarred binary files. Execute the setup executable in the installer directory:

    3. cd installer

  1. At the Welcome screen press Next.
  2. At the Software License Agreement screen read the license and press Yes (Accept License) to accept terms of license. Press No to exit setup.
  3. When prompted enter the Configuration Directory URL.

    4. The configuration directory is the Directory Server instance where Identity Synchronization for Windows configuration information is to be stored. Enter the following:

    ldap://Directory Server name:port number

    Press Fetch Root Suffixes and a drop-down list will populate with choices. select the desired root suffix. Press Next. The root suffix that is chosen is the root suffix where the configuration is stored, which may be different than the rootsuffix being synchronized.

  4. Enter the Configuration Directory Server administrator name and password. Press Next.

    5. Note

    The credentials provided will be sent without encryption. Consider changing them in the Directory Server after installation if network traffic confidentiality may be compromised.

  5. Enter the configuration password. Press Next.
  6. Enter the directory in which to install the connector. Press Next.

    7. A message appears if the directory does not exist. Press Yes to create a new directory.

  7. Select Connectors and press Next.
  8. Enter the Java home directory. Note that at a minimum this directory must contain a Java 1.4 installation and should be the Java 2 Platform Standard Edition SDK (JDK) and not the Java Runtime Environment (JRE) for best performance.
  9. Select the appropriate directory source from the drop-down list.

    10. Identity Synchronization for Windows uses connectors to synchronize user passwords between directory sources. Example directory sources are:

    Table 5-2  Directory Source Examples

    Directory Source

    Example Entry

    Windows NT

    EXAMPLE

    Sun ONE Directory Server

    dc=example,dc=sun,dc=com

    Choose the directory source from a Windows NT directory with which you wish to connect.

  10. Press Next.
  11. Enter the fully qualified Localhost Name.
  12. Enter the Port Number of the connector. Press next.

    13. Choose an available server port, which the connector will use to securely pass configuration information to the Windows NT subcomponent.

  13. The setup program checks for available disk space and an installation summary menu appears.

    14. Ensure that the following component appears in the summary menu.

    NTConnector

  14. When ready, press Install Now.

    15. An installation status bar and the Register Configuration Data window appears.

  15. When prompted, press next to register with the selected Directory Server. This may take several minutes.
  16. An Installation Summary appears. Click Details if you wish to view the installation log. Press Close to exit setup.

Windows NT Subcomponent

  1. Run the setup program again from the primary domain controller.
  2. At the Welcome screen press Next.
  3. At the Software License Agreement screen read the license and press Yes (Accept License) to accept the license terms. Press No to exit setup.
  4. When prompted enter the Configuration Directory URL.

    5. The configuration directory is the Directory Server instance where Identity Synchronization for Windows configuration information is stored. Enter the following:

    ldap://Directory Server name:port number

  5. Select the root suffix for the configuration directory. Press Fetch Root Suffixes and a drop-down list will populate with choices. Select the desired root suffix.

    6. The root suffix that is chosen is the root suffix where the configuration is stored, which may be different than the rootsuffix being synchronized.

  6. Press Next.
  7. Enter the Configuration Directory Server administrator name and password. Press Next.

    8. Note

    The credentials provided will be sent without encryption. Consider changing them in the Directory Server after installation if network traffic confidentiality may be compromised.

  8. Enter the configuration password. Press Next.

    9. A message appears stating that setup has detected that core or connectors have already been installed on the system. All additional components will be installed under the installation directory. Press OK.

  9. If a window appears that gives you a choice between connectors and subcomponents, select Subcomponents and press Next.
  10. Select the directory source for this subcomponent installation. Press Next.
  11. The setup program checks for available disk space and an installation summary menu appears.

    12. Ensure that the following component appears in the summary.

    NTSubcomponents

  12. When ready, click Install Now.

    13. An installation status bar and the Register Configuration Data window appears.

  13. When prompted, press Next to register with the selected Directory Server. This may take several minutes.

    14. A message appears stating that the Windows subcomponents have been installed. Please reboot the machine. Click Next.

  14. An Installation Summary appears. Click Details if you wish to view the installation log. Press Close to exit setup.
  15. Reboot the NT Server where the subcomponent has been installed.
  16. Perform the procedures in "Windows NT Connector" and "Windows NT Subcomponent" for each additional NT domain where you wish to install a connector.

    17. Note

    For the Windows NT SAM Change Detector subcomponent to be effective, you must turn on the NT audit log. Under Start > Programs > Administrative Tools > User Manager, select Policies > Audit Policies.
    Select Audit These Events and then both the Success and Failure boxes for User and Group Management.

    Under Event Log Settings in the Event Viewer>Event Log Wrapping, select Overwrite Events as Needed.



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.