| Oracle® Fusion Middleware Installation and Configuration Guide for Identity Synchronization for Windows 6.0 11g Release 1 (11.1.1.7.0) Part Number E28963-01 |
|
|
PDF · Mobi · ePub |
| Oracle® Fusion Middleware Installation and Configuration Guide for Identity Synchronization for Windows 6.0 11g Release 1 (11.1.1.7.0) Part Number E28963-01 |
|
|
PDF · Mobi · ePub |
This chapter provides instructions for installing the Identity Synchronization for Windows Connectors. The information is organized as follows:
Identity Synchronization for Windows uses Connectors to synchronize user passwords between directory sources, and uses subcomponents to enhance the Connector's change-detection and bidirectional synchronization support.
Before starting the Connector configuring process, you should be aware of the following:
Close the Console before starting the installation process. If the Console is open when you are installing a Connector, the program perceives a conflict about which component is adding configuration data to the server and generates an error message.
Windows NT Connectors and subcomponents are installed simultaneously.
You can install Directory Server or Active Directory Connectors on the same machine where you installed Core or you can install Connectors on another machine. (The Windows NT Connector must be installed on the Primary Domain Controller (PDC) of the domain being synchronized.)
If you are installing the Connector on the same machine as Core, the program automatically installs the Connector in the same directory as Core.
If you are installing the Connector on a different machine, the program will prompt you to specify the configuration directory information supplied during the Core installation.
You must run the installation program each time you install a Connector.
For example, if you are installing a Directory Server Connector and an Active Directory Connector, you will run the installation program twice after the Core is installed.
Repeat the following steps each time you install a Connector.
Run the installation program again on the machine where you want to install the Connector, as follows:
On Solaris: Change to the installer directory and then type ./runInstaller.sh to execute the installation program.
Note:
To run the installation program in text-based mode, type ./runInstaller.sh -nodisplay.
When you run the runInstaller.sh program, Identity Synchronization for Windows automatically masks passwords so they will not be echoed in the clear.
On Linux: Change to the installer directory and then type ./installer.sh to execute the installation program.
Note:
To run the installation program in text-based mode, type ./installer.sh -nodisplay.
When you run the installer.sh program, Identity Synchronization for Windows automatically masks passwords so they will not be echoed in the clear.
On Windows: Change to the installer directory and then type setup.exe to execute the installation program.
When the Welcome screen is displayed, read the information provided and then click Next to proceed to the Software License Agreement panel.
Read the license agreement, then select
Yes (Accept License) to accept the license terms and go to the next panel.
No to stop the setup process and exit the installation program.
The Sun Java System Directory Server panel is displayed. Specify the configuration directory location as follows:
Configuration Directory Host: Enter the fully qualified domain name (FQDN) of a Sun Java System Directory Server instance (affiliated with an Administration Server) where Identity Synchronization for Windows configuration information is stored. You must specify the same instance that you specified during the Core installation.
Configuration Directory Port ( Defaults to port 389): Specify a port for the configuration directory. You can leave the port set to the default or change to a different, available port.
To enable SSL (Secure Socket Layer) between Core and the configuration directory, enable the Secure Port option and specify an SSL port ( default SSL port is 636). Enabling this option prevents sensitive information from being passed in the clear over the network.
Configuration Root Suffix: Select the root suffix that you specified during the Core installation from the menu. The Identity Synchronization for Windows configuration will be stored in this root suffix.
Note:
If the program could not detect a root suffix, and you enter the server information manually, you must click Refresh to repopulate the list of root suffixes.
Click Next to open the Configuration Directory Credentials panel.
Enter the configuration directory Administrator's user ID and password.
If you specify admin as the user ID, you will not be required to specify the User ID as a DN.
If you use any other user ID, then you must specify the ID as a full DN. For example, cn=Directory Manager.
Note:
These credentials will be sent without encryption unless you enabled SSL in.
Click Next to open the Configuration Password panel where you must enter the configuration password you specified when you installed Core.
Also, if Core has not been installed on this machine, you will be prompted to provide the location of the Java Home directory (see Installing Core).
When you are finished, click Next.
Note:
At this point, the installation process becomes specific to the type of Connector you are installing.
This section explains how to install the three types of Identity Synchronization for Windows Connectors, as follows
Note:
You are not required to install Connectors in any particular order, but do not attempt to install any Connectors simultaneously.
After completing the steps described in Running the Installation Program
Figure 5-1 Selecting the Directory Server Connector
The Select components to install list contains only those Connector components that have not yet been installed. For example, after you install the Directory Server Connector (dc=example,dc=com), the program will remove the entry from the list pane.
The following table contains some example directory source entries.
Table 5-1 Directory Source Examples
| Directory Source | Example Entry |
|---|---|
|
Sun Java System Directory Server |
|
|
|
|
|
Windows NT SAM |
|
Enable the button next to the Directory Server Connector component and then click Next.
The Directory Server Connector Credentials panel is displayed.
Note:
The program automatically completes the User DN fields with your fully qualified Directory Manager distinguished name, but you can change the information if necessary.
Enter the following information:
Primary Directory Server User DN: If necessary, change the default user DN by entering a fully qualified Directory Manager distinguished name.
Primary Directory Server Password: Enter your Directory Manager password.
If you are using a secondary master, the Secondary Directory Server User Name and Password fields will be active. The program automatically completes the Directory Manager DN field with the same entries provided for the Primary Directory Server User DN and Password fields. You can change this information if necessary.
The program will verify that the Directory Server was prepared and ready to synchronize data. When you prepared Directory Server (Preparing Sun Directory Source), the program creates an account that the Connector will use to connect to Directory Server (for example, uid=PSWConnector,suffix).
Click Next to proceed to the Connector Port Configuration pane.
Enter the Fully Qualified Local Host Name with the domain and an available port number where the Connector will listen. (Specifying a port already in use will result in an error message.)
Click Next and the Ready to Install pane is displayed to provide information about the Connector's installation location and how much disk space is required for the installation. When you are ready, click the Install Now button.
Note:
If you installed Core on the local machine, the Ready to Install pane will indicate that zero space is required to install the Connector. This situation occurs because the Core installation has already installed the Connector binaries. Because there are no additional binaries to install, no additional space is required.
If you are installing the Connector on a machine other than where you installed Core, then the Ready to Install pane will indicate how much space is required to complete the Connector installation on the local machine.
The Connector installation is accomplished in two steps:
An Installing pane is displayed, with a progress bar, while the program installs the binaries.
Next, the Component Configuration pane displays a progress bar. This step takes several minutes to complete.
Note:
If you did not close the Console before starting the installation, the following warning displays (Installing the Directory Server Connector). Click Reset in the Console to reload the Connector's configuration settings.
When both steps are complete, an Installation Summary pane is displayed.
Note:
Directory Server plugin gets configured for preferred and secondary hosts (if any).
Note:
Clicking Yes configures the Directory Server plugin in all the hosts (preferred and secondary).
Clicking No enables you to configure the plugin later using command line idsync dspluginconfig. For more information, see Appendix A, "Using the Identity Synchronization for Windows Command Line Utilities".
Click the Details button if you want to review the installation log.
On Solaris: Installation logs are written to /var/sadm/install/logs/
On Linux: Installation logs are written to /var/sadm/install/logs/
On Windows: Installation logs are written to the %TEMP% directory, which is usually a subdirectory of the Local Settings folder located underC:\Documents and Settings\Administrator
Note:
On some Windows systems (such as Windows 2000 Advanced Server), the Local Settings folder is a hidden folder.
To view this folder and the Temp subdirectory, open your Windows Explorer and select Tools > Folder Options from the menu bar. When the Folder Options dialog box is displayed, select the View tab and enable the Show Hidden Files option.
Click Next to display the "To Do list" panel, which shows the list of successfully completed and pending steps.
When you are done with the panel, click Finished.
After installing the Directory Server Connector, you can install other Connectors that you configured when you configured the resources (Chapter 4, "Configuring Core Resources"):
Install additional Directory Server Connectors: Restart the installation program (using the instructions in Running the Installation Program ) and then repeat Enable the button next to the Directory Server Connector component and then click Next. through When you are done with the panel, click Finished..
Install an Active Directory Connector: Go to Installing an Active Directory Connector.
Install a Windows NT Connector: Go to Installing the Windows NT Connector.
This configuration is needed only when the chained suffix exists in the Directory Server instance where Identity Synchronization for Windows Plug-in is installed. If Identity Synchronization for Windows Plug-in is not configured to search on chained suffix, MODIFY and BIND operations performed on the Directory Server where the Identity Synchronization for Windows Plug-in is installed, will fail.
In the Directory Server instance where the chained suffix is created, perform the following operations:
Execute the following LDIF script using ldapmodify utility:
dn: cn=config,cn=chaining database,cn=plugins,cn=config changetype: modify add: nspossiblechainingcomponents nspossiblechainingcomponents: cn=pswsync,cn=plugins,cn=config
You can perform the similar operation by using the following procedure:
Select the Configuration tab.
Click the Data node that displays in the left pane.
Select the Chaining tab in the right pane.
Add Identity Synchronization for Windows Plug-in (cn=pswsync,cn=plugins,cn=config) to the components that are allowed to chain.
Save the changes and exit.
After you install the Directory Server Connector and if you have other configured Connectors to install, the installation program will give you the option of installing the Connectors before you see the Connector Configuration pane.
The component list contains only those Connector components that have not yet been installed. For example, if you already installed the Directory Server Connector (dc=example,dc=com in this case), it will not be listed.
Enable the Connector button and click Next.
The Connector Configuration panel displays.
The Select components to install list contains only those Connector components that have not yet been installed. For example, after you install the Directory Server Connector (dc=example,dc=com in this case), the program will remove the entry from this list pane.
Enable the button next to the Active Directory component and then click Next.
The Ready to Install pane is displayed to provide information about the Connector's installation location and how much disk space is required for the installation.
Note:
If you installed Core on the local machine, the Ready to Install pane will indicate that zero space is required to install the Connector. This situation occurs because the Core installation has already installed the Connector binaries. Because there are no additional binaries to install, no additional space is required.
If you are installing the Connector on a machine other than where you installed Core, then the Ready to Install pane will indicate how much space is required to complete the Connector installation on the local machine.
When you are ready, click the Install Now button.
An Installing pane is displayed, with a progress bar, while the program installs the binaries, and then an Installation Summary pane is displayed to confirm the installation is finished.
Click the Details button if you want to review the installation log.
On Solaris: Installation logs are written to /var/sadm/install/logs/
On Linux: Installation logs are written to /var/sadm/install/logs/
On Windows: Installation logs are written to the %TEMP% directory, which is a subdirectory of the Local Settings folder located underC:\Documents and Settings\Administrator
Note:
On some Windows systems (such as Windows 2000 Advanced Server), the Local Settings folder is a hidden folder.
To view this folder and the Temp subdirectory, open your Windows Explorer and select Tools > Folder Options from the menu bar. When the Folder Options dialog box is displayed, select the View tab and enable the Show Hidden Files option.
Click Next to display the "To Do list" panel, which shows the list of successfully completed and pending steps.
When you are done with the panel, click Finished to exit the installation program.
After installing the Active Directory Connector, you can install other Connectors that you configured when you configured resources (Chapter 4, "Configuring Core Resources"):
Install additional Active Directory Connectors: Restart the installation program (see Running the Installation Program) and then repeat through.
Install a Windows NT Connector: Go to Installing the Windows NT Connector.
Install additional Directory Server Connectors: Restart the installation program (using the instructions in Running the Installation Program) and then repeat Enable the Connector button and click Next. through When you are done with the panel, click Finished to exit the installation program..
You must install the Windows NT Connector on the Primary Domain Controller (PDC) of the domain you configured.
Enable the Windows NT Connector button and click Next.
When the Connector Port Configuration pane is displayed, enter the Fully Qualified Local Host Name with the domain and an available port number where the Connector will listen. (Specifying a port already in use will result in an error message.)
When you are done, click Next.
The Ready to Install pane is displayed to provide information about the Connector's installation location and how much disk space is required.
When you are ready, click the Install Now button.
The Connector installation is accomplished in two steps:
An Installing pane is displayed, with a progress bar, while the program installs the binaries.
Next, the Component Configuration pane displays a progress bar. This step takes several minutes to complete.
Note:
If you did not close the Console before starting the installation, a warning displays (see Installing the Directory Server Connector). Click Reset in the Console to reload the Connector's configuration settings.
When both steps are complete, an Installation Summary pane is displayed.
Click the Details button if you want to review the installation log.
Installation logs are written to the %TEMP% directory, which is C:\TEMP on most Windows NT systems.
Click Close to exit the installation program.
After installing the Windows NT Connector, you can install other Connectors that you configured when you configured resources (Chapter 4, "Configuring Core Resources"):
To install additional Windows NT Connectors, restart the installation program. For more information, see Running the Installation Program and then repeat Enable the Connector button and click Next.through When you are done with the panel, click Finished to exit the installation program..
To install Directory Server Connector, refer to Installing the Directory Server Connector.
To install Active Directory Connector, refer to Installing an Active Directory Connector.
|
 Copyright © 2001, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
