Copyright      Index      Next
Sun Java System Identity Synchronization for Windows 1 2004Q3 Installation and Configuration Guide

Contents

List of Figures

List of Tables

Preface

Typographic Conventions

Symbols

Mnemonics

Default Paths and File Names

Books in This Documentation Set

Other Documentation

Accessing Sun Resources Online

Contacting Sun Technical Support

Related Third-Party Web Site References

Sun Welcomes Your Comments

Part I Installation and Configuration

Chapter 1   Understanding the Product

Product Features

System Components

Watchdog Process

Core

Connectors

Connector Subcomponents

Message Queue

System Components Distribution

Core

Directory Server Connector and Plugin

Active Directory Connector

Windows NT Connector and Subcomponents

How Identity Synchronization for Windows Detects Changes in Directory Sources

How Directory Server Connectors Detect Changes

How Active Directory Connectors Detect Changes

How Windows NT Connectors Detect Changes

Propagating Password Updates

Reliable Synchronization

Deployment Example: A Two-Machine Configuration

Physical Deployment

Component Distribution

Chapter 2   Preparing for Installation

Installation Requirements

Operating System Requirements

Hardware Requirements

Sun Java System Software Requirements

Installation Credentials

Installation Overview

Installing Core

Configuring the Product

Preparing the Directory Server

Installing the Connectors and the Directory Server Plugin

Synchronizing Existing Users

Configuration Overview

Directories

Configuration Directories and Global Catalogs

Synchronization Settings

Objectclasses

Attributes and Attribute Mapping

Synchronization User Lists

Migrating to Version 1 2004Q3

Synchronizing Passwords with Active Directory

Enforcing Password Policies

Configuring Windows for SSL Operation

Installation and Configuration Decisions

Core Installation

Core Configuration

Connector and Directory Server Plugin Installation

Using the Command Line Utilities

Installation Checklists

Chapter 3   Installing Core

Before You Begin

Starting the Installation Program

On Solaris SPARC

On Solaris x86

On Windows

Installing Core

Chapter 4   Configuring Core Resources

Configuration Overview

Opening the Identity Synchronization for Windows Console

Creating Directory Sources

Creating a Sun Java System Directory Source

Preparing the Directory Server

Creating an Active Directory Source

Creating a Windows NT SAM Directory Source

Deleting Directory Sources

Selecting and Mapping User Attributes

Selecting and Mapping Attributes

Creating Parameterized Default Attribute Values

Changing the Schema Source

Propagating User Attributes Between Systems

Specifying How Object Creations Flow

Specifying How Object Modifications Flow

Specifying How Deletions Flow

Creating Synchronization User Lists

Saving a Configuration

Chapter 5   Installing Connectors and Directory Server Plugins

Before You Begin

Running the Installation Program

Installing Connectors

Installing the Directory Server Connector

Installing an Active Directory Connector

Installing the Windows NT Connector

Installing Directory Server Plugins

Chapter 6   Synchronizing Existing Users

Using idsync resync

Resynchronizing Users

Linking Users

idsync resync Arguments

Checking Results in the Central Log

Starting and Stopping Synchronization

Starting and Stopping Services

Chapter 7   Migrating to Identity Synchronization for Windows 1 2004Q3

Overview

Before You Migrate

Preparing for Migration

Exporting Your Version 1.0 Configuration

Checking for Undelivered Messages

Forcing Password Changes on Windows NT

Migrating Your System

Preparing for Migration

Uninstalling Identity Synchronization for Windows

Installing or Upgrading the Dependent Products

Installing Identity Synchronization for Windows 1 2004Q3

What to Do if the 1.0 Uninstallation Fails

Manually Uninstalling 1.0 Core and Instances from Solaris

Manually Uninstalling 1.0 Core and Instances from Windows 2000

Manually Uninstalling a 1.0 Instance from Windows NT

Other Migration Scenarios

Multimaster Replication Deployment

Multi-Host Deployment with Windows NT

Checking the Logs

Chapter 8   Removing the Software

Planning for Uninstallation

Uninstalling the Software

Uninstalling the Directory Server Plugin

Uninstalling Connectors

Uninstalling Core

Uninstalling the Console Manually

From Solaris Systems

From Windows Systems

Chapter 9   Troubleshooting

Troubleshooting Checklist

Troubleshooting Connectors

How to Determine the ID of a Connector Managing a Directory Source

How to Determine a Connector’s Current State

Troubleshooting Components

On Solaris

On Windows

Examining WatchList.properties

Troubleshooting Subcomponents

Troubleshooting Message Queue

Troubleshooting Broker Configuration Directory Communication

Troubleshooting Broker Memory Settings

Troubleshooting SSL Problems

SSL Between Core Components

SSL between Connectors and Directory Server or Active Directory

SSL between the Directory Server Plugin and Active Directory

Troubleshooting Controller Problems

Chapter 10   Understanding Audit and Error Files

Understanding the Logs

Log Types

Reading the Logs

Configuring Your Log Files

Viewing Directory Source Status

Viewing Installation and Configuration Status

Viewing Your Audit and Error Logs

Enabling Auditing on a Windows NT Machine

Chapter 11   Configuring Security

Security Overview

Specifying a Configuration Password

Using SSL

Requiring Trusted SSL Certificates

Generated 3DES Keys

SSL and 3DES Keys Protection Summary

Message Queue Access Controls

Directory Credentials

Persistent Storage Protection Summary

Hardening Your Security

Configuration Password

Creating Configuration Directory Credentials

Message Queue Client Certificate Validation

Message Queue Self-Signed SSL Certificate

Access to the Message Queue Broker

Configuration Directory Certificate Validation

Restricting Access to the Configuration Directory

Securing Replicated Configurations

Using idsync certinfo

Arguments

Usage

Enabling SSL in Directory Server

Retrieving the CA Certificate from the Directory Server Certificate Database

Enabling SSL in the Active Directory Connector

Retrieving an Active Directory Certificate

Adding Active Directory Certificates to the Connector’s Certificate Database

Adding Active Directory Certificates to Directory Server

Adding Directory Server Certificates to the Directory Server Connector

Part II Appendixes

Appendix A   Using the Identity Synchronization for Windows Command Line Utilities

Common Features

Common Arguments

Entering Passwords

Getting Help

Using the idsync command

Using certinfo

Using changepw

Using importcnf

Using prepds

Using printstat

Using resetconn

Using resync

Using startsync

Using stopsync

Using the forcepwchg Migration Utility

Appendix B   LinkUsers XML Document Sample

Sample 1: linkusers-simple.cfg

Sample 2: linkusers.cfg

Appendix C   Running Services as Non-Root on Solaris
Appendix D   Defining and Configuring Synchronization User Lists

Understanding Synchronization User List Definitions

Configuring Multiple Windows Domains

Appendix E   Installation Notes for Replicated Environments

Configuring Replication

Configuring Replication Over SSL

Configuring Identity Synchronization for Windows in an MMR Environment

Glossary

Index

Copyright      Index      Next

---

Part No: 817-6199-05.   Copyright 2004 Sun Microsystems, Inc. All rights reserved.