Chat now with support
Chat with Support

Identity Manager 8.1 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-Based Systems Setting Up Synchronization with a Unix-Based Target System Base Data for Unix-Based Target Systems Unix Host Unix User Accounts Unix Groups Reports about Unix Objects Appendix: Configuration parameters for managing a Unix environment Appendix: Default Project Template for Unix-Based Target Systems

Configuring Unix Host Synchronization

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the master system during synchronization, you also require a workfow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing a Unix host

  1. Open the synchronization project in the Synchronization Editor.

  2. Check whether existing mappings can be used for synchronizing the . Create new maps if required.
  3. Create a new workflow with the workflow wizard.

    Creates a workflow with Target system as its synchronization direction.

  4. Create a new start up configuration. Use the new workflow to do this.
  5. Save the changes.
  6. Run a consistency check.

Detailed information about this topic

Configuring Synchronization of Several Unix Hosts


  • The target system schema of both hosts are identical.
  • All virtual schema properties used in the mapping must exist in the extended schema of both hosts.

To customize a synchronization project for synchronizing another host

  1. Prepare a user account with sufficient permissions for synchronizing in the other host.
  2. Open the synchronization project in the Synchronization Editor.

  1. Create a new base object for the other host. Use the wizards to attach a base object.
    • In the wizard, select the Unix or AIX connector and declare the connection parameters. The connection parameters are saved in a special variable set.

      A start up configuration is created, which uses the newly created variable set.

  2. Change other elements of the synchronization configuration as required.
  3. Save the changes.
  4. Run a consistency check.

Related Topics

Updating Schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up loading the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compressing and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

  • A schema was changed by:

    • Changes to a target system schema

    • Customizations to the One Identity Manager schema

    • A One Identity Manager update migration

  • A schema in the synchronization project was shrunk by:

    • enabling the synchronization project

    • saving the synchronization project for the first time

    • compressing a schema

To update a system connection schema

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the category Configuration | Target systems.

    - OR -

    Select the category Configuration | One Identity Manager connection.

  3. Select the view General and click Update schema.

  4. Confirm the security prompt with Yes.

    This reloads the schema data.

To edit a mapping

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the category Mappings.

  3. Select a mapping in the navigation view.

    Opens the Mapping Editor. For more detailed information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.

NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.

Post-Processing Outstanding Objects

Objects, which do not exist in the target system, can be marked as outstanding in One Identity Manager by synchronizing. This prevents objects being deleted because of an incorrect data situation or an incorrect synchronization configuration.

Outstanding objects

  • Cannot be edited in One Identity Manager.

  • Are ignored by subsequent synchronization.

  • Are ignored by inheritance calculations.

This means, all memberships and assignments remain intact until the outstanding objects have been processed.

Start target system synchronization to do this.

To post-process outstanding objects

  1. In the manager, select the Unix | Target system synchronization: Unix category.

    All tables assigned to the target system type Unix as synchronization tables are displayed in the navigation view.

  2. On the Target system synchronization form, in the Table / object column, open the node of the table for which you want to post-process outstanding objects.

    All objects that are marked as outstanding are shown. The Last log entry and Last method run columns display the time at which the last entry was made in the synchronization log and which processing method was executed. The No log available entry can mean the following:

    • The synchronization log has already been deleted.

      - OR -

    • An assignment from a member list has been deleted in the target system.

      The base object of the assignment has been updated during the synchronization. A corresponding entry appears in the synchronization log. The entry in the assignment table is marked as outstanding, but there is no entry in the synchronization log.

    • An object that contains a member list has been deleted in the target system.

      During synchronization, the object and all corresponding entries in assignment tables are marked as outstanding. However, an entry in the synchronization log appears only for the deleted object.


    To display object properties of an outstanding object

    1. Select the object on the target system synchronization form.
    2. Open the context menu and click Show object.
  1. Select the objects you want to rework. Multi-select is possible.

  2. Click one of the following icons in the form toolbar to execute the respective method.

    Table 8: Methods for handling outstanding objects





    The object is immediately deleted in the One Identity Manager database. Deferred deletion is not taken into account. The Outstanding label is removed for the object.

    Indirect memberships cannot be deleted.


    The object is added in the target system. The Outstanding label is removed for the object.

    The method triggers the HandleOutstanding event. This runs a target system specific process that triggers the provisioning process for the object.


    • The table containing the object can be published.

    • The target system connector has write access to the target system.


    The Outstanding label is removed for the object.

  3. Confirm the security prompt with Yes.

NOTE: By default, the selected objects are processed in parallel, which speeds up execution of the selected method. If an error occurs during processing, the action is stopped and all changes are discarded.

Bulk processing of objects must be disabled if errors are to be localized, which means the objects are processed sequentially. Failed objects are named in the error message. All changes that were made up until the error occurred are saved.

To disable bulk processing

  • Deactivate in the form toolbar.

You must customize synchronization to synchronize custom tables.

To add custom tables to the target system synchronization

  1. In the result list, select the target system type Unix.

  2. Select Assign synchronization tables.

  3. Assign custom tables whose outstanding objects you want to handle in Add assignments.

  4. Save the changes.
  5. Select Configure tables for publishing.

  6. Select custom tables whose outstanding objects can be published in the target system and set Publishable.

  7. Save the changes.

NOTE: The target system connector must have write access to the target system in order to publish outstanding objects that are being post-processed. This means that the Connection is read only option is not set in the target system connection.
Related Documents