Oracle® Fusion Middleware Release Notes for Identity Synchronization for Windows 6.0 Service Pack 1 11g Release 1 (11.1.1.7.0) Part Number E28964-01 |
|
|
PDF · Mobi · ePub |
When you migrate from Identity Synchronization for Windows 6.0, you first export the existing configuration and uninstall Identity Synchronization for Windows 6.0. Then you install Identity Synchronization for Windows 6.0 Service Pack 1 , and apply the configuration exported from Identity Synchronization for Windows 6.0. This chapter contains the following sections:
Obtaining the Latest Identity Synchronization for Windows Release
Uninstalling Identity Synchronization for Windows 6.0 Components
Installing Identity Synchronization for Windows 6.0 Service Pack 1
See Section 1.4, "Obtaining the Software as Part of Directory Server Enterprise Edition."
The following is a checklist of required tasks you must complete before you can successfully migrate Identity Synchronization for Windows 6.0 Service Pack 1 .
Unpack the Identity Synchronization for Windows 6.0 Service Pack 1 patch content
Add a clear text password to the exported configuration file
Stop the Identity Synchronization for Windows 6.0 Service Pack 1 services
Schedule an appropriate time for migration.
Migration typically requires four to eight hours, depending on your system's performance and the configuration of Identity Synchronization for Windows 6.0 Service Pack 1 .
You can use either the administration console or the command-line interface to complete these tasks.
Open the administration console.
C:\Program Files\Sun\MPS\startconsole.exe
Go to Configuration > Groups, and deselect the Enable Group Synchronization checkbox.
Go to Configuration > Account Lockout, and deselect the Enable Account Lockout Synchronization checkbox.
Click Save.
Use the idsync
command in the following directory:
C:\Program Files\Sun\MPS\isw-instance-name\bin\idsync
To disable group synchronization:
# idsync groupsync -d -D Directory-Manager-DN -w bind-password [-h Configuration-Directory-hostname] [-p Configuration-Directory-port-number] -s rootsuffix [-Z] -q configuration-password -t AD-group-type
To disable account lockout:
# idsync accountlockout -d -D Directory-Manager_DN -w bind-password -h Configuration Directory-hostname -p Configuration-Directory-port-number -s rootsuffix [-Z] [-P cert-db-path [-m secmod db path] -q configuration-password -t max-lockout-attempts
Unpack the Identity Synchronization for Windows 6.0 Service Pack 1 patch content.
# unzip.exe zipped_patch_file
To identify the zipped_patch_file for your installation, see Section 1.4.2, "Minimum Patch Level Requirements.".
After the patch files are unzipped, the migration subdirectory contains the migration tools:
export11cnf.jar
checktopics.jar
Export the current Identity Synchronization for Windows 6.0 Service Pack 1 configuration setting to an XML file.
Change the current directory to migration
and run the export11cnf.jar
file with the following usage:
# java -jar export11cnf.jar -D bind_DN -w bind_password | - [-h configuration_directory_hostname] [-p configuration_directory_port_number] -s root_suffix [-Z] -q configuration_password | - -f xml_configuration_filename_to_export
The following example shows a typical use:
# java -jar export11cnf.jar -D "cn=directory manager" -w - -h "test.example.com" -p 389 -s "ou=isw_config" -q - -f export.cfg
Add clear text passwords to the exported configuration file.
Edit the exported configuration file, and enter a password between the double quotation marks for each of six cleartextPassword
fields. You must provide three passwords for the Directory Server user, and three passwords for the Active Directory user.
You can either use the administration console, or run the idsync stopsync
command. See Section 1.6.2, "Starting and Stopping Synchronization."
Make sure that the current directory is migration
, and run the checktopics.jar
file with the following usage:
# java -jar checktopics.jar -D bind_DN -w bind_password | - [-h configuration_directory_hostname] [-p configuration_directory_port_number] -s root_suffix [-Z] -q configuration_password | -
The following example shows a typical use:
# java -jar checktopics.jar -D "cn=directory manager" -w - -h "test.example.com" -p 389 -s "ou=isw_config" -q -
If the system is in a quiescent state, checktopics.jar
displays the following message:
There are no synchronization messages currently in the Message Queue
If checktopics.jar
does not display this message, follow these steps:
Restart synchronization. See Section 1.6.2, "Starting and Stopping Synchronization.".
Wait until the synchronization messages are applied to the destination connector.
Stop synchronization again. See Section 1.6.2, "Starting and Stopping Synchronization."
Run the checktopics.jar
file again.
Stop the Identity Synchronization for Windows 6.0 Service Pack 1 services. See Section 1.6.3, "Starting and Stopping Services."
Save the connector states by backing up the persist
and etc
directories from the existing 6.0 installation tree.
Change the current directory to server_root
\isw-
hostname
and run the following commands:
# %JAVA_HOME%\bin\jar -cfM %TEMP%\connector-state.jar persist etc
Repeat the following procedure for each of the Identity Synchronization for Windows components installed on your system in this order: First uninstall Active Directory Connectors, then uninstall Directory Server Connectors and Plug-ins, and finally uninstall the Identity Synchronization for Windows Core.
Run the uninstaller located at C:\Program Files\Sun\MPS\isw-instance-name/uninstall.cmd
.
Provide the requested passwords.
Each time you run the uninstaller, remove only one component. If you remove more than one component at a time, results may be unpredicatable.
See "Chapter 9, Removing the Software" in Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide for more information.
To install Identity Synchronization for Windows 6.0 Service Pack 1 complete these steps:
Prepare for installation as described in Section 5.3, "Preparing for Identity Synchronization for Windows Installation."
Install the Identity Synchronization for Windows 6.0 Service Pack 1 core, as described in Chapter 3, Installing Core, in Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
Install the HotFix-6.0SP1_COMBO_5_20110722
patch included within the 11.1.1.7.0 ODSEE release. Note that on Windows the command is the similar to the example in the README file.
However, on Windows paths, such as the following:
Install.cmd C:\Program Files\Sun\MPS\isw-hostname-isw C:\Program Files\Sun\MPS\java\jars
you must replace the variable hostname with the proper value from within the MPS path for your Identity Synchronization for Windows installation.
To import your version 6.0 configuration XML file, run the idsync importcnf
command located in the following directory:
C:\Program Files\Sun\MPS\isw instance-name\bin\
# idsync importcnf -w admin_password -q configuration_password -f xml_configuration_filename_to_import
For more information about using idsync importcnf
, see Using importcnf in Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
(Optional) Install the group synchronization and deletion flow features as described in these sections:
Install the Identity Synchronization for Windows 6.0 Service Pack 1 connectors as described in Chapter 5, Installing Connectors, in Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
(Optional) Configure account lockout.
C:\Program Files\Sun\MPS\isw-instance-name\bin\idsync
# idsync accountlockout -d -D Directory-Manager_DN -w bind-password -h Configuration Directory-hostname -p Configuration-Directory-port-number -s rootsuffix [-Z] [-P cert-db-path [-m secmod db path] -q configuration-password -t max-lockout-attempts
Configure the Identity Synchronization for Windows 6.0 Service Pack 1 plug-in as described in Using dspluginconfig in Oracle Identity Synchronization for Windows 6.0 Installation and Configuration Guide.
Stop Identity Synchronization for Windows services. See Section 1.6.3, "Starting and Stopping Services."
Delete the Identity Synchronization for Windows 6.0 Service Pack 1 persist
and etc
directories and all their contents from the instance directory, and replace them with Identity Synchronization for Windows version 6.0 persist
and etc
directories that you backed up in Section 4.2, "Preparing for Migration.".
Use these commands:
cd serverroot\isw-hostname # rd /s etc persist # %JAVA_HOME%\bin\jar -xf %TEMP%\connector-state.jar
Start the Identity Synchronization for Windows 6.0 Service Pack 1 services.
Start synchronization.
To confirm that the Identity Synchronization for Windows 6.0 Service Pack 1 installation has been successful, run the following command:
C:\Program Files\Sun\MPS\isw-win2k3-isw\bin\idsync -V
The output should be the same as the following:
common.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) connector.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) install.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) registry.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) ui.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) watchdog.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld) manager.jar : 6 2009Q1_SP1 (ISW build id:2010.116.1643 built by svbld)