Oracle® Fusion Middleware Installation and Configuration Guide for Identity Synchronization for Windows 6.0 11g Release 1 (11.1.1.7.0) Part Number E28963-01 |
|
|
PDF · Mobi · ePub |
You must have root
privileges to install and to run Identity Synchronization for Windows services on Solaris and Red Hat systems.
However, after installing the product you can configure the software to run the program services as a non-root
user.
root
UserNote:
To run services as non-root
, you must change the permissions for all directories under the Identity Synchronization for Windows instance directory. The default directory is /var/opt/SUNWisw
.
root
UserAlthough you must be root
to install and to run Identity Synchronization for Windows services, you can configure the software to run the program services as a non-root
user.
Use the UNIX useradd
command to create a user account for Identity Synchronization for Windows.
You also can use a nobody
user to run services. The remaining examples in this procedure assume you created a user called iswuser
.
To install a Sun Java System Directory Server Connector, you must choose a non-privileged port for the Connector during installation.
For example, ports larger than 1024 are acceptable. Port 1389 is recommended for LDAP when the server is running as a non-root
user. Port 1636 is recommended for LDAP over SSL.
Note:
You must execute all commands in the remaining steps as root
.
After installing all components, execute the following command to stop Identity Synchronization for Windows:
/etc/init.d/isw stop
You must update the ownership of the instance directory. For example, if you installed the product in/var/opt/SUNWisw
.
chown -R iswuser /var/opt/SUNWisw chown -R iswuser /opt/SUNWisw
In a text editor, open the/etc/init.d/isw
file and replace the following line:
"$EXEC_START_WATCHDOG" "$JAVA_PATH" "$INSTALL_DIR" "$CONFIG_DIR"
with the following:
su iswuser -c "$EXEC_START_WATCHDOG '$JAVA_PATH' '$INSTALL_DIR' '$CONFIG_DIR'"
Execute the following command to restart the service:
/etc/init.d/isw start
Execute the following command to verify that the components are running using the assigned user's userid:
ps -ef | grep iswuser