Documentation Home
> Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide
Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Preface
Part I Installing Directory Service Control Center, Directory Proxy Server, Directory Server, and Directory Server Resource Kit
Chapter 1 Installation
Before You Install
The Administration Framework and Installation
Comparison of Single System And Distributed Installation
Where You Install Directory Service Control Center
Where You Create Server Instances
Directory Server Enterprise Edition Software Distributions
Java Enterprise System Distribution
Zip Distribution
Comparison of Distributions
Installation in Solaris Zones
Software Installation
To Install Directory Service Control Center From Native Packages
To Troubleshoot Directory Service Control Center Access
To Install Only Directory Server From Native Packages
To Install Only Directory Server From the Zip Distribution
To Install Only Directory Proxy Server From Native Packages
To Install Only Directory Proxy Server From the Zip Distribution
To Install Only Directory Server Resource Kit From the Zip Distribution
Environment Variables
Server Instance Creation
To Create a Directory Server Instance With DSCC
To Create a Directory Server Instance From the Command Line
To Create a Directory Proxy Server Instance With DSCC
To Create a Directory Proxy Server Instance From the Command Line
Working With Sun Cryptographic Framework on Solaris 10 Systems
To Use Directory Server With Cryptographic Hardware on a Solaris 10 System
To Use Directory Proxy Server With Cryptographic Hardware on a Solaris 10 System
Chapter 2 Uninstallation
Server Instance Removal
To Delete a Directory Proxy Server Instance With DSCC
To Delete a Directory Proxy Server Instance From the Command Line
To Delete a Directory Server Instance With DSCC
To Delete a Directory Server Instance From the Command Line
Software Removal
To Remove Directory Service Control Center Software
To Remove Directory Server, or Directory Proxy Server Installed From Native Packages
To Remove Software Installed From the Zip Distribution
To Force Removal of Software Installed From the Zip Distribution
Part II Installing Identity Synchronization for Windows
Chapter 3 Understanding the Product
Product Features
System Components
Watchdog Process
Core
Configuration Directory
Console
Command Line Utilities
System Manager
Central Logger
Connectors
Connector Subcomponents
Directory Server Plug-in
Windows NT Connector Subcomponents
Message Queue
System Components Distribution
Core
Directory Server Connector and Plug-in
Active Directory Connector
Windows NT Connector and Subcomponents
How Identity Synchronization for Windows Detects Changes in Directory Sources
How Directory Server Connectors Detect Changes
How Active Directory Connectors Detect Changes
How Windows NT Connectors Detect Changes
Propagating Password Updates
Using the Password Filter DLL to Obtain Clear-Text Passwords
Using On-Demand Password Synchronization to Obtain Clear-Text Passwords
The on-demand password synchronization process occurs as follows:
Reliable Synchronization
Deployment Example: A Two-Machine Configuration
Physical Deployment
Component Distribution
Chapter 4 Preparing for Installation
Installation Overview
Installing Core
Configuring the Product
Preparing the Directory Server
Installing Connectors and Configuring Directory Server Plug-in
Synchronizing Existing Users
Configuration Overview
Directories
Synchronization Settings
Objectclasses
Attributes and Attribute Mapping
Attribute Types
Parameterized Attribute Default Values
Mapping Attributes
Synchronization User Lists
Synchronizing Passwords with Active Directory
Enforcing Password Policies
Overview
Important Notes
Directory Server Password Policies
Active Directory Password Policies
Creating Accounts Without Passwords
Example Password Policies
Error Messages
Configuring Windows for SSL Operation
Installation and Configuration Decisions
Core Installation
Core Configuration
Connector Installation and Configuring the Directory Server Plug-in
Using the Command Line Utilities
Installation Checklists
Chapter 5 Installing Core
Before You Begin
Starting the Installation Program
On Solaris SPARC
To Run Identity Synchronization for Windows on Solaris SPARC
On Solaris x86
To Prepare and Run Identity Synchronization for Windows on Solaris x86
On Windows
To Run Identity Synchronization for Windows on Windows
On Red Hat Linux
To Prepare and Run Identity Synchronization for Windows on Linux
Installing Core
To Install Identity Synchronization for Windows Core Components Using the Installation Wizard
Chapter 6 Configuring Core Resources
Configuration Overview
Opening the Identity Synchronization for Windows Console
To Open Identity Synchronization for Windows Console
Creating Directory Sources
To Create Directory Sources
Creating a Sun Java System Directory Source
To Create a New Sun Java System Directory Source
Preparing Sun Directory Source
To Prepare your Directory Server Source
Creating an Active Directory Source
To Configure and Create Windows Active Directory Servers in a Network
Creating a Windows NT SAM Directory Source
To Deploy Identity Synchronization for Windows on Windows NT
Selecting and Mapping User Attributes
Selecting and Mapping Attributes
To Select and Map Attributes for Synchronization
Creating Parameterized Default Attribute Values
Changing the Schema Source
To Change the Default Schema Source
Propagating User Attributes Between Systems
Specifying How Object Creations Flow
To Specify How Object Creations Should Flow Between Directory Server and Active Directory Systems
Specifying New Creation Attributes
To Specify New Creation Attributes
Editing Existing Attributes
To Edit Creation Attributes Mapping or Values
Removing Attributes
To Remove Creation Attributes Mapping or Values
Specifying How Object Modifications Flow
Specifying Direction
Configuring and Synchronizing Object Activations and Inactivations
To Synchronize Object Activations/Inactivations:
Interoperating with Directory Server Tools
Modifying Directory Server’s NsAccountLock Attribute Directly
Using a Custom Method for Directory Server
To Configure Identity Synchronization for Windows to Detect and Synchronize Object States between Directory Server and Active Directory
Specifying Configuration Settings for Group Synchronization
To Synchronize Groups:
Configure Identity Synchronization for Windows to Detect and Synchronize Groups Related Changes between Directory Server and Active Directory
Configuring and Synchronizing Account Lockout and Unlockout
Synchronize Account Lockout and Unlockout
Configure Identity Synchronization for Windows to Detect and Synchronize Account Lockout and Unlockout
Specifying How Deletions Flow
To Specify how Deleted Entries Flow Between Directory Server and Active Directory Systems
Creating Synchronization User Lists
To Identify and Link User Types Between Servers
Saving a Configuration
To Save your Current Configuration from the Console Panels
Chapter 7 Installing Connectors
Before You Begin
Running the Installation Program
To Restart and Run the Installation Program
Installing Connectors
Installing the Directory Server Connector
To Install the Directory Server Connector
Configuring Identity Synchronization for Windows Plug-in when Chained Suffix exists
Installing an Active Directory Connector
To Install an Active Directory Connector
Installing the Windows NT Connector
To Install a Windows NT Connector and the NT subcomponents
Chapter 8 Synchronizing Existing Users and User Groups
Post-Installation Steps Based on Existing User and Group Populations
Using idsync resync
Resynchronizing Users or Groups
Linking Users
idsync resync Options
Checking Results in the Central Log
Starting and Stopping Synchronization
To Start or Stop Synchronization
Resynchronized Users/Groups
Starting and Stopping Services
Chapter 9 Removing the Software
Planning for Uninstallation
Uninstalling the Software
Uninstalling Connectors
To Uninstall the Connectors
To Uninstall Core
Uninstalling the Console Manually
From Solaris or Linux Systems
To Uninstall the Console from Solaris or Linux
From Windows Systems
To Uninstall the Console from a Windows Active Directory or NT system
Chapter 10 Configuring Security
Security Overview
Specifying a Configuration Password
Using SSL
Requiring Trusted SSL Certificates
Generated 3DES Keys
SSL and 3DES Keys Protection Summary
Message Queue Access Controls
Directory Credentials
Persistent Storage Protection Summary
Hardening Your Security
Configuration Password
Creating Configuration Directory Credentials
To Create a New User Other Than admin
Message Queue Client Certificate Validation
To Validate the Message Queue Client Certificate
Message Queue Self-Signed SSL Certificate
Access to the Message Queue Broker
Configuration Directory Certificate Validation
Restricting Access to the Configuration Directory
Securing Replicated Configurations
Using idsync certinfo
Arguments
Usage
Enabling SSL in Directory Server
To Enable SSL in Directory Server
Retrieving the CA Certificate from the Directory Server Certificate Database
Retrieving the CA Certificate from the Directory Server (using dsadm command on Solaris platform)
Enabling SSL in the Active Directory Connector
Retrieving an Active Directory Certificate
Using Window’s Certutil
To Retrieve an Active DirectoryCertificate Using the certutil program
Using LDAP
To Retrieve an Active Directory Certificate using LDAP
Adding Active Directory Certificates to the Connector’s Certificate Database
To Add Active Directory Certificate to the Connector's Certificate Database
Adding Active Directory Certificates to Directory Server
To Add the Active Directory CA certificate to the Directory Server Certificate Database
Adding Directory Server Certificates to the Directory Server Connector
To Add the Directory Server Certificates to the Directory Server Connector
Chapter 11 Understanding Audit and Error Files
Understanding the Logs
Log Types
Central Logs
Local Component Logs
Local Windows NT Subcomponent Logs
Directory Server Plug-in Logs
To Change the Verbosity Level of the Error Logs
Reading the Logs
Configuring Your Log Files
To Configure Logging for Your Deployment
Viewing Directory Source Status
To View the Status of your Directory Sources
Viewing Installation and Configuration Status
To View the Remaining Steps of the Installation and Configuration Process
Viewing Audit and Error Logs
To View Your Error Logs
Enabling Auditing on a Windows NT Machine
To Enable Audit Logging on Your Windows NT Machine
Chapter 12 Troubleshooting
Troubleshooting Checklist
To Troubleshoot Issues with Identity Synchronization for Windows 6.0
Troubleshooting Connectors
How to Determine the ID of a Connector Managing a Directory Source?
Using the Central Logs
Using idsync printstat
How to Determine a Connector’s Current State?
What to Do if the Connector is in the UNINSTALLED State?
What to Do if the Connector Install Failed but You Cannot Reinstall?
What to Do if the Connector is in the INSTALLED State?
What to Do if the Connector is in the READY State?
What to Do if the Connector is in the SYNCING State?
What to Do if the Active Directory Connector Fails to Contact Active Directory Over SSL?
What to Do if Detecting and Applying Changes in Active Directory Fails?
Troubleshooting Components
On Solaris
On Linux
On Windows
Examining WatchList.properties
To View Hidden Folders and the Temp subdirectory
Troubleshooting Subcomponents
To Troubleshoot Subcomponents in Your Deployment
Troubleshooting Message Queue
Troubleshooting Broker Configuration Directory Communication
Troubleshooting Broker Memory Settings
To Recover from Out of Memory Problems by the Broker
Troubleshooting SSL Problems
SSL Between Core Components
SSL between Connectors and Directory Server or Active Directory
Untrusted Certificates
Mismatched Hostnames
Expired Certificates
SSL between the Directory Server Plug-in and Active Directory
Troubleshooting Controller Problems
Part III Identity Synchronization for Windows Appendixes
Appendix A Using the Identity Synchronization for Windows Command Line Utilities
Common Features
Common Arguments to the Idsync Subcommands
Entering Passwords
Getting Help
Using the idsync command
Using certinfo
Using changepw
To Change the Configuration Password for Identity Synchronization for Windows:
Using importcnf
Using prepds
To run idsync prepds
Using printstat
Using resetconn
Using resync
Using groupsync
Using accountlockout
Using dspluginconfig
Using startsync
Using stopsync
Using the forcepwchg Migration Utility
To Execute the forcepwchg Command line Utility
Appendix B Identity Synchronization for Windows LinkUsers XML Document Sample
Sample 1: linkusers-simple.cfg
Sample 2: linkusers.cfg
Appendix C Running Identity Synchronization for Windows Services as Non-Root on Solaris
Running Services as a Non-root User
To Run services as a Non-root User
Appendix D Defining and Configuring Synchronization User Lists for Identity Synchronization for Windows
Understanding Synchronization User List Definitions
Configuring Multiple Windows Domains
To Configure Multiple Windows Domains
Appendix E Identity Synchronization for Windows Installation Notes for Replicated Environments
Configuring Replication
To Configure any Replication Topology
Configuring Replication Over SSL
To Configure Directory Servers Involved in Replication so that all Replication Operations Occur Over an SSL Connection
Configuring Identity Synchronization for Windows in an MMR Environment
To Configure Identity Synchronization for Windows in an MMR Environment
© 2010, Oracle Corporation and/or its affiliates