Chat now with support
Chat mit Support

Identity Manager 9.2.1 - Target System Synchronization Reference Guide

Target system synchronization with the Synchronization Editor Working with the Synchronization Editor Basics of target system synchronization Setting up synchronization
Starting the Synchronization Editor Creating a synchronization project Configuring synchronization
Setting up mappings Setting up synchronization workflows Connecting systems Configuring the synchronization log Editing the scope Using variables and variable sets Setting up start up configurations Setting up base objects
Overview of schema classes Customizing the synchronization configuration Checking the consistency of the synchronization configuration Activating the synchronization project Defining start up sequences Copying synchronization projects
Running synchronization Synchronization analysis Setting up synchronization with default connectors Updating existing synchronization projects Script library for synchronization projects Additional information for experts Troubleshooting errors when connecting target systems Configuration parameters for target system synchronization Configuration file examples

Global definitions

The global definitions contain the information required for logging in to the One IdentityClosed Manager database where the changes are to be made.

If the connection to the target system is to be established via remote connection, the data for authentication on the RemoteConnectPlugin is also stored here.

Table 83: Global definitions

Elements

Description

WorkDatabase.ConnectionString

Database server connection parameter.

Modify these settings or define a parameter if adding new synchronization projectsClosed to a different database.

WorkDatabase.AuthenticationString

Login data for the One Identity Manager database.

Modify these settings or define a parameter if adding new synchronization projects to a different database.

WorkDatabase.DatabaseFactory

Supported database system. Only SQL Server is supported at present (VI.DB.ViSqlFactory, VI.DB).

LoadedShell.Uid

Unique ID of the synchronization project to be loaded. Only required when making changes to existing synchronization projects.

Remoting.Address

Address of the remote connection server.

Example: <Data Name="Remoting.Address" Display="Remoting address" Type="System.String, mscorlib"><remote connection server name></Data>

Remoting.Port

Port of the remote connection server.

Example: <Data Name="Remoting.Port" Display="Remoting port" Type="System.Int32, mscorlib">2880</Data>

Remoting.Option.RequestTimeout

Maximum duration of a server request in seconds.

Example: <Data Name="Remoting.Option.RequestTimeout" Display="RequestClosed timeout" Type="System.Int32, mscorlib">3600000</Data>

Remoting.Option.AcceptSelfSignedCertificates

True if self-signed certificates are accepted.

Example: <Data Name="Remoting.Option.AcceptSelfSignedCertificates" Display="Accept self signed certificates" Type="System.Boolean, mscorlib">True</Data>

If self-signed certificates are not accepted, this element is not required.

Remoting.AuthParams.Secret

Secret used by the Synchronization EditorClosed to authenticate on the RemoteConnectPlugin if SecretAuthentication is configured for the RemoteConnectPlugin.

Example: <Data Name="Remoting.AuthParams.Secret" Display="Secret" Type="System.String, mscorlib"><secret></Data>

If ADGroupAuthentication is configured for the RemoteConnectPlugin, this element is not required.

Related topics

Defining the editor for new synchronization projects

To create new synchronization projectsClosed,use the ShellWizard editor. The definition part of this editor contains the following information:

Table 84: ShellWizard editor definitions

Elements

Description

TemplateUid

Unique project templateClosed ID to be used.

This element does not exist if the reference project was created without a project template.

ConnectedSystemIdentity

SchemaClosed information, such as type, version, and schema ID of the connected system.

ScriptLanguage

Script language used in the synchronization project.

ShellDisplay

Synchronization project display name.

ShellDescription

Description of the synchronization project.

AutoCompletion

Specifies whether the synchronization project is activated immediately.

MainConnection

The connection data for the One IdentityClosed Manager database to be synchronized in this synchronization project.

ConnectedSystemConnection

Connection data for the target system to be synchronized with this synchronization project.

TemplateConfiguration

Additional settings that were made in the project wizard. For example:

  • ProvisioningClosed data

  • Enabled revision filter

  • Setting for the synchronization log

  • Selected synchronization serverClosed

This element does not exist if the reference project was created without a project template.

Defining the editor for existing synchronization projects

To apply patches to existing synchronization projectsClosed, use the ShellPatchEditor. The definition part of this editor contains the following information:

Table 85: ShellPatchEditor editor definitions

Elements

Description

PatchesToApply

Comma-separated list of patch numbers for all patches that are to be applied.

Only patches that do not require any user input can be applied.

Keywords can be specified in order to apply all available patches.

  • AllFixes: Applies all patches to resoled issues.

  • AllFeatures: Applies all patches to new and changed features.

Example: <Data Name="PatchesToApply" Display="Patches to apply" Type="System.String, mscorlib">AllFixes,AllFeatures</Data>

All dependent milestones will also be applied.

Synchronization Editor Command Line Interface

Once you have created a configuration file and have customizedClosed it accordingly, you can generate new synchronization projectsClosed or update existing synchronization projects with the Synchronization Editor Command Line InterfaceClosed. You can also opt to use the Synchronization Editor Module for Windows PowerShellClosed to do this. For more information, see Synchronization Editor Module for Windows PowerShell.

To create synchronization projects with the Synchronization Editor Command Line Interface

  1. Start a command line editor.

  2. Switch to the One Identity Manager installation directory.

  3. Run the Synchronization Editor Command Line Interface with the -V option and set the parameter values.

    SynchronizationEditor.CLI.exe --CreateShell {<Options>} <configuration file> {<Parameter>}

    NOTE: If the value of a parameter contains a space or special character, it must be enclosed in quotes.

    Example: SynchronizationEditor.CLI.exe --CreateShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="Synchronization project for Active Directory domain XYZ"

  4. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.

    • To transfer the default value defined in the configuration file, click Esc.

  5. (Optional) Run the Synchronization Editor Command Line Interface with the option -R.

    This establishes a remote connection.

    Example: SynchronizationEditor.CLI.exe --CreateShell -R /Workspace=D:\ActiveDirectoryProject.sews

  6. If no error occur, run steps 3 and 4 with the -S option.

    If the synchronization project was created with a project templateClosed, the schemas are shrunk when saved.

To update synchronization projects with the Synchronization Editor Command Line Interface

  1. Start a command line editor.

  2. Switch to the One Identity Manager installation directory.

  3. Run the Synchronization Editor Command Line Interface with the -V option and set the parameter values.

    SynchronizationEditor.CLI.exe --PatchShell {<options>} <configuration file> {<parameter>}

    NOTE: If the value of a parameter contains a space or special character, it must be enclosed in quotes.

    Example: SynchronizationEditor.CLI.exe --PatchShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9" /SetParam Patches=AllFixes,Milestone_OneIM_8.0.2017.1104,VPR#12345,VPR#23456,VPR#34567

    • If the target system is accessed when the patch is applied and the connection parameters in the default variable set contain encrypted values, you will be prompted to enter the decrypted values. The names of the required parameters are displayed.

      TIP: Use these parameter names to add a parameter in the configuration file for each encrypted connection parameter. This allows values for the encrypted connection parameters to be passed to the Synchronization Editor Command Line Interface when it is called.

      The parameter names must conform to the following naming convention: Decryption_DefaultVariableSet_<variable name>.

      Example of a parameter definition: <Parameter Name="Decryption_DefaultVariableSet_Password" Display="Password of target system user" IsQueryParameter="False"</Parameter>

      Example of a command line call: SynchronizationEditor.CLI.exe --PatchShell -V /Workspace=D:\ActiveDirectoryProject.sews /SetParam SyncProject="CCC-99D111DD1CF11111BCF11111E1111BE9" /SetParam Patches=AllFixes /SetParam Decryption_DefaultVariableSet_Password="A123-z987"

  4. Enter values for the parameters requiring user input.

    • To enter an empty value, press ENTER.

    • To transfer the default value defined in the configuration file, click Esc.

  5. (Optional) Run the Synchronization Editor Command Line Interface with the option -R.

    This establishes a remote connection.

    Example: SynchronizationEditor.CLI.exe --PatchShell -R /Workspace=D:\ActiveDirectoryProject.sews

  6. If no error occur, run steps 3 and 4 with the -S option.

    If the synchronization project was created with a project template, the schemas are shrunk when saved.

TIP: Run the SynchronizationEditor.CLI.exe without additional input to view help for the Synchronization Editor Command Line Interface.

Table 86: Synchronization Editor Command Line Interface commands

Command

Description

--CreateShell

Creates a new synchronization project using the data from the defined workspace.

Short form: --CS

--PatchShell

Applies patches to an existing synchronization project.

Short form: --PS

Table 87: Synchronization Editor Command Line Interface options

Option

Description

-?|H

Displays help.

-Q

No alert before running irreversible actions.

-V

The Synchronization Editor Command Line Interface is run in verbose mode. Use this option for debugging.

-S

Saves the new synchronization project in the database. If this option is not given, creating the synchronization project is simulated.

-N

Defines whether the Synchronization Editor Command Line Interface opens in non-interactive mode. This may cause requests for parameter input to fail.

Missing encrypted values are also queried in non-interactive mode.

-R

Establishes the connection to the target system over a remote service connection.

Use a remote connection if it is not possible to directly access the target system from the workstation where the Synchronization Editor is installed.

Table 88: Parameter declaration

Parameters

Description

/Workspace

Full or relative path of the configuration file.

/SetParam

Sets the value of the parameter defined in the configuration file. Overwrites default values.

Format: Parameter name=value

Pay attention to the upper and lower case characters in the parameter name.

If a value contains a space or special character, it must be enclosed in quotes. Multiple parameters are declared individually: /SetParam ParamName1=Value1 /SetParam ParamName2=Value2

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen