Chat now with support
Chat mit Support

Identity Manager 9.2 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-based systems Synchronizing Unix-based target systems Managing Unix user accounts and identities Managing memberships in Unix groups Login credentials for Unix user accounts Mapping Unix objects in One Identity Manager Handling of Unix objects in the Web Portal Basic data for Unix-based target systems Configuration parameters for managing Unix-based target systems Default project template for Unix-based target systems Unix connector settings

Synchronizing Unix-based target systems

The One Identity Manager Service is responsible for synchronizing data between the One Identity Manager database and the Unix host.

This sections explains how to:

  • Set up synchronization to import initial data from Unix host to the One Identity Manager database.

  • Adjust a synchronization configuration, for example, to synchronize different Unix hosts with the same synchronization project.

  • Start and deactivate the synchronization.

  • Evaluate the synchronization results.

TIP: Before you set up synchronization with a Unix host, familiarize yourself with the Synchronization Editor. For more information about this tool, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Setting up initial synchronization with a Unix host

One Identity Manager supports most Unix and Linux derivatives. For more information, see the specifications for One Identity Authentication Services.

To load Unix-based objects into the One Identity Manager database for the first time

  1. Prepare a user account with sufficient permissions for synchronizing in the Unix-based target system.

  2. One Identity Manager components for managing Unix-based target systems are available if the TargetSystem | Unix configuration parameter is set.

    • In the Designer, check if the configuration parameter is set. Otherwise, set the configuration parameter and compile the database.

      NOTE: If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

    • Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.

  3. Install and configure a synchronization server and declare the server as a Job server in One Identity Manager.
  4. Create a synchronization project with the Synchronization Editor.
Related topics

Users and permissions for synchronizing with a Unix-based target system

The following users play a role in synchronizing One Identity Manager with a Unix-based target system.

Table 2: Users for synchronization
User Permissions

User for accessing the Unix host

You must provide a user account with the following permissions for full synchronization of a Unix-based target system with the supplied One Identity Manager default configuration.

  • Permissions for establishing a Secure Shell (SSH) connection to the host.

  • Administration permissions for running write operation in the Unix objects.

The rest of the configuration depends on which method is adopted for accessing the Unix host. For more information, see Information required for setting up a synchronization project.

One Identity Manager Service user account

The user account for the One Identity Manager Service requires user permissions to carry out operations at file level (adding and editing directories and files).

The user account must belong to the Domain users group.

The user account must have the Login as a service extended user permissions.

The user account requires permissions for the internal web service.

NOTE: If the One Identity Manager Service runs under the network service (NT Authority\NetworkService), you can grant permissions for the internal web service with the following command line call:

netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"

The user account needs full access to the One Identity Manager Service installation directory in order to automatically update One Identity Manager.

In the default installation, One Identity Manager is installed under:

  • %ProgramFiles(x86)%\One Identity (on 32-bit operating systems)

  • %ProgramFiles%\One Identity (on 64-bit operating systems)

User for accessing the One Identity Manager database

The Synchronization default system user is provided to run synchronization using an application server.

Configuring Unix the host

The SSH service (sshd deamon) running on the Unix host must be configured so that the sftp subsystem is enabled.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen