Skip Headers
Oracle® Fusion Middleware Deployment Planning Guide for Identity Synchronization for Windows 6.0
11
g
Release 1 (11.1.1.7.0)
Part Number E28965-01
Home
Index
Contact Us
Next
PDF
·
Mobi
·
ePub
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Who Should Use This Book
Before You Read This Book
Oracle Directory Server Enterprise Edition Documentation Set
Related Reading
Redistributable Files
Default Paths and Command Locations
Typographic Conventions
Shell Prompts in Command Examples
Symbol Conventions
Documentation Accessibility
1
Introduction
1.1
Identity Synchronization for WindowsDeployment Considerations
2
Case Study: Deploying in a Multimaster Replication Environment
2.1
Example Bank Deployment Information
2.1.1
Example Bank's Existing Architecture
2.1.1.1
Directory Server Information
2.1.1.2
Windows NT Information
2.1.1.3
Active Directory Information
2.1.2
Example Bank's Technical Requirements
2.1.3
Identity Synchronization for Windows Features in This Case Study
2.2
Deploying the Solution
2.2.1
Creating a Special Active Directory User for Identity Synchronization for Windows
2.2.1.1
To Assign Administration Rights to the Special User
2.2.2
Configuring the Identity Synchronization for Windows Core
2.2.3
Configuring Directory Sources
2.2.3.1
Configuring the Sun Java System Directory Server Source
2.2.3.2
Configuring the Active Directory Source
2.2.3.3
To Specify Information in the Global Catalog and for the Active Directory Domain
2.2.3.4
Configuring the Windows NT Source
2.2.3.5
To Specify the Windows NT Domain
2.2.4
Configuring the Synchronization Settings
2.2.4.1
Configuring the Attributes Settings
2.2.4.2
Configuring the Attribute Modification Settings
2.2.4.3
Configuring the Object Creation Settings
2.2.4.4
Configuring the Group Synchronization Settings
2.2.4.5
Configuring the Account Lockout Synchronization Settings
2.2.4.6
Adding the shadowAccount Object Class
2.2.4.7
Configuring the Creation Attributes
2.2.4.8
To Configure the Creation Attributes
2.2.5
Configuring the Synchronization User Lists
2.2.5.1
SUL_NT
2.2.5.2
SUL_AD_EAST
2.2.5.3
SUL_AD_WEST
2.2.5.4
Resolving Issues With Multiple SULs
2.2.6
Installing the Connectors and Directory Server Plug-Ins
2.2.7
Running
idsync resync
2.2.7.1
Running the Resynchronization Procedure When Directory Server Is Authoritative
2.2.7.2
To Synchronize Attribute Values in Active Directory With the Values in Directory Server After Linking Entries
2.2.8
Configuration and Installation Summary
2.2.8.1
Multiple Domains
2.2.8.2
PAM LDAP
2.2.8.3
WAN Deployment
2.2.9
Migrating Users From Windows NT to Active Directory
2.2.9.1
Unlinking Migrated Windows NT Entries
2.2.9.2
Linking Migrated Active Directory Entries
2.2.9.3
Moving Users Between Active Directory Organizational Units
2.2.9.4
When Contractors Become Full-Time Employees
3
Case Study: Deploying in a High-Availability Environment Over a Wide Area Network Using SSL
3.1
Global Telco Deployment Information
3.1.1
Directory Server Setup
3.1.2
Active Directory Information
3.1.3
Requirements
3.2
Installation and Configuration Overview
3.2.1
Primary and Secondary Installations
3.2.2
Periodically Linking New Users
3.2.3
Large Deployment Considerations
3.3
Configuration Walkthrough
3.3.1
Primary Installation
3.3.2
Failover Installation
3.4
Setting Up SSL
3.5
Increasing Connector Worker Threads
3.6
Aligning Primary and Failover Configurations
3.6.1
Setting Multiple Passwords for uid=PSWConnector
3.7
Initial idsync resync Operation
3.7.1
Initial idsync resync Operation for Primary Installation
3.7.2
Initial idsync resync Operation for Failover Installation
3.8
Periodic idsync resync Operations
3.8.1
Periodic idsync resync Operation for Primary Installation
3.8.2
Periodic idsync resync Operation for Failover Installation
3.9
Configuring Identity Manager
3.10
Understanding the Failover Process
3.10.1
Directory Server Connector
3.10.2
Active Directory Connector
3.11
Initializing the Connector State
3.12
Failover Installation Maintenance
3.13
When to Failover
3.14
Failing Over
3.14.1
Stopping Synchronization at the Primary Installation
3.14.2
Starting Synchronization at the Failover Installation
3.14.3
Re-enabling the Directory Server Plugins
3.14.4
Changing the PDC FSMO Role Owner
3.14.5
Monitoring the Logs
3.14.6
Failing Back to the Primary installation
A
Pluggable Authentication Modules
A.1
Overview
A.2
Configuring PAM and Identity Synchronization for Windows
A.2.1
Step 1: Configure an LDAP Repository for PAM
A.2.2
Step 2: Configuring Identity Synchronization for Windows
A.2.3
Step 3: Populating the LDAP Repository
A.2.4
Step 4: Configuring a Solaris Host to Use PAM
A.2.4.1
Installing and Configuring a Solaris Test System
A.2.4.2
Configuring the Client Machine
A.2.4.3
Specifying Rules for Authentication and Password Management
A.2.5
Step 5: Verifying that PAM is Interoperating with the LDAP Store
A.2.6
Step 6: Demonstrating that User Changes are Flowing to the Reciprocal Environment
A.2.6.1
Case 1
A.2.6.2
Case 2
A.2.6.3
Case 3
A.2.6.4
Case 4
A.3
Configuring Systems to Prevent Eavesdropping
A.4
Introducing Windows NT into the configuration
A.5
Example /etc/pam.conf File
B
Identity Manager and Identity Synchronization for Windows Cohabitation
B.1
Overview
B.2
Identity Manager and Identity Synchronization for Windows Functionality
B.3
Password Changes on Active Directory
B.4
Password Changes on Directory Server
B.5
Password Changes and Provisions Originating from Identity Manager Console
B.6
Configuring Identity Manager and Identity Synchronization for Windows
B.6.1
Setting Up Identity Manager 5.0 SP2 and Later
B.6.1.1
Configuring the Form Property
B.6.1.2
Configuring pwsync to Not Propagate Passwords to Directory Server
B.6.2
Setting Up Identity Manager 5.0 SP1 and Earlier
B.6.3
Configuring Identity Synchronization for Windows
B.6.3.1
Handling Identity Manager-Provisioned Users
C
Logging and Debugging
C.1
Audit Logging and Action IDs
C.1.1
Actions
C.1.2
Connector Layers - Accessor, Controller, and Agent
C.1.3
Directory Server Plugin
C.2
Debug Logging
C.2.1
In Java Components
C.2.2
In the Installer
C.2.3
In the Console
C.3
Windows NT Change Detection
C.4
Changing Central Logs File Location
C.5
Changing Component Logs File Location
C.6
Isolating Problems in Directory Server
C.7
Isolating Problems in Message Queue
C.8
Isolating Problems in Active Directory
Glossary
Index