Documentation Home
> Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide
Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
R
S
T
U
W
X
Preface
Chapter 1 Introduction
Identity Synchronization for WindowsDeployment Considerations
Chapter 2 Case Study: Deploying in a Multimaster Replication Environment
Example Bank Deployment Information
Example Bank’s Existing Architecture
Directory Server Information
Windows NT Information
Active Directory Information
Example Bank’s Technical Requirements
Identity Synchronization for Windows Features in This Case Study
Deploying the Solution
Creating a Special Active Directory User for Identity Synchronization for Windows
To Assign Administration Rights to the Special User
Configuring the Identity Synchronization for Windows Core
Configuring Directory Sources
Configuring the Sun Java System Directory Server Source
To Specify the Preferred and Secondary Directory Servers
Configuring the Active Directory Source
To Specify Information in the Global Catalog and for the Active Directory Domain
Configuring the Windows NT Source
To Specify the Windows NT Domain
Configuring the Synchronization Settings
Configuring the Attributes Settings
To Configure the Attribute Settings
Configuring the Attribute Modification Settings
To Configure the Attribute Modification settings
Configuring the Object Creation Settings
To Configure the Object Creation Settings
Configuring the Group Synchronization Settings
To Configure the Group synchronization Settings
Configuring the Account Lockout Synchronization Settings
To Configure the Account Lockout Synchronization Settings
Adding the shadowAccount Object Class
Configuring the Creation Attributes
To Configure the Creation Attributes
Configuring the Synchronization User Lists
SUL_NT
SUL_AD_EAST
SUL_AD_WEST
Resolving Issues With Multiple SULs
Installing the Connectors and Directory Server Plug-Ins
Running idsync resync
Running the Resynchronization Procedure When Directory Server Is Authoritative
To Synchronize Attribute Values in Active Directory With the Values in Directory Server After Linking Entries
Configuration and Installation Summary
Multiple Domains
PAM LDAP
WAN Deployment
Migrating Users From Windows NT to Active Directory
Unlinking Migrated Windows NT Entries
Linking Migrated Active Directory Entries
Moving Users Between Active Directory Organizational Units
When Contractors Become Full-Time Employees
Chapter 3 Case Study: Deploying in a High-Availability Environment Over a Wide Area Network Using SSL
Global Telco Deployment Information
Directory Server Setup
Active Directory Information
Requirements
Installation and Configuration Overview
Primary and Secondary Installations
Periodically Linking New Users
Large Deployment Considerations
Configuration Walkthrough
Primary Installation
Failover Installation
Setting Up SSL
Increasing Connector Worker Threads
Aligning Primary and Failover Configurations
Setting Multiple Passwords for uid=PSWConnector
Initial idsync resync Operation
Initial idsync resync Operation for Primary Installation
Initial idsync resync Operation for Failover Installation
Periodic idsync resync Operations
Periodic idsync resync Operation for Primary Installation
Periodic idsync resync Operation for Failover Installation
Configuring Identity Manager
Understanding the Failover Process
Directory Server Connector
Active Directory Connector
Initializing the Connector State
Failover Installation Maintenance
When to Failover
Failing Over
Stopping Synchronization at the Primary Installation
Starting Synchronization at the Failover Installation
Re-enabling the Directory Server Plugins
Changing the PDC FSMO Role Owner
Monitoring the Logs
Failing Back to the Primary installation
Appendix A Pluggable Authentication Modules
Overview
Configuring PAM and Identity Synchronization for Windows
Step 1: Configure an LDAP Repository for PAM
Step 2: Configuring Identity Synchronization for Windows
Step 3: Populating the LDAP Repository
Step 4: Configuring a Solaris Host to Use PAM
Installing and Configuring a Solaris Test System
Configuring the Client Machine
Specifying Rules for Authentication and Password Management
Authentication
Password Management
Step 5: Verifying that PAM is Interoperating with the LDAP Store
Step 6: Demonstrating that User Changes are Flowing to the Reciprocal Environment
Case 1
Case 2
Case 3
Case 4
Verifying the entries on Windows
Configuring Systems to Prevent Eavesdropping
Introducing Windows NT into the configuration
Example /etc/pam.conf File
Appendix B Identity Manager and Identity Synchronization for Windows Cohabitation
Overview
Identity Manager and Identity Synchronization for Windows Functionality
Password Changes on Active Directory
Password Changes on Directory Server
Password Changes and Provisions Originating from Identity Manager Console
Configuring Identity Manager and Identity Synchronization for Windows
Setting Up Identity Manager 5.0 SP2 and Later
Configuring the Form Property
Configuring pwsync to Not Propagate Passwords to Directory Server
Setting Up Identity Manager 5.0 SP1 and Earlier
Configuring Identity Synchronization for Windows
Handling Identity Manager-Provisioned Users
Appendix C Logging and Debugging
Audit Logging and Action IDs
Actions
Connector Layers - Accessor, Controller, and Agent
Directory Server Plugin
Debug Logging
In Java Components
In the Installer
In the Console
Windows NT Change Detection
Changing Central Logs File Location
Changing Component Logs File Location
Isolating Problems in Directory Server
Isolating Problems in Message Queue
Isolating Problems in Active Directory
Glossary
© 2010, Oracle Corporation and/or its affiliates