This chapter explains how to use the Identity Synchronization for Windows installation program and how to install the Identity Synchronization for Windows Core component.
The information is organized into the following sections:
Before starting the Identity Synchronization for Windows installation process:
Read Chapter 2, Preparing for Installation that contains important information, such as installation prerequisites, checklists, and administrator privilege requirements.
A Java Runtime Environment (JRE) is not provided with this product. If necessary, you can download a Java Development Kit from the following location:
http://java.sun.com or http://www.java.com
You must install JRE 1.5.0_09 or later to run the Identity Synchronization for Windows installation program on your Solaris, Linux, or Windows 2000/2003 systems.
If Directory Server 6.x is installed with Java ES, JRE 1.5.0_09 is already installed on your computer.
On Windows systems only: You must close any open Service Control Panel windows before starting Core installation, or the installation will fail.
On Solaris systems: Do not install Message Queue and Identity Synchronization for Windows in the same directory.
On Red Hat Linux systems: Do not install Message Queue and Identity Synchronization for Windows in the same directory.
This section explains how to download, unpack (or unzip), and run the Identity Synchronization for Windows installation program on the following platforms:
Use the following steps to prepare and run the Identity Synchronization for Windows installation program on a Solaris SPARC operating system.
 To Run Identity Synchronization for Windows on Solaris SPARC
To Run Identity Synchronization for Windows on Solaris SPARCLog in as root.
Change to the directory on the delivery media for Solaris SPARC containing the installation program, DSEE_Identity_Synchronization_for_Windows.
Type ./runInstaller.sh to execute the installation program.
To run the installation program in text-based mode, type the following.
| ./runInstaller.sh -nodisplay | 
When you run the runInstaller.sh program, Identity Synchronization for Windows automatically masks passwords so they will not be echoed in the clear.
 To Prepare and Run Identity Synchronization for Windows on Solaris x86
To Prepare and Run Identity Synchronization for Windows on Solaris x86Log in as root.
Change to the directory on the delivery media for Solaris x86 containing the installation program, DSEE_Identity_Synchronization_for_Windows.
Type ./runInstaller.sh to execute the installation program.
To run the installation program in text-based mode, type the following.
| ./runInstaller.sh -nodisplay | 
When you run the runInstaller.sh program, Identity Synchronization for Windows automatically masks passwords so they will not be echoed in the clear.
Use the following steps to prepare and run the Identity Synchronization for Windows installation program on a Windows operating system:
 To Run Identity Synchronization for Windows on Windows
To Run Identity Synchronization for Windows on WindowsLog in as an Administrator.
Change to the directory on the delivery media for Windows containing the installation program, DSEE_Identity_Synchronization_for_Windows.
Type setup.exe to execute the installation program.
The Identity Synchronization for Windows installation wizard is displayed.
Installing Core in the Administration Server root, makes the Identity Synchronization for Windows wizard detect most of the information required for installation, such as directory paths and names, and complete certain fields in the wizard panels automatically.
If any of the information is missing or incorrect, you can enter the required information manually.
Continue to the next section for Core installation instructions.
Use the following steps to prepare and run the Identity Synchronization for Windows installation program on a Red Hat Linux operating system:
 To Prepare and Run Identity Synchronization for Windows on Linux
To Prepare and Run Identity Synchronization for Windows on LinuxLog in as root.
Change to the directory on the delivery media for Red Hat containing the installation program, DSEE_Identity_Synchronization_for_Windows.
Type ./installer.sh to execute the installation program.
To run the installation program in text-based mode, type the following.
| ./installer.sh -nodisplay | 
When you run the installer.sh program, Identity Synchronization for Windows automatically masks passwords so they will not be echoed in the clear.
This section explains the process for installing the Identity Synchronization for Windows Core on Solaris, Linux, and Windows operating systems.
Before you install Core, you should be aware of the following requirements:
On Solaris systems: You must have root privileges to install and run Solaris services.
On Red Hat Linux systems: You must have root privileges to install and run Linux services.
On Windows 2000/2003 systems: You must have Administrator privileges to install Identity Synchronization for Windows.
You must install the program as root, but after installation you can configure the software to run Solaris and Linux services as a non-root user. (See Appendix B, Identity Synchronization for Windows LinkUsers XML Document Sample)
You must install Core into a directory that has an existing server root managed by an Administration Server (version 5 2004Q2 or higher) or the installation program will fail. (You can install Administration Server using the Directory Server 5 2004Q2 installation program.)
With Identity Synchronization for Windows 6.0, the installer checks for an existing Sun Java System Administration Server. If it is not installed, the installer will install Sun Java System Administration Server as a part of Core installation.
 To Install Identity Synchronization for Windows Core Components Using the Installation
Wizard
To Install Identity Synchronization for Windows Core Components Using the Installation
WizardWhen the Welcome screen is displayed, read the information provided and then click Next to proceed to the Software License Agreement panel.
Read the license agreement, then select
Yes (Accept License) to accept the license terms and go to the next panel.
No to stop the setup process and exit the installation program.
The Configuration Location panel is displayed, specify the configuration directory location.
 
Provide the following information:
Configuration Directory Host: Enter the fully qualified domain name (FQDN) of a Sun Java System Directory Server instance (affiliated with the local Administration Server) where Identity Synchronization for Windows configuration information will be stored.
You can specify an instance on the local machine or an instance that is running on a different machine.
Identity Synchronization for Windows allows Administrator Server to access the remotely installed instance of Directory Server.
To avoid warnings about invalid credentials or host names, be sure to specify a host name that is DNS-resolvable to the machine on which the installation program is running.
Configuration Directory Port: Specify the port where the configuration directory is installed. (Default port is 389)
To enable secure communication, enable the Secure Port option and specify an SSL port. (Default SSL port is 636).
Once the program determines that the configuration directory is SSL-enabled, all Identity Synchronization for Windows components will use SSL to communicate with the configuration directory.
Identity Synchronization for Windows encrypts sensitive configuration information before sending it to the configuration Directory Server.
However, if you want additional transport encryption between the Console and configuration directory, be sure to enable SSL for both Administration Server and the configuration Directory Server. Then, configure a secure connection between the Administration Server to which you will be authenticating the Directory Server Console. (For information, see the Sun Java System Administration Server 5 2004Q2 Administration Guide).
Sun Java System Administration Server installed (and configured) as a part of the core components, is installed in a non-SSL mode.
Configuration Root Suffix: Select a root suffix from the menu in which to store the Identity Synchronization for Windows configuration.
If the program could not detect a root suffix, and you have to enter the information manually (or if you change the default value), you must click Refresh to regenerate a list of root suffixes. You must specify a root suffix that exists on the configuration Directory Server.
Click Next to open the Configuration Directory Credentials panel.
 
Enter the configuration directory Administrator’s user ID and password.
If you specify admin as the user ID, you will not be required to specify the User ID as a DN.
If you use any other user ID, then you must specify the ID as a full DN. For example, cn=Directory Manager.
If you are not using SSL to communicate with the configuration directory (see Installing Core), these credentials will be sent without encryption.
When you are finished, click Next to open the Configuration Password panel.
 
You must enter and confirm a password that will be used to encrypt sensitive configuration information, such as credentials. When you are done, click Next.
Be sure to remember this password as it will be required whenever you want to
Create or edit a configuration
Install components
Run any of the command line utilities
For information about changing the configuration password see Using changepw.
The Select Java Home panel is displayed (see Installing Core). The program automatically inserts the location of the Java Virtual Machine directory to be used by the installed components.
 
Verify the Java Home Directory (must be a JDK/JRE 1.5.0_09 or later):
If the location is satisfactory, click Next to proceed to the Select Installation Directories panel (Installing Core).
If the location is not correct, click Browse to search for and select a directory where Java is installed, for example:
On Windows: C:\Program Files\j2sdk1.5
 
Enter the following information in the text fields provided or click Browse to search for and select available directories:
Server Root Directory: Specify the path and directory name of the Administration Server installation server root. The Console will be installed in this location.
Installation Directory (available only when you are installing Core on Solaris or Linux): Specify the path and directory name of the installation directory. Core binaries, libraries, and executable will be installed in this directory.
Instance Directory (available only when you are installing Core on Solaris or Linux): Specify the path and directory name of the instance directory. Configuration information that changes (such as log files) will be stored in this directory.
There is only one server root directory available on Windows operating systems, and all products will be installed in that location.
If an Administration Server corresponding to the Configuration Directory Host and Port number provided in step 3 is not found, the installer Administration Server will install the Administration Server as part of the core installation. The default port number for the Administration Server port assigned would be the configuration directory port plus one.
Click Next to proceed to the Message Queue Configuration panel.
You should have installed Message Queue 3.6 Enterprise Edition before starting the Identity Synchronization for Windows installation.
On Solaris systems: Do not install Message Queue and Identity Synchronization for Windows in the same directory.
On Linux system: Do not install Message Queue and Identity Synchronization for Windows in the same directory.
On Windows systems: You must close any open Service Control Panel windows before continuing, or the Core installation will fail.
 
Enter the following information in the text fields provided or click Browse to search for and select available directories:
Installation Directory: Specify the path of the Message Queue installation directory.
Configuration Directory: Specify the path and directory name of the Message Queue instance directory.
Fully Qualified Local Host Name : Specify the fully qualified domain name (FQDN) of the local host machine. (There can only be one Message Queue broker instance running per host.)
Broker Port Number : Specify an unused port number for the Message Queue broker to use. (Default port is 7676)
Click Next and the Ready to Install panel is displayed.
This panel provides information about the install, such as the directory where Core will be installed and how much space is required to install Core.
If the displayed information is satisfactory, click Install Now to install the Core component (where the installation program installs the binaries, files, and packages).
If the information is not correct, click Back to make changes.
An “Installing” message is displayed briefly, and then the Component Configuration panel is displayed while the installation program adds configuration data to the specified configuration Directory Server. This operation includes:
Creating a Message Queue broker instance
Uploading the schema to the configuration directory
Uploading deployment-specific configuration information to the configuration directory
This operation will take several minutes and may pause periodically, so do not be concerned unless the process exceeds ten minutes. (Watch the progress bar to monitor the installation program’s status.)
When the component configuration operation is complete, the Installation Summary panel is displayed to confirm that Identity Synchronization for Windows installed successfully.
You can click the Details button to see a list of the files that have been installed, and where they are located.
Click Next and the program will determine the remaining steps you must perform to successfully install and configure Identity Synchronization for Windows.
A “Loading...” message, and then a Remaining Installation Steps panel each display briefly, and then the following panel (Installation Overview) is displayed. This panel contains a “To Do” list of the remaining installation and configuration steps. (You also can access this panel from the Console’s Status tab.)
 
The “To Do” panel will re-display throughout the installation and configuration process. The program greys-out all completed steps in the list.
Up to this point, the To Do list will contain a generic list of steps. After you save a configuration, the program provides a list of steps that are customized for your deployment (for example, which connectors you must install).
After reading the list of steps, click Next and the Start Console Option panel is displayed to indicate you have finished the Core installation.
 
Next, you must configure the Core component, which you can do from the Sun Java System Console (the Start the Sun Java System Console option is enabled by default).
If you are migrating from Identity Synchronization for Windows version 1.0 or SP1 to Sun Java System Identity Synchronization for Windows 6.0, you can import an exported version 1.0 or SP1 configuration XML document using the idsync importcnf command line utility.
Click Finished.
If you elected to use the Console, the Sun Java System Console Login dialog box is displayed (seeInstalling Core).
 
You must enter the following information to log into the Console:
User ID: Enter the Administrator’s user ID you specified when you installed the Administration Server on your machine.
Password: Enter the Administrator’s password specified during Administration Server installation.
Administration URL: Enter the Administration Server’s current URL location using the following format:
http://hostname.your_domain.domain:port_number
Where:
hostname.your_domain.domain is the computer host name you selected when you installed Administration Server.
port_number is the port you specified for Administration Server.
After providing your credentials, click OK to close the dialog box.
You will then be prompted for the configuration password. Enter the password and click OK.
When the Sun Java System Server Console window is displayed, you can start configuring Core. Continue to Chapter 4, Configuring Core Resources for instructions.