Manualshelf

HP-UX Directory Server 8.1 deployment guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
919293949596979899100
7 Designing synchronization
An important factor to consider while conducting the site survey for an existing site (“Performing
a site survey”) is to include the structure and data types of Active Directory directory services.
Through Windows Sync, an existing Windows directory service can be synchronized and
integrated with the Directory Server, including creating, modifying, and deleting Windows
accounts on the Directory Server or, oppositely, the Directory Server accounts on Windows. This
provides an efficient and effective way to maintain directory information integrity across directory
services.
7.1 Windows synchronization overview
The synchronization process is analogous to the replication process: it is enabled by a plug-in
and configured and initiated through a synchronization agreement, and a record of directory
changes is maintained and updates are sent according to that log.
There are two parts to the complete Windows Synchronization process:
User and Group Sync As with multi-master replication, user and group entries are
synchronized through a plug-in, which is enabled by default. The
same changelog that is used for multi-master replication is also
used to send updates from the Directory Server to the Windows
synchronization peer server as an LDAP operation. The server
also performs LDAP search operations against its Windows server
to synchronize changes made to Windows entries to the
corresponding Directory Server entry.
Password Sync This application captures password changes for Windows users
and relays those changes back to the Directory Server over LDAPS.
It must be installed on the Active Directory machine.
7.1.1 Synchronization agreements
Synchronization is configured and controlled by one or more synchronization agreements. These
are similar in purpose to replication agreements and contain a similar set of information, including
the host name and port number for the Windows server and the subtrees being synchronized.
The Directory Server connects to its peer Windows server via LDAP or LDAP over SSL to both
send and receive updates.
A single Windows subtree is synchronized with a single Directory Server subtree, and vice versa.
Unlike replication, which connects databases, synchronization is between suffixes, parts of the
directory tree structure. Therefore, when designing the directory tree, consider the Windows
subtrees that should be synchronized with the Directory Server, and design or add corresponding
Directory Server subtrees. The synchronized Windows and Directory Server suffixes are both
specified in the synchronization agreement. All entries within the respective subtrees are available
for synchronization, including entries that are not immediate children of the specified suffix.
7.1 Windows synchronization overview 93