サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.3 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-based systems Synchronizing Unix-based target systems Managing Unix user accounts and identities Managing memberships in Unix groups Login credentials for Unix user accounts Mapping Unix objects in One Identity Manager Handling of Unix objects in the Web Portal Basic data for Unix-based target systems Configuration parameters for managing Unix-based target systems Default project template for Unix-based target systems Unix connector settings

Server functions of a Job server

The server function defines the functionality of a server in One Identity Manager. One Identity Manager processes are handled with respect to the server function.

NOTE: All editing options are also available in the Designer under Base Data > Installation > Job server.

NOTE: More server functions may be available depending on which modules are installed.
Table 31: Permitted server functions

Server function

Remark

CSV connector

Server on which the CSV connector for synchronization is installed.

Domain controller

The Active Directory domain controller. Servers that are not labeled as domain controllers are considered to be member servers.

Printer server

Server that acts as a print server.

Generic server

Server for generic synchronization with a custom target system.

Home server

Server for adding home directories for user accounts.

Update server

This server automatically updates the software on all the other servers. The server requires a direct connection to the database server that One Identity Manager database is installed on. It can run SQL tasks.

The server with the One Identity Manager database installed on it is labeled with this functionality during initial installation of the schema.

SQL processing server

It can run SQL tasks. The server requires a direct connection to the database server that One Identity Manager database is installed on.

Several SQL processing servers can be set up to spread the load of SQL processes. The system distributes the generated SQL processes throughout all the Job servers with this server function.

CSV script server

This server can process CSV files using the ScriptComponent process component.

Generic database connector

This server can connect to an ADO.Net database.

One Identity Manager database connector

Server on which the One Identity Manager connector is installed. This server synchronizes the One Identity Manager target system.

One Identity Manager Service installed

Server on which a One Identity Manager Service is installed.

Primary domain controller

Primary domain controller.

Profile server

Server for setting up profile directories for user accounts.

SAM synchronization Server

Server for synchronizing an SMB-based target system.

SMTP host

Server from which One Identity Manager Service sends email notifications. Prerequisite for sending mails using One Identity Manager Service is SMTP host configuration.

Default report server

Server on which reports are generated.

PowerShell connector

The server can run PowerShell.

Unix connector

This server can connect to a Unix system using SSH.

AIX connector

This server can connect to an AIX system using SSH.

Related topics

Configuration parameters for managing Unix-based target systems

The following configuration parameters are available in One Identity Manager after the module has been installed.

Table 32: Configuration parameters
Configuration parameter Description

TargetSystem | Unix

Preprocessor relevant configuration parameter to control component parts for Unix-based custom target system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are no longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

TargetSystem | Unix | Accounts

Allows configuration of user account data.

TargetSystem | Unix | Accounts |
InitialRandomPassword

Specifies whether a random password is generated when a new user account is added. The password must contain at least those character sets that are defined in the password policy.

TargetSystem | Unix | Accounts |
InitialRandomPassword | SendTo

Identity to receive an email with the random generated password (manager cost center/department/location/role, identity’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the TargetSystem | Unix | DefaultAddress configuration parameter.

TargetSystem | Unix | Accounts |
InitialRandomPassword | SendTo |
MailTemplateAccountName

Mail template name that is sent to supply users with the login credentials for the user account. The Identity - new user account created mail template is used.

TargetSystem | Unix | Accounts |
InitialRandomPassword | SendTo |
MailTemplatePassword

Mail template name that is sent to supply users with the initial password. The Identity - initial password for new user account mail template is used.

TargetSystem | Unix | Accounts |
MailTemplateDefaultValues

Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Identity - new user account with default properties created mail template is used.

TargetSystem | Unix | Accounts |
PrivilegedAccount
Allows configuration of privileged Unix user account settings.

TargetSystem | Unix | Accounts |
PrivilegedAccount |
AccountName_Postfix

Postfix for formatting the login name of privileged user accounts.

TargetSystem | Unix | Accounts |
PrivilegedAccount |
AccountName_Prefix

Prefix for formatting a login name of privileged user accounts.

TargetSystem | Unix | DefaultAddress

Default email address of the recipient for notifications about actions in the target system.

TargetSystem | Unix |
MaxFullsyncDuration

Maximum runtime of a synchronization in minutes. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated.

TargetSystem | Unix |
PersonAutoDefault

Mode for automatic identity assignment for user accounts added to the database outside synchronization.

TargetSystem | Unix |
PersonAutoDisabledAccounts

Specifies whether identities are automatically assigned to disabled user accounts. User accounts are not given an account definition.

TargetSystem | Unix |
PersonAutoFullSync

Mode for automatic identity assignment for user accounts that are added to or updated in the database by synchronization.

TargetSystem | Unix |
PersonExcludeList

Listing of all user account without automatic identity assignment. Names are listed in a pipe (|) delimited list that is handled as a regular search pattern.

Example:

ADMINISTRATOR|GUEST|KRBTGT|TSINTERNETUSER|IUSR_.*|IWAM_.*|SUPPORT_.*|.* | $

Default project template for Unix-based target systems

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

The project template uses mappings for the following schema types.

Table 33: Mapping Unix schema types to tables in the One Identity Manager schema
Schema type in Unix-based target system Table in the One Identity Manager Schema
Group UNXGroup
Host UNXHost
LoginShell UNXLoginShell
User UNXAccount

Unix connector settings

The following settings are configured for the system connection with the Unix connector.

Table 34: Unix connector settings

Setting

Description

Server or IP

Server name or IP address of the host.

Variable: CP_Host

Host name

Name of the host.

Variable: Hostname

Port

Communications port for establishing the SSH connection. The default communications port is the TCP port 22.

Variable: CP_Port

User account

When the authentication method is Password. User account for SSH login in the host.

Variable: CP_SSHUser

Password

When the authentication method is Password. Password for SSH login on the host.

Variable: CP_SSHPassword

Private key

When the authentication method is Private key. Private key for logging in to the host.

Variable: CP_PrivateKey

Passphrase

When the authentication method is Private key. Passphrase for logging in to the host.

Variable: CP_PrivateKeyPassphrase

Change to administrative context

Method to use to gain administrative permissions. Permitted values are:

  • Default: If the user already possesses administrative permissions, select the Default method.

  • Sudo: If the current user logged in on the host can run administrative tasks as an administrative user, select the Sudo method. Enter the alternative user, such as root.

  • Su: If administrative tasks should be run using a different user, select the su method. Enter the user's login credentials. The default user is root.

Variable: CP_EvaluationMethod

User name

User name if the Sudo or Su methods are used.

Variable: CP_EvaluationUser

Default: root

Password

Password for the user if the Su method is used.

Variable: CP_EvaluationPassword

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択