�� 9 �� PasswordSync

�� Sun Java System Identity Manager PasswordSync ��䡢�� Windows ��ƫ��̧�� Windows Active Directory �� Windows NT ���ڷ�� Identity Manager ��㡤

�� PasswordSync��

PasswordSync ��ƫ�� Windows Active Directory �� Windows NT ��ĸ��ϯ�� Identity Manager ��̧��ѽ��㡤�� Identity Manager ��Զ��̱��ĸ�� PasswordSync�� PasswordSync �� Identity Manager š��ҡ�

��̱��ĸ�� PasswordSync ѥ��̱��ҳ Java Messaging Service (JMS) ��ܡ��Τ�� Servlet ��ع�� Servlet �� JMS ��ع��ع��JMS ��Ȣ��ڷ��ع�ɡ��ɢ��ɢ��ݨܡ��ա��ϯ��ȴ��仡�� SMTP ��Τ��ϯ��ǵ��ϡ��ϯ��衤


ެ�	��ܩ�� Identity Manager ��Τ��ܢ��ŧ��Ϊ��ߧ��ܩ��Ь ADSI ��ۡ�� Identity Manager ��Ƕ��ŧ��衤

��Щ��

Ʒ�� Windows 2000��Windows 2003 �� Windows NT ��̱��ĸ�� PasswordSync ��䡤�� Identity Manager ��Զ��̱��ĸ�� PasswordSync��

PasswordSync ��̦ȴ�� JMS ��Τ��̡��ȴ�� JMS ˷��ع��ٶ��Sun Java System Identity Manager ��ٶ����JMS ��Ȣ��ġ�硤

��Զ��̱��ĸ�� Microsoft .NET 1.1 ��

��ȴ�� PasswordSync

�� Microsoft .NET 1.1

Ӽ�� PasswordSync�� Microsoft .NET 1.1 �� Framework��Ϊ�� Windows 2003 ��̱�¡�Ь��Ⱥ Framework��Ϊ�� Windows 2000 �� Windows NT ��̱�¡�Ьƫ��ڷ Microsoft Ķ��Ķ�Ⱥ��̦�ڡ�

�� PasswordSync


ެ�	Microsoft .NET 1.1 Framework �� Internet Explorer 5.01 ��ۡ�Internet Explorer 5.0 (�� Windows 2000 SP4) ��ѡ� �� [Keywords] ��ī NET Framework 1.1 Redistributable��ʸ��̦�ڡ� ��̦�� .NET 1.1 Framework��

��ΪǿЩ�� PasswordSync �� IdmPwSync.msi ��Ȣ��ƫ�� Windows [��/��Ȣ] ��Ȣ��Ȣ��

��ΪǿЩ�� PasswordSync �� IdmPwSync.msi ��Ȣ��Ьƫ�� InstallAnywhere ��Ȣ��Ȣ��

�� PasswordSync


ެ�	�� Identity Manager ��Զ��̱��ĸ�� PasswordSync��

�� Identity Manager ��㡢ѺġĶ pwsync\IdmPwSync.msi ��᧡�

��ħ��Ķ��Ѻ�ڡ�

[Cancel]��ѺġĶƫ��Ƕ��ա�

[Back]��ѺġĶƫ��ЩġԶ��ۡ�

[Next]��ѺġĶƫ��īĶġԶ��ۡ�

��ĸ��ع��ѥѺ [Next] �� [Choose Setup Type PasswordSync Configuration] ��᧡� PasswordSync ��

ѺġĶ [Typical] �� [Complete] �� PasswordSync ��ա��ѺġĶ [Custom] ��̱��š��

ѺġĶ [Install] ��ܨ�¡�

ȩ�� PasswordSync ѥ��ĸ��ع��ϡ��ȩ��

ѺġĶ [Finish] ��ȩ��ʩ��

��̽ [Launch Configuration Application]��ƫ�� Password Sync��ٶ�� PasswordSync��̽ڵȴ��ʩ��ع��



ެ�	��ĸ��ۡ��ٯ˷��桤��ȩ�� PasswordSync ��Щ��ٯ˷�ӡ��ɢ PasswordSync ��Щ��ٯ��̱�¡�

�� 9-1 ��̱��
��ǵ	��
%$INSTALL_DIR$%\configure.exe	PasswordSync ��Ȣ
%$INSTALL_DIR$%\configure.exe.manifest	��Ȣ��
%$INSTALL_DIR$%\DotNetWrapper.dll	ݨܡ .NET SOAP ��ع�� DLL
%$INSTALL_DIR$%\passwordsyncmsgs.dll	ݨܡ PasswordSync ع�� DLL
%SYSTEMROOT%\SYSTEM32\lhpwic.dll	��ɢ Windows PasswordChangeNotify () ̪��ϡ DLL

�� PasswordSync

��Ϊ��ڷ��Ȣ��Ȣ��Ь��Ȣ��ҳ��ȩ��ѥ��ѥ��ȹ�� PasswordSync ��Ȣ�롢��ƫ��̽��

��Ϊ�� PasswordSync ��Ȣ��̧��ٯ��

��á�Ⱥ��Ȣ�� [Program Files] > Sun Java System Identity Manager PasswordSync > [Configuration] �㡤

��ĸ�� [PasswordSync Configuration] �� (��ٶ�� 9-1)��

� 9-1 PasswordSync Configuration] ��
��Τ��

��Ķ��?

[Server] �� Identity Manager ��֪�� IP ��

[Protocol] �� Identity Manager ��!��Ϊ��̽ HTTP��Ь��ҳ 80��Ϊ��̽ HTTPS��Ь��ҳ 443��

[Path] ��Ȣ��Τ��ĸ Identity Manager ��!�

[URL] ��̧��ġ��ܨ�?�� URL ��ԫ��

Ѻ [Next] ��ܡ��Τ�� (� 9-2)��

� 9-2 ��ܡ��Τ��

��Ķ��?

��Ϊ��ܡ��Τ�¡�ЬѺġĶ [Enable]��

[Server] ��ܡ��Τ��֪�� IP ��

Port��ƫ��Τ��� (��ܡ��Τ��ҳ 8080�� HTTPS ��ҳ 443��)

Ѻ [Next] �� JMS �� (� 9-3)��

� 9-3 JMS ��

��Ķ��?

[User] ��ī�ع�� JMS ��ϯ��ꢡ�

[Password] �� [Confirm] �� JMS ��ϯ���

[Connection Factory] �� JMS ��ꢡ�� JMS ˷��㡤

��Ķ�� [Session Type] ��ҳ [LOCAL]��ɢ��ɢ��ǵ��˷��ȭ̯��۾ع��ѥ��Ǩ��ɢ�ơ�̧��ƫ��ԫ�� [AUTO]��[CLIENT] �� [DUPS_OK]��

[Queue Name] ��ŧ��ǵ��ꢡ�

Ѻ [Next] �� JMS �� (� 9-4)��

� 9-4 JMS ��

JMS ��ƫ�� JNDI ��Ķ��/ԫ�ס�

java.naming.provider.url - ��ԫ��ҳ�� JNDI Τ٭�� URL��

java.naming.factory.initial - ��ԫ��ҳ JNDI Τ٭��ϯ��ɱ�� (��)��

[Name] Ķ��Ȣ�� java.naming ��ɱ��̡��̽��ɱ��ī��ꢡ��ѥ�� [Value] ��ī̧��ԫ��

Ѻ [Next] ��ǵ�� (� 9-5)��

� 9-5 ��ǵ��

�� [��ǵ] ��ۡ��ƫ��ϯ��ȩ��ŧ (��ع�� Identity Manager ��̧��) �롢��ǵ��ϡ��

��Ķ��?

��̽ [Enable Email] ��䡤��Ϊ��ϯ��ȭ��ϡ��̽ [Email End User]��Ь��ϡ�ܡ�ޡ�

[SMTP Server] ��ϡ�� SMTP ��Τ��֪�� IP ��ߡ�

[Administrator Email Address] ��ϡ��ǵ��ߡ�

[��ǵϯ��] ��ǵϯ��ꢡ�

[��ǵϯ��] ��ǵϯ��ǵ��ߡ�

[Message Subject] ��ȴ��ϡ��ȯ��

[Message Body] ��ϡ��

��ǵ��ƫ��Ķ��?�

$(accountId) - ��ϯ��ڨ�� ID��

$(sourceEndpoint) - ��Ȣ��̱��ꢡ�ȴɷ��̯��¡�

$(errorMessage) - ��ع�ɡ�

ѺġĶ [Finish] ��ա�

��Ϊ��ȹ��Ȣ��Ь��ĸ��ġ��Ϊ��ʨ۬��Ȣ��ҳ��ڷ��ī��Ķ��

�� PasswordSync ��

��ħȴ�� PasswordSync ��ع��ů��̦��ع��ħ�� PasswordSync ��̦��ɢ��ƫ���

��ش��

PasswordSync ��ȴ��ī Windows ��ǵ��¡��ش�� PasswordSync��

��ش��

��ȹ��̦�롢��β��ԡ��ѥ��ȹ��ٯ��̦�� [Trace] �� (� 9-6)��

[Trace Level] ��ī��ش�� PasswordSync ��ع��ȡ�ԫ 0 ��ǡ��ԫ 4 ��޲��ع��

�� [Max File Size (MB)] ��롢PasswordSync ��ħ .bk ��㡤��,��Ϊ��ҳ C:\logs\pwicsvc.log��ҳ 100 MB��Ь�� 100 MB �롢PasswordSync ��ҳ C:\logs\pwicsvc.log.bk��ī�� C:\logs\pwicsvc.log file �㡤

��

�� 9-2 ��
��	��	��
allowInvalidCerts	REG_DWORD	��Ϊ��ҳ 1��Ь�� .NET ��ĸ��Ķ�?� SECURITY_FLAG_IGNORE_UNKNOWN_CA INTERNET_FLAG_IGNORE_CERT_CN_INVALID INTERNET_FLAG_IGNORE_CERT_DATE_INVALID �Ϊ��թ��̦ȴ�� CN �� SSL ��ӡ� �� (��ڷ�� (CA) ܨ��) ��롢��ڦȴ� ��ҳ 0��
clientConnectionFlags	REG_DWORD	�� .NET SOAP ��ƫ��ס� ��ҳ 0��
clientSecurityFlags	REG_DWORD	ƫ�� .NET SOAP ��ƫ��ס� ��ҳ 0��
installdir	REG_SZ	�� PasswordSync ��Ȣ��硤
soapClientTimeout	REG_DWORD	��ܢ��Щ SOAP �� Identity Manager ��Τ��ع�� (��ҳ��)��

�� PasswordSync

Ӽ�� PasswordSync ��Ȣ�� Windows [��̱ƺ] ��̽ [��/��Ȣ]��ѥ��̽ [Sun Java System Identity Manager PasswordSync] ��ѺġĶ [��]��


ެ�	ľƫ��ī Identity Manager ��ѺġĶ pwsync\IdmPwSync.msi �� (��) PasswordSync��

�� PasswordSync

�� JMS ��Ȣ��

��ɢ��ŧ��ϯ��ɢ��

��ϡ

�� JMS ��Ȣ��

��̱��ع��ī��ѥ��ҳ��̿��ع�ɡ��ǡ JMS ��Ȣ��̧��ع��ٶ��Sun Java System Identity Manager ��ٶ����̽ڵȴ��ع��

�� - ��ڦ��ԫ��ҳ [��]��ҳȴġԶ��ϯ��ȴ��Զ��ɩϯ��ڦ��á�

�� JNDI �� - �� JNDI ��Ķ��/ԫ�ס�

java.naming.provider.url - ��ԫ��ҳ�� JNDI Τ٭�� URL��

java.naming.factory.initial - ��ԫ��ҳ JNDI Τ٭��ϯ��ɱ�� (��)��

�� JNDI �� - �� JMS ��Τ��ꢡ�

��ϯ���� - ڷ��ǵ��ܡ��ڨ���

ƫ��ع�� - ��̽ LOCAL (��ɢ��ǵ)��̧��ŧ��

ع�� - ��ī java:com.waveset.adapter.jms. PasswordSyncMessageMapper��ɱƫ�� JMS ��Τ��ǵ��ҳ��ŧ��ϯ��ɢ��ƫ��֪Ȣ��

��ɢ��ŧ��ϯ��ɢ��

��ŧ��ϯ��ɢ��̿�� JMS ��Ȣ��Զ��塢��ջ�� ChangeUserPassword ��¡��ѥ�� ChangeUserPassword ��īջ��ꧡ��ȩ��īѥ��ɢ��Ű��ȴ��ڨ��̽��ȴ��㡤Identity Manager ��ǵ��ϡ��ϯ��ȴ��ĸ��ȩ��

��Ϊ��ɢ��ŧ��ϯ��ɢ��ᣡ��̧��ҳ JMS ��Ȣ��ʩݽЬ��ƫ�� Active Sync ��ʩݽЬ��

��Ϊ��Ժ��ŧ��ϯ��ɢ��ᣡ�� $WSHOME/sample/wfpwsync.xml ��Ժ�ѡ��ѥ��Ժ��ɢ��ī Identity Manager��

��ѥ��ϡ��ա�

��̯ Identity Manager ڨ��ӡ�

��ɢ��̽��Ȣ��

��ڷ Identity Manager ���

��ȴ��ɢ��ع��ٶ��Sun Java System Identity Manager ��ɢ��ᣡ���ס�

��ϡ

Identity Manager ��ħ [Password Synchronization Notice] �� [Password Synchronization Failure Notice] ��ǵ��ۡ��ƫ��ϡ��ϯ��Զ��ȩ��

̥Զ��仡��ϯ��ġ��ɷ�롢ҳ̧��ȴ��Ķġ��ɢ��Ƴ��ع��ٶ��ǵ��

�� Sun JMS ��Τ�� PasswordSync

Identity Manager ��ħ JMS ��Ȣ��ƫ��ǵ�� JMS ع��Τ��ĸʰȩ��ġ��ﳡ�


ެ�	��ٶ��Sun Java System Identity Manager ��ٶ����̽ڵȴ��Ⱥ��ع��

��

��ǡ��̿�ܡ��ǵ

��

�� JMS ��Τ�� PasswordSync ��̨�� (��) ��ҡ�ƫ��ϯ��̧�� Windows ĸ���� Identity Manager ̽ڵ����ѥ�� Sun Directory Server ĸ��ϯڨ�!�

Windows Server 2003 Enterprise Edition - Active Directory

Sun Java System Identity Manager 6.0 2005Q4M3

�� Suse Linux 10.0 ĸ�� MySQL 4.1.13

Tomcat 5.0.28 running on Suse Linux 10.0

�� Suse Linux 10.0 ĸ�� Sun Java System Message Queue 3.6 SP3 2005Q4

�� Suse Linux 10.0 ĸ�� Sun Java System Directory Server 5.2 SP4

Java 1.4.2

jms.jar (�� Sun Message Queue)

fscontext.jar (�� Sun Message Queue)

imq.jar (�� Sun Message Queue)

jndi.jar (�� Java JDK)

��

šε�� Windows PasswordSync ��ɢ��ȴ��ǵ�롢��Ķ��ӡ�

��ϯ��̧��ɢ׻ĸ��롢PasswordSync ��Щ�� Active Directory ��̱��Ժ�ѡ�� Identity Manager ��̽ dll (��̱��ĸ) ��̽���

��̽ dll �� Identity Manager SOAP ��ݨܡ�Ȣ�� SOAP ��塤

Ⱥ SOAP ��ȴ��ϯ ID��ů�� JMS ��ع��

�Ȣ�� 9-1 SOAP ��


POST /idm/servlet/rpcrouter2 HTTP/1.0
Accept:text/*
SOAPAction:"urn:lighthouse"
Content-Type:text/xml; charset=utf-8
User-Agent:VCSoapClient
Host: 192.168.1.4:8080
Content-Length: 1154
Connection:Keep-Alive
Pragma:no-cache
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
<soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<snp:queuePasswordUpdate xmlns:snp="urn:lighthouse">
<userEmailAddress xsi:nil="1"/>
<resourceAccountId>CN=John Smith,OU=people,DC=org,DC=local</resourceAccountId> <resourceAccountGUID>b4e1c14b79d3a949a618a607dde7784d</resourceAccountGUID>
<password>zkpS8qcIJkVBWa/Frp+JqA==</password>
<accounts xsi:nil="1"/>
<resourcename xsi:nil="1"/>
<resourcetype>Windows Active Directory</resourcetype>
<clientEndpoint>W2003EE</clientEndpoint>
<jmsUser>guest</jmsUser>
<jmsPassword>guest</jmsPassword>
<queueName>cn=pwsyncDestination</queueName>
<connectionFactory>cn=pwsyncFactory</connectionFactory>
<sessionType>LOCAL</sessionType>
<JNDIProperties>java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory;java.naming. provider.url=ldap://gwenig.coopsrccom:389/ou=sunmq,dc=coopsrc,dc=com</JNDIProperties>
<singleResult>true</singleResult>
</snp:queuePasswordUpdate>
</soap:Body>
</soap:Envelope>

SOAP ݨܡ�Ȣ��ȭ�� JMS ٶ��ٯ�� JMS Message Queue ��ܡ�Ȣ��!��ѥ SOAP ݨܡ�Ȣ��ϯ ID ��ع�� (��ѥ��ض��ġ��̧��ٶ�ġ��)��

��Message Queue ��ܡ�Ȣĸ�� SOAP ݨܡ�Ȣ��Ķ��թ��ع�� (�� MapMessage ��)��

�Ȣ�� 9-2 SOAP ݨܡ�Ȣع��


password:zkpS8qcIJkVBWa/Frp+JqA==
accounts:null
resourceAccountGUID:8f245d1490de7a4192a8821c569c9ac4
requestTimestamp: 1143639284325
queueName:cn=pwsyncDestination
jmsUser:guest
resourcetype:Windows Active Directory
resourcename:null
JNDIProperties:
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory;
java.naming.provider.url=ldap://gwenig.coopsrc.com:389/
ou=sunmq,dc=coopsrc,dc=com
connectionFactory:cn=pwsyncFactory
clientEndpoint:W2003EE
userEmailAddress:null
sessionType:LOCAL
jmsPassword:guest
resourceAccountId:CN=John Smith,OU=people,DC=org,DC=local

Message Queue ��ܡ�Ȣ��ع��ʰȩ��ġ�JMS ��Ȣ��̽ع�ɡ�ܢ�� Identity Manager ƫ��ٯ��ɢ��ᣡ�

� 9-7 ��ħȺ��



ެ�	��Ⱥ��Τ��ĸ�� SOAP ݨܡ�Ȣ�� Identity Manager��ƫ��ġ��Τ��ĸ��ԯ��

� 9-7 ��

JMS ��

Java Message Service (JMS) API ��ġԶع��?ƫ��Ȣ��ǵ (�� Java 2 Platform, Enterprise Edition (J2EE)) ��ǡ��ʡ��ȭ��ů��̽ع�ɡ�Ⱥ API ƫ��١��š��Ȣ��ع��

Ӽ��ȭع�ɡ��ǿ�� JMS �� JMS ��ϯ (��ڦ�� JMS ��ϯ��ҳع��ܡ�Ȣ��ɢ)��Ⱥ��ƫ��ܡ�Ȣ��ع��笡��ѥ��ġԶ��ǡ��ܨ��ůּ��ع��ɢ�ơ�

�� - ��̿�ܡ��ǵƫܨ��ܡ�Ȣ��!��ǵ��ȴ��ϯ��ع��ƫ�ܡ��ع��ɢ��Ȣ��ݨܡ��ع��С��ů��̱�᫡��Զ��խ��ҳ��ɢ��Ȣ��

�� - ��̿�ܡ��ǵٶ��ܡ�Ȣĸ��?��ǵ��ϯ�� (��) ��ع��?��

��̥Զ��ǵ��ڦ��ܡ��̦��ǡ��ȴ��ǡ��ѥ��ԯ��ǵ��ٴ��JMS �� JNDI ��̧��̽��


ެ�	��ȴ��ع��ٶ��Sun Java System Message Queue ��ݴ���ס�� http://docs.sun.com/source/819-3566/intro.html

� SOAP ݨܡ�Ȣ��ȭ̯�� Windows ��̽ dll ��롢SOAP ݨܡ�Ȣ��ҳ��ܡ��Τ�� SOAP ��ҳ JMS ع�ɡ��ѥ JMS ��Ȣ��ȭع��ɢ��ᣡ�

Ӽ�� JMS ��ܡ�Ȣ��Identity Manager SOAP ݨܡ�Ȣ�� Identity Manager JMS ��Ȣ��̦ȴ�� (�� JNDI ��)��

Identity Manager SOAP ݨܡ�Ȣ��̽ڵ SOAP ع��ع (��Щ��)��

�� Windows ĸ�� PasswordSync �롢��Ķ��ȴٶ� (� 9-9 �� 9-10 ��)��

JMS ��ٶ�

[User] �� [Password] ��?��̯ JMS ��ܡ�Ȣ��

[Connection Factory] ��?��ǵ�� JNDI ��ꢡ�

[Session Type] ��?��

[Queue Name] ��?��ǵ�� JNDI ��ꢡ�

��Ȣ�� 9-4 �㡢[Connection Factory] �� [Queue Name] �� LDAP RDN��̧ (�� java.naming.provider.url ��) ƫʰȩ�� DN��ġԶ�� ldapsearch ɻƫ��̿�ܡ��ǵ��

�Ȣ�� 9-4 ��


��ޡ�
#> ldapsearch -h gwenig.coopsrc.com -b 'dc=coopsrc,dc=com' 'cn=pwsyncfactory'
dn:cn=pwsyncFactory,ou=sunmq,dc=coopsrc,dc=com
objectClass:top
objectClass:javaContainer
objectClass:javaObject
objectClass:javaNamingReference
javaClassName:com.sun.messaging.QueueConnectionFactory
javaFactory:com.sun.messaging.naming.AdministeredObjectFactory
javaReferenceAddress:#0#version#3.0
javaReferenceAddress:#1#readOnly#false
javaReferenceAddress:#2#imqOverrideJMSPriority#false
javaReferenceAddress:#3#imqConsumerFlowLimit#1000
javaReferenceAddress:#4#imqAddressListIterations#1
javaReferenceAddress:#5#imqOverrideJMSExpiration#false
javaReferenceAddress:#6#imqConnectionType#TCP
javaReferenceAddress:#7#imqLoadMaxToServerSession#true
javaReferenceAddress:#8#imqPingInterval#30
javaReferenceAddress:#9#imqSetJMSXUserID#false
javaReferenceAddress:#10#imqConfiguredClientID#
javaReferenceAddress:#11#imqSSLProviderClassname#com.sun.net.ssl.internal.ssl.Provider
javaReferenceAddress:#12#imqJMSDeliveryMode#PERSISTENT
javaReferenceAddress:#13#imqConnectionFlowLimit#1000
javaReferenceAddress:#14#imqConnectionURL#http://localhost/imq/tunnel
javaReferenceAddress:#15#imqBrokerServiceName#
javaReferenceAddress:#16#imqJMSPriority#4
javaReferenceAddress:#17#imqBrokerHostName#localhost
javaReferenceAddress:#18#imqJMSExpiration#0
javaReferenceAddress:#19#imqAckOnProduce#
javaReferenceAddress:#20#imqEnableSharedClientID#false
javaReferenceAddress:#21#imqAckTimeout#0
javaReferenceAddress:#22#imqAckOnAcknowledge#
javaReferenceAddress:#23#imqConsumerFlowThreshold#50
javaReferenceAddress:#24#imqDefaultPassword#guest
javaReferenceAddress:#25#imqQueueBrowserMaxMessagesPerRetrieve#1000
javaReferenceAddress:#26#imqDefaultUsername#guest
javaReferenceAddress:#27#imqReconnectEnabled#false
javaReferenceAddress:#28#imqConnectionFlowCount#100
javaReferenceAddress:#29#imqAddressListBehavior#PRIORITY
javaReferenceAddress:#30#imqReconnectAttempts#0
javaReferenceAddress:#31#imqSetJMSXAppID#false javaReferenceAddress:
#32#imqConnectionHandler#com.sun.messaging.jmq.jmsclient.protocol.
tcp.TCPStreamHandler
javaReferenceAddress:#33#imqSetJMSXRcvTimestamp#false
javaReferenceAddress:#34#imqBrokerServicePort#0
javaReferenceAddress:#35#imqDisableSetClientID#false
javaReferenceAddress:#36#imqSetJMSXConsumerTXID#false
javaReferenceAddress:#37#imqOverrideJMSDeliveryMode#false
javaReferenceAddress:#38#imqBrokerHostPort#7676
javaReferenceAddress:#39#imqQueueBrowserRetrieveTimeout#60000
javaReferenceAddress:#40#imqSSLIsHostTrusted#true
javaReferenceAddress:#41#imqSetJMSXProducerTXID#false
javaReferenceAddress:#42#imqConnectionFlowLimitEnabled#false
javaReferenceAddress:#43#imqReconnectInterval#3000
javaReferenceAddress:#44#imqAddressList#mq://gwenig:7676/jms
javaReferenceAddress:#45#imqOverrideJMSHeadersToTemporaryDestinations#false
cn:pwsyncFactory

�Ȣ�� 9-5 ��


#> ldapsearch -h gwenig.coopsrc.com -b 'dc=coopsrc,dc=com' 'cn=pwsyncdestination'
dn:cn=pwsyncDestination,ou=sunmq,dc=coopsrc,dc=com
objectClass:top
objectClass:javaContainer
objectClass:javaObject
objectClass:javaNamingReference
javaClassName:com.sun.messaging.Queue
javaFactory:com.sun.messaging.naming.AdministeredObjectFactory
javaReferenceAddress:#0#version#3.0
javaReferenceAddress:#1#readOnly#false
javaReferenceAddress:#2#imqDestinationName#pwsyncQueue
javaReferenceAddress:#3#imqDestinationDescription#A Description for the Destination Object
cn:pwsyncDestination

JMS ��ٶ�

��㡢��ǵ�� LDAP ��㡤java.naming.factory.initial ��ǡ�� JNDI ��ɱԫ��java.naming.provider.url ƫ��ꢡ��ҳ��Τ٭��ϯ��ع��Ϊ��ع��Ь PasswordSync ��ٳ�� LDAP ��ɢ��̽��ǵ��

java.naming.security.principal�� DN (��cn=Directory manager)

java.naming.security.authentication�� (��)

java.naming.security.credentials��



ެ�	��ҳ JMS ��Ȣ��

� 9-11 JMS ��Ȣ��ٶ��
JMS ��Ȣ��ٶ�

��ǡ��̿�ܡ��ǵ

��ǵ



ެ�	�� Sun Java System Message Queue��(��̦�� Message Queue �� bin/ �㡤) ��ƫ�� Message Queue �ܡ GUI (imqadmin) ��̦ (imqobjmgr) ��ǡ��̿�ܡ��ǵ��Ķ��̦��

��̿�ܡ��ǵ�� LDAP ��

��ǵ

�Ȣ�� 9-6 ��ǵ


#> ./imqobjmgr add -l "cn=mytestFactory"
-j "java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory"
-j "java.naming.provider.url=ldap://gwenig.coopsrc.com:389/ou=sunmq,dc=coopsrc,dc=com"
-j "java.naming.security.principal=cn=directory manager"
-j "java.naming.security.credentials=password"
-j "java.naming.security.authentication=simple"
-t qf
-o "imqAddressList=mq://gwenig.coopsrc.com:7676/jms"
Adding a Queue Connection Factory object with the following attributes:
imqAckOnAcknowledge [Message Service Acknowledgement of Client Acknowledgements]
...
imqSetJMSXUserID [Enable JMSXUserID Message Property] false

Using the following lookup name:
cn=mytestFactory
The object's read-only state:false
To the object store specified by:
java.naming.factory.initial com.sun.jndi.ldap.LdapCtxFactory
java.naming.provider.url ldap://gwenig.coopsrc.com:389/ou=sunmq,dc=coopsrc,dc=com
java.naming.security.authentication simple
java.naming.security.credentials netscape
java.naming.security.principal cn=directory manager
Object successfully added.

̧�� imqAddressList �� JMS ��Τ��/��ܡ�Ȣ�� (gwenig.coopsrc.com)�� (7676) ��ů��̽�� (jms)��

��ǵ

�Ȣ�� 9-7 ��ǵ


#> ./imqobjmgr add -l "cn=mytestDestination"
-j "java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory"
-j "java.naming.provider.url=ldap://gwenig.coopsrc.com:389/ou=sunmq,dc=coopsrc,dc=com"
-j "java.naming.security.principal=cn=directory manager"
-j "java.naming.security.credentials=password"
-j "java.naming.security.authentication=simple"
-t q
-o "imqDestinationName=mytestDestination"
Adding a Queue object with the following attributes:
imqDestinationDescription [Destination Description] A Description for the Destination Object imqDestinationName [Destination Name] mytestDestination
Using the following lookup name:
cn=mytestDestination
The object's read-only state:false
To the object store specified by:
java.naming.factory.initial com.sun.jndi.ldap.LdapCtxFactory
java.naming.provider.url ldap://gwenig.coopsrc.com:389/
ou=sunmq,dc=coopsrc,dc=com
java.naming.security.authentication simple
java.naming.security.credentials netscape java.naming.security.principal cn=directory manager
Object successfully added.

��̿�ܡ��ǵ��

��ǵ


ެ�	��ƫ�� ldapsearch �� LDAP ��ǡ��ǵ��

�Ȣ�� 9-8 ��ǵ��


#> ./imqobjmgr add -l "mytestFactory" -j "java.naming.factory.initial= com.sun.jndi.fscontext.RefFSContextFactory"
-j "java.naming.provider.url=file:///home/gael/tmp" -t qf -o "imqAddressList=mq://gwenig.coopsrc.com:7676/jms"
Adding a Queue Connection Factory object with the following attributes:
imqAckOnAcknowledge [Message Service Acknowledgement of Client Acknowledgements]
...
imqSetJMSXUserID [Enable JMSXUserID Message Property] false
Using the following lookup name:
mytestFactory
The object's read-only state:false To the object store specified by:
java.naming.factory.initial com.sun.jndi.fscontext.RefFSContextFactory java.naming.provider.url file:///home/gael/tmp
Object successfully added.
To specify a destination:
#> ./imqobjmgr add -l "mytestQueue" -j "java.naming.factory.initial=com.sun.jndi.fscontext.RefFSContextFactory"
-j "java.naming.provider.url=file:///home/gael/tmp" -t q -o "imqDestinationName=myTestQueue"
Adding a Queue object with the following attributes:
imqDestinationDescription [Destination Description] A Description for the Destination Object imqDestinationName [Destination Name] myTestQueue
Using the following lookup name:
mytestQueue
The object's read-only state:false
To the object store specified by:
java.naming.factory.initial com.sun.jndi.fscontext.RefFSContextFactory java.naming.provider.url file:///home/gael/tmp
Object successfully added.

��ܡ�Ȣĸ��ǡ��

��á�Sun Java System Message Queue ��ܡ�Ȣ��ٯ��ǡ�� (��ٶ�� config.properties��̧�� imq.autocreate.queue ��ԫҳ true)��

��Ϊ��ٯ��ǡ��?�Ь��Ȣ�� 9-9 (̧�� myTestQueue ҳ��) ��ܡ�Ȣĸ��ǡ��ǵ��

�Ȣ�� 9-9 ��ܡ�Ȣĸ��ǡ��ǵ


name (Queue name):
#> cd /opt/sun/mq/bin
#>./imqcmd create dst -t q -n mytestQueue
Username:<admin>
Password:<admin>
Creating a destination with the following attributes:
Destination Name mytestQueue
Destination Type Queue
On the broker specified by:
-------------------------
Host Primary Port
-------------------------
localhost 7676
Successfully created the destination.

����Ϊ Identity Manager SOAP ݨܡ�Ȣ�� Identity Manager ��Τ�� Identity Manager ��ġ��Τ��ĸ��硢Ь��ǵ��Ȣ��


ެ�	��Ϊ Identity Manager SOAP ݨܡ�Ȣ�� Identity Manager ��Τ��ġƺ��ĸ��ЬĨϯ��ƫ��̽ .bindings ��ƫ��ḁ̇̄ȹ̿�ܡ��ǵ (��ƺ��ĸ)�� .bindings ��̯��ƺ��ĸ��

����Ϊ Identity Manager SOAP ݨܡ�Ȣ�� Identity Manager ��Τ��ġ��Τ��ĸ�� (��ϯ��Ϊ��ȴƫ��)��Ьƫ��ܡ��ǵ��㡤

ҳȺ�� JMS ��Ȣ��

�� [Message Mapping] �� java:com.waveset.adapter.jms.PasswordSyncMessageMapper�� JMS ع��ҳ��ŧ��ϯ��ɢ��ƫ��֪Ȣ��

ҳȺ��Ķ�� (JMS ��Ȣ��ƫ�� PasswordSyncMessageMapper ��)��

IDMAccountId��Ⱥ�� PasswordSyncMessageMapper �� JMS ع�� resourceAccountId �� resourceAccountGUID ��ε��

password�� SOAP ��ȭ�� JMS ع���

� 9-14 �� IDMAccountId �� password ڨ��

��Ȣ��롢Active Sync �� (� 9-15) �� [Attribute Mappings] ٴ��ƫ��̡�



ެ�	Ⱥݨ��ǹ��ɱ��ۡ�

� 9-15 Active Sync ��

�� Active Sync

� [Synchronization Mode] �� (� 9-16)��ƫ��ѽٶ��ҳ��ԫ��ѥѺ [Next] ��

��ŧ��ϯ��ɢ��̿�� JMS ��Ȣ��Զ��塢��ջ�� ChangeUserPassword ��¡��ѥ�� ChangeUserPassword ��īջ��ꧡ�

� 9-16 [Synchronization Mode] ��

�� [Active Sync Running Settings] ��β�롢��Ϩ��ܡ��Τ��ܡ�� (pwsyncadmin)��

� 9-17 [Active Sync Running Settings] ��β
[Active Sync ��] ��

ҳ��ش��ҳ 4 ��ش��!��ܨ��ش��

�� 9-17 ��ش��̯ /dvlpt/Idm/pwsynctests/logs/ ��㡤

��ȩѥ��Ѻ [Next] ��

��Ŧ��Ķ��̥Զ Active Sync ��β��ԫ��Ʒ��Ѻ [Next] ��̯�� [Target Resources] �� (� 9-18)��

� 9-18 [Target Resources] ��

��̽��̦��㡤ڷ [Available Resources] ��̽��ѺġĶ

Ѻ�ڡ�� [Target Resources] ��̡�

��Ⱥ��ɣ��ŧ Windows �� Sun Directory Server��ŧ Identity Manager ���

Ѻ [Next]�� [Target Attribute Mappings] ��β�롢��̽ [IDM User] �� (��Ϊ��̽)��

�� [IDM User] ��㡢��֪ҳ Identity Manager ��ϯ��С�

�� 9-19 ��ħ password �� accountID��

� 9-19 �� password �� accountID
�� password �� accountID ��

��ȩѥ��ѺġĶ [Add Mapping]��

��̽ [LDAP-kosig] ��ҳ Sun Directory �� (� 9-20)��

� 9-20 ҳ Sun Directory ��
ҳ Sun Direcory ��

��ȩѥ��ѺġĶ [Add Mapping]��ѥ��ա�

��

��Ϊ�� PasswordSync ��Ȣ��̧��ٯ��

��á�Ⱥ��Ȣ�� [Program Files] > [Sun Java System Identity Manager PasswordSync] > [Configuration] �㡤

�� [PasswordSync Configuration] ��롢ѺġĶ [Test] Ѻ�ڡ�

�� [Test Connection] �� (� 9-21)��̧��ġ۾ع��ȩ��ȩ��

� 9-21 [Test Connection] ��

ѺġĶ [Close] �� [Test Connection] ��ۡ�

ѺġĶ [OK] �� [PasswordSync Configuration] ��ۡ�

��ѥ JMS ��Ȣ��Ȣ��硢��ܨ��ع�� 9-22 ��

� 9-22 ��ع��

թ�� PasswordSync

PasswordSync ��ȴɷ��ɭ�� Identity Manager �� Windows ��ŧ��Ƕ��⡤

��Ϊ��Զ Active Directory ��̱�� (ADC) ��ҳ��̯ġ˷�� JMS ��ġ (��ٶ�� 9-23)��Ь JMS ��ƫ�� Message Queue ��ܡ�Ȣ��ع�ɡ��ȴ Message Queue ��ع�ɡ�

��ҳ��ٯթ�� JMS ��Ȣ�� Identity Manager ��Τ�� Message Queue ��ܡ�Ȣ��ȹ��ġԶ Identity Manager ĸ��硢��Ϊ�� ActiveSync ��Τ��⡢Ь��ȹ�� Identity Manager ��Τ��ĸ��ع�ɡ��̯Ķ��㡤


ެ�	Message Queue ��ƫ��ġԶ��ع��ջ��(��ٸܨ��ǵ�㡢��ħ�� Message Queue ��ܡ�Ȣ��)

PasswordSync ��ڦ��

��ƫ�� Java Messaging Service ��ɢ PasswordSync��

Ӽ�� -direct �?��Ȣ��ɻ�� [��ϯ] �� PasswordSync ��ʩ�� PasswordSync��Ķ��!�

��Ŧ�� [JMS ��] �� [JMS ��] ��

�� [��ϯ] ��㡢�� Identity Manager ��ڨ�� ID ���

Ӽ�� JMS ��ɢ PasswordSync��Ь��ǡ JMS ��Ȣ��Ⱥ��ܩ�� PasswordSync ��ʩ��Ӽ��ϡ��ƫ�� [��ϯ��] ��ɢ��ᣡ�

PasswordSync ��ƫ��̧��ڰ̱��ܩ�� Windows ��

��ƫ�� PasswordSync ��̧�� _WINDOWS_ ����ԡ�� [Notification Package] ��ԫ��޲ѥġԶ��¡�

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages (�� REG_MULTI_SZ ��ԫ)


ެ�	��Ϊ��ѥ�� -direct ��Ķ��Ȣ��Ь�� JMS ѥ��ƫ�� PasswordSync�� -direct ��ٯ��Ȣ��ȹܩ� JMS��

��á��Ȣ�� Identity Manager ��̽��ʢ��ҡ��Ϊ��ѥ��¡�Ь�� lhpwic �� [Notification Package] ��ʢ��

��ƫ�� PasswordSync ��̧�� Identity Manager ��ܩ���� Identity Manager ��Τ��ܩ�롢��ȴ��ܩ��ƫ��ŧ��̧��㡤��Ⱥ�� Windows ��ܩ̦ȴ�� Identity Manager ��̱��ܩ��̱�̡�

��ƫ�� PasswordSync Servlet �� Identity Manager ��̧��Τ��ĸ��


ެ�	��̽ DLL ��ڰ̱��Ƕ��ܩ��

ƫ�衤��ħ JMS ��Ȣ��ȴ JAR ��!�PasswordSync Servlet �� JAR �� spml.jar �� idmcommon.jar��

PasswordSync Τ٭�� lh ��Τ�¡�

��ʼԯ�� SSL �� PasswordSync�� Identity Manager ��Τ��Щ��ȴ��

��ȴ��ӳ com.waveset.exception.ItemNotLocked��

��Ϊ�� PasswordSync�� (ɻ��ڷ��ϯ��ٯ) ��ա��ӳ�� Identity Manager ��ᾡ�

��Ϊ�� passwordSyncThreshold ��ɢ��?�Ь Identity Manager ��ϯ��ǵ��ϯ��ǵ��ݨܡ��ա��ҡ��Ϊ��ϯ��ܡ��ġ��ϯ��̧��ա�Ь��ϯ��ǵ��ݷ��

ĸġ�� ſ Ķġ��
Sun Java[TM] System Identity Manager 7.1 �ܡ

�� 9 �� PasswordSync

������ PasswordSync��

����Щ��������

���� Microsoft .NET 1.1

������������� PasswordSync

���� PasswordSync

���� PasswordSync

�� PasswordSync ��������

���ش��

����ش��

������

�������� PasswordSync

���� PasswordSync

���� JMS �����Ȣ����

��ɢ����ŧ����ϯ�����ɢ���

������ϡ

���� Sun JMS ��Τ������ PasswordSync

����

�������

������������

JMS ����

JMS ����ٶ�

JMS ����ٶ�

��ǡ������̿�ܡ��ǵ

��̿�ܡ��ǵ������ LDAP ������

��������������ǵ

���������ǵ

��̿�ܡ��ǵ������������

��������������ǵ

����ܡ�Ȣĸ��ǡ���

ҳȺ�������� JMS �����Ȣ����

���� Active Sync

������������������

թ���������� PasswordSync

PasswordSync ����ڦ������

����ƫ�������� Java Messaging Service ����ɢ PasswordSync��

PasswordSync ����ƫ����̧������ڰ̱��������ܩ�� Windows ����������������

����ƫ���� PasswordSync Servlet ������ Identity Manager ������̧��������Τ��ĸ��

PasswordSync Τ٭�������������������� lh ��Τ�¡�

�������ȴ����������ӳ com.waveset.exception.ItemNotLocked��

�� 9 ��
PasswordSync

�� PasswordSync��

��Щ��

�� Microsoft .NET 1.1

�� PasswordSync

�� PasswordSync

�� PasswordSync

�� PasswordSync ��

��ش��

��ش��

��

�� PasswordSync

�� PasswordSync

�� JMS ��Ȣ��

��ɢ��ŧ��ϯ��ɢ��

��ϡ

�� Sun JMS ��Τ�� PasswordSync

��

��

��

JMS ��

JMS ��ٶ�

JMS ��ٶ�

��ǡ��̿�ܡ��ǵ

��̿�ܡ��ǵ�� LDAP ��

��ǵ

��ǵ

��̿�ܡ��ǵ��

��ǵ

��ܡ�Ȣĸ��ǡ��

ҳȺ�� JMS ��Ȣ��

�� Active Sync

��

թ�� PasswordSync

PasswordSync ��ڦ��

��ƫ�� Java Messaging Service ��ɢ PasswordSync��

PasswordSync ��ƫ��̧��ڰ̱��ܩ�� Windows ��

��ƫ�� PasswordSync Servlet �� Identity Manager ��̧��Τ��ĸ��

PasswordSync Τ٭�� lh ��Τ�¡�

��ȴ��ӳ com.waveset.exception.ItemNotLocked��