Skip Navigation Links | |
Exit Print View | |
![]() |
Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide |
Part I Installing Identity Synchronization for Windows
6. Synchronizing Existing Users and User Groups
9. Understanding Audit and Error Files
Part II Identity Synchronization for Windows Appendixes
A. Using the Identity Synchronization for Windows Command Line Utilities
Common Arguments to the Idsync Subcommands
Using the forcepwchg Migration Utility
To Execute the forcepwchg Command line Utility
B. Identity Synchronization for Windows LinkUsers XML Document Sample
C. Running Identity Synchronization for Windows Services as Non-Root on Solaris
D. Defining and Configuring Synchronization User Lists for Identity Synchronization for Windows
E. Identity Synchronization for Windows Installation Notes for Replicated Environments
idsync changepw [-D bind-DN] -w bind-password | - [-h Configuration Directory-hostname] [-p Configuration Directory-port-no] [-s rootsuffix] -q configuration_password [-Z] [-P cert-db-path] [-m secmod-db-path] -b new password | - [-y]
idsync changepw -w admin password -q old config password -b -q new config password
The following arguments are unique to changepw:
|
Are you sure that want to change the configuration password (y/n)? yes Before restarting the system - you must edit the $PSWHOME/resources/SystemManagerBootParams.cfg file and change the ’deploymentPassword’ to the new value. SUCCESS
The SystemManagerBootParams.cfg file in $PSWHOME\resources (where $PSWHOME is the isw-installation directory ) contains the configuration password the system manager uses to connect to the configuration directory.
For example, you would change the password value as follows:
From: Parameter name="manager.configReg.deploymentPassword" value=" oldpassword"/
To: Parameter name="manager.configReg.deploymentPassword" value= "newpassword "/
After installing Core (Chapter 3, Installing Core), use the idsync importcnf subcommand to import your exported Identity Synchronization for Windows version 1.0 or 1.1 (SP1) configuration XML file, which contains Core configuration information.
To import your version 1.0 configuration XML file, open a terminal window (or Command Window) and type the idsync importcnf command as follows:
idsync importcnf [-D bind-DN] -w bind-password | - [-h Configuration Directory-hostname] [-p Configuration Directory-port-no] [-s rootsuffix] -q configuration_password [-Z] [-P cert-db-path] [-m secmod-db-path] -f filename [-n]
idsync importcnf -w admin_password -q configuration_password -f “MyConfig.cfg”
The following arguments are unique to importcnf:
Table A-5 idsync importcnf Arguments
|
Note - For detailed information about other importcnf arguments, review Common Arguments to the Idsync Subcommands.
After importing the version 1.0 configuration XML file, you must run prepds on all Directory Server sources configured for synchronization, (see Using prepds connectors and subcomponents.
You use the console or prepds subcommand to prepare a Sun Java System Directory Server source for use by Identity Synchronization for Windows. You must run prepds before installing the Directory Server Connector.
Running the idsync prepds subcommand applies the appropriate ACI to the cn=changelog entry, which is the root node of the Retro-Changelog database.
If you are preparing a preferred master Directory Server for use by Identity Synchronization for Windows, you must provide Directory Manager credentials.
The Directory Manager user is a special user on Directory Server who has full rights anywhere inside the Directory Server instance. (ACI does not apply to Directory Manager users.)
For example, only the Directory Manager can set the access control for the Retro-Changelog database, which is one of the reasons why Identity Synchronization for Windows requires Directory Manager credentials for the preferred master server.
Note - If you recreate the Retro-Changelog database for the preferred Sun directory source for any reason, the default access control settings will not allow the Directory Server Connector to read the database contents.
To restore the access control settings for the Retro-Changelog database, run idsync prepds or click the Prepare Directory Server button after selecting the appropriate Sun directory source in the Console.
You can configure your system to automatically remove (or trim) Changelog entries after a specified period of time. From the command line, modify the nsslapd-changelogmaxage configuration attribute in cn=Retro Changelog Plug-in, cn=plugins, cn=config:
nsslapd-changelogmaxage: IntegerTimeunit
Where:
Integer is a number.
Timeunit is s for seconds, m for minutes, h for hours, d for days, or w for weeks. (There should be no space between the Integer and Timeunit variables.)
For example, nsslapd-changelogmaxage: 2d
For more information, see the “Managing Replication” chapter in the Sun Java System Directory Server 5 2004Q2 Administration Guide.
You can use Administrative credentials to prepare a secondary server.
Be sure to plan your Identity Synchronization for Windows configuration before running idsync prepds because you must know which hosts and suffixes you will be using.
Running idsync prepds on a Directory Server suffix where the Directory Server Connector and Plug-in are already installed, configured, and synchronizing will result in a message asking you to install the Directory Server Connector. Disregard this message.
To prepare a Sun Java System Directory Server source, open a terminal window (or a Command Window) and type the idsync prepds command as follows:
For single host:
idsync prepds [-h <hostname>] [-p <port>] [-D <Directory Manager DN>] -w <password> -s <database suffix> [-x] [-Z] [-P <cert db path>] [-m <secmod db path>]
For multiple hosts:
idsync prepds -F <filename of Host info> -s <root suffix> [-x] [-Z] [-P <cert db path>][-m <secmod db path>] [-3]
isw-hostname\bin>idsync prepds -F isw-hostname\samples\Hosts.xml \ -s ou=isw_data
Note - The -h, -p, -D, -w, and -s arguments are redefined (as described in the following table) for the prepds subcommand only. In addition, the -q argument does not apply.
Using prepds describes the arguments that are unique to idsync prepds.
Table A-6 prepds Arguments
|
If you are running idsync prepds in a replicated environment, (for example, where you have a preferred master, a secondary master, and two consumers), you only need to run idsync prepds once for the preferred and secondary masters.