Documentation Home
> Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide
Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide
Book Information
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
L
M
N
O
P
R
S
T
U
W
X
Preface
Chapter 1 Before You Begin Deployment
Features of Identity Synchronization for Windows
Pre-deployment Requirements and Guidelines
Chapter 2 Case Study: Deploying in a Multimaster Replication Environment
Example Bank Deployment Information
Example Bank’s Existing Architecture
Directory Server Information
Windows NT Information
Active Directory Information
Example Bank’s Technical Requirements
Identity Synchronization for Windows Features in This Case Study
Deploying the Solution
Creating a Special Active Directory User for Identity Synchronization for Windows
To Assign Administration Rights to the Special User
Configuring the Identity Synchronization for Windows Core
Configuring Directory Sources
Configuring the Sun Java System Directory Server Source
To Specify the Preferred and Secondary Directory Servers
Configuring the Active Directory Source
To Specify Information in the Global Catalog and for the Active Directory Domain
Configuring the Windows NT Source
To Specify the Windows NT Domain
Configuring the Synchronization Settings
Configuring the Attributes Settings
To Configure the Attribute Settings
Configuring the Attribute Modification Settings
To Configure the Attribute Modification settings
Configuring the Object Creation Settings
To Configure the Object Creation Settings
Configuring the Group Synchronization Settings
To Configure the Group synchronization Settings
Configuring the Account Lockout Synchronization Settings
To Configure the Account Lockout Synchronization Settings
Adding the shadowAccount Object Class
Configuring the Creation Attributes
To Configure the Creation Attributes
Configuring the Synchronization User Lists
SUL_NT
SUL_AD_EAST
SUL_AD_WEST
Resolving Issues With Multiple SULs
Installing the Connectors and Directory Server Plug-Ins
Running idsync resync
Running the Resynchronization Procedure When Directory Server Is Authoritative
To Synchronize Attribute Values in Active Directory With the Values in Directory Server After Linking Entries
Configuration and Installation Summary
Multiple Domains
PAM LDAP
WAN Deployment
Migrating Users From Windows NT to Active Directory
Unlinking Migrated Windows NT Entries
Linking Migrated Active Directory Entries
Moving Users Between Active Directory Organizational Units
When Contractors Become Full-Time Employees
Chapter 3 Case Study: Deploying in a High-Availability Environment Over a WAN Using SSL
Global Telco Deployment Information
Global Telco's Existing Architecture
Directory Server Information
Active Directory Information
Global Telco's Technical Requirements
Identity Synchronization for Windows Features in This Case Study
Installation and Configuration Overview
Primary and Failover Installations
Periodically Linking New Users
Large Deployment Considerations
Configuration Walkthrough
Primary Installation
Failover Installation
Setting Up SSL
Increasing Connector Worker Threads
Aligning Primary and Failover Configurations
Setting Multiple Passwords for uid=PSWConnector
Initial idsync resync Operations
Initial idsync resync Operation for Primary Installation
Initial idsync resync Operation for Failover Installation
Periodic idsync resync Operations
Periodic idsync resync Operation for Primary Installation
Periodic idsync resync Operation for Failover Installation
Configuring Identity Manager
Understanding the Failover Process
Directory Server Connector
Active Directory Connector
Initializing the Connector State
Failover Installation Maintenance
When to Fail over
Failing Over
Stopping Synchronization at the Primary Installation
Starting Synchronization at the Failover Installation
Re-enabling the Directory Server Plug-Ins
Changing the PDC FSMO Role Owner
Monitoring the Logs
Failing Back to the Primary Installation
Appendix A Pluggable Authentication Modules
Advantages of Combining PAM and Identity Synchronization for Windows
Configuring PAM and Identity Synchronization for Windows
To Configure an LDAP Repository for PAM
To Install and Configuring Identity Synchronization for Windows
To Populate the LDAP Repository
To Configure a Solaris System to Use PAM
Installing and Configuring a Solaris Test System
Configuring the PAM Client
Specifying Rules for Authentication and Password Management
Authentication
Password Management
To Verify That PAM Is Interoperating With the LDAP Store
To Demonstrate That User Changes Flow to the Reciprocal Environment
To Verify Entries on Windows
Configuring Systems to Prevent Eavesdropping
Introducing Windows NT Into the Configuration
Example /etc/pam.conf File
Appendix B Configuring Identity Manager and Identity Synchronization for Windows to Coexist
Components for Deploying Identity Manager and Identity Synchronization for Windows
Identity Manager and Identity Synchronization for Windows Functionality
Password Changes on Active Directory
Password Changes on Directory Server
Password Changes and Provisions Originating From Identity Manager Administrator Interface
Configuring Identity Manager and Identity Synchronization for Windows
Setting Up Identity Manager 5.0 SP2
Configuring the Form Property
Configuring pwsync to Not Propagate Passwords to Directory Server
Setting Up Identity Manager 5.0 SP1
Configuring Identity Synchronization for Windows
Handling Identity Manager-Provisioned Users
Appendix C Using Audit and Debug Logging to Isolate Problems
Audit Logging and Action IDs
Action Types
Connector Layers: Accessor, Controller, and Agent
Directory Server Plug-In
Debug Logging
Debug Logging in Java Components
Debug Logging in the Installer
Debug Logging in the Console
Windows NT Change Detection
Changing the Location of the Central Logs
Changing the Location of the Component Logs
Isolating Problems in Directory Server
Isolating Problems in Message Queue
Isolating Problems in Active Directory
Glossary
© 2010, Oracle Corporation and/or its affiliates