Contents

Purpose of This Guide

Conventions Used in This Book

Related Third-Party Web Site References

Related Information

Accessibility Features

Console Accessibility Features

Accessible Names And Descriptions

Customizable Fonts

Dynamic GUI Layout

Keyboard Traversable Components

Text Equivalents for Non-text Elements

Equivalent Command-line Interface

Documentation Accessibility Features

Text Equivalents for Non-text Elements

Tables That Can Be Interpreted By Assistive Technology

Chapter 1   Understanding the Product

System Components

Core

Product’s Configuration Registry

Console

System Manager

Central Logger

Connectors

Connector subcomponents

Directory Server subcomponent: plugin

NT connector subcomponents: Change Detector & Password Filter DLL

Command Line Interfaces

System Components Distribution

Core

Directory Server connector

Directory Server (subcomponent) plugin

Active Directory Connector

NT Connector & NT subcomponent

Deployment Example: A Two-Machine Configuration

Physical Deployment

Component Distribution

Chapter 2   Preparing for Installation

Installation Overview

Core Installation

Deployment Configuration

Prepare Directory Server Command Line Interface

Connector & Connector Subcomponent Installation

Optional Installation Steps

linkusers Command Line Interface

resync Command Line Interface

Configuration Overview

Synchronization Settings

Directories

Global Catalog and Configuration Directory

User Objectclass

Significant Attributes

Creation Attributes

Attribute Maps

Synchronization User Lists

Installation and Configuration Decisions

Installation Summary

Configuration Summary

Core Installation

Core Configuration

Connector and Subcomponent Installation

Optional Command Line Interface Usage

linkusers

resync

Post-installation Recommendations

Installation Checklists

Core Installation

Core Configuration

Connector and Subcomponent Installation

Linking Users

Resynchronization

Installation Requirements

Sun ONE Software Requirements

Hardware Requirements

Configuring Windows for SSL Operation

Unpacking the Software

Installation Privileges

Chapter 3   Core Installation

Starting the Installer

Core Installation

Chapter 4   Resource Configuration

Initial Core Configuration

Open the Appropriate Identity Synchronization for Windows Console

Creating Directory Sources

Sun ONE Directory Source

Active Directory Source

NT SAM Directory Source

Deleting Directory Sources

Setting Attribute Modification Flow

Setting the Modification Attribute Mapping

Setting Object Creation Flow and Attribute Mapping

Creating Synchronization User Lists

Overview

Defining Synchronization User Lists

Saving a Configuration

Prepare Directory Server

Accessing the Directory Server Via SSL

idsync prepds Results

Continuing the Installation

Chapter 5   Connector and Subcomponent Installation

Directory Server Connector and Plugin Subcomponent

Directory Server Connectors

Directory Server Subcomponent

Windows Active Directory Connector

Windows NT Connector and Subcomponent

Windows NT Connector

Windows NT Subcomponent

Chapter 6   Synchronizing Existing Users

Linking Users

Usage

idsync linkusers Central Log

idsync linkusers Caveats

Indexed Attributes

Undefined Synchronization Behavior

User Resynchronization

Usage

Example Usages

Logging

Starting and Stopping Synchronization

Starting and Stopping Services

Chapter 7   Removing the Software

Planning for Uninstallation

Uninstalling on Windows NT Platforms

Uninstalling NT Subcomponents

Uninstalling the NT Connector

Uninstalling on Solaris and Windows 2000

Uninstalling Directory Subcomponent (plugin)

Uninstalling Connectors

Uninstalling Core

Chapter 8   Troubleshooting

Troubleshooting Checklist

Troubleshooting Connectors

How to determine the ID of a connector managing a directory source

Using the central logs

Using idsync printstat

How to determine a connector’s current state.

What to do if the connector is in the UNINSTALLED state.

What to do if the connector is in the INSTALLED state.

What to do if the connector is in the READY state.

What to do if the connector is in the SYNCING state.

Troubleshooting Components

On Windows:

On Solaris:

Examining WatchList.properties

Troubleshooting Subcomponents

Troubleshooting Sun ONE Message Queue

Troubleshooting Broker Configuration Directory Communication

Troubleshooting Broker Memory Settings

Troubleshooting SSL Problems

SSL Between Core Components

SSL between Connectors and the Sun ONE Directory Server or Active Directory

Untrusted Certificates

Expired Certificates

SSL between the Sun ONE Directory Server Plugin and Active Directory

Chapter 9   Logs and Status

Setting Log Levels

Viewing the Audit or Error File

Understanding Logs

Central Logs

Local Component Logs

Local Subcomponent Logs

Action ID

Log Format

Log Levels

Viewing Directory Source Status

Chapter 10   Configuring Security

Security Overview

Configuration Password

SSL

Generated 3DES Keys

SSL & 3DES Keys Protection Summary

Sun ONE Message Queue Access Controls

Directory Credentials

Persistent Storage Protection Summary

Hardening your Security

Configuration Password

Active Directory Credentials during Installation

Directory Server Administrative Credentials During Installation

Directory Server User Credentials During Installation

Product’s Configuration Registry Credentials During Installation

Creating New product’s Configuration Registry Credentials

Message Queue Client Certificate Validation

Message Queue Self-signed SSL certificate

Access to the Message Queue Broker

Product’s Configuration Registry Certificate Validation

User Passwords in the Windows connector’s Object Cache

Restricting Access to the Product’s Configuration Registry

Securing Replicated Configurations

Using idsync certinfo

Arguments

Usage

Enabling SSL in Directory Server

Retrieving the CA Certificate from the Directory Server Certificate Database

Enabling SSL in the Active Directory Connector

Retrieving the Active Directory CA Certificate

Retrieving the Active Directory CA Certificate using certutil

Retrieving the Active Directory CA Certificate over LDAP

Adding the Active Directory Certificate to the Connector’s Certificate Database

Adding the Active Directory Certificate to the Directory Server

Adding the Directory Server Certificate to the Directory Server Connector

Appendix A   Command Line Utilities

Using idsync

Entering Passwords

Accessing the Configuration Directory Server Via SSL

Getting Help

Using changepw

Arguments

Usage

Using importcnf

Arguments

importcnf XML Document

Configuration XML Document Usage Samples

Defining Directory Sources

Defining SULs Using Filters and Indices

Defining Synchronization Settings, Significant/Creation Attributes, and Attribute Maps

Synchronizing Creates and Modifies from Sun to Windows

Synchronizing Creates from Windows to Sun

Using startsync

Arguments

Using stopsync

Arguments

Using certinfo

Arguments

Using printstat

Arguments

Using resetconn

Arguments

Appendix B   LinkUsers XML Document Sample
Appendix C   Running Services as Non-Root
Appendix D   Synchronization User List Definitions and Configuration

Understanding Synchronized User List Definitions

Configuring Multiple Windows Domains

Appendix E   Installation Notes for Replicated Environments

Summary of Steps for Configuring Replication

Replication Over SSL

Glossary

Index

Previous      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.