 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
|
|
||||||||
|
|
|||||||||
|
SunOne/iPlanet
Integration: Preliminary Setup Check Checks Before we can begin configuring our Import and Export agent profiles, we need to coordinate some settings between OID and SunOne. In this exercise we will perform some preliminary steps required to make these two directory servers work together. Starting the SunOne console On your SunOne server, run the "startconsole" program. Login using the SuneOne Administrator's acount. In our exercise this is the user: cn=Directory Manager
Under the "Servers and Application" tab, navigate to the "Directory Server" entry. This entry should be under the "Server Groups" entry. Once there, click the "Open" button in the upper right corner of the form.
Configuring the SunOne Changelog feature Once the form opens, Select the "Configuration" tab. Select the "Replciation" folder from the DIT. Select the "Supplier Settings" tab. Check the box for "Enable Changelog". Fill in the mandatory field "Changelog Database Directory" by either clicking on the "Use Default" button or by manually filling in this field with the value you want. Click the "Save" button.
Select the "Legacy Consumer" tab. Check the box for "Enable Legacy Consumer". Enter the OID super user account "cn=orcladmin" in the "Supplier DN" field. Enter the password for the cn=orcladmin account. Click the "Save" button.
Enabling the "Retro Changelog" Plug-in In the "Configuration" tab, select the "Plug-ins" entry from the DIT. Select the "Retro Changelog Plugin". Check the "Enable Plug-in" box. Click on the "Save" button. You will be prompted to restart your SunOne directory server. Restart the SunOne directory server by selecting the "Tasks" tab. Click the "Restart Directory Server" button.
Setting the Password Encrytion Before making any changes to the password encryption parameters, you need to decide which password hashing algorithm you want to use in both OID and SunOne. In order to successfully synchronize paswords between OID and SunOne, both directory servers must be setup to use that same password hashing encryption. Otherwise you won't be able to login to your accounts when you change your passwords on either side. In our exercise we will use SSHA (Salted SHA) as the password hashing algorithm for both OID and SunOne. From the "Configuration" tab, navigate to the "Data" directory entry. In the "Passwords" tab, you will see a field called "Password Encryption". Select your desired password hashing algorithm. Again, your choice must also be set on the OID side. We will go over how to setup the password algorithm choices on OID later in this exercise. Click the "Save" button.
Setting up the OID Server Open the Oracle Directory Manager. Login into ODM using the OID super user account "orcladmin". Navigate to the "orcladmin@domain.com:portnumber" entry in the DIT. It should be the first limb at the top of the DIT. This is the entry that reads "orcladmin@hostname.domain:port_number". In the "System Operations" tab, find the entry called "Password Encryption" and set the value to the same password hashing algorithm you used in the SunOne server.
Backup your User and Group data It is a good practice to backup your "user" and "groups" entries before we go any further. In OID, use the "ldifwrite" command line tool to backup this data. Here is a sample command using the ldifwrite command: # ldifwrite -c iasdb -b "cn=users,dc=us,dc=oracle,dc=com" -f /dir/user.ldif # ldifwrite -c iasdb -b "cn=groups,dc=us,dc=oracle,dc=com" -f /dir/user.ldif Make sure you substitute your own connect string for the -c option and your own domain where the users and groups are located in OID with the -b option. This will give you a checkpoint you can refer back to later if needed. |
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
