Sun Microsystems 8190994 - Manual

Load Balancing Property ............................................................................................................. 99 Search Size Limit Property ........................................................................................................ 101 Log Property .................

Index ................................................................................................................................................... 145 Contents 7 Sun Confidential: Registered

Figures FIGURE 4–1 Existing version 5 Topology ..................................................................................... 55 FIGURE 4–2 Isolating the Consumer From the Topology .......................................................... 55 FIGURE 4–3 Migrating the version 5 Consumer .........

Tables TABLE 1–1 Migration Matrix Showing Support for Automated Migration ........................... 28 TABLE 3–1 Change Log Attribute Name Changes .................................................................... 41 TABLE 3–2 Fractional Replication Attribute Name Changes ..........................

Examples EXAMPLE 7–1 Sample Export Configuration File ......................................................................... 109 13 Sun Confidential: Registered

Preface This Migration Guide describes how to migrate the components of Directory Server Enterprise Edition to version 6.0. The guide provides migration instructions for Directory Server,Directory Proxy Server, and Identity Synchronization for Windows. Who Should Use This Book This guide is intended...

Directory Server Enterprise Edition Documentation Set This Directory Server Enterprise Edition documentation set explains how to use Sun JavaSystem Directory Server Enterprise Edition to evaluate, design, deploy, and administerdirectory services. In addition, it shows how to develop client applicati...

TABLE P–1 Directory Server Enterprise Edition Documentation (Continued) Document Title Contents Sun Java System Directory Server EnterpriseEdition 6.0 Administration Guide Provides command-line instructions for administering Directory ServerEnterprise Edition. For hints and instructions on using the...

Enterprise System is a software infrastructure that supports enterprise applications distributedacross a network or Internet environment. If Directory Server Enterprise Edition was licensedas a component of Java Enterprise System, you should be familiar with the systemdocumentation at http://docs.su...

TABLE P–4 Typographic Conventions (Continued) Typeface Meaning Example AaBbCc123 Book titles, new terms, and terms to beemphasized (note that some emphasizeditems appear bold online) Read Chapter 6 in the User's Guide . A cache is a copy that is stored locally. Do not save the file. Shell Prompts in...

TABLE P–6 Symbol Conventions (Continued) Symbol Description Example Meaning + Joins consecutive multiplekeystrokes. Ctrl+A+N Press the Control key, release it, andthen press the subsequent keys. → Indicates menu itemselection in a graphical userinterface. File → New → Templates From the File menu, c...

Sun Welcomes Your Comments Sun is interested in improving its documentation and welcomes your comments andsuggestions. To share your comments, go to http://docs.sun.com and click Send Comments. In the online form, provide the full document title and part number. The part number is a7-digit or 9-digi...

Overview of the Migration Process for DirectoryServer This chapter describes the steps involved in migrating to Directory Server 6.0. Directory Server6.0 provides a migration tool, dsmig , that automates aspects of the migration for certain platform/version combinations. If servers within your topol...

Deciding on the New Product Distribution Directory Server 6.0 is provided in two distributions: ■ Java Enterprise System distribution. This distribution takes the form of operatingsystem-specific packages, such as pkg for Solaris and rpm for Linux. ■ Compressed archive (zip) distribution. There are ...

Deciding on Automatic or Manual Migration This section provides a table that shows when you can use dsmig and when you need to migrate manually. It is based on the migration steps described in the previous section. TABLE 1–1 Migration Matrix Showing Support for Automated Migration From To Migration ...

Automated Migration Using the dsmig Command Directory Server 6.0 provides a command-line migration tool to help you migrate from aDirectory Server 5.2 instance to a Directory Server 6.0 instance. You can only use the migrationtool if your deployment satisfies the requirements for automatic migration...

Prerequisites for Running dsmig In this section, old instance refers to the 5.2 instance and new instance refers to the Directory Server 6.0 instance. Before you use dsmig to migrate an instance, ensure that the following tasks have been performed: ■ The Directory Server 6.0 packages (either zip, or...

When you run this command, any custom schema defined in the 99user.ldif file are copied to the new instance. If the new instance is already in production, and you have already modifiedthe 99user.ldif file of the new instance, dsmig performs a best effort merge of the two files. Custom schema defined...

Note – By default, StartTLS is not enabled on Windows. If you are running dsmig on Windows, use the -e or -–unsecured option to specify an unsecure connection. Alternatively, use the -Z or --use-secure-port option to specify a secure connection over SSL. If you do not use either of these options on ...

Configuration Data For Suffixes With MultipleBackends Configuration data for suffixes with multiple backends is not migrated. If dsmig detects that a suffix has more than one backend, it does not migrate any of the configuration entries thatbelong to that suffix. This includes configuration entries ...

Using dsmig to Migrate User Data In Directory Server 5.2, data is stored in serverRoot /slapd- instance-name /db . Directory Server 6.0 stores user data in instance-path /db . To migrate data automatically, run the following command: $ dsmig migrate-data old-instance-path new-instance-path All suffi...

Migrating Directory Server Manually If your deployment does not satisfy the requirements for automatic migration described in “Deciding on Automatic or Manual Migration” on page 28 , you must migrate the servers manually. This chapter describes the process for manual migration of each part of the se...

■ The old instance has been stopped correctly. A disorderly shutdown of the old instance will cause problems during migration. Even if theold and new instances are on different machines, the old instance must be stopped beforemigration is started. Migrating the Schema Manually Directory Server 5 sch...

Global Configuration Attributes The implementation of global scope ACIs requires all ACIs specific to the rootDSE to have a targetscope field, with a value of base ( targetscope=”base” ). ACIs held in the rootDSE are specific to each Directory Server instance and are not replicated. Therefore there ...

nsslapd-infolog-area nsslapd-infolog-level nsslapd-ioblocktimeout nsslapd-lastmod nsslapd-listenhost nsslapd-maxbersize nsslapd-maxconnections nsslapd-maxdescriptors nsslapd-maxpsearch nsslapd-maxthreadsperconn nsslapd-nagle nsslapd-readonly nsslapd-referral nsslapd-referralmode nsslapd-reservedescr...

The Netscape Root database has been deprecated in Directory Server 6.0. If your old instancemade specific use of the Netscape Root database, the attributes under o=netscaperoot must be migrated. Otherwise, they can be ignored. Replication Configuration Attributes Before migrating replication configu...

nsDS5ReplicaId nsDS5ReplicaLegacyConsumer nsDS5ReplicaName nsDS5ReplicaPurgeDelay nsDS5ReplicaReferral nsDS5ReplicaRoot nsDS5ReplicaTombstonePurgeInterval aci The dschangelogmaxage and dschangelogmaaxentries attributes are added to the replica entry. Replication Agreement Configuration The values of...

TABLE 3–3 Mapping Between 5 and 6.0 Password Policy Attributes (Continued) Legacy Directory Server Attribute Directory Server 6.0 Attribute passwordResetFailureCount pwdFailureCountInterval passwordUnlock - SNMP Attributes The entry cn=SNMP,cn=config does not exist in Directory Server 6.0. All attri...

nsslapd-suffix nsslapd-cachesize nsslapd-cachememsize nsslapd-readonly nsslapd-require-index If your deployment uses the NetscapeRoot suffix, you must migrate the attributes under cn=netscapeRoot,cn=ldbm database,cn=plugins,cn=config . You must also replace the database location ( nsslapd-directory ...

nsProxiedAuthorization nsReferralOnScopedSearch nsslapd-sizelimit nsslapd-timelimit Plug-In Configuration Attributes If you have changed the configuration of any standard plug-in, you must update thatconfiguration. You must also update the configuration of all custom plug-ins. At a minimum,you must ...

ds-hdsml-soapschemalocation ds-hdsml-dsmlschemalocation nsslapd-pluginenabled Pass Through Authentication Plug-In The configuration of this plug-in is stored under cn=Pass Through Authentication,cn=plugins,cn=config . The following attribute must be migrated: nsslapd-pluginenabled The nsslapd-plugin...

Migrating User Data Manually If your topology does not support automatic data migration, you must migrate the datamanually. This involves exporting the data from the existing instance and re-importing it to thenew instance. To migrate data manually from an existing version 5 instance, perform the fo...

Note – During data migration, Directory Server checks whether nested group definitions exceed 30 levels. Deep nesting can signify a circular group definition, where a nested group contains agroup that is also its parent. When a group with more than 30 nesting levels is encountered,Directory Server s...

Migrating a Replicated Topology Directory Server Enterprise Edition 6.0 does not provide a way to migrate an entire replicatedtopology automatically. Migrating a replicated topology involves migrating each serverindividually. Usually, however, you should be able to migrate your entire topology witho...

Issues Related to Migrating Replicated Servers Depending on your replication topology, and on your migration strategy, certain issues mightarise when you migrate replicated servers. These issues are described in the following sections. Issues With the New Password Policy If you are migrating a multi...

2. Demote the master server to a hub, as described in “Promoting or Demoting Replicas” in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide . 3. Migrate the hub server, either using dsmig or the manual migration progress. 4. Promote the hub server to a master, as described...

Advantages of an all-master topology include the following: ■ Availability. Write traffic is never disrupted if one of the servers goes down. ■ Simplicity. In an all-master topology, there is no need to set up referrals to route reads and writes to different servers. There may be reasons that an all...

The next step involves migrating the version 5 consumer. The next step involves enabling the replication agreements to the new consumer, initializing theconsumer if necessary, and rerouting client applications to the new consumer. 5.x Master A 5.x Master B 5.x Hub A 5.x Hub B 5.x Consumer A 5.x Cons...

Migrating the Hubs For each hub in the replicated topology: 1. Disable replication agreements from the masters to the hub you want to migrate. 2. Disable replication agreements from the hub you want to migrate to the consumers. 3. Stop the hub. 4. Migrate the hub according to the instructions under ...

The next step involves migrating the version 5 hub. The next step involves enabling the replication agreements to the new hub and initializing thehub if necessary. 5.x Master A 5.x Master B 5.x Hub A 5.x Hub B 6.0 Consumer A 6.0 Hub A 6.0 Consumer B FIGURE 4–7 Migrating the version 5 Hub Migration S...

Check that the replication on the consumers is in sync with the rest of the topology beforemigrating another hub. A server that has just been migrated does not have a change log, and cantherefore not update consumer servers that are out of sync. Allow the topology to stabilize andall servers to sync...

8. Enable the replication agreements from the master to the hubs and other masters in the topology. 9. If you have migrated the data, check that replication is in sync. 10. If you have not migrated the data, reinitialize the master from another master in the topology. 11. If you rerouted client appl...

The next step involves migrating the version 5 master. 5.x Master A 5.x Master B 6.0 Consumer A 6.0 Consumer B 6.0 Hub A 6.0 Hub B FIGURE 4–10 Isolating the Master From the Topology 5.x Master A 5.x Master B 6.0 Consumer A 6.0 Consumer B 6.0 Hub A 6.0 Master A 6.0 Hub B FIGURE 4–11 Migrating the ver...

The next step involves enabling the replication agreements to and from the new master andinitializing the master if necessary. Check that the replication on all hubs and consumers is in sync with the rest of the topologybefore migrating another master. A server that has just been migrated does not h...

Migrating All the Servers The first step is to migrate all the servers individually, as described in “Migrating a Replicated Topology to an Identical Topology” on page 54 . The resulting topology is illustrated in the following figure. 5.x Master A 5.x Master B 5.x Hub A 5.x Hub B 5.x Consumer A 5.x...

Promoting the Hubs The next step involves promoting the hubs to masters, and creating a fully-meshed topologybetween the masters. To promote the hubs, follow the instructions in “Promoting or DemotingReplicas” in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide . The foll...

Promoting the Consumers The next step involves promoting the consumers to hubs, and then to masters, and creating afully-meshed topology between the masters. To promote the consumers, follow the instructionsin “Promoting or Demoting Replicas” in Sun Java System Directory Server Enterprise Edition 6....

Migrating Over Multiple Data Centers Migrating servers over multiple data centers involves migrating each server in each data centerindividually. Before you start migrating replicated servers, determine whether your deploymentmight not be better served by changing the architecture of the topology. I...

Architectural Changes in Directory Server 6.0 This chapter describes the architectural changes in Directory Server 6.0 that affect migrationfrom a previous version. For information on all changes and bug fixes in Directory Server 6.0, see “What’s New at a Glance” in Sun Java System Directory Server ...

Removal of the o=netscapeRoot Suffix In previous versions of Directory Server, centralized administration information was kept in o=netscapeRoot . In the new administration model, the concept of a configuration directory server no longer exists. The o=netscapeRoot suffix is no longer required, and t...

aci: (targetattr = "userPassword") ( version 3.0; acl "allow userpassword self modification"; allow (write) userdn = "ldap:///self";) In Directory Server 6.0, the default userPassword ACI at root DSE level provides equivalent access control to the default 5.2 ACI at suffix le...

TABLE 5–1 Directory Server 5 and 6 commands (Continued) Version 5 Command Version 6.0 Command Description stop-slapd dsadm stop Stop a Directory Server instance suffix2instance dsconf get-suffix-prop See the backend name for a suffix vlvindex dsadm reindex Create virtual list view indexes TABLE 5–2 ...

Changes to the Console The downloaded, Java Swing-based console has been replaced by Directory Service ControlCenter (DSCC). DSCC is a graphical interface that enables you to manage an entire directoryservice by using a web browser. The DSCC requires no migration. Migrated Directory Serverinstances ...

■ The password is too young ■ The password already exists in history The LDAP_CONTROL_PWP control indicates warning and error conditions. The control value is a BER octet string, with the format {tii} , which has the following meaning: ■ t is a tag defining which warning is set, if any. The value of...

$ dsconf get-server-prop pwd-compat-mode The pwd-compat-mode property can have one of the following values: DS5-compatible-mode If you install a Directory Server instance as part of a replicatedtopology that includes a version 5 server, the compatibility stateshould be set to DS5-compatible-mode . I...

Plug-Ins Deprecated in Directory Server 6.0 The following plug-ins have been deprecated in Directory Server 6.0: cn=aci,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config cn=cn,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config cn=encrypted attributes,cn=userRoot,cn=ldbm database,cn=...

Administration Utilities Previously Under ServerRoot In Directory Server 6.0 the Administration Server is no longer used to manage server instances. The following system administration utilities previously located under ServerRoot have therefore been deprecated: ■ restart-admin ■ start-admin ■ start...

Plug-Ins Previously Under ServerRoot /plugins The following tables describes the new location of sample server plug-ins, and header files forplug-in development. TABLE 5–4 Support for Plug-Ins Directory Server 5.2 Plug-In Directory Directory Server 6.0 Plug-In Directory Remarks ServerRoot /plugins/s...

TABLE 5–5 Tools Previously Under ServerRoot /shared/bin (Continued) 5.2 File 6.0 File Purpose ServerRoot /shared/bin/ldapcompare /usr/sfw/bin/ldapcompare Compare attribute value In Directory Server 6.0 you mustinstall the SUN-LDAPCSDK-TOOLS package to get this utility ServerRoot /shared/bin/ldapdele...

Silent Installation and Uninstallation Templates In Directory Server 5.2, the ServerRoot /setup5 directory contained sample templates for silent installation and uninstallation. Silent installation and uninstallation are no longer needed forDirectory Server 6.0 and these files have therefore been de...

Migrating Directory Proxy Server There is no automatic migration path to move from a previous version to Directory ProxyServer 6.0. Directory Proxy Server 6.0 provides much more functionality than previousversions. While a one to one mapping of configuration information is therefore not possible inm...

The global Directory Proxy Server 5 configuration is specified by two object classes: ■ ids-proxy-sch-LDAPProxy. Contains the name of the Directory Proxy Server server and the DN of the global configuration object. ■ ids-proxy-sch-GlobalConfiguration. Contains various global configuration attributes...

TABLE 6–1 Mapping of Version 5 Global Configuration Attributes to 6.0 Properties (Continued) Directory Proxy Server 5 Attribute Directory Proxy Server 6.0 Property ids-proxy-con-max-conns This attribute can be mapped to the max-client-connections property of a connection handler resource limit. To c...

TABLE 6–2 Mapping of Security Configuration Directory Proxy Server 5 Attribute Directory Proxy Server 6.0 Property ids-proxy-con-ssl-key ssl-key-pin ids-proxy-con-ssl-cert ssl-certificate-directory ssl-server-cert-alias ids-proxy-con-send-cert-as-client This attribute enables the proxy server to sen...

Mapping the Groups Configuration Directory Proxy Server 5 uses groups to define how client connections are identified and whatrestrictions are placed on the client connections. In Directory Proxy Server 6.0, thisfunctionality is achieved using connection handlers, data views and listeners. Connectio...

Mapping the Network Group Object Directory Proxy Server 5 groups are configured by setting the attributes of the ids-proxy-sch-NetworkGroup object class. These attributes can be mapped to properties of Directory Proxy Server 6.0 connection handlers, data sources and listeners. For a list of all thep...

TABLE 6–5 Mapping Between Version 5 Network Group Attributes and 6.0 Properties (Continued) Directory Proxy Server 5 Network Group Attribute Directory Proxy Server 6.0 Property ids-proxy-con-tcp-no-delay Set this as a property for a specific listener port by usingthe following command: $ dpconf set-...

TABLE 6–6 Mapping of Directory Proxy Server 5 Bind Forwarding Attributes to Directory Proxy Server 6 Connection Handler Property Settings (Continued) Directory Proxy Server 5 Attribute Directory Proxy Server 6 Property ids-proxy-con-permit-auth-sasl allowed-auth-methods:sasl Mapping Operation Forwar...

Mapping Subtree Hiding Directory Proxy Server 5 uses the ids-proxy-con-forbidden-subtree attribute to specify a subtree of entries to be excluded in any client request. Directory Proxy Server 6.0 provides thisfunctionality with the allowed-subtrees and prohibited-subtrees properties of a request fil...

TABLE 6–8 Mapping Directory Proxy Server 5 Search Request Control Attributes to Directory Proxy Server 6.0 Properties Directory Proxy Server 5 Attribute Directory Proxy Server 6.0 Property ids-proxy-con-filter-inequality allow-inequality-search-operations property of the request filtering policy ids...

Enterprise Edition 6.0 Administration Guide . For information on configuring a resource limits policy, see “Creating and Configuring a Resource Limits Policy” in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide . In Iplanet Directory Access Router 5.0 (IDAR) these configu...

The following table maps the Directory Proxy Server 5 search response restriction attributes tothe corresponding Directory Proxy Server 6.0 properties. TABLE 6–11 Mapping of Directory Proxy Server 5 Search Response Restriction Attributes to Directory Proxy Server 6.0 Properties Directory Proxy Serve...

TABLE 6–12 Mapping of Directory Proxy Server 5 Referral Configuration Attributes to Directory Proxy Server 6 resource limits Properties Directory Proxy Server 5 Attribute Directory Proxy Server 6 Property ids-proxy-con-reference referral-policy ids-proxy-con-referral-ssl-policy referral-policy ids-p...

Mapping the Properties Configuration The Directory Proxy Server 5 property objects enable you to specify specialized restrictions thatLDAP clients must follow. Most of the functionality of property objects is available in DirectoryProxy Server 6, although it is supplied by various elements of the ne...

TABLE 6–14 Mapping of Directory Proxy Server 5 Server Load Configuration Attributes to Directory Proxy Server 6 Resource Limits Properties Directory Proxy Server 5 Attribute Directory Proxy Server 6 Property ids-proxy-con-dn-exact target-dns ids-proxy-con-dn-regexp target-dn-regular-expressions ids-...

TABLE 6–15 Mapping of ids-proxy-sch-LDAPServer Attributes to Data Source Properties Directory Proxy Server 5 Attribute Directory Proxy Server 6.0 Property ids-proxy-con-host ldap-address ids-proxy-con-port ldap-port ids-proxy-con-sport ldaps-port ids-proxy-con-supported-version No equivalent Directo...

load balancing only, that is, each LDAP server is allotted a certain percentage of the total load.The ids-proxy-sch-LoadBalanceProperty object class has one attribute, ids-proxy-con-Server , whose value has the following syntax: server-name [# percentage ] In Iplanet Directory Access Router 5.0 (IDA...

Server 6.0 has a number of properties that can be configured to monitor its backend servers. Formore information, see “Retrieving Monitored Data About Data Sources” in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide . Search Size Limit Property Directory Proxy Server 5 u...

TABLE 6–17 Version 5 and Version 6 Log Functionality (Continued) Directory Proxy Server 5 Attribute Purpose Directory Proxy Server 6.0 Equivalent ids-proxy-con-audit-syslog Syslog facility code for auditlog No equivalent ids-proxy-con-audit-file Path to audit log file log-file-name of the access-log...

TABLE 6–18 Mapping Between Version 5 Event Attributes and Version 6 Connection Handler Properties (Continued) Directory Proxy Server 5 Attribute Directory Proxy Server 6.0 Property ids-proxy-con-ssl-required is-ssl-mandatory ids-proxy-con-bind-anonymous allowed-auth-methods:anonymous ids-proxy-con-b...

Migration Overview Migration from Identity Synchronization for Windows version 1.1 to version 6.0 isaccomplished in the following major phases: 1. Preparing your Identity Synchronization for Windows 1.1 installation for migration. 2. Uninstalling Identity Synchronization for Windows 1.1. 3. Installi...

However, if you use the forcepwchg utility, you can identify affected users and force them to change passwords again. For more information, see “Forcing Password Changes on Windows NT” on page 116 . ■ All other attribute changes made during the migration process (at any directory source) willbe sync...

Tip – Although it is possible to re-enter the 1.1 configuration manually by using the Identity Synchronization for Windows console, it is recommended that you use the export11cnf utility. If you do not use export11cnf , the state of the connectors is not preserved. Exporting the version 1.1 configur...

<Credentials userName="cn=iswservice,cn=users,dc=example,dc=com" cleartextPassword="" /> <!-- INSERT PASSWORD BETWEEN THE DOUBLE QUOTES IN THE ABOVE FIELD --> You must enter a password manually, between double quotes, for every cleartextPassword field in the exported conf...

EXAMPLE 7–1 Sample Export Configuration File (Continued) name="uid" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr="CreationAttribute" name="sn" syntax="1.3.6.1.4.1.1466.115.121.1.15"/> <AttributeDescription parent.attr=...

topic names used in Message Queue. In addition, when you run checktopics , it queries Message Queue to check how many outstanding messages remain on each activesynchronization topic and then displays this information for you. To execute the checktopics command line utility: Open a Terminal window an...

Forcing Password Changes on Windows NT On Windows NT, password changes are not monitored and new password values are notcaptured during the migration process. Consequently, you cannot determine new passwordvalues after the migration process. Instead of requiring all users to change passwords when yo...

Preparing for Migration Use the following procedure to prepare for migration to version 6.0. Unpack Identity Synchronization for Windows 6.0 Bits Stop Synchronization Stop Identity Synchronization for Windows Services Start Identity Synchronization for Windows Services Uninstall Identity Synchroniza...

▼ Preparing to migrate from version 1.1, and 1.1 SP1, to version 6.0 Open a terminal window or command prompt. ■ On Solaris type the following command. uncompress -c filename | tar xf - ■ On Windows type the following command or use any archive program for Windows, such as WinZip. %JAVA_HOME%\\bin\\...

Verify that your system is in a stable state. From the migration directory, execute checktopics as described in “Using the checktopics Utility” on page 114 . The following example shows the execution of the checktopics command. java -jar checktopics.jar -D “cn=directory manager” -w - \ -s “dc=exampl...

Alternatively, use any archive program for Windows, such as WinZip. Start the Identity Synchronization for Windows services. For more information, see “Startingand Stopping Services” in Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide . Uninstalling Identity Synchronization...

Change directory ( cd ) to < ServerRoot \>\\isw-< hostname \> and then use the Identity Synchronization for Windows 1.1 (or 1.1 SP1) uninstallation program to uninstall the version1.1, and 1.1 SP1, Connectors and Core components. Note – You must uninstall Connectors before uninstalling C...

Installing or Upgrading the Dependent Products Use the following steps to upgrade the Java Run Environment, install Message Queue, andupgrade Directory Server. 1. Upgrade the Java 2 Runtime Environment (or Java 2 SDK) on each host (except on Windows NT) where Identity Synchronization for Windows com...

cd serverRoot \isw- hostname \bin idsync prepds arguments \ For more information about idsync prepds , see Appendix A, “Using the Identity Synchronization for Windows Command Line Utilities,” in Sun Java System Directory Server Enterprise Edition 6.0 Installation Guide . Import your version 1.1, and...

iv. Double-click on each of the following entries to restore their values (which you saved prior to uninstalling version 1.1). ■ HighestChangeNumber ■ LastProcessedSecLogRecordNumber ■ LastProcessedSecLogTimeStamp ■ QueueSize c. Start the NT Change Detector service by typing the following command. n...

What to Do if the 1.1 Uninstallation Fails If the version 6.0 installation program finds remnants of the version 1.1 system, the 6.0installation will fail. Verify that all of the 1.1 components are completely removed from thesystem prior to installing version 6.0. If the uninstallation program does ...

▼ To Manually Uninstall Core From a Solaris Machine: Stop all Identity Synchronization for Windows Java processes by typing /etc/init.d/isw stop into a terminal window. If the preceding command does not stop all of the Java processes, type the following commands. /usr/ucb/ps -gauxwww | grep java kil...

/etc/imq /var/imq /usr/bin/imq* To remove the Identity Synchronization for Windows 1.1 Solaris packages, run pkgrm package-name for each of the packages listed in “Manually Uninstalling 1.1 Core and Instances from Solaris” on page 125 . The following example shows the use of pkgrm to uninstall packa...

e. From the Directory Server Console, locate and remove the following entry from the Configuration Directory: cn=pswsync,cn=plugins,cn=config f. Stop Directory Server. g. Remove the Plugin binary by typing the following command. rm -f serverRoot /lib/psw-plugin.so h. Restart Directory Server. Back-u...

■ <compid\>SUNWidscn . . . </compid\> ■ <compid\>SUNWidsoc . . . </compid\> ■ <compid\>ADConnector . . . </compid\> The following is an example <compid\> tag. Remove <compid\> , </compid\> , and all the text and tags in-between. <compid\>Id...

Note – In this section, Identity Synchronization for Windows locations are described in the following manner: serverRoot \isw- hostname \ where serverRoot represents the parent directory of the Identity Synchronization for Windows installation location. For example, if you installed Identity Synchro...

■ From a Command Prompt, type the following command. net stop "iMQ Broker" ■ If the preceding methods do not work, use the following steps to stop Message Queuemanually. a. Open the Services window, right-click on iMQ Broker and select Properties. b. From the General tab in the Properties wi...

b. Select Registry → Export Registry File from the menu bar. c. When the Export Registry File dialog box is displayed, specify a name for the file and select a location to save the backup registry. In the Registry Editor, select Edit → Delete from the menu bar. Remove the following Identity Synchron...

■ <compid\>DSConnector . . . </compid\> ■ <compid\>Directory Server Plugin . . . </compid\> ■ <compid\>DSSubcomponents . . . </compid\> ■ <compid\>ObjectCache . . . </compid\> ■ <compid\>ObjectCacheDLLs . . . </compid\> ■ <compid\>ADC...

"cn=Sun ONE Identity Synchronization for Windows,cn=server group, cn=myhost.mydomain.com,ou=mydomain.com,o=NetscapeRoot" b. Use the Directory Server Console to remove the Identity Synchronization for Windows Console subtree that you found and all subtrees under it. Clean up the Identity Sync...

Note – In this section, Identity Synchronization for Windows locations are described as follows: < serverRoot \>\\isw-< hostname \> where < serverRoot \> represents the parent directory of the Identity Synchronization for Windows installation location. For example, if you installed...

■ If the preceding methods do not work, use the following steps to stop the Change DetectorService manually: a. Open the Services window, right-click on Change Detector Service and select Properties. b. From the General tab in the Properties window, select Manual from the Startup type drop-down list...

Use regedt32 ( do not use regedit ) to modify (do not delete) the following registry key: a. Select the registry key entry in the left pane: HKEY_LOCAL_MACHINE\\SYSTEM\\\\CurrentControlSet\\\\CONTROL\\\\LSA The registry value type must be REG_MULTI_SZ . b. In the right pane, right-click on the Notif...

The following is a example <compid\> tag. Remove <compid\> , </compid\> , and all the text and tags in-between. <compid\>Identity Synchronization for Windows <compversion\>1.1 <uniquename\>Identity Synchronization for Windows</uniquename\> <compinstance\&...

The sample deployment scenarios include: ■ “Multi-Master Replication Deployment” on page 140 ■ “Multi-Host Deployment with Windows NT” on page 141 Multi-Master Replication Deployment In a multi-master replication (MMR) deployment, two Directory Server instances are installedon different hosts. It is...

Multi-Host Deployment with Windows NT Three hosts are used in this deployment scenario: ■ A Windows NT system ■ A host for Directory Server with the synchronized users and the Directory Server Connector Unpack I dentity Synchronization for Windows 6.0 Bits Stop Synchronization Start I dentity Synchr...