Using the management agent for Sun and Netscape directory servers

By using the management agent for Sun and Netscape directory servers, you can synchronize with Sun and Netscape directory servers.

The following Microsoft Identity Integration Server 2003 versions support this management agent:

• Microsoft Identity Integration Server 2003, Enterprise Edition

Connected data source support

• Sun ONE Directory Server 4.12, 4.13, 5.0, 5.1, and 5.2
• Netscape Directory Server 4.1 and 6.11

Management agent type

This is a call-based management agent.

Schema

The schema is generated based on the dynamic discovery of the data source by the management agent. When you refresh the schema for this management agent, the connected data source schema is rediscovered, the current management agent schema is updated, and then Management Agent Designer starts. In Management Agent Designer, you can correct any inconsistencies introduced by the updated schema, such as deleted object types or deleted attributes.

Remarks

• If you want to synchronize with Sun ONE Directory Server 4.12 or 4.13 and you use the distinguished name (also known as DN) for the anchor attribute, Microsoft Identity Integration Server 2003 cannot support rename operations.
• If you upgrade your Netscape Directory Server 4.1 to version 5.0 or greater, it is recommended that you use the following procedure to synchronize with Microsoft Identity Integration Server 2003:
  1. Upgrade your Netscape Directory Server.
  2. Create a new management agent for Sun and Netscape directory servers.
  3. Configure your join rules for the new management agent so that the objects on the upgraded server join to the existing metaverse objects.
  4. Run a full import of the new management agent.
  5. Remove the old management agent for the 4.1 server.
• If changelog is not enabled on Sun ONE Directory Server, Microsoft Identity Integration Server 2003 cannot support delta import operations.
• The management agent for Sun and Netscape directory servers does not automatically detect changes made to the configuration of the Sun or Netscape directory server, such as enabling or disabling changelog. If you change the configuration of the Sun or Netscape directory server, you must refresh the management agent by using the Refresh button on the Configure Naming Context page of the management agent. For more information, see Configure naming contexts.
• During rename and move operations, Microsoft Identity Integration Server 2003 first creates the new object and then deletes the old object. If you stop an export from Microsoft Identity Integration Server 2003 that is in progress and that contains renamed or moved objects, both the objects and their copies might be left on the Sun ONE Directory Server 5.0 or 5.1 server.
• If the management agent for Sun and Netscape directory servers is requested to rename or move an object, but not change the uuid, and the uuid uniqueness plug-in is enabled on the Sun ONE Directory Server 5.0 or 5.1 server, then the rename or move operation fails. Disable the uuid uniqueness plug-in.
• When you rename or move an object, all references to that object on the Sun ONE Directory Server 5.0 or 5.1 server that have their referential integrity managed by the Sun ONE Directory Server 5.0 or 5.1 server (that is, a valid intrapartition distinguished name attribute with the referential integrity plug-in enabled) are removed (that is, a renamed or moved user object is removed from all groups).
• When running a delta synchronization to a Netscape Directory Server 6.11, particularly when using slower hardware, a delete-add operation might not be processed in order, resulting in the object being deleted. In this case, the object can be restored by running a full import.
• If you have an object on a Sun ONE Directory Server 5.2 server with a multi-value attribute that has more than 7 values, and if you delete several of those values through an Export Attribute Flow operation, then the Sun ONE Directory Server might delete the remaining values. Running a full import and export restores the missing attribute values.
• If another Lightweight Directory Access Protocol (LDAP) call is made to a Sun ONE Directory Server 5.0 or 5.1 server before it is able to finish the first operation, Referential Integrity Post-Operations might fail. Run the Referential Integrity plug-in with a delay of one second. This logs the changes in a file, runs the referential integrity on only one thread, and checks changes sequentially. For more information about how to configure your server, see your Sun ONE Directory Server 5.1 documentation.
• The Sun and Netscape directory servers management agent has a default timeout value for run profiles of 30 seconds.
• When you update a Sun and Netscape directory server management agent, the management agent configuration file must be from the same Sun ONE Directory Server version.
• This management agent supports password management. For more information, see Related Topics.

Related Topics

Configuring management agents

Create a management agent

Connect to a Sun or Netscape directory server

Configure naming contexts

Select object types

Select attributes

Select anchor attributes

Configure connector filter rules

Configure join and projection rules

Configure attribute flow rules

Configure deprovisioning rules

Configure password management and specify rules extensions

Password management