Adding Directory Server Certificates to the Directory Server Connector - Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Skip Navigation Links
Exit Print View
	Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide

Oracle Technology Network

Document Information

Part I Installing Identity Synchronization for Windows

1. Understanding the Product

2. Preparing for Installation

3. Installing Core

4. Configuring Core Resources

5. Installing Connectors

6. Synchronizing Existing Users and User Groups

7. Removing the Software

8. Configuring Security

Security Overview

Specifying a Configuration Password

Requiring Trusted SSL Certificates

Generated 3DES Keys

SSL and 3DES Keys Protection Summary

Message Queue Access Controls

Directory Credentials

Persistent Storage Protection Summary

Hardening Your Security

Configuration Password

Creating Configuration Directory Credentials

To Create a New User Other Than admin

Message Queue Client Certificate Validation

To Validate the Message Queue Client Certificate

Message Queue Self-Signed SSL Certificate

Access to the Message Queue Broker

Configuration Directory Certificate Validation

Restricting Access to the Configuration Directory

Securing Replicated Configurations

Using idsync certinfo

Enabling SSL in Directory Server

To Enable SSL in Directory Server

Retrieving the CA Certificate from the Directory Server Certificate Database

Retrieving the CA Certificate from the Directory Server (using dsadm command on Solaris platform)

Enabling SSL in the Active Directory Connector

Retrieving an Active Directory Certificate

Using Window's Certutil

Adding Active Directory Certificates to the Connector's Certificate Database

To Add Active Directory Certificate to the Connector's Certificate Database

Adding Active Directory Certificates to Directory Server

To Add the Active Directory CA certificate to the Directory Server Certificate Database

Adding Directory Server Certificates to the Directory Server Connector

To Add the Directory Server Certificates to the Directory Server Connector

9. Understanding Audit and Error Files

Part II Identity Synchronization for Windows Appendixes

A. Using the Identity Synchronization for Windows Command Line Utilities

B. Identity Synchronization for Windows LinkUsers XML Document Sample

C. Running Identity Synchronization for Windows Services as Non-Root on Solaris

D. Defining and Configuring Synchronization User Lists for Identity Synchronization for Windows

E. Identity Synchronization for Windows Installation Notes for Replicated Environments

Adding Directory Server Certificates to the Directory Server Connector

If you enable SSL communication between the Directory Server Plug-in and Active Directory, then you must add the Active Directory CA Certificate to the certificate database of each Directory Server master.

To Add the Directory Server Certificates to the Directory Server Connector

On the machine where the Directory Server Connector is installed, stop the Identity Synchronization for Windows service/daemon.
Retrieve the Directory Server CA certificate.
Assuming the Directory Server Connector has connector ID CNN100 (see logs/example/ error.log for a mapping from connector ID to the directory source it manages), go to its certificate database directory on the machine where it was installed, and import the cacert.bin file:
```
<ISW_server_root>\shared\bin\certutil.exe -A -d . -n ds-cert -t C,, -i C:\s-cert
```
ISW-server-root is the path where ISW-hostname directory is present.
Restart the Identity Synchronization for Windows service/daemon.

Copyright © 2009, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices

Previous

Next