Oracle® Fusion Middleware Release Notes for Identity Synchronization for Windows 6.0 Service Pack 1 11g Release 1 (11.1.1.7.0) Part Number E28964-01 |
|
|
PDF · Mobi · ePub |
When you migrate from Identity Synchronization for Windows 6.0, you first export the existing configuration and uninstall Identity Synchronization for Windows 6.0. Then you install Identity Synchronization for Windows 6.0 Service Pack 1 , and apply the configuration exported from Identity Synchronization for Windows 6.0. This chapter contains the following sections:
Obtaining the Latest Identity Synchronization for Windows Release
Uninstalling Identity Synchronization for Windows 6.0 Components
Installing Identity Synchronization for Windows 6.0 Service Pack 1
See Section 1.4, "Obtaining the Software as Part of Directory Server Enterprise Edition."
The following is a checklist of required tasks you must complete before you can successfully migrate Identity Synchronization for Windows 6.0 Service Pack 1 .
Unpack the Identity Synchronization for Windows 6.0 Service Pack 1 patch content
Add a clear text password to the exported configuration file
Schedule an appropriate time for migration.
Migration typically requires four to eight hours, depending on your system's performance and the configuration of Identity Synchronization for Windows 6.0 Service Pack 1 .
You can use either the administration console or the command-line interface to complete these tasks.
Open the administration console.
# /var/Sun/mps/startconsole -x nologo
Open the Identity Synchronization for Windows administration window.
Open the appropriate server group.
Select the "Identity Synchronization for Windows" server.
Click on the Open button at the upper right.
Go to Configuration > Groups, and deselect the Enable Group Synchronization checkbox.
Go to Configuration > Account Lockout, and deselect the Enable Account Lockout Synchronization checkbox.
Click Save.
Use the idsync
command in the following directory:
/opt/sun/isw/bin/
To disable group synchronization:
# idsync groupsync -d -D Directory-Manager-DN -w bind-password [-h Configuration-Directory-hostname] [-p Configuration-Directory-port-number] -s rootsuffix [-Z] -q configuration-password -t AD-group-type
To disable account lockout:
# idsync accountlockout -d -D Directory-Manager_DN -w bind-password -h Configuration Directory-hostname -p Configuration-Directory-port-number -s rootsuffix [-Z] [-P cert-db-path [-m secmod db path] -q configuration-password -t max-lockout-attempts
Unpack the Identity Synchronization for Windows 6.0 Service Pack 1 patch content.
# unzip zipped_patch_file
To identify the zipped_patch_file for your installation, see Section 1.4.2, "Minimum Patch Level Requirements.".
After the patch files are unzipped, the migration subdirectory contains the migration tools:
export11cnf.jar
checktopics.jar
Change the current directory to migration
and run the export11cnf.jar
file with the following usage:
# java -jar export11cnf.jar -D bind_DN -w bind_password | - [-h configuration_directory_hostname] [-p configuration_directory_port_number] -s root_suffix [-Z] -q configuration_password | - -f xml_configuration_filename_to_export
where root_suffix
is the suffix where the Identity Synchronization for Windows configuration is stored.
The following example shows a typical use:
# java -jar export11cnf.jar -D "cn=directory manager" -w - -h "test.example.com" -p 389 -s "ou=isw_config" -q - -f export.cfg
Add clear text passwords to the exported configuration file.
Edit the exported configuration file, and enter a password between the double quotation marks for each of six cleartextPassword
fields. You must provide three passwords for the Directory Server user, and three passwords for the Active Directory user.
You can either use the administration console, or run the idsync stopsync
command. See Section 1.6.2, "Starting and Stopping Synchronization."
Make sure that the current directory is migration
, and run the checktopics.jar
file with the following usage:
java -jar checktopics.jar -D bind_DN -w bind_password | - [-h configuration_directory_hostname] [-p configuration_directory_port_number] -s root_suffix [-Z] -q configuration_password | -
The following example shows a typical use:
java -jar checktopics.jar -D "cn=directory manager" -w - -h "test.example.com" -p 389 -s "ou=isw_config" -q -
If the system is in a quiescent state, checktopics.jar
displays the following message:
There are no synchronization messages currently in the Message Queue
If checktopics.jar
does not display this message, follow these steps:
Restart synchronization. See Section 1.6.2, "Starting and Stopping Synchronization.".
Wait until the synchronization messages are applied to the destination connector.
Stop synchronization again. See Section 1.6.2, "Starting and Stopping Synchronization."
Run the checktopics.jar
file again.
Be sure that the graphical administration console is not running.
To stop the Identity Synchronization for Windows and Message Queue, run the following commands:
# /etc/init.d/isw stop # /etc/init.d/imq stop
Save the connector states by backing up the persist
and etc
directories from the existing 6.0 installation tree. For example:
# cd /var/opt/sun/isw # tar cf /var/tmp/connector-state.tar persist etc
Complete the following procedures:
Uninstall Identity Synchronization for Windows and Connectors
Delete the Identity Synchronization for Windows Data from the Configuration Server
Repeat the following procedure for each of the Identity Synchronization for Windows components installed on your system in this order: First uninstall Active Directory Connectors, then uninstall Directory Server Connectors and Plug-ins, and finally uninstall the Identity Synchronization for Windows Core.
Set the JAVA_HOME and LD_LIBRARY_PATH environment variables to use the Java release and shared libraries that come with Identity Synchronization for Windows:
# export JAVA_HOME=/usr/jdk/entsys-j2se/jre/ # export LD_LIBRARY_PATH=/opt/sun/private/lib/:/opt/sun/isw/lib/:$LD_LIBRARY_PATH
Run the uninstaller. For example:
# cd /opt/sun/isw # ./uninstaller.sh
In the Welcome page, click Next.
In the "Uninstall: Configuration Location" page, choose "The configuration no longer exists or is corrupt," and then click Next.
In the "Uninstall: Component Selection" page, choose "Remove all local components," and then click Next.
Click Yes when the following Warning is displayed:
"Selecting this option will make Identity Synchronization for Windows unusable. If the Core install is local to this machine, you will have to manually uninstall any remote components and remove any remaining configuration artifacts from the configuration directory. Do you want to continue?"
Review the "Uninstall: Summary," and then click Close.
You can verify that all Identity Synchronization for Windows were removed by running the following command:
# rpm -qa | grep ^sun_isw
When all packaged have been removed, the command returns no results.
Run the unconfigure
command. For example:
# cd /var/Sun/mps/sbin # ./mpsadmserver unconfigure
Provide information as prompted.
Run the following command:
# rpm -e sun-admin-server-5.2-18 sun-admin-server-man-5.2-8 sun-server-console-5.2-18
You can verify that the administration server packages are removed by running the following command :
# rpm -qa | grep sun.*server
When all packaged have been removed, the command returns no results.
Run the following command:
# cd /var/sadm/prod/entsys # ./uninstall
Provide information as prompted, choosing Sun Message Queue as the component to removed.
You can verify that all Identity Synchronization for Windows were removed by running the following command:
# rpm -qa | grep ^sun-mq
When all packaged have been removed, the command returns no results.
productregistry
FileThis step is a safeguard in case the uninstallation was unable to completely update the registry.
Inspect the /var/opt/sun/install/productregistry
file. If any references to the following products exist, then remove the references:
Identity Synchronization for Windows
Message Queue
Administration Server
This step ensures that the configuration suffix no longer contains Identity Synchronization for Windows data. Use one of the following methods:
If the configuration suffix contains only data related to Identity Synchronization for Windows, then recreate the suffix. For example, if the configuration data is stored under ou=isw_config:
# dsconf delete-suffix ou=isw_config # dsconf create-suffix ou=isw_config
If the configuration suffix contains data other than Identity Synchronization for Windows data, then first use the ldapsearch
command to find Identity Synchronization for windows entiries in the suffix. Then use the ldapdelete
command to delete the Identity Synchronization for Windows data.
Patch Identity Synchronization for Windows components. For example:
# cd ISW-6.0-SP-1-content/packages/RHELxxx/ # rpm -Uvh *
Upgrade to JDK 5.0_u29. For example:
# cd ISW-6.0-SP-1-content/jdk/
# rpm -Uvh jdk-1.5.0_29-fcs.i586.rpm
Install Message Queue 4.3. For example:
# export JAVA_HOME=/usr/java/jdk1.5.0_29/ # cd ISW-6.0-SP-1-content/mq4_3-installer/ # ./installer
Install Identity Synchronization for Windows core software. For example:
# cd ISW-6.0-SP-1-content/144591-01/installer
# ./installer.sh
Do not start the console once the installation is completed.
In the file /opt/sun/isw/bin/start_watchdog.sh
, change the LD_LIBRARY_PATH
. For example:
LD_LIBRARY_PATH=/opt/sun/private/lib:/opt/sun/isw/lib:$INSTALL_DIR/ lib:/usr/lib:$JAVA_HOME/jre/lib/i386/native_threads:$LD_LIBRARY_PATH
Unzip the isw-generic.zip
file.
# unzip -q isw-generic.zip
Install the HotFix-6.0SP1_COMBO_5_20110722
patch included within the 11.1.1.7.0 ODSEE release. Follow the instructions contained in the README
file within the hotfix path. For example:
# /etc/init.d/isw stop # /var/Sun/mps/stop-admin # ./Install /opt/sun/isw /var/Sun/mps/
Import the Identity Synchronization for Windows 6.0 configuration XML file. For example:
# cd /opt/sun/isw/bin # ./idsync importcnf -w admin_password -q configuration_password -f xml_configuration_filename_to_import
The file xml_configuration_filename_to_import
here is the file that was created when you ran the command java -jar export11cnf.jar.
You can ignore any warnings or Java exceptions that are displayed.
Install the Directory Server Enterprise Edition connector. For example:
# cd ISW-6.0-SP-1-content/144591-01/installer
# ./installer.sh
Run the installer a second time, and install the Active Directory connector.
The data Directory Server must be restarted to enable the plugins.
Stop Identity Synchronization for Windows service daemons. For example:
# /etc/init.d/isw stop
Delete the Identity Synchronization for Windows 6.0 Service Pack 1 persist
and etc
directories.
# cd /var/opt/sun/isw/ # rm -rf etc/ persist/
Restore persist
and etc
backup directories. For example:
# tar xf /var/tmp/connector-state.tar
Start the Identity Synchronization for Windows 6.0 Service Pack 1 services. For example:
# /etc/init.d/isw start
Start synchronization.
See Section 1.6.2, "Starting and Stopping Synchronization."
Note:
If the console fails with a Java exception and is unable to open the Identity Synchronization for Windows console, then set LD_LIBRARY_PATH first before starting the console. For example:
export LD_LIBRARY_PATH=/opt/sun/private/lib/:/opt/sun/isw/lib/
To confirm that the Identity Synchronization for Windows 6.0 Service Pack 1 installation has been successful, run the following command:
$/opt/sun/isw/bin/idsync -V
The output should be the same as the following:
common.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1139 built by svbld) connector.jar : 6.0SP1_COMBO_5_20110722 (ISW build id:2011.203.1459 built by pduc) install.jar : 6.0SP1_COMBO_5_20110722 (ISW build id:2011.203.1459 built by pduc) registry.jar : 6.0SP1_COMBO_5_20110722 (ISW build id:2011.203.1459 built by pduc) ui.jar : 6.0SP1_COMBO_5_20110722 (ISW build id:2011.203.1459 built by pduc) watchdog.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1139 built by svbld) manager.jar : 6.0SP1_COMBO_5_20110722 (ISW build id:2011.203.1459 built by pduc)