Skip Headers
Oracle® Fusion Middleware Deployment Planning Guide for Identity Synchronization for Windows 6.0
11g Release 1 (11.1.1.7.0)
Part Number E28965-01
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Feedback page
Contact Us
Go to previous page
Previous
PDF · Mobi · ePub

Index

A  B  C  D  E  F  G  H  I  J  L  M  N  O  P  R  S  T  U  W  X 

Symbols

%TEMP% environment variable, C.2.2

A

accessor connector layers, C.1.2
accessor.level, C.2.1
accessor.saint.level, C.2.1
accounts, new user, 2.1.2
action ID types, C.1.1
actions, C.1.1, C.1.2, C.1.2, C.1.2, Glossary, Glossary, Glossary
Active Directory
changing passwords, B.3
connector layers, C.1.2
deleted entries, 2.1.2
deployment considerations, 1.1
domains, 2.1.1.3
failover configuration, 3.3.1
global setting, 3.3.1
inactive accounts, 2.1.2
new users, 2.1.2
password changes, B.3
samaccountname, 2.1.1.3
special users, 2.2.1
synchronization user lists, 2.2.5.1
activedirectorydomainname attribute, 2.2.8.1
administration rights, 2.2.1.1
agent connector layers, C.1.2
agent.level, C.2.1
agentout.level, C.2.1
attributes
activedirectorydomainname, 1.1, 2.2.8.1
configuring, 2.2.4.1
data, C.1.1
destinationindicator, 2.2.7, 2.2.7, 2.2.7, 2.2.7.1, 2.2.8.1
dspswuserlink, 2.1.2, 2.2.7, 2.2.9.1
dspswvalidate, 2.2.7
mapping, 2.2.4.3.1
mappings, 2.2.4.3.1
modification settings, 2.2.4.2
nsslapd-infolog-area, C.1.3
nsslapd-infolog-level, C.1.3
other, C.1.1
pwdlastset, C.1.2
samaccountname, 2.1.1.3, 2.2.7, 3.1.2
shadowmax, 2.2.4.8
shadowmin, 2.2.4.8
shadowwarning, 2.2.4.8
uid=PSWConnector, 2.2.1
user_name, 2.1.1.2
user_nt_domain_name, 2.2.8.1
userPassword, 2.2.7
audit logging, C
audit.log, C.1.2
authentication
Active Directory, A
denying, A.2.4.3
domain controllers, 3.13
editing /etc/nsswitch.conf, A.2.4.3
editing /etc/pam.conf, A.2.4.3, A.2.4.3, A.2.4.3, A.2.4.3.1
for failover, 3.13
on Solaris, 2.1.1.1, A.1, A.2.4
on Windows, A.2.2
over TLS, A.3
rules, A.2.4.3
using PAM, A.1, A.2.4, A.2.4.3
authentication certificates, Glossary

B

Base DNs, A.2.1
brokers, Message Queue, 3.7, 3.7.1, 3.7.1, 3.7.2, Glossary, Glossary

C

central log directories, Preface
Central Logger
enabling debug logging, C.2.1
log locations, C.5
out-of-order messages, C.1.2
plugin logging, 3.14.3
processing logs, C.2.1
central logs, C.1.2, C.4, Glossary
centralLogger component, C.2.1
Certificate Authority, 1.1, 3.4, 3.4, Glossary
certificate database
default path, Preface
certificate databases, 1.1, 3.4, 3.4, 3.4, Glossary
certificates
Active Directory, 3.4
Active Directory SSL, 1.1
adding to certificate databases, 3.4
authentication, Glossary, Glossary
Certificate Authority, 1.1, 3.4
component requirements, 3.4
configuring connectors, A.3
definition, Glossary
Directory Server, 3.4, 3.4
trusted, 3.1.3, 3.3.1, 3.4, 3.4, 3.4
using Certificate Authorities, 3.4
using with plugins, 3.3.1
using with SSL, 1.1, 3.1.3, 3.3.1, 3.4
change detection
action paths, C.1.2, Glossary, Glossary
Active Directory, 2.2.9, 3.7.1, 3.8.2, B.6.1.2
connectors, 1.1, 2.2.3.1, 3.2.1, 3.8.2, 3.10, 3.10.1, 3.10.1, 3.12, Glossary
controller, C.1.2, Glossary
Directory Server, 1.1, 2.2.3.1, 2.2.9, 3.2.1, 3.10.1, 3.10.1, Glossary, Glossary
failover, 3.12
failures, 2.2.1.1, 3.12
Identity Manager, B.2, B.5
Identity Synchronization for Windows, 3.10, B.2, B.2, B.3, B.4, C.1.1
pwsync command, B.3, B.4
SUL filters, 2.2.5.1, 2.2.5.4, 2.2.5.4
Windows NT, C.3
Windows NT Change Detector, C.1, C.3
Change Detector, Windows NT, C.1
commands
idsync certinfo, 3.4, 3.4
idsync printstat, 3.3.1, 3.3.2, 3.11, 3.11, C.2.1
idsync resync, 1.1, 2.2.7, 2.2.9.4, 3.1.3, 3.2.2, 3.2.3, 3.5, 3.7, 3.12, B.6.3.1, C.1.2
idsync startsync, 3.3.1, 3.3.2, 3.14.2
idsync stopsync, 3.14.1
common.level, C.2.1
components
changing logs location, C.5
Core, Glossary, Glossary, Glossary
logging, C.2.1
trusting certificates, 3.4
configuring
attribute mappings, 2.2.4.3.1
Directory Server, 2.2.3.1, 3.1.1
failover domain, 2.2.3.3
Identity Manager, 3.9
preferred Directory Server, 3.3.2
shadowAccount object class, 2.2.4.6
synchronization user lists, 2.2.5.1
Windows NT, 2.2.3.4
connectors
changing log locations, C.5
definition, Glossary
initializing connector state, 3.10.1, 3.11
installing, 3.2.1, 3.6.1
layers, C.1.2
modification rate, 1.1
persisting states, 3.11
security requirements, 1.1, 3.1.3, A.3
uninstalling, 3.6.1
updating, 3.8.2
using in large deployments, 3.2.3
WAN deployments, 2.2.8.3
console.log, C.2.3
consoles
debug logging, C.2.3
validations, 2.2.5.4
controller connector layers, C.1.2
controller.level, C.2.1
Core
components, Glossary, Glossary, Glossary
configuring Directory Server, 3.3.1
CREATE actions, C.1.1
creating users, 2.1.2, 2.2.1
credentials
Active Directory, 3.13
bind, A.2.6.2, A.3
candidate, A.4
Directory Manager, Glossary
problems, 3.6.1
proxy, A.2.4.2
specifying, 2.2.3.3, A.2.4.2
crom.level, C.2.1

D

daemon, Identity Synchronization for Windows, 3.5, 3.6.1, 3.14.1, C.2.1, C.2.1, Glossary
data attributes, C.1.1
databases
certificate, 1.1, 3.4, 3.4, 3.4, Glossary
object cache, 3.7.1, 3.7.2, 3.8.2, 3.10.2, 3.12, C.1.2, Glossary
retro changelog, Glossary
suffixes, Glossary
debug logging, 3.7, C
debug page, B.6.1.2, B.6.2
debugErrors.log, C.2.1, C.2.1
debug.log, C.2.1, C.2.1
decryption routines, C.2.1
default locations, Preface
DELETE actions, C.1.1
deleting users, 2.1.2
deployment
examples, 2.1.1, 3.1
HA environments, 3
increasing connector worker threads, 3.5
large deployments, 3.2.3
performance requirements, 1.1
preparing for, 1.1
primary/failover configurations, 3.6
running idsync resync, 2.2.7, 3.7
synchronization direction, 1.1
with Identity Manager, B
destinationindicator attribute, 2.2.7, 2.2.7, 2.2.7, 2.2.7.1, 2.2.8.1
directory resources, deployment example, 2.1.1
Directory Server
changing passwords, B.4, B.4
configuring, 2.2.3.1, 3.1.1
configuring LDAP repository for PAM, A.2.1
connector layers, C.1.2
deleted entries, 2.1.2
deployment considerations, 1.1
deployment example, 2.1.1.1
hierarchical DIT, 2.1.3
idsync resync, 2.2.5.4
in HA environment over WAN, 3
in MMR environments, 2.1.1
inactive accounts, 2.1.2
isolating problems, C.6
LINK actions, C.1.1
masters, 1.1
new users, 2.1.2
PAM, 2.1.1.1
populating LDAP repository for PAM, A.2.3
preferred source, 2.2.3.1.1
preventing password change propagation, B.6.1.2
purpose, 2.1.1.1
secondary server, 2.2.3.1.1
uid, 2.1.1.2
using with Identity Manager, B.6.1
verifying synchronization, A.2.6
Directory Server Plugin, 1.1, 3.14.3, C.1, C.1.3
directory sources, specifying, 2.2.3.1.1
disabled accounts, 2.1.2
distinguished names, Glossary, Glossary, Glossary
DNS, A.2.1, A.2.1, A.2.4.2, A.2.4.2
domain controllers, B.6.2
architecture example, 2.1.1
authenticating, 3.13
configuring, 3.3.2
definition, Glossary
deployment example, 3.1
failover, 2.2.3.3
for WAN deployment, 2.2.8.3
logs, C.8
PDC, A.4, B.1
PDC FSMO role owners, 2.2.3.3, 3.14.4
uSNChanged values, 3.7.1
with SSL, 3.4, 3.4
dspswuser auxiliary object class, 2.2.7
dspswuserlink attribute, 2.1.2, 2.2.7, 2.2.9.1
dspswvalidate attribute, 2.2.7

E

encryption keys, 3.6, 3.14.3, 3.14.5
encryption.level, C.2.1
environment variables
%TEMP%, C.2.2
ISW_DEBUG_INSTALL, C.2.2
environments
Active Directory, A
changing passwords, 3.1.3
high-availability over WAN, 3
Identity Synchronization for Windows and Identity Manager cohabitation, B
MMR, 2, Glossary, Glossary
NT, A
Solaris 8, A.2.1
using PAM, A.1
WAN, 2.2.8.3
Windows NT, A.4
Example Bank deployment example, 2
executing
periodic resynchronization, 3.8

F

failover
Active Directory connector, 3.10.2
Directory Server connector, 3.10.1
domain controllers, 2.2.3.3
installation, 3.3.2, 3.3.2, 3.6, 3.8.2, 3.8.2, 3.12, 3.14.2, 3.14.6
maintenance, 3.12
monitoring logs, 3.14.5
starting synchronization, 3.14.2, 3.14.2
stopping synchronization, 3.14.1
failures, detecting, 3.8.2
features, 1, 2.1.3
DIT, 2.1.3
moving users, 2.1.3
SUL filters, 2.1.3
WAN deployments, 2.1.3
filters, using, 2.2.5.1, 2.2.5.4, 3.2.2, 3.7.1
form property, configuring, B.6.1.1

G

Global Catalog, 2.2.3.3, Glossary
global setting, Active Directory, 3.3.1
Global Telco
configuration, 3.2
configuring Directory Server, 3.3.1
on-demand synchronization, 3.3.1
primary installation, 3.2.1
requirements, 3.1.3
Globally Unique Identifier. See GUIDs, 2.1.2
GUIDs, 2.1.2, 2.1.2, C.1.1

H

High Encryption Pack, 1.1
high-availability environments, 3
hub replicas, 1.1, 3.1.1

I

Identity Manager
cohabitation with Identity Synchronization for Windows, B
Global Telco case study, 3.1, 3.8.1
password changes, 3.1.3, B.5
Identity Synchronization for Windows
failover installation, 3.3.2, 3.6, 3.8.2, 3.14.2, 3.14.6
primary installation, 3.2.1, 3.3.1, 3.6.1, 3.7.1, 3.8.1, 3.8.2, 3.14.1, 3.14.5
idsconfig, A.2.1, A.2.1, A.2.1, A.2.4.2, A.3
idsync certinfo command, 3.4, 3.4
idsync command line interface, Glossary
idsync printstat command, 3.3.1, 3.3.2, 3.11, 3.11, C.2.1
idsync resync command
central log file, C.1.2
deployment example, 2.2.7
failover maintenance, 3.12
increasing connector worker threads, 3.5
initial operation, 3.7
linking users, 1.1, 2.2.5.4, 2.2.9.4, 3.1.3, 3.2.2, B.6.3.1
primary installation, 3.8.1
reducing peak load, 3.2.3
REFRESH action, C.1.1
idsync startsync command, 3.3.1, 3.3.2, 3.14.2
idsync stopsync command, 3.14.1
inactive accounts, 2.1.2, 2.1.2
increasing connector work threads, 3.5
initializing connector state, 3.10.1
installation
connectors, 3.2.1
failover, 3.3.2
install-path, Preface
instance-path, Preface
isw- hostname directory, Preface
ISW_DEBUG_INSTALL environment variable, C.2.2

J

Java Naming and Directory Interface, Preface

L

LANs, 2.2.8.3
layers, connector, C.1.2
LDAP
accessor, C.1.2
attributes, 2.2.4.8
communicating with domain controllers, 3.2.1
deployment considerations, 1.1
filters, 3.2.2, 3.7.1
maximum connections, 3.5
PAM, 2.1.1.1, 2.1.2, 2.2.4.6, A
sample URL, Glossary
shadowAccount object class, 2.2.4.6
LINK actions, C.1.1
linking users
idsync resync, 2.2.7
new users, 3.2.2
local log directory, Preface
logging
audit and debug, C
central logs, C.4
centralLogger, C.2.1
component logs, C.5
components, C.2.1
configuring Directory Server plugin, C.1.3
console logs, C.2.3
debug, 3.7
levels, 3.7
message samples, C.1.2
monitoring logs, 3.14.5
security logs, C.3
types, C.2.1
login IDs, 2.1.2
log.properties level, C.2.1

M

maintenance, failover, 3.12
manager.level, C.2.1
Message Queue, Preface
agent, C.1.2
broker description, Glossary
broker memory limits, 3.7, 3.7.1, 3.7.1, 3.7.2
isolating problems, C.7
migrating
Example Bank case study, 2.1.1.3
from NT to Active Directory, 2.2.7, 2.2.9
user passwords, 2.2.9.2
MMR environments, 2, 3.2.1, Glossary, Glossary
modification rate, 1.1
MODIFY actions, C.1.1
monitoring logs, 3.14.5, 3.14.5
mq.level, C.2.1
Multi-Master Replication. See MMR environments, 2
multiple object classes, 2.1.3
multiple passwords, setting, 3.6.1

N

new users
Active Directory, 2.1.2
creating, 1.1
Directory Server, 2.1.2

O

object cache databases, 3.7.1, 3.7.2, 3.8.2, 3.10.2, 3.12, C.1.2, Glossary
object classes
dspswuser, 2.2.7
shadowAccount, 2.2.4.6, 2.2.4.6, 2.2.8.2
on-demand synchronization, 3.3.1

P

PAM
configuring LDAP repository, A.2.1
Directory Server, 2.1.1.1
populating LDAP repository, A.2.3
verifying synchronization, A.2.6
Password Filter DLL, C.1, C.3
passwords
changing on Active Directory, B.3, B.3
changing on Directory Server, B.4, B.4
changing through Identity Manager, B.5
dspswvalidate attribute, 2.2.7
encrypting, 3.2.1, 3.6
Example Bank', 2.1.2
losing changes, 3.6
managing on Solaris, 2.1.1.1
on-demand synchronization, 2.2.3.3, 2.2.3.3, 3.2.1, 3.3.2, 3.4, 3.8.1, 3.13
preventing display in command line, 3.8.1
preventing propagation, B.6.1.2
propagating changes, 3.1.3
replicating to PDC FSMO role owner, 2.2.3.3
resetting, 3.8.1
running idsync resync, 3.7
setting multiple, 3.6.1
shadowmax attribute, 2.2.4.8
shadowmin attribute, 2.2.4.8
shadowwarning attribute, 2.2.4.8
specifying, 2.2.3.3
synchronizing, 1.1, 2.1.2, 2.2.7, 3.1.3
userPassword attribute, 2.2.7
PDC, 2.1.1.2, A.4, B.1
PDC FSMO role owners, 2.2.3.3, 2.2.8.3, 3.1.2, 3.3.1, 3.3.2, 3.14.4, 3.14.4
peak modification rate, 1.1
periodic resynchronization, 3.8, 3.8.1, 3.8.2
permissions, 2.2.1.1, 3.8.1, Glossary, Glossary
Pluggable Authentication Module. See PAM, 2.1.1.1
plugins
Directory Server, 1.1, 3.14.3, 3.14.3, C.1, C.1.3
Retro Changelog, 1.1
preparing for deployment, 1.1
Primary Domain Controller. See PDC, A.4
primary installation
configuring Directory Server, 3.3.1
Identity Synchronization for Windows, 3.2.1, 3.3.1, 3.6.1, 3.7.1, 3.8.1, 3.8.2, 3.14.1, 3.14.5
provisioned users, B.6.3.1
psloglist.exe, C.3
pwdlastset attribute, C.1.2
pwsync, configuring, B.6.1.2

R

read-only replicas, 1.1, 3.1.1
REFRESH actions, C.1.1
reinstalling Directory Server plugins, 3.14.3
replicas
hub, 1.1, 3.1.1
read-only, 1.1, 3.1.1
replication agreements, 3.1.1
requirements
Example Bank, 2.1.2
Global Telco, 3.1.3
resync-batch.pl script, 3.7.1
resyncDebug.log, C.2.1, C.2.1, C.2.1
resynchronization, 3.7
resync.log, C.1.2
retro changelog, 3.10.1, Glossary
Retro Changelog Plugin, 1.1
rights, administration, 2.2.1.1
role owner, PDC FSMO, 3.14.4

S

s requirements, 2.1.2
samaccountname attribute, 2.2.7, 3.1.2
secondary servers, 2.2.3.1.1
security
configuring, 3.3.1, A.3
considerations, 1.1, C.2.1
logs, C.3
using TLS, A.1
SENTINEL actions, C.1.1
serverroot directory, Preface
setting up
Identity Manager, B.6.2
SSL, 3.4
Shadow Account
shadowmax, 2.2.4.8
shadowmin, 2.2.4.8
shadowwarning, 2.2.4.8
shadowAccount auxiliary object class, 2.2.4.6, 2.2.8.2
SLAMD Distributed Load Generation Engine, Preface
special users
administration rights, 2.2.1.1
creating, 2.2.1
delegating control, 2.2.1.1
permissions, 2.2.1.1
specifying
credentials, 2.2.3.3
directory sources, 2.2.3.1.1
passwords, 2.2.3.3
secondary servers, 2.2.3.1.1
SSL
certificates, 1.1
enabling, 1.1, 1.1
requirements, 1.1, 3.1.3
setting up, 3.4
with trusted certificates, 1.1, 3.1.3, 3.3.1, 3.4
starting synchronization failover, 3.14.2
suffixes, Glossary
SULs
description, Glossary
determining membership, C.1.2
purpose, 2.1.2
using filters, 2.2.5.1, 2.2.5.4
validating filters, 2.2.5.4
synchronization
starting, 3.14.2
stopping, 3.14.1
synchronization settings, 2.2.4.2
attribute mapping, 2.2.4.3.1
attribute settings, 2.2.4.1
shadowAccount object class, 2.2.4.6
Synchronization User Lists. See SUL, 2.1.2
synchronizing
inactive accounts, 2.1.2
passwords, 1.1, 2.1.2
users, 2.1.2
SYNCING state, 3.11
System Manager
checking status, 3.3.1, 3.3.2, 3.11
component logs location, C.5
description, Glossary
enabling debug logging, C.2.1
new configurations, 3.5
processing logs, C.2.1

T

tasks.level, C.2.1
TLS, A.1, A.3
Transport Layer Security. See TLS, A.1
troubleshooting, C
trust requirements, 3.4
trusted certificates, 1.1, 3.1.3, 3.3.1, 3.4, 3.4, 3.4

U

UNKNOWN actions, C.1.1
unlinking migrated users, 2.2.9.1
user accounts, eliminating, 2.1.2
user passwords
Change My Password Form, B.6.1.1
Change Password Form, B.6.1.1
Change User Password Form, B.6.1.1
changing on Active Directory, B.3, B.3
changing on Directory Server, B.4, B.4
changing through Identity Manager, B.5
dspswvalidate attribute, 2.2.7
encrypting, 3.2.1, 3.6
Example Bank, 2.1.2
losing changes, 3.6
migrating, 2.2.9.2
modifying, 3.11
on-demand synchronization, 2.2.3.3, 2.2.3.3, 3.2.1, 3.3.2, 3.4, 3.8.1, 3.13
preventing display in command line, 3.8.1
preventing propagation, B.6.1.2
propagating changes, 3.1.3, B.3, B.6.1.1
replicating to PDC FSMO role owner, 2.2.3.3
Reset User Password Form, B.6.1.1
resetting, 3.8.1
running idsync resync, 3.7
setting multiple, 3.6.1
shadowmax attribute, 2.2.4.8
shadowmin attribute, 2.2.4.8
shadowwarning attribute, 2.2.4.8
synchronization direction, 1.1
synchronizing changes, 2.2.4.1, 2.2.7, 3.1.3
userPassword attribute, 2.2.7, 2.2.7.2
user_nt_domain_name attribute, 2.2.8.1
userPassword attribute, 2.2.7
users
creating, 2.1.2, 2.2.1
deleting, 2.1.2
linking migrated, 2.2.9.2
moving between domains, 2.2.9.3
provisioned, B.6.3.1
synchronizing, 2.1.2
unlinking migrated, 2.2.9.1
uSNChanged values, 3.7.1

W

WAN deployments, 2.2.8.3, 2.2.8.3, 2.2.8.3, 2.2.8.3, 3
Windows
Global Catalog, 2.2.3.3, Glossary
Windows NT
Change Detector, C.1
configuring, 2.2.3.4
connector layers, C.1.2
Password Filter DLL, C.1
SUL_NT, 2.2.5.1
synchronization user lists, 2.2.5.1
user_name, 2.1.1.2

X

xml
form properties, B.6.1.1, B.6.1.1
link files, 2.2.7
linkusers-ad-only.cfg, 2.2.7, 2.2.7
xml.level, C.2.1
Go to previous page
Previous
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Feedback page
Contact Us