A w ΓU Windows WebSphere -...

162
IBM Tivoli Identity Manager °AwΓU Windows - WebSphere 4.5.1 SC40-1841-02

Transcript of A w ΓU Windows WebSphere -...

IBM Tivoli Identity Manager

°AwΓUWindows - WebSphere4.5.1

SC40-1841-02

IBM Tivoli Identity Manager

°AwΓUWindows - WebSphere4.5.1

SC40-1841-02

G

bΩTΣΣúºeA²\¬ 131 ² H, yNzñΩTC

T]2004 2 δ

úDbsqñtíAhqA≤ Tivoli Identity Manager 4.5.1 Hß≥MqC

N SC40-1841-01

© Copyright International Business Machines Corporation 2004. All rights reserved.

²

eÑ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiA∩H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Tivoli Identity Manager íw . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiúy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii÷y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixuWsy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

≤Uuπ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xpnΘΣñ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xrΘD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x@ttº . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x4.5.1 íwñqC . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiHOME ²wq. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1nwΘD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 4.5.1 wM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Tivoli Identity Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 1bsqúWw Tivoli Identity Manager 4.5.1 . . . . . . . . . . . . . . . . . . . . . . 1

2 tmº[ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3WebSphere Application Server MWⁿ . . . . . . . . . . . . . . . . . . . . . . . . . . 3µ@°Atm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Tivoli Identity Manager Otm . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Tivoli Identity Manager °Ah . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6µ@Otm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6\αOtm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Java TºAMΣL°A . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Tivoli Identity Manager WebSphere ⌠¡ε . . . . . . . . . . . . . . . . . . . . . 9

3 Ωwtm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11IBM DB2 tm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11TwqTMtm°A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11tm IBM DB2 JDBC Xí. . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 JDBC ¼ 2 Xítm IBM DB2 7.1 M 7.2 . . . . . . . . . . . . . . . . . . . 15dGXR DB2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Tivoli Identity Manager Oracle wMtm . . . . . . . . . . . . . . . . . . . . . . . . 16b AIX w Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16b Solaris w Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18b HP-UX w Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19b Windows w Oracle . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20bwºßtm Oracle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

SQL Server 2000 tm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22w SQL Server 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22bwºßtm SQL Server 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4 ²°Atm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23IBM Directory Server tm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23ⁿw Tivoli Identity Manager r . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Tivoli Identity Manager tmπí . . . . . . . . . . . . . . . . . . . . . 24

© Copyright IBM Corp. 2004 iii

||||||

||

½s²°A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 LDAP r½≤ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Bz Windows W IBM Directory Server 5.2 ⌡µⁿ¡ε . . . . . . . . . . . . . . . . . . 28

bP@íqúW 5.1 M WebSphere Application Server . . . . . . . . . . . . . . . . . . . 28Sun ONE Directory Server tm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5 µ@°AwGTivoli Identity Manager °A . . . . . . . . . . . . . . 31lºe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31M≡D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33µ@°AwΩTu@ϕ . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34ΩwΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34²°AΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35WebSphere Application Server µ@°AwΩT . . . . . . . . . . . . . . . . . . . 36WebSphere Embedded Messaging °AMß . . . . . . . . . . . . . . . . . . . . . . 37IBM HTTP Server ΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Tivoli Identity Manager ΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

w Tivoli Identity Manager °A . . . . . . . . . . . . . . . . . . . . . . . . . . . 38²luw∩vMuvv°í . . . . . . . . . . . . . . . . . . . . . . . . . . 40∩w¼Mw² . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41∩Ωw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41¿µ@°Aw°í . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41ⁿw WebSphere sw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43ⁿw[K≈B\¬emwKn . . . . . . . . . . . . . . . . . . . . . . . . . . 45wiMΣLtmí . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46µ@°AwΘxM² . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53¿wtm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53bw Tivoli Identity Manager ºß runConfig . . . . . . . . . . . . . . . . . . . . . 53∩wyÑM≤ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Tivoli Identity Manager °AqT . . . . . . . . . . . . . . . . . . . . . . . . . . 54°A-NzíqT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

6 OwGTivoli Identity Manager °A . . . . . . . . . . . . . . . . . 57lºe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57M≡D . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Network Deployment Manager O . . . . . . . . . . . . . . . . . . . . . . 59

OwΩTu@ϕ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60ΩwΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60²°AΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61WebSphere Application ServerOwΩT . . . . . . . . . . . . . . . . . . . . . . 62Tivoli Identity Manager ΩT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

w Tivoli Identity Manager °A . . . . . . . . . . . . . . . . . . . . . . . . . . . 63²luw∩vMuvv°í . . . . . . . . . . . . . . . . . . . . . . . . . . 65∩w¼Mw]w² . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66∩Ωw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67¿Ow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67ⁿw WebSphere sw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70ⁿw[K≈B\¬emwKn . . . . . . . . . . . . . . . . . . . . . . . . . . 72wiMΣLtmí . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73OwΘxM² . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80¿wtm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80bw Tivoli Identity Manager ºß runConfig . . . . . . . . . . . . . . . . . . . . . 80∩wyÑM≤ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80∩wq HTTP Ñq@≥ . . . . . . . . . . . . . . . . . . . . . . . . . . 81τµ÷A]w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

≤s Web °Aí . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

iv IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

||

Tivoli Identity Manager °AqT . . . . . . . . . . . . . . . . . . . . . . . . . . 82°A-NzíqT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83sWúO¿ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84HsqúXRO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84HP@íqúXRO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84úO¿ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

² A. HMM≤úwM . . . . . . . . . . . . . . . . . . . . . 87 WebSphere í PQ77521 úb CD 4.5.1 wMW . . . . . . . . . . . . 87o 4.5.1 M≤ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874.5.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88yÑM≤ CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Tivoli Identity Manager ≥íX Solaris CD] WebSphere Application Server . . . . . . . . . 88Tivoli Identity Manager ≥íX Solaris CD]D IBM í°A . . . . . . . . . . . . . 88R Solaris CD 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88R Solaris CD 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89R Solaris CD 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89R Solaris CD 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Tivoli Identity Manager ≥íX AIX CD] WebSphere Application Server . . . . . . . . . . 89Tivoli Identity Manager ≥íX AIX CD]D IBM í°A . . . . . . . . . . . . . . 90R AIX CD 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90R AIX CD 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91R AIX CD 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Tivoli Identity Manager ≥íX HP-UX CD]D IBM í°A . . . . . . . . . . . . . 91Tivoli Identity Manager ≥íX Windows 2000 CD] WebSphere Application Server . . . . . . . 91Tivoli Identity Manager ≥íX Windows 2000 CD]D IBM í°A . . . . . . . . . . 92R Windows 2000 CD 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92R Windows 2000 CD 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92R Windows 2000 CD 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93R Windows 2000 CD 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

² B. WebSphere ⌠ . . . . . . . . . . . . . . . . . . . . . . . . . 95w WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . . . . 95 WebSphere MQ 5.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . 95τ≡ 9090 i . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

tm Tivoli Identity Manager O . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95w WebSphere Application Server Network Deployment . . . . . . . . . . . . . . . . . . . 96w IBM HTTP Server M WebSphere Web °Aí . . . . . . . . . . . . . . . . . . 97ú WebSphere Web °Aítm . . . . . . . . . . . . . . . . . . . . . . . 98N Base wbC@IW . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98NI[J Cell ϕñ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99TO Network Deployment Manager MINzíb⌡µñ . . . . . . . . . . . . . . . . . . 99

tm WebSphere Application Server µ÷A]w . . . . . . . . . . . . . . . . . . . . . . 100

² C. wq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103J2EE w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103tmµIípw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103tmhIípw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 J2EE w . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

tm HTTP °AΣLΦk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

² D. q Tivoli Identity Manager 4.3 Tivoli Identity Manager 4.5 ß

4.5.1 C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111lºe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111q WebLogic Tivoli Identity Manager 4.3 WebLogic Tivoli Identity Manager 4.5 . . . . 112

² v

||

WebSphere Application Server w Tivoli Identity Manager 4.5 . . . . . . . . . . . . . . . 113tmsw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114q 4.5 4.5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

² E. q Tivoli Identity Manager 4.4.x Tivoli Identity Manager 4.5 ß

4.5.1 C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115lºe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Nµ@°Atm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117N Tivoli Identity Manager 4.4.x 4.5 . . . . . . . . . . . . . . . . . . . . . 117

NOtm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118N Network Deployment Manager t Tivoli Identity Manager 4.4.x 4.5 . . . . . . . . . 119N¿t Tivoli Identity Manager 4.4.x 4.5 . . . . . . . . . . . . . . . . . . 120q 4.5 4.5.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

² F. q Tivoli Identity Manager 4.5 4.5.1 . . . . . . . . . . . . . 123lºe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Nµ@°Atm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124NOtm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125N Network Deployment Manager System Tivoli Identity Manager 4.5 4.5.1 . . . . . . . . 125N¿tñ Tivoli Identity Manager 4.5 4.5.1 . . . . . . . . . . . . . . . . . 126

² G. úw Tivoli Identity Manager . . . . . . . . . . . . . . . . . . . . 127lºe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127úw Tivoli Identity Manager BJ . . . . . . . . . . . . . . . . . . . . . . . . . 128WebSphere ⌠ ORACLE_JDBC_DRIVER_PATH . . . . . . . . . . . . . . . . . . . . . 129

² H. N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Wⁿ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

vi IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

||

||

||||||||||||

||

IBM ® Tivoli ® Identity Manager °AwΓU Windows - WebSphere® í

p≤b Windows 2000 Windows 2003 ServerWwtm Tivoli Identity Manager

°AAHqñímzΩC

A∩H

ΓUA∩HAObv⌠qútWwB@znΘtMw

zC¬πtMwzºCA¬]πUCU

zºG

v ²°A

v Ωw°A

v WebSphere® Embedded Messaging Σ

v WebSphere Application Server WebLogic

v IBM HTTP Server

X

\¬ Tivoli Identity Manager wByM÷yíAPy±

C∩wznyºßA\uWsyⁿC

Tivoli Identity Manager íw

Tivoli Identity Manager Nσ≤wñXs¿UCG

v ΩT

v uWU

v °Aw

v zPtm

v NW

v Nzw

ΩTG

v IBM Tivoli Identity Manager N

ú Tivoli Identity Manager nwΘDAHΣLíBíMΣLΣ

ΩTC

v Tivoli Identity Manager ²\¬d

uWUG

v Tivoli Identity Manager uWU

w∩ Tivoli Identity Manager z@AúπXíuWíDDC

°AwG

© Copyright IBM Corp. 2004 vii

|

|

|

v IBM Tivoli Identity Manager °AwΓU UNIX M Linux - WebSphere

ú Tivoli Identity Manager wΩTC

v IBM Tivoli Identity Manager °AwΓU Windows - WebSphere

ú Tivoli Identity Manager wΩTC

v IBM Tivoli Identity Manager °AwΓU UNIX - WebLogic

ú Tivoli Identity Manager wΩTC

v IBM Tivoli Identity Manager °AwΓU Windows 2000 - WebLogic

ú Tivoli Identity Manager wΩTC

zPtmG

v IBM Tivoli Identity Manager Policy and Organization Administration Guide

ú Tivoli Identity Manager z@DDC

v IBM Tivoli Identity Manager @δΓU

ú Tivoli Identity Manager ΩTC

v IBM Tivoli Identity Manager tmΓU

úµ@°AMO Tivoli Identity Manager tmtmΩTC

NWG

v IBM Tivoli Identity Manager Problem Determination Guide

ú Tivoli Identity Manager úΣLMDΩTC

NzwG

v Tivoli Identity Manager Nσ≤w]]A Tivoli Identity Manager Ω@ºuNzv

≤Sw¡xwσ≤oiC

úy

pGnΩTAF Tivoli Identity Manager úCziHqU

CmoyG

v WebSphere Application Server

http://www.ibm.com/software/webservers/appserv/support.html

: Uo≈u⌡!MµANíwMtm WebSphere Application ServerA

BúBwO@C÷Mo≈MµbIΩOsA²biα

wgLFCp ßNϕAΩΩTMµC

– IBM WebSphere Application Server V5.0 System Management and ConfigurationA

IBM ⌡!

– IBM WebSphere Application Server V5.0 SecurityAIBM ⌡!

v Ωw°A

– IBM DB2

viii IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

http://www.ibm.com/software/data/db2/udb/support.html

http://www.ibm.com/software/data/db2

– Oracle

http://otn.oracle.com/tech/index.html

– Microsoft SQL Server 2000 (SP3)

http://msdn.microsoft.com/library/

v ²°Aí

– IBM Directory Server

http://www.ibm.com/software/network/directory

– Sun ONE Directory Server

http://wwws.sun.com/software/products/directory_srvr/5.1/index.html

v WebSphere Embedded Messaging Σ] IBM MQSeries

http://www.ibm.com/software/ts/mqseries

v Web Proxy °A

– IBM HTTP Server

http://www.ibm.com/software/webservers/httpservers/library.html

÷y

UCXñúP Tivoli Identity Manager Server ÷ΩTG

v Tivoli Software Library úFU Tivoli yApA#!BΩu@ϕBdB

⌡!MqHτCziHbUz⌠Σ Tivoli Software LibraryG

http://www.ibm.com/software/tivoli/library/

v Tivoli Software Glossary t\h Tivoli nΘ÷NywqC≤UC⌠ Tivoli

Software Library ⌠¬Σ Glossary ú σ Tivoli Software GlossaryG

http://www.ibm.com/software/tivoli/library/

uWsy

≤UC⌠ Tivoli nΘwñuWúúXAΣµíuiΓíσ≤µí

(Portable Document Format, PDF)vuWσrOyÑ (Hypertext Markup Language,

HTML)vΓG

http://www.ibm.com/software/tivoli/library

pGnbwñMΣúyAbuwv¬ΓΣ÷@UúΓUCMß

buTivoli nΘΩTñvWMΣB÷@U úWC

úy]ANBwΓUBΓUBzΓUHoΓ

UC

eÑ ix

: FTOα CL PDF yAb Adobe Acrobat uCLv°íñA∩

Xjp∩]zun÷@U → CLANα≈o∩C

≤Uuπ

úσ≤tUCSAiHUz≤UuπG

v σ≤ HTML M PDF ΓµíAi²h≈Me¬C

v σ≤ñvúNσrAi²°FveC

pnΘΣñ

bV IBM Tivoli nΘΣñDºeA÷@U Tivoli ΣAñ]⌠

pU\ IBM Tivoli nΘΣñ⌠G

http://www.ibm.com/software/support/

pGznΣLUAQ IBM Software Support Guide]⌠pUñyz

ΦkApnΘΣñC

http://techsupport.services.ibm.com/guides/handbook.html

ΓUNúUCΩTG

v ⁿΣn²MΩµnD

v qX] zbΩaw

v bp ßΣñºeA¼ΩTMµ

D

ΓUNw∩SϕⁿJM@AH@twⁿOM⌠AhD

C

rΘD

UOΓUrΘDG

Θ gΣσrB÷ΣrBB∩BJava ¼WH½≤ñ°Hpgⁿ

OjpgVXⁿOAHΘC

Θ BXDSϕrⁿyHΘ[HjC

ÑerΘ

gΣσrBtTºBΣJσrAHⁿO∩ñ°

HíXdB@δⁿOBeΘXBM²WAíHÑe

C

@ttº

UNIX Dⁿw⌠AHϕ²Cb Windows ⁿOµA

%variable% N $variableA⌠ABN²⌠ñC°u (/)A

Hu (\) NCYzO Windows tñ bash ShellAziH UNIX D

C

x IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

4.5.1 íwñqC

Tivoli Identity Manager 4.5.1 Nσ≤wQqCrⁿX∩²eb 4.5 σ≤

wñXΩTwiµN≤aΦCqCOH≤¬ΣΣZñ½u (

| ) ϕC

HOME ²wq

Uϕ]tσ≤ñw]wqAHNϕUúw⌠ HOME ²hCzi

Hw∩zSwΩ@Φíqw²M HOME ²CpGOoípAhz∩

ϕñeC@wqiµAϕ½C

⌠ w]wq

ITIM_HOME Windows:

c:\itim45\

UNIX:

/itim45/

WAS_HOME Windows:

C:\Program Files\WebSphere\AppServer\

UNIX:

/opt/WebSphere/AppServer/

WAS_NDM_HOME Windows:

C:\Program Files\WebSphere\DeploymentManager\

UNIX:

/opt/WebSphere/DeploymentManager/

eÑ xi

xii IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

1

ΓUNíp≤bµ@°AOtmϕñwBltmHτ Tivoli Identity

Manager °ACziHtXt@tM Web í∩wσ≤CP

]iH\ Tivoli Identity Manager °AwΓU UNIX - WebSphereC

wMl Tivoli Identity Manager °ADnBJAn°ªµ@°Atm

wOOtmwAHOw²sb WebSphere Application Server wC

UOBJº[G

1. 3 2 , ytmº[zíAPtm Oµ@°AtmA

On≤uO\αOMΦtmC

2. 11 3 , yΩwtmzíAwMtmΩwC

3. 23 4 , y²°AtmzíAwMtm²°AC

4. pGOµ@°AtmA 31 5 , yµ@°AwGTivoli Identity

Manager °Azíw Tivoli Identity Manager °AC

5. pGOOtmA⌡µUC@G

v 95² B, y WebSphere ⌠zíAwMtm

WebSphere Application Server ΣC

v 57 6 , yOwGTivoli Identity Manager °AzíA

OMw Tivoli Identity Manager °AC

: zHΓΦíAOtmwnM≤C

nwΘD

pGnnwΘDMµA\ IBM Tivoli Identity Manager NC

4.5.1 wM

T i v o l i I d e n t i t y M a n a g e r °A 4 . 5 . 1 Nú]C Ds¡x

]LinuxBHP-UXBWindows 2003CBAúM≤wΣ Tivoli Identity

Manager 4.5.0 ¡x]AIXBSolaris Windows 2000CpGnΣLΩTA

\ 87² A, yHMM≤úwMzC

Tivoli Identity Manager Tivoli Identity Manager 4.5.1 M≤wí Tivoli Identity

Manager 4.5.0 C

BJN] Tivoli Identity Manager úPCp÷ΩTA\ñ

í Tivoli Identity Manager ²C

bsqúWw Tivoli Identity Manager 4.5.1

bS Tivoli Identity Manager ΩsqúWw Tivoli Identity Manager B

JpUG

© Copyright IBM Corp. 2004 1

|

|

|

|

|

|

|

|

|

|

|

|

|

v Ys¡xAs CD ú Tivoli Identity Manager 4.5.1 wíBnñ

nΘBM≤AHC

v Y 4.5.0 Σ¡xAM≤ú Tivoli Identity Manager 4.5.1 C

4.5.0 CD Honñ nΘBM≤AHC

2 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

2 tmº[

WebSphere Application Server ⌠ñ Tivoli Identity Manager °AAQµ

@°AtmOtmCNw∩tm∩Aúu¬ÑíABúΩ

@º[C≤Ω@ΩTAhdß≥ AúC

:

1. tmdAnDzbwMtmúBJºeA²⌡µ@W

íCpGnΣLσ≤AítXzDWAp ßN

ϕC

2. ΣL÷ WebSphere Application Server úΩTA\ viiiyú

yzΣLσ≤C

3. jí Tivoli Identity Manager ñínΘAúnM≤CpGnΣL

ΩTA\ IBM Tivoli Identity Manager NC

WebSphere Application Server MWⁿ

UCⁿJNí WebSphere Application Server tmñG

Cell ípzízzΓCCell OΓ WebSphere Application Server

í⌠ñ@δzíIAHΦΦí[HC@ Cell iH@

hOC

I IOΓΩΘqúW@hí°AAHΦΦí[HCCell ñ

IWOMCIWqPqúD≈W@C½yíAI

qO∩πúP IP ΩΘqútC

í°A

í°AO WebSphere Dn≤C°A⌡µ Java Ω≈A

ííXú⌡µ⌠Cí°AúxsAM

Sw Java í≤⌡µC

Network Deployment Managerozw∩ WebSphere Application Server í Cell ñ

]]AOzbAúñz°MεCNetwork Deployment

Manager tdzC@IWxsweAªOzLP Cell C@IW

INzí¼qTzC

INzí

INzítdbI WebSphere Application Server WAzⁿz

AΦkOP Network Deployment Manager qT≤tmABNªPB

BzCINzíONϕ Network Deployment Manager ⌡µz@CI

NzíNϕz Cell ñICINzíH WebSphere Application

Server Base @wA²úDzNI[J Network Deployment ⌠ñ

CellAhú@wno≥C

O OON@h\αPí°AAHΦΦí[HAi

© Copyright IBM Corp. 2004 3

HΦKzípBtmB¡u@qHßCOO°AXAo

°AQϕ@@tXOB@AHTOßoH½níMΩ

C

OúiπCΣLΩTA\ ßΣñúAí

WebSphere Application Server í⌠ñ½M⌠¡O@ΣLσ≤C

O¿

Oϕñ@ WebSphere Application Server ΩC

WebSphere Web Server í

WebSphere Web Server íOwb HTTP °A@≤Atd

ⁿeJnDANªΘOϕñAϕ Web xsCíµA

O) plugin-cfg.xml Cíi² Web °ANAenD

]p ServletAeí°AC

µ@°Atm

µ@°AtmiN WebSphere Application Server Base MΣLníAw

bΩΘqúWCTivoli Identity Manager °Aú Mu@yBzC

@íqúWtmAπUCG

v ΩwAxsµ÷ΩT

v ²°A

v WebSphere Application Server Base

v Tivoli Identity Manager °A

1. @íΩΘqúWµ@°Atm

4 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

v HTTP °AAp IBM HTTP Server M WebSphere Web Server íCpG

n WebSphere Web Server í≥wqA\ 3yWebSphere

Application Server MWⁿzCΣL÷tm WebSphere Web Server í

ΩTA\ 109ytm HTTP °AΣLΦkzC

ziH∩N WebSphere Application Server Base M Tivoli Identity Manager °

AΩAwb@íΩΘqúWANΣLníAíwbΣ

L@híqúWC

: pGzΓ IBM Directory Server 5.1 Awbww WebSphere Application Server

P@íqúWA\ 28ybP@íqúW 5.1 M WebSphere

Application ServerzAoΣLnΓtmBJC

pGqúw Tivoli Identity Manager °AAhπUCG

v WebSphere Application Server Base

v JDBC Xí]Ωwß

ΣLqúhπG

v ΩwAxsµ÷ΩT

v ²°A

v HTTP °AAp IBM HTTP Server M WebSphere Web Server í

pGnΣLΩTA\ 31 5 , yµ@°AwGTivoli Identity

Manager °AzC

Tivoli Identity Manager Otm

Tivoli Identity Manager OtmⁿwUC@G

v 6yµ@Otmz

v 8y\αOtmz

2. híΩΘqúWµ@°Atm

2 tmº[ 5

: bO⌠]@δ\αOñAO¿w²WúOPCⁿwP²AKyßbúPO¿qúWoO HR

í⌡µDCpAbO¿qúWⁿw \itim45 ²C

ADSML ¡≈ΘJMebC@IP@²ñC

ΣL÷tmOΩTA\ 59y Network Deployment Manager

OzCpM≤ⁿwA\ IBM Tivoli Identity Manager

NC

:

1. bUCϕñAC@Φ⌠¼úNϕ@íΩΘqúW@ WebSphere IC

zb@íqúWu@IC

2. pGzΓ IBM Directory Server 5.1 Awbww WebSphere Application Server

P@íqúWA\ 28 ybP@íqúW 5.1 M WebSphere

Application ServerzAoΣLnΓBJC

Tivoli Identity Manager °Ah

hO) Tivoli Identity Manager °AúAO\αlApABz

í\αAOBzu@yí\αCTivoli Identity Manager °AiHw

hh°AA²ztmC@hú\αAN\αOtm[HjC

Tivoli Identity Manager °AiúUCXhG

(UI)ú Bz\αAΣñ]A∩MϕµAi²U Tivoli

Identity Manager °Aú\αCΣL÷ ΩTA\

IBM Tivoli Identity Manager Policy and Organization Administration GuideC

u@y (WF)úu@yBz\αC

u@yOⁿ)πnDBnDenDHK¿C÷u

@yBzΩTA\ IBM Tivoli Identity Manager Policy and Organization

Administration GuideC

w∩]AUCUG

v µ@°A

v µ@O\αOGbµ@Ow[cñAoΓhúwbO¿C@

í°AWCC@O¿úϕ≤@ Tivoli Identity Manager µ@°

AC

b\αOϕñA (UI) hOwb@OWAu@y (WF) hh

Owbt@OWCXoΓO\αAiHúπ Tivoli Identity

Manager \αC

µ@Otm

µ@Otmⁿw@ WebSphere í°ACTivoli Identity Manager

hMu@yhAúOb OC@IP@ WebSphere Application Server W

6 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

⌡µC tmb@íqúWⁿw Network Deployment ManagerCΣLíhb

ΣLqúWtmC

UNíotmG

v bww Network Deployment Manager qúWAwUCUG

– WebSphere Network Deployment Manager

– JDBC Xí]Ωwß

v bC@O¿WAwUCG

– WebSphere Application Server

– Tivoli Identity Manager °A. wbotmW Tivoli Identity Manager °

AAú Mu@yoΓhXC

– JDBC Xí]Ωwß

v bΣL@híúbOϕñqúWAwUCG

– ΩwAxsµ÷ΩT

– ²°A

– HTTP °AAp IBM HTTP Server M WebSphere Web Server íC

ΣL÷o°AΩTA\ IBM HTTP Server úσ≤CpG

n WebSphere Web Server í≥wqA\ 3yWebSphere

Application Server MWⁿzCΣL÷tm WebSphere Web Server í

ΩTA\ 109ytm HTTP °AΣLΦkzC

3. híΩΘqúWµ@Otm

2 tmº[ 7

\αOtm

\αOtmAON Network Deployment Manager m≤@íqúWCΣL

íAhOtmbΣLqúWúPOCTivoli Identity Manager °A UI hOtm

b@OIWA WF hhOtmbt@OIWC

UNíotmG

v bww Network Deployment Manager qúWAwUCUG

– WebSphere Network Deployment Manager

– JDBC Xí]Ωwß

v bC@OU¿WAwUCG

– WebSphere Application Server

– Tivoli Identity Manager °A

b OϕñATivoli Identity Manager °AΩuú

BzCbu@yOϕñATivoli Identity Manager °AΩ]uú

u@yBzC

– JDBC Xí]Ωwß

v bΣL@híúbOϕñqúWAwUCG

– ΩwAxsµ÷ΩT

– ²°A

– IBM HTTP Server M WebSphere Web Server í

4. \αOtm

8 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

Java TºAMΣL°A

ΣL°AOb WebSphere Application Server ⌠U⌡µApAú

WebSphere Embedded Messaging Σ Java TºA] jmsserver AS

JMS °AC

: n² Tivoli Identity Manager PΣLíµ½ΩTAΓΩϕ@Tº[H¼eA

Q WebSphere Embedded Messaging Σ&µCΣLΩTA\í

WebSphere Embedded Messaging Σ WebSphere MQ WebSphere Application

Server σ≤C

Tivoli Identity Manager WebSphere ⌠¡ε

pGnb WebSphere ⌠U Tivoli Identity ManagerA[εUC¡εG

v Tivoli Identity Manager ]O@tOPΦCFKowqTM

tmDAzúnb@ Tivoli Identity Manager OϕñA@HW

@t¼C

v b\αOϕñAúnΓ OMu@yOO¿A±bP@í

qúWC

v pGP@íqúWh WebSphere Application Server ΩAuΣñ@Ω

°AiH¿ Tivoli Identity Manager O¿C

v WebSphere Application Server e\zbP@íqúWAw Network Deployment

Manager MO¿CTwoíqúπnOΘBtMiíAHtX

Bu@qC

2 tmº[ 9

10 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

3 Ωwtm

Níp≤tmΩwA²ªft Tivoli Identity Manager °ACpGzQ

DΣΩwAHπíA\ IBM Tivoli Identity

M a n a g e r NCΣL÷ I B M D B 2 ΩTA\

http://www.ibm.com/software/data/db2/udb/support.htmlC

:

1. í IBM DB2 ]wAOn⌡µπl]wC

2. OΓ¼ 2 uJava Ωwsu\αvXíA@ IBM DB2 ⌡µ

ßCßNH JDBC XíANϕoXíC

3. ΩTDΩwú¡ú≤sxBíσ≤NΩTC∩≤z

wΩTAp≤h÷ΩTA\ viiyeÑzñX

HúúΣLXC

NíUCUG

v yIBM DB2 tmz

v 16yTivoli Identity Manager Oracle wMtmz

v 22ySQL Server 2000 tmz

IBM DB2 tm

zH Administrator ¡nJ IBM DB2 °AA&α¿UCBJG

v yTwqTMtm°Az

v 14ytm IBM DB2 JDBC Xíz

TwqTMtm°A

n IBM DB2 °AA⌡µUC@G

v yTw TCP/IP qTz

v 12ytm IBM DB2 °Az

Tw TCP/IP qT

blºeA²T IBM DB2 °AW TCP/IP qTC⌡µUC@G

: oBJ]tmOhíqúAΣñ@íπ IBM DB2 °ACpGΩw

P IBM DB2 °A≤P@íqúANútm TCP/IP qTC

1. IBM DB2 ⁿO°íAΦk÷@Ul -> ⌡µAMßΘJ db2cmdC

2. b DB2 ⁿO°í⌡µUzⁿOG

db2set -all DB2COMM

3. pG tcpip ]ϕ TCP/IP qTúb db2set -all DB2COMM ⁿO

MµñA⌡µUzⁿOAΣñ]A tcpipAHⁿOúMµ ΣL

C

db2set DB2COMM=tcpip,<values_from_db2set_command>

© Copyright IBM Corp. 2004 11

pAYO db2set -all DB2COMM ⁿObMµñ O npipe M ipxspx

AhbG⌡µ db2set ⁿOAAⁿwoG

db2set DB2COMM=tcpip,npipe,ipxspx

tm IBM DB2 °A

pGntm°AA⌡µUC@G

1. Hⁿ itimdb WA Tivoli Identity Manager ΩwAB@W

s enrolebp w"C

: ΩwWiHOzⁿw⌠≤WC²w"W@wO enrolebpC

a. IBM DB2 ⁿO°íAΦk÷@Ul -> ⌡µAMßΘJ db2cmdC

b. bⁿO°íñA⌡µoⁿOΩwG

db2 create db itimdb using codeset UTF-8 territory USdb2 update db cfg for itimdb using applheapsz heapvaluedb2 update db cfg for itimdb using app_ctl_heap_sz 512

Σñ heapvalue O@H KB µπANNϕ 4K 1024C

: NΣLíOΘDCJAΓ applheapsz ]π Ωw

qúñAjOΩOΘ@bC

c. tmΩAWAHKbs JDBC XíC±ΦíAΘJUo

@µG

db2 update dbm cfg using svcename <service_name>

Σñ <service_name> O@O DB2_db2inst1 C

d. NAϕAW[JUoñG

v UNIX: /etc/services

v WindowsG%SYSTEMROOT%\system32\drivers\etc\services

±ΦíAΘJUo@µG

db2 get dbm cfg

oPUⁿG

v DB2_db2inst1: 50000/tcp

v DB2_db2inst1i: 50001/tcp

zΘJ∩≤AW≡C

e. ΘJUzⁿOATsuCpGQsuAN ΩwsuΩTG

db2 connect to itimdb

f. w"G

db2 create bufferpool enrolebp size -1 pagesize 32k

2. ]w DB2_RR_TO_RS=YESAui½¬vC⌡µUC@G

a. ΘJUo@µG

db2set -all

b. d AT DB2_RR_TO_RS=YESC

c. pGΣúoAΘJUo@µAN ] YESG

12 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

db2set DB2_RR_TO_RS=YES

d. ½sΘJUo@µA ]wOsbG

db2set -all

3. ½s IBM DB2C

db2stop#]GpGΘJ db2stop óA⌡µ "db2 force application all"db2start

b IBM DB2 °A@Ws enrole

b IBM DB2 °AA@Ws enrole C⌡µUC@G

v pGOb AIXAH root ¡⌡µUC@G

1. smit smittyAutzvuπC

2. ∩w & -> -> sWC

3. buWvµñAΘJ enroleC

4. ÷ Enter ΣAAMß uveC

5. ∩≤KXC

6. bWúUAΘJzwqAp enroleCbzwgⁿwF ID enrole M enrole KXC

7. pGnbúU≤KXAΘJzºeΩwwqKXC

8. ⌠utzvuπC

9. sCTelnet ⌡µ IBM DB2 °AqúCTwziHs

ID nJAúo½]KXíC

v pGOb SolarisAH root ¡⌡µUC@G

1. zuπC

2. b@Cñ÷@Us² -> C

3. ÷@UsΦ -> sWC

4. busWv∩uWvµñAΘJ enroleCMßbu∩KXv\αϕñA∩KXC

5. bu]wKXv∩ñAΘJKXB[HτCMß÷@UTwC

6. Nul²vµñ⌠A] /export/home/enrole ⌠CMß÷@

UTwC

7. b@Cñ÷@U -> ⌠⌠C

8. sCTelnet ⌡µ IBM DB2 °AqúCTwziHs

ID nJAúo½]KXíC

v pGOb Windows 2000AH Administrator ¡⌡µUC@G

1. suqúzvuπAΦk÷@Ul -> ]w -> εx -> zuπ ->qúzC

2. ÷@UMs -> C

: enrole ú[J⌠≤sñC

3. ∩@ -> sC

4. buWvµñAΘJ enroleC

5. buKXvµñAΘJΩwKXC

3 Ωwtm 13

6. MúUnJ≤KX∩C

7. ∩KXú∩C

8. ÷@UC

bOC@íqúW@Ws enrole

ziHb≤ Tivoli Identity Manager O@íC@íqúWA@Ws enrole

CoúπSϕMvCTwUnJú≤KXA

BKX-úC

tm IBM DB2 JDBC Xí

IBM DB2 nD¼ 2 uJava Ωwsu\αvXí]JDBC XíA

@ΩwßCJDBC XíON Java ¼íAs bP@í≈

Wb≈W⌡µ IBM DB2 ΩwCb Tivoli Identity Manager Oíp

ñAJDBC Xíi² Tivoli Identity Manager °APΩqTAB

@ΩTCpGnΣLΩTA\ IBM DB2 σ≤C

:

1. IBM DB2 úw JDBC XíA IBM DB2 ⌡µßC

2. pGnTOb Intel ¡xW ±ΩwsuA TCP SocketCún

πWD@ IBM DB2 ßsuΦkCπWDΦksu¡εAi

αo Tivoli Identity Manager Ωw C

]zSΓ IBM DB2 wbqúWAhbUCqúWwMtm JDBC

XíAHnM≤CpGnΣLΩTA\ IBM Tivoli Identity

Manager NC

v w Network Deployment Manager qú

v zwnw Tivoli Identity Manager °AC@O¿

v bµ@°AwqúW]Σñ IBM DB2 O≤C

bC@qú⌡µUC@G

1. wMtm JDBC XíHnM≤C

2. ⌡µUCBJANΩws¿¼²G

a. IBM DB2 ⁿO°íC

÷@Ul -> ⌡µAMßΘJ db2cmdC

b. bßⁿO°íWAHµµ⌡µoⁿOG

db2 catalog tcpip node db2node_hostname remote db2server_hostnameserver service-name|portnumber

ΣñG

node db2node_hostname

Oⁿzns¿¼²ºIOWCªOΩwbqúD≈W

Co)wqANϕí IBM DB2 IWC

: db2node_hostname úiWLKr°C

14 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

remote db2server_hostname

Oⁿ IBM DB2 bID≈WCD≈WO TCP/IP ⌠⌠

IWCpAdb2server2hostC

server service-name|portnumber

iⁿw°AΩwzíΩAW≡CIBM DB2 ≡

w]O 5 0 0 0 0Cb I B M D B 2 °AbqúW

%SYSTEMROOT%\system32\drivers\etc\services ñMΣe≡C

ßM°AW≡@CpGⁿw≡ANúb

TCP/IP services ⁿw⌠≤AWC

c. ΘJUzⁿOANΩws¿¼²G

db2 catalog database itimdb as itimdb at node db2node_hostname

3. pGn¼²@OQ¿AΘJUo@µG

db2 connect to itimdb

JDBC ¼ 2 Xítm IBM DB2 7.1 M 7.2

: IBM DB2 M≤ 3 N IBM DB2 7.1 α 7.2 Cpe

M≤÷ΩTA\ IBM Tivoli Identity Manager NC

pGzO IBM DB2 7.1 M 7.2 AhHΓΦítm JDBC ¼ 2 X

íCb IBM DB2 °A⌡µUC@G

1. H IBM DB2 Administrator ¡nJC

2. tm² IBM DB2 JDBC ¼ 2 XíApUG

a. ε IBM DB2 AC

b. aX Windows ⁿOúAMß⌡µ

<IBM DB2 install directory>\java12\usejdbc2.bat

Σñ <IBM DB2 install directory> Qzw IBM DB2 ²NC

c. ½s IBM DB2 AC

dGXR DB2

UdO IBM DB2 ]w≤jG

db2 update database configuration for itimdb using dbheap 1200db2 update database configuration for itimdb using applheapsz 2048db2 update database configuration for itimdb using maxappls 60db2 update database configuration for itimdb using app_ctl_heap_sz 1024db2 alter bufferpool ibmdefaultbp size 14750db2 alter bufferpool enrolebp size 13240

pG applheapsz o]o*pA@.ⁿJjqANoOΘú¼

C±ΦíAΘxiαtUo»zíG

xsΘú¼ALkBz sql »zíC

pGnúBxsΘíAN IBM DB2 íΩ∩jp∩jC

3 Ωwtm 15

su - db2inst1db2 force applications alldb2stopdb2 terminatedb2 update db cfg for itimdb using applheapsz 2048db2start

: pGOb Windows WA@ db2cmd °íAΘJoⁿOC

Tivoli Identity Manager Oracle wMtm

Níb Tivoli Identity Manager [cϕñw Oracle emwM

ßmwtmBJC

úO@íAú\ Oracle wΓUAoπΩTC

: bw Oracle A[W JServer ∩@w@íCpGz∩@δOracle wAΣñNt JServerCpGz∩⌡µq Oracle wA∩

JServer @w∩C

Y Oracle 9iAϕzΩwΩA JVM (JServer)Ah Tivoli

Identity Manager ⌠≤ºúNóC

b AIX w Oracleb AIX tWw Oracle ºeA²¿UCG

1. H root ¡nJ AIX tC

2. AIX twUCG

v bos.adt.base

v bos.adt.libm

Oracle úwFíwA Oracle ⌡µCpGSoA

KóA Oracle ]Lk w⌡µCziHq AIX oHuπ

c CDAwoC

3. τzt,XWLUC²i íDG

v /usrG3 GB

v /varG300 MB

v /tmpG2 GB

AIX w] Oracle w²O /usrC

:

a. pGnPh,i íAΘJUzⁿOG

df - Ivk

ΘXOH 1024 µC

b. Yn SMIT SMITTY ≤ /usr /var ²jpAs²UC

°íGtxsΘz -> t -> sW/≤/π/Rút -> Oⁿ

t -> ≤/πOⁿtºΦ-> /usr -> tjp]H

512 ⌠µC

4. pGStAQ SMITTY -í@G

16 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

a. qDxⁿOµΘJ $ mkdir /cdromC

b. qDxⁿOµΘJ $ smitty crcdrfsC

oeXUo\αϕG

sW@t

bΘJµΘJ∩C¿zn≤ºßA÷ Enter ΣC

[ΘJµ]* mW +* ⁿI []nb½s≈ⁿH ún +

c. ∩@≈AΦkO÷ F4A∩@ ≈AMßA÷ Enter ΣC

d. A÷@ Enter ΣAtCⁿOªºßAH F10 ⌠SMITTYC

e. HUzⁿOⁿ cdrom ²G

mount /cdrom

5. ⁿI Oracle ΩwG

$ mkdir /u01$ mkdir /u02

6. ]wⁿI\ivA² Oracle bßbwgJªG

$ chmod 777 /u01$ chmod 777 /u02

7. H SMIT ΓsF@OWs dba sAt@OWs oper sC

8. H SMIT @Ws oracle sCw∩sbßA¿UCBJG

a. NbßuDnsv]wz dba sC

b. Nbßul²v] /home/oracleC

c. NnJ Shell]lí] /bin/shC

Oracle bß⌡µwíCobßuαwM@ OracleC

9. d /usr/lbin o⌠OsbAB]tb Oracle bß⌠ñC

ziHsΦ /home/oracle/.profile ]wo⌠C

10. ⌡µ≤ CD orainst ²U oratab.sh Script oratab C

$ ./oratab.sh

11. H Oracle ¡nJtG

$ su - oracle

12. ° Oracle bß umask ]wC

$ umask

umask ] 022CpGbß umask úO] 022AHUzⁿO]wªG

$ umask 022

13. sΦ .profileA[JUC⌠]wG

v Oracle 8i:

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASEORACLE_HOME=$ORACLE_BASE/product/8.1.7; export ORACLE_HOMELIBPATH=$ORACLE_HOME/lib; export LIBPATHLD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/network/lib; export LD_LIBRARY_PATHORACLE_SID=or1; export ORACLE_SIDORACLE_TERM=vt100; export ORACLE_TERM

3 Ωwtm 17

v Oracle 9i:

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASEORACLE_HOME=$ORACLE_BASE/product/9.2.0.0.0; export ORACLE_HOMELIBPATH=$ORACLE_HOME/lib; export LIBPATHLD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/network/lib; export LD_LIBRARY_PATHORACLE_SID=or1; export ORACLE_SIDORACLE_TERM=vt100; export ORACLE_TERM

Tw oracle PATH ]A $ORACLE_HOME/binB /bin M /usr/binCpG

SANª[ .profile ϕñC

14. QUzⁿOAN]wm≤mG

$ . ./.profile

UNIX Shell ¬]wA]wñl]w≤se⌠C

15. ⌡µ rootpre.shA²≈q /cdrom wG

$ ./rootpre.sh

bziHlw Oracle FC

b Solaris w Oracleb Solaris tWw Oracle ºeA²¿UCG

1. H root ¡nJ Solaris tC

2. t]A,nXWLwnDCpGnΣL

ΩTA\ Oracle 8i Installation GuideC

3. ⁿI Oracle ΩwG

$ mkdir /u01$ mkdir /u02

4. QUzⁿOAqDxzuπ-íG

# admintool

5. buzuπv°íñA÷@Us² -> sCoeuzuπGsv

°íC

6. buzuπGsv°íñA÷@UsΦ -> sWCoeuzuπG

sWsv°íC

7. ΓsF@OWs dba sAt@OWs oinstall sC

8. buzuπGsv°íñA÷@UsΦ -> Coeuzu

πGv°íC

9. Hzuπ@Ws oracle sCw∩sbßA¿UCBJG

a. NbßuDnsv]wz oinstall sC

b. Nbßunsv]wz dba sC

c. ∩ul²vµΩsCbu⌠vµñAΘJ

/export/home/oracle @ oracle l²C

d. NnJ Shell ] /bin/shC

Oracle wíHobß⌡µCobßuwM@ OracleC

10. H Oracle ¡nJtG

# su - oracle

18 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

||||||

|

° Oracle bß umask ]wC

$ umask

umask ] 022CpGbß umask úO] 022AHUzⁿO]wªG

$ umask 022

P]tX≤∩ .profileC

11. b Oracle bß /export/home/oracle/.profile [JUCXµG

v Oracle 8i:

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASEORACLE_HOME=$ORACLE_BASE/product/8.1.7; export ORACLE_HOMEORACLE_SID=or1; export ORACLE_SIDORACLE_DOC=$ORACLE_HOME/doc; export ORACLE_DOCORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data; export ORA_NLS33PATH=$ORACLE_HOME/bin:/usr/bin:/usr/local/bin:/usr/ccs/bin:/usr/ucb:/usr/openwin/bin:.

v Oracle 9i:

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASEORACLE_HOME=$ORACLE_BASE/product/9.2.0.0.0; export ORACLE_HOMEORACLE_SID=or1; export ORACLE_SIDORACLE_DOC=$ORACLE_HOME/doc; export ORACLE_DOCORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data; export ORA_NLS33PATH=$ORACLE_HOME/bin:/usr/bin:/usr/local/bin:/usr/ccs/bin:/usr/ucb:/usr/openwin/bin:.

pGznDbjM⌠ñ[W /usr/ucbANªCb PATH ]w

/usr/ccs/bin ßC

12. QUzⁿOAN]wm≤mG

$ . ./.profile

bziHlw Oracle FC\Aϕ Oracle σ≤ABwnΘCw@

Q¿ºßA ϕñtmⁿC

b HP-UX w Oracleb HP-UX tWw Oracle ºeA²¿UCG

1. H root ¡nJ HP-UX tC

2. t]A,nXWLwnDCp÷ΩTA

\ Oracle wΓUC

3. ⁿI Oracle ΩwG

$ mkdir /u01$ mkdir /u02

4. QUzⁿOAqDx SAM]uzL Meta ΩiµΩs,

(Sequential data Access via Metadata)v-íG

# sam

5. b SAM °íñA÷@UMsbßCeWuSAMGMs

bßv°íC

6. buSAMGMsbßv°íñA÷@UsCeWuSAMG

sv°íC

7. ΓsF@OWs dba sAt@OWs oinstall sC

8. buSAMGMsbßv°íñA÷@UCeW

uSAMGv°íC

9. @Ws oracle sCw∩sbßA¿UCBJG

3 Ωwtm 19

|

||||||

|

|

|

|

|

|

|

||

|

|

|

|

|

|

|

|

|

|

|

|

a. NbßuDnsv]wz oinstall sC

b. Nbßunsv]wz dba sC

c. ∩ul²vµΩsCbu⌠vµñAΘJ

/home/oracle @ oracle l²C

d. NnJ Shell ] /bin/shC

Oracle wíHobß⌡µCobßuwM@ OracleC

10. H Oracle ¡nJtG

# su - oracle

° Oracle bß umask ]wC

$ umask

umask ] 022CpGbß umask úO] 022AHUzⁿO]wªG

$ umask 022

P]tX≤∩ .profileC

11. b Oracle bß /home/oracle/.profile [JUCXµG

v Oracle 8i:

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASEORACLE_HOME=$ORACLE_BASE/product/8.1.7; export ORACLE_HOMEORACLE_SID=or1; export ORACLE_SIDORACLE_DOC=$ORACLE_HOME/doc; export ORACLE_DOCORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data; export ORA_NLS33PATH=$ORACLE_HOME/bin:/usr/bin:/usr/local/bin:/usr/ccs/bin:/usr/ucb:/usr/openwin/bin:.

v Oracle 9i:

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASEORACLE_HOME=$ORACLE_BASE/product/9.2.0.0.0; export ORACLE_HOMEORACLE_SID=or1; export ORACLE_SIDORACLE_DOC=$ORACLE_HOME/doc; export ORACLE_DOCORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data; export ORA_NLS33PATH=$ORACLE_HOME/bin:/usr/bin:/usr/local/bin:/usr/ccs/bin:/usr/ucb:/usr/openwin/bin:.

pGznDbjM⌠ñ[W /usr/ucbANªCb PATH ]w

/usr/ccs/bin ßC

12. QUzⁿOAN]wm≤mG

$ . ./.profile

bziHlw Oracle FC\Aϕ Oracle σ≤ABwnΘCw@

Q¿ºßA ϕñtmⁿC

b Windows w Oracleb Windows tWw Oracle ºeA²¿UCG

1. τzt,XWL Oracle wΓUñw∩z0Γ⌡µw¼

CXtDC

2. HwzbßnJ Windows tC

bziHlw Oracle FC

bwºßtm OraclepGzntm≤ Tivoli Identity Manager [c OracleA¿hßmw

@C

1. τ $ORACLE_HOME /dbs/init.ora ñsbUµG

20 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|||||||

||||||

|

|

|

|

|

|

|

|

|

v Oracle 8i:

compatible=8.1.0

v Oracle 9i:

compatible=9.2.0.0

2. Ωw Tivoli Identity ManagerC

UO@iΩw SQL Script dCztX⌠DA≤

Script ñC

-- Create databaseCREATE DATABASE sample

CONTROLFILE REUSELOGFILE ’/u01/oracle/sample/redo01.log’ SIZE 1M REUSE,

’/u01/oracle/sample/redo02.log’ SIZE 1M REUSE,’/u01/oracle/sample/redo03.log’ SIZE 1M REUSE,’/u01/oracle/sample/redo04.log’ SIZE 1M REUSE

DATAFILE ’/u01/oracle/sample/system01.dbf’ SIZE 10M REUSEAUTOEXTEND ONNEXT 10M MAXSIZE 200M

CHARACTER SET UTF8;

-- Create another (temporary) system tablespaceCREATE ROLLBACK SEGMENT rb_temp STORAGE (INITIAL 100 k NEXT 250 k);

-- Alter temporary system tablespace online before proceedingALTER ROLLBACK SEGMENT rb_temp ONLINE;

-- Create additional tablespaces ...-- RBS: For rollback segments-- USERs: Create user sets this as the default tablespace-- TEMP: Create user sets this as the temporary tablespaceCREATE TABLESPACE rbs

DATAFILE ’/u01/oracle/sample/sample.dbf’ SIZE 5M REUSE AUTOEXTEND ONNEXT 5M MAXSIZE 150M;

CREATE TABLESPACE usersDATAFILE ’/u01/oracle/sample/users01.dbf’ SIZE 3M REUSE AUTOEXTEND ON

NEXT 5M MAXSIZE 150M;CREATE TABLESPACE temp

DATAFILE ’/u01/oracle/sample/temp01.dbf’ SIZE 2M REUSE AUTOEXTEND ONNEXT 5M MAXSIZE 150M;

-- Create rollback segments.CREATE ROLLBACK SEGMENT rb1 STORAGE(INITIAL 50K NEXT 250K)

tablespace rbs;CREATE ROLLBACK SEGMENT rb2 STORAGE(INITIAL 50K NEXT 250K)

tablespace rbs;CREATE ROLLBACK SEGMENT rb3 STORAGE(INITIAL 50K NEXT 250K)

tablespace rbs;CREATE ROLLBACK SEGMENT rb4 STORAGE(INITIAL 50K NEXT 250K)

tablespace rbs;

-- Bring new rollback segments online and drop the temporary system oneALTER ROLLBACK SEGMENT rb1 ONLINE;ALTER ROLLBACK SEGMENT rb2 ONLINE;ALTER ROLLBACK SEGMENT rb3 ONLINE;ALTER ROLLBACK SEGMENT rb4 ONLINE;

ALTER ROLLBACK SEGMENT rb_temp OFFLINE;DROP ROLLBACK SEGMENT rb_temp ;

3 . N O r a c l e suqw] 5 0 W[ 1 5 0AΦksΦ

$ORACLE_HOME/dbs/init.ora PROCESSES C

: úP° Oracle suDiαjtºCNsu]AXz⌠

C

4. H alter sql ⁿOAN Oracle ϕµíqw]W[jC

SQL> alter database datafile ’location of DBF file\ENROLE1_DATA_001.DBF’ resize 500mSQL> alter database datafile ’Oracle db location of DBF file\ENROLE1_IDX_001.DBF’resize 500m

3 Ωwtm 21

|

|

|

|

SQL Server 2000 tm

Níw Microsoft SQL Server 2000 Tivoli Identity Manager emw

MßmwtmBJC

úO@íAú\ SQL Server 2000 wσ≤AoπΩTC

w SQL Server 2000b Windows tw SQL Server 2000 ºeA²¿UCG

1. ²ws SQL Server 2000 Service PackC

2. b SQL Server w@ºeAHzbßnJ Windows tC

bziHlw SQL Server FC

bwºßtm SQL Server 2000pGzntm≤ Tivoli Identity Manager [c SQL Server 2000A¿h

ßmw@C

1. MS SQL Server Enterprise ManagerC

2. VXíOC

a. ∩uπ -> SQL Server tme...

b. buwvW∩uSQL Server M Windows OvC

3. sΩwC

a. ²≡As² Microsoft SQL Server -> SQL Server SQL s -> ]

Windows NT -> ΩwC

b. ½kΣ÷@UΩwIA∩sΩwC

oeXuΩwev°íC

c. bu@δvWAΘJ itimdb @uWvµC

d. buΩvWAΘJUCΩTG

v ljp (MB)G20

v ∩uXjv∩C

v ∩uL¡XjvΩsC

e. buµ÷ΘxvΘJUCΩTG

v ljp (MB)G20

v ∩uXjv∩C

v ∩uL¡XjvΩsC

f. ÷@UTwC

22 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

4 ²°Atm

Níp≤tm²°ACoBJ]zºewgw²°AAiHt

m²°A Tivoli Identity Manager C

:

1. IBM Directory Server 5.1 iHw@ IBM DB2 ΩA²únwΓ IBM

DB2 ΩCpGnΣLΩTA\≤

http://www.ibm.com/software/network/directory IBM Directory Server σ≤Cp

ⁿΣ²°A÷ΩTA\ IBM Tivoli Identity Manager NC

2. pG IBM Directory Server 5.1 OºewAhiα]@3n²

WebSphere – Express ΩAo≡≡CpGnΣLΩTA\ 28

ybP@íqúW 5.1 M WebSphere Application ServerzC

3. ΩTD²°Aú¡ú≤sxBíσ≤NΩTC∩

≤zwΩTAp≤h÷ΩTA\ viiyeÑzñ

XHúúΣLXC

∩UC@G

v yIBM Directory Server tmz

v 29ySun ONE Directory Server tmz

IBM Directory Server tm

Níp≤tm IBM Directory ServerC

UCBJOw∩UCX⌡µG

dirserver_installdir

w IBM Directory Server ²CpG

v AIXG/usr/ldap/

v SolarisG

– IBM Directory Server 4.1 G/opt/IBMldapc/

– IBM Directory Server 5.1 G/opt/ldap/

v HP-UXG/usr/IBM/ldap/

v WindowsGc:\Program Files\IBM\ldap

cd_installdir

CD W²CpGnΣXAXz⌠ CDA\ 87² A,

yHMM≤úwMzñ CD1 íC

versionspecific_slapd

v IBM Directory Server 4.1 OH slapd @ⁿOAH slapd32.conf @

C

v IBM Directory Server 5.1 hH ibmslapd @ⁿOAH ibmslapd.conf

@C

© Copyright IBM Corp. 2004 23

|

my_suffix

z Tivoli Identity Manager rwq⌠≤Ap comC

pGntm IBM Directory ServerA⌡µUC@G

1. yⁿw Tivoli Identity Manager rz

2. y Tivoli Identity Manager tmπíz

3. 26y½s²°Az

4. 27y LDAP r½≤z

ⁿw Tivoli Identity Manager r

pGnⁿw Tivoli Identity Manager rAnJ IBM Directory Server tA

B⌡µUCBJG

1. bsΦ versionspecific_slapd.conf ºeA² ε IBM Directory ServerCIBM

Directory Server bl]w¬ Ab IBM Directory Server εm½

C

2. IBM Directory Server tmuπiµUC≤AOsΦUCG

v UNIX: <dirserver_installdir>/etc/versionspecific_slapd.conf

v Windows: <dirserver_installdir>\etc\versionspecific_slapd.conf

3. MΣo@µGibm-slapdSuffix: cn=localhost

4. b µU[Wßo@µGibm-slapdSuffix: dc=my_suffix

Σñ my_suffix NOz Tivoli Identity Manager wqrC

5. ÷tmñU@BA\y Tivoli Identity Manager tmπ

ízC

Tivoli Identity Manager tmπí

ziHbw Tivoli Identity Manager ºeºßAtmπíC

pGnMΣAXz⌠AjM 87² A, yHMM≤ú

wMzí CD 2CMΣUz²G

v AIXGDelRef/aix/

v HP-UXGDelRef/hpux/

v SolarisGDelRef/sun/

v WindowsGDelRef\nt\

MßMΣAϕG

v libdelref

Tivoli Identity Manager πíw

v timdelref

Tivoli Identity Manager tm

pGntmπíA⌡µUC@G

1. NUC Tivoli Identity Manager íwG

v AIXGlibdelref.a

24 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

: Y AIX W IBM Directory Server 5.2 AπXí

libdelrefids52.aCpMΣ Tivoli Identity Manager 4.5.1 ú

o÷ΩTA\ 87² A, yHMM≤úw

MzCw IBM Directory Server Patch P520A-00C Nns

libdelrefids52.a íwCp÷ΩTA\ IBM Tivoli Identity

Manager NC

v HP-UXGlibdelref.sl

v SolarisGlibdelref.so

v WindowsGlibdelref.dll

q CD 2 sUC²°AG

v UNIX: <dirserver_installdir>/lib

v Windows: <dirserver_installdir>\bin

2. N Tivoli Identity Manager tm timdelref.confAqAϕ CD ²sU

C²°A²G

v UNIX: <dirserver_installdir>/etc

v Windows: <dirserver_installdir>\etc

3. ∩UC²°AG

v UNIX: <dirserver_installdir>/etc/versionspecific_slapd.conf

v Windows: <dirserver_installdir>\etc\versionspecific_slapd.conf

⌡µUCBJG

a. bñjMo@µG

ibm-slapdPlugin: database path_to_rdbmfilename rdbm_backend_init

Σñ path_to_rdbmfilename tG

v AIXG/lib/libback-rdbm.a

v HP-UXG/lib/libback-rdbm.sl

v SolarisG/lib/libback-rdbm.so

v WindowsG/bin/libback-rdbm.dll

b. be@µUA≥ [WUzⁿO]NⁿOΘJ≤P@µG

v AIXG

ibm-slapdPlugin: preoperation<dirserver_installdir>/lib/libdelref.a DeleteReferenceInitfile=<dirserver_installdir>/etc/timdelref.conf dn=dc=my_suffix

: Y AIX W IBM Directory Serverr 5.2 Ab»zíñⁿw

libdelrefids52.a D libdelref.aCpMΣ Tivoli Identity Manager

4.5.1 úº libdelrefids52.a ÷ΩTA\ 87

² A, yHMM≤úwMzC

v HP-UXG

ibm-slapdPlugin: preoperation<dirserver_installdir>/lib/libdelref.sl DeleteReferenceInitfile=<dirserver_installdir>/etc/timdelref.conf dn=dc=my_suffix

v SolarisG

4 ²°Atm 25

|

|

|

|||

ibm-slapdPlugin: preoperation<dirserver_installdir>/lib/libdelref.so DeleteReferenceInitfile=<dirserver_installdir>/etc/timdelref.conf dn=dc=my_suffix

v WindowsG

ibm-slapdPlugin: preoperation "<dirserver_installdir>/bin/libdelref.dll"DeleteReferenceInit file="<dirserver_installdir>\etc\timdelref.conf"dn=dc=my_suffix

: Ynⁿw Windows W libdelref.dll M timdelref.conf ⌠A

N HAϕCAHuⁿw libdelref.dll

⌠C

4. ½s²°ACpGnΣLΩTA\y½s²°AzC

½s²°A

pGn ε½s IBM Directory ServerA⌡µUC@G

v WindowsGΘJUCⁿOG

net stop "IBM Directory Server version"net start "IBM Directory Server version"

Σñ version OⁿUC@ IBM Directory Server G

– V4.1

– V5.1

⌡µUC@G

1. ÷@Ul -> ]w -> εx -> zuπ -> AC

2. ½kΣ÷@U ″IBM Directory Server version″C

3. bí\αϕWA÷@UεAMßA÷@UC

4 . PπíOwg½stmCd

dirserver_installdir\var\versionspecific_slapd.log ñOⁿHU

TºG

¼ PREOPERATION íwgQqc:/Program Files/IBM/ldap/bin/libdelref.dll ⁿJ

v UNIXG

1. MßΘJUzⁿOG

ps -ef | grep versionspecific_slapd

2. Oϕe@ⁿOG ID (PID) XC

3. ΘJUí⌠Gkill <PID>

Σñ <PID> Q²e PID NC

4. Tw wg⌠AΦkO½⌡µ ps -ef | grep versionspecific_slapd

ⁿOAⁿOGSCX εC

5. ½s²°AA²s]wCΘJUzⁿOG

versionspecific_slapd

6. PπíOwg½stmCd

dirserver_installdir/var/ldap/versionspecific_slapd.log AoⁿU

TºG

26 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

¼ PREOPERATION íwgQq/usr/ldap/lib/libdelref.a ⁿJ

LDAP r½≤

b Tivoli Identity Manager LDAP r½≤ºeA²ⁿwrAMß½s

²°AC

pGn LDAP r½≤A⌡µUC@@G

v ⁿOµG@ suffix.ldif LDIF ApUG

dn: dc=my_suffixdc: my_suffixobjectclass: topobjectclass: domain

ldapadd ⁿOsWrC±ΦíAΘJUzⁿO]ΘJ≤P@µG

dirserver_installdir/bin/ldapadd -i full_path_to_suffix.ldif -D ldap_admin-w ldap_admin_password

v LDAP zDxGr½≤]N objectClass ] domainCUC

@nΘG

– IBM Directory Server 4.1 G²zuπ

– IBM Directory Server 5.1 GzDx

s IBM Directory Server zDx

pUs IBM Directory Server Web zDxG

1. b Windows WAΘJUCⁿOP IBM Directory Server 5.x @w

WebSphereG

ids_installdir\appsrv\startServer.bat server

2. Hs²UC⌠s IBM Directory Server zDxG

http://WAS_hostname/:9080/IDSWebApp/IDSjsp/Login.jsp

3. pGoOz@s IBM Directory Server zDxA⌡µUC@G

a. ΘJ ID ″superadmin″ MKX ″secret″AH Console Admin ¡≈nJC

b. ∩Dxz -> zDx°AC

c. sWs IBM Directory Server D≈WC

d. nXC

4. Ye@BJw¿A⌡µUC@G

a. ∩ IBM Directory Server zDxW LDAP D≈WC

b. ΘJW]τYAΘJ cn=rootMKXnJ IBM Directory ServerC

IBM Directory Server zDx

pU IBM Directory Server 5.1 Web zDxG

1. ÷@U²z -> sWC

2. ∩ domain @uc.½≤OvCMß÷U@BC

3. ún[WuU½≤OvC ÷U@BC

4. pGOu∩ DNvA[W dc=my_suffixC

5. pGOunvA[W my_suffixC

4 ²°Atm 27

|

|

|

|

|

|

|

|

|

|

|

|

|

|

6. ÷@U¿C

7. ÷@U²z -> zC

o CXr dc=my_suffixAΣ½≤O domainC

Bz Windows W IBM Directory Server 5.2 ⌡µⁿ¡ε

w]Ab Windows W⌡µ IBM Directory Server 5.2 Σ 64 µs

uCMATivoli Identity Manager ΩA LDAP suxs@A¬F 100

]w]P IBM Directory Server PsuC

Ynεosu¡εDA⌡µUC@G

1. b ibmslapd.conf ñsΦUCq¿G

dn: cn=Front End, cn=Configuration

boq¿[JUo@µG

ibm-slapdsetenv: SLAPD_OCHANDLERS=number-of-threads

Σñ@⌡µⁿΣ 64 suC

2. ½s IBM Directory ServerC

pNµMΦk÷ΩTA\ IBM Tivoli Identity Manager Problem

Determination Guide ñí IBM Directory Server suxsDC

bP@íqúW 5.1 M WebSphere Application ServerpG IBM Directory Server 5.1 ºewgsbAΣw[ciα3btW

n² WebSphere – ExpressC

pGzO Tivoli Identity ManagerAΓ WebSphere Application Server wbP@

íqúWAow[cNú WebSphere – Express ΩCWebSphere –

Express M WebSphere Application Server mP@≡Cbw Tivoli Identity

Manager M WebSphere Application Server ºeAz²úh⌠≤iαP WebSphere

– Express o≡≡C

WebSphere Application Server OUCw]≡]wG

v HTTP Θ]≡ 1G9080

v HTTP Θ]SSLA≡ 2G9443

v HTTP Θ]≡ 3G9090

v HTTP Θ]≡ 4G9043

v Bootstrap/rmi ≡G2809

v í½≤sqT≤w (SOAP) s ≡G8880

ziHσrsΦAN WebSphere – Express C@w]≡A∩ú≡C

pA⌡µUC@G

v ∩UCñC@ HTTP Θ≡G

dirserver_installdir\appsrv\config\cells\DefaultNode\nodes\DefaultNode\servers\server1\server.xmldirserver_installdir\appsrv\config\cells\DefaultNode\virtualhosts.xml

ΓUC HTTP Θ≡½¿ú≡G

28 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

|

|

|

|

|

– 9080

– 9443

– 9090

– 9043

v Bootstrap/rmi ≡G2809

MΣt≡ 2809 @µANª½¿ú≡C µObUoñG

dirserver_installdir\appsrv\config\cells\DefaultNode\nodes\DefaultNode\serverindex.xml

v SOAP s ≡G8880

MΣt≡ 8880 @µANª½¿ú≡C µObUoñG

dirserver_installdir\appsrv\config\cells\DefaultNode\nodes\DefaultNode\serverindex.xml

Sun ONE Directory Server tm

: bUσϕñAmy_suffix Oⁿz Tivoli Identity Manager wq⌠≤rA

p comC

pGntm Sun ONE Directory ServerA⌡µUC@G

1. uiPlanet DxvC

oeXuiPlanet DxvnJ∩°íC

2. τuz URLvñ≡AΘJzKXAMß÷@UTwC

3. iJDx≡¼²ñ²°AA÷@UC

4. ∩utmvC

5. ½kΣ÷@U²°A≡¼cutmvWΩAMß÷@Us

rC

oeXus rv∩°íC

6. bus rv∩°íñusrvσrµñAΘJ dc=my_suffix

7. buΩwWvσrµñAΘJznΩwWC

pAΘJUzⁿOG

itimdb

8. pGS∩÷pΩw∩A∩ªAMß÷@UTwC

oeXuTv∩°íC

9. buTv∩°íñA÷@UOC

oeAu²°AvDxC

10. ∩u²vC

11. ½kΣ÷@U²°A≡¼cñ²°AWC

oeX@\αϕC

12. b\αϕus ½≤vUA∩ dc=my_suffixC

oeXus½≤v∩°íC

4 ²°Atm 29

13. ∩ domainAMß÷@UTwC

oeX dc=my_suffix uesΦv∩°íC

14. buesΦv∩°íñ÷@UTwC

oeAu²°AvDxC

15. ∩@AMß÷@U½s²°AC

oN]wF Sun ONE Directory ServerC

16. ¿UCAXj Tivoli Identity Manager °AiOΘG

a. ²°ADxAMß÷@UtmC

b. i²≡ñΩIAMß÷@UΩw]wC

c. ÷@U LDBM í]wC

d. zwΘΩΘOΘANuOΘjpW¡v]w]AϕC

pG Sun ONE Directory Server Owbªv≈WA≥zNo

]tiOΘ 75%C

e. ÷@UxsC

f. i Tivoli Identity Manager íIC

±ΦíAdc=comC

g. b Tivoli Identity Manager íIñ∩Ωw½≤AMß÷@UΩ

w]wC

h. zwΘΩΘOΘANuiOΘv]w]AϕC

pG Tivoli Identity Manager O@o²íA≥zN

oA]uLDBM í]wvW]wuOΘjpW¡v

60%C

i. ÷@UxsC

j. ÷@U@AMß½s²°AC

30 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

5 µ@°AwGTivoli Identity Manager °A

Níbµ@°AtmñwMtm Tivoli Identity Manager °A@C

pGqúºeSw WebSphere Application Server BaseAµ@°Aw

UC°≤AwUCíMM≤G

v WebSphere Application Server Base

pGtWSUC⌠≤@ANw IBM Tivoli Identity Manager

NC WebSphere Application ServerBM≤ 2 H APARS C

– WebSphere Application Server 5.0 ≤

– WebSphere Application Server Network Deployment

v IBM HTTP Server

pG IBM HTTP Server úsbApG¡≤ 1.3.26ANw IBM

HTTP ServerC

v WebSphere Embedded Messaging Σ

v Tivoli Identity Manager °A

: pGwgwF WebSphere Application Server 5.0Ah Tivoli Identity Manager u

w Tivoli Identity Manager °AC

÷SwíMM≤A\ IBM Tivoli Identity Manager N

C

w@UoΓíG

v ylºez

v 38yw Tivoli Identity Manager °Az

lºe

blºeA⌡µUC@G

v MwAϕ (CD) M≤w Tivoli Identity ManagerCpGnΣL

ΩTA\ 87² A, yHMM≤úwMzC

v pGzO Orac le zΩwAo Orac le JDBC Xí

]classes12.zip s²ñC

v TwUC Tivoli Identity Manager nΘb⌡µñG

ϕ 1. í

nΘ pGnΣLΩTA\

Ωw 11 3 , yΩwtmz

²°A 23 4 , y²°Atmz

v Twi íBΩOΘMΣLíDoXíXCpGnΣL

ΩTA\ IBM Tivoli Identity Manager NC

© Copyright IBM Corp. 2004 31

|

|

|

|

: YX IBM Tivoli Identity Manager N nwΘDñí

xsΘíDAwNóC

v pG Tivoli Identity Manager ww WebSphere Application ServerAh

tX IBM Tivoli Identity Manager N 95² B, y

WebSphere ⌠z ñíDC÷ WebSphere DΣLΩTA\

WebSphere Application Server úσ≤C

v TwzπTzv¡CpGSAoov¡AMß½s≈AA

ϕv¡C

buzsvñ]²úOuzvCuzsvñ

πUCv¡G

– @í@t

– HAínJ

pGnMw∩v¡A⌡µUC@G

1. ÷@Ul -> εxC

2. buεxvWA÷@Uzuπ -> ≈wh -> ≈h -> v

QⁿwC

3. ÷@UAϕv¡[H∩C

v pGºewgw WebSphere Application ServerABwguWebSphere s

wvAbw Tivoli Identity Manager ºßA¿nΓBJCΣL÷

ßmwΩTA\ 104 yµIípbw Tivoli Identity

Manager ºßΓBJzC≤÷uswvΩTA\ WebSphere

Application Server úσ≤C

v PqúWeOUCΩAMßn≤@G

– WebSphere Application Server Base MM≤ 2 OwgsbH

:

1. bw Tivoli Identity Manager ºeºßAzM IBM Tivoli Identity

Manager N ñw∩ⁿw¡xííMM≤

DC

2. pG WebSphere Application Server 5.0 MM≤ 2 ΓPsbAw

ío@I]¡≤ Windows 2000CpG WebSphere Application

Server 5.0 sbA²O Fix Pack 2 úsbAwíNú@hiTºA

²ONúw Fix Pack 2Cwí]N WebSphere Application Server

Network Deployment Fix Pack 2Cp÷ΩTA\ IBM Tivoli Identity

Manager NC

3. b Windows 2003 WAWebSphere Application Server Base M WebSphere

Application Server Network Deployment wGi]A Fix Pack 2C

– WebSphere Embedded Messaging ΣOwgsbHpGtWwg

WebSphere Application ServerAwNúd WebSphere Embedded

Messaging Σ]OsbCboípUApG WebSphere Embedded Messaging

ΣúsbAA⌡µ WebSphere Application Server wíw WebSphere

Embedded Messaging ΣC

: pGz²eHΓΦíw WebSphere M Fix Pack 2Ahiα 3w

WebSphere Embedded Messaging ΣCpGzºßMww Tivoli Identity

32 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

ManagerAhz²HΓΦíw WebSphere Embedded Messaging Σ

½s⌡µ Fix Pack 2AMß&w Tivoli Identity ManagerC

v τ WebSphere Application Server µ÷A]w≈jA¼HBz

Tivoli Identity Manager u@qC÷∩o]wΩTA\ 100

ytm WebSphere Application Server µ÷A]wzCpGzú∩]wBz

u@qA≥nDiαb@ 3¿ºeNOC

v pGzbqúWwFúu@ WebSphere Application ServerAM

≡DCpGnΣLΩTA\yM≡DzC

v bznw Tivoli Identity Manager qúWAyÑ⌠]wAϕAHTOy

ѵíoHδC

v WebSphere Application Server M≤ 2 ]Mw Web °AqúWC

bwM≤ºeA² ε Web °AC

: tmϕñiαnX WebSphere Web íAΣñ]Abπ WebSphere

Application Server Network Deployment qúWw WebSphere Web Server

íC

v TwbuScript @vqñAs² (Microsoft Internet Explorer) u@ñ Script

@v]uvCp⌡µ@÷ΩTA\ 54 y

Tivoli Identity Manager °AqTzC

v ¿tmΩTu@ϕC

M≡D

UOiαo≡DG

v bw Tivoli Identity Manager ºeA²Tw WebSphere 5.0 P@ SOAP ≡A

ObUCmwqG

– Uzñ com.ibm.ws.scripting.portG

WAS_HOME\properties\wsadmin.properties

– bUzñAserver1 SOAP_CONNECTOR_ADDRESS U≡G

WAS_HOME\config\cells\<cell_name>\nodes\node_name\serverindex.xml

pGoú@AUCBJ≤≡G

1. wsadmin.properties C

2. Γ com.ibm.ws.scripting.port A∩zb serverindex.xml ΣC

: pG] SOAP ≡úTAwóA≤≡WµAMß½s⌡µ

ITIM_HOME/bin/runConfig install ⁿOC

v wªºßApGΩD≈≡P Tivoli Identity Manager ú@ATivoli

Identity Manager nJKóC

Tivoli Identity Manager ΩD≈≡O 80 M 9443CpGwqTAh

≡ 9443C

bqúWw@ WebSphere °AΩAiH Tivoli Identity Manager w

ΩD≈≡AⁿwTC

5 µ@°AwGTivoli Identity Manager °A 33

|

|

|

|

|

²pGbP@íqúWwG WebSphere °AΩ]p Network Deployment

ManagerANW Network Deployment Manager ≡C±ΦíAΩD

≈≡W 80 81AH 9443 9444CzN≡½stm Tivoli Identity

Manager XC

pGn≤ΩD≈≡As WebSphere zDxAMß⌡µUC@G

1. ÷@U⌠ -> ΩD≈ -> w]D≈ -> D≈OWC

2. NΩD≈≡∩ 80 H 9443C

3. NtmxsbDnxswA∩N≤PIPBC

4. ÷@U≤s Web °AíAMßA÷@UTwC

5. ½sOC

µ@°AwΩTu@ϕ

blwºeA²¼UCΩTG

ΩwΩT

ziHw∩÷píΩwzt¼UCΩTG

z ID ______________________________

bwΩwz ID]db2InstanceName OⁿΩwΩ

CpAIBM DB2 w]pUG

v UNIXGdb2inst1

v WindowsGdb2admin

pGnΣLΩTA\ 11yIBM DB2 tmzC

zKX ______________________________

z ID KXC

ΩwW ______________________________

iⁿw Tivoli Identity Manager °As ΩwΦíCpGΩwOw

b⌠AhuΩwWvNOⁿΩwWC±ΦíAuΩwW

vO itimdbCpGΩwOwb⌠AhuΩwWvNOⁿ

ΩwOWWCΣL÷ catalog ⁿOⁿwΩwΩTA\ 14ytm IBM DB2 JDBC XízC

Ωw¼ ______________________________

tΩw¼CpAIBM DB2 NO@ΩwC

ΩwG

Ωw ______enrole__________________

Tivoli Identity Manager °AnJΩwbßC ID O

enroleC

: o ID Lk≤C

KX ______mypassword______________

Tivoli Identity Manager °AnJΩwbßKXC

34 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

IP ______________________________

Ωw°A IP CIBM DB2 úno@ΩC² Oracle M SQL

Server 2000 (SP3) Nno@ΩFC

≡ ______________________________

Ωw°A≡CIBM DB2 úno@ΩC² Oracle M SQL

Server 2000 (SP3) Nno@ΩFC

Aw°iUCΩwxs"ΩTCΩwxs"ΩTMw Tivoli Identity

Manager °AiH±Ωw JDBC suCpGnΣLΩTA\

IBM Tivoli Identity Manager tmΓUC

ziH⌠÷≤⌠DUCUG

leq

Tivoli Identity Manager °AiH±Ωw JDBC sul

eqW¡

Tivoli Identity Manager °AiH±Ωw JDBC suW¡

nJ≡ϕ

suíjϕ

²°AΩT

¼UCΩTG

D≈W ______________________________

²°AD≈πWCpAidentity1.mylab.mydomain.comC

¡zí DN m ______________________________

bumvµΘJ]pAdc=comAPzbtm LDAP

r]pAdc=comPCpGnΣLΩTA\ 23 4

, y²°AtmzC

zW ______________________________

buzWvµΘJAπb\h Tivoli Identity Manager

í eWXϕñC@δíAo±-qW≤

íC±ΦíAIBM Corporation NO@WC

: ziHboµΘJµr (ASCII) rArrC

w]g ______________________________

buw]gvµñΘJAOb IBM Directory Server í

ANϕzCoqO-qWgC±ΦíAibmcorp NO@

gC

: uw]gvµuαΘJµr (ASCII) rAp σ

IDC

°Ωxs ______________________________

°ΩxsAOtΩiµd\CziH⌠÷⌠

Dw] (1)C

5 µ@°AwGTivoli Identity Manager °A 35

≡ ______________________________

²°A Ñ≡Ap 389C

DΘ DN ______________________________

DΘOW IDCpAcn=rootC

KX ______________________________

bw²°ADΘOW ID KXC

Aw°i Tivoli Identity Manager °Aαs LDAP suxs

"UC LDAP suxs"ΩTµCpGnΣLΩTA\ IBM Tivoli

Identity Manager tmΓUC

ziH⌠÷≤⌠DUCUG

xsjpW¡

⌠≤ LDAP suxs"hiH su

xsljp

w∩ LDAP suxs"lsu

Wqp

@.suúbñACnD@suAN[J LDAP suxs"ϕñ

suC

WebSphere Application Server µ@°AwΩT

µ@°Atm WebSphere Application Server wπUCµCpGnΣL

ΩTA\ 95² B, y WebSphere ⌠zC

z ID ______________________________

pGnw WebSphere Application ServerANπo@CΣO

WebSphere Application Server M IBM HTTP Server AC ID π

UCv¡AhNLkw Tivoli Identity ManagerG

v @í@t

v HAínJ

zKX ______________________________

z ID KX

u@D≈W ______________________________

bw WebSphere Application Server Base ΩΘqúWD≈WAª

Obiµµ@°Aw@πCpGwgw WebSphere Application

Server BaseANúXoµC

: pGzOuAD≈tmqT≤wv(DHCP) Pwqú IP A

únπqúD≈WCungYiC

w² ______________________________

WebSphere Appl ica t ion Server Base w²CpA²

drive:\Program Files\WebSphere\AppServerC oµ°≤pUG

36 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

v pG Tivoli Identity Manager wnw WebSphere Application Server BaseA

N±go@C

v pGwgw WebSphere Application Server BaseAhiQª@Tº

C

IW ______________________________

wqIWAqúQⁿwPπTw IP D≈ºΩΘqú

D≈W@C

≡ ______________________________

WebSphere Application Server Ñ≡Cw]O 9090Co≡iH

&µCpGwgw WebSphere Application Server BaseANúXoµ

C

°AW ______________________________pGºewgwF WebSphere Application ServerAKXoµAú

zΘJ WebSphere Application Server WCoObiµµ@°AwAz

íp Tivoli Identity Manager WebSphere Application ServerC

w]w

UCµOXbuttmwvWC

u[Kv∩

iN Tivoli Identity Manager eñΩwKXBLDAP H

WebSphere Application Server z ID [KC

í°Az

i²z]wMTUCKXG

t

WebSphere Application Server ID MKXCzub

uWebSphere swvA&nΘJoΩC

103yJ2EE wzΓBJíAo ID

ⁿ≤ wasadminC

EJB

bw@ºe²wqMKXCzub

uWebSphere swvA&nΘJoΩC

103yJ2EE wzΓBJíAo ID

ⁿ≤ itimadminC

: pGoµbªXwgw²±nAΣñiαtwasadmin CNoµ∩ itimadminC

WebSphere Embedded Messaging °AMß

¼UCΩTG

w² ______________________________

oOw WebSphere Embedded Messaging Σ²C

5 µ@°AwGTivoli Identity Manager °A 37

IBM HTTP Server ΩT

¼UCΩTG

w² ______________________________

biµµ@°AwπCoµub WebSphere Application Server

M IBM HTTP Server ΓúSw&XCoOw IBM HTTP Server

²C

Tivoli Identity Manager ΩT

NU÷ Tivoli Identity Manager ΩTG

[K≈

o≈iHO⌠≤µryCΣO Tivoli Identity Manager KXM

ΣL≈Kσr[KC b e n R o l e . p r o p e r t i e s ñOxs

enrole.encryption.passwordC

Oⁿh

πzblt AΣΘx/lCtziH]w INFO M

FATAL ºíuOⁿhvµXA∩ΘxCOⁿhU

Y½AtαUA]oϕgΘxΩTU,C

l≤°AW

SMTP l≤°AObΣd≥CSMTP D≈Ol≤hDC

ID ____itim manager________

Tivoli Identity Manager IDCwºßw]O itim managerCb

nJ Tivoli Identity Manager Ao IDC

KX ____secret______________

Qⁿw itim manager Tivoli Identity Manager z ID KXC

bwºßYw]KXO secretC

: zbnJ Tivoli Identity Manager °AA≤zbßKXC

w Tivoli Identity Manager °A

UoyANíbµ@°Atmñw Tivoli Identity Manager °A

≤≥C

38 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

pGnbµ@°Atmϕñw Tivoli Identity Manager °AA¿UCBJG

1. 40y²luw∩vMuvv°íz

Encryption key

Pre-installsummary

Configuredatabase

ConfigureLDAP

ConfigureSystem

No

No

Yes

Yes

WebSpheresecurity?

WebSpherealready

installed?

EnterCredential

Enternode name,server name

ConfirmWebSphere

directory

Enter installationdirectory

Selectdatabase type

WebSphere,HTTP serverdirectories

Host nameWebSphere node

name

SingleServer

Cluster/Functional

ClusterInstallType?

ClusterInstall

WebSphereMQ directory

WindowsAdministrator UserID and Password

5. µ@°Awy (Windows)

5 µ@°AwGTivoli Identity Manager °A 39

2. 41y∩w¼Mw²z

3. 41y∩Ωwz

4. 41y¿µ@°Aw°íz

5. 43yⁿw WebSphere swz

6. 45yⁿw[K≈B\¬emwKnz

7. 46ywiMΣLtmíz

8. 53yµ@°AwΘxM²z

9. 53y¿wtmz

10. 54y Tivoli Identity Manager °AqTz

²luw∩vMuvv°í

wO)@tCuw∩vMuvv°íª⌡Cn²l°íA⌡µ

UC@G

1. nJznw Tivoli Identity Manager °AqúC

:

a. zπtzMvbßnJ (Administrator)C

2. N Tivoli Identity Manager ú CD íJ≈ñCpGnΣXAXz⌠

CDA\ 87² A, yHMM≤úwMzC

3. ÷@Ul -> ⌡µC

4. ΘJz≈NAMßAΘJUzⁿOG

instWIN-WAS.exe

oeuw∩v°íC

: YznJbßS⌡µ instWIN-WAS.exe \ivAhzPbß\i

v⌡µC

5. pGn≤weMyÑA÷@UΦe σUΣA∩t@

yÑAMß÷@UTwC

: o∩ú∩ Tivoli Identity Manager íHß⌡µyÑM

≤C

oeuvXv°íC

6. uw∩v°í

40 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

6. \¬vXAMwO ⁿo°CpG ⁿA∩ⁿA ÷U@BC

∩w¼Mw²

oeu∩w¼v°íC

⌡µUC@G

1. ∩µ@°A∩AMß÷U@BC

oeu∩w²v°íC

2. ⁿw]w² c:\itim45A÷@U∩...A∩t@²C ÷U@BC

∩Ωw

oeu∩Ωw¼v°íC

∩UC@Ωw¼AMß÷U@BG

v IBM DB2 qΩw

v OracleCpGnΣLΩTA\ 16yTivoli Identity Manager Oracle

wMtmzC

v SQL Server 2000 (SP3). pGnΣLΩTA\ 22ySQL Server 2000

tmzC

¿µ@°Aw°í

pGS WebSphere Application Server M IBM HTTP ServerAhµ@°A

wpUG

7. u∩w¼v°í

5 µ@°AwGTivoli Identity Manager °A 41

1. eX@°íAnDzΘJ WebSphere Application ServerBIBM HTTP Server

H WebSphere Embedded Messaging °AMßw²C

ziH ⁿw]²A]iHΘJz0Γw WebSphere Application Server M

IBM HTTP Server ΣL²CpGOb Windows WAeXt@°íA

nDzΘJ WebSphere Embedded Messaging Σ²C ÷U@BC

: pGbTw WebSphere Application Server sbAhXt@

°íCpGbTw IBM HTTP Server sbAΣµNúX

bo°íC

2. UX@°íAúzΘJu@D≈WBIWH WebSphere

Application Server Ñ≡C

: pGwgw WebSphere Application ServerAh°íúzΘJ WebSphere

IWM WebSphere Application Server WCpGzO DHCP Pwq

ú IP AúnπqúD≈WCungYiC±ΦíA

identity1 OgA identity1.tivlab.raleigh.ibm.com hOπWC

8. uΘJUCΩw WebSphere Application Serverv°í

42 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

ziH ⁿw]A]iHA∩ªCMß÷U@BC

3. pG Tivoli Identity Manager nw WebSphere Application ServerAeXΣ

L°íAí WebSphere Application Server nDnΘCOϕoDA

÷@UTwC

4. oeX@°íAnDzΘJ Windows 2000 Administrator ID M

KXC±goµAMß÷@UTwCOo ID πUCv

¡G

v @í@t

v HAínJ

ⁿw WebSphere s w

oeuWebSphere wv°íC

: ubzwgw WebSphere Application Server ípUA&XuWebSphere

wMv°íC

9. uw WebSphere Application Server Base Ωv°í

5 µ@°AwGTivoli Identity Manager °A 43

pGuWebSphere swvA÷@Uw WebSphere wC

oXt@°íAnDzⁿw WebSphere Application Server ID MKXC

oNOb 103yJ2EE wzΓBJí wasadmin IDC

ΘJ ID MKXAMß÷U@BC

10. uWebSphere wv°í

11. uWebSphere zv°í

44 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

ⁿw[K≈B\¬emwKn

oeXuⁿw[K≈v°íAß≥ OuwKnv°íC

1. ΘJ[K≈A[K≈iHO⌠≤µryCΣO Tivoli Identity Manager

KXMΣL≈Kσr[KC b enRole.properties ñOxs

enrole.encryption.passwordC ÷U@BC

oeuemwKnv°íACXznw≤Bπi

íHw²]p c:\itim45C

2. ²Twwgπ íAMßA÷@UwC

pG Tivoli Identity Manager nw WebSphere Application ServerAhLF@q

íºßX@°íAnDzΘJt WebSphere Application Server wGi

X²C

3. pUⁿwwⁿIAMß÷@UU@BG

v Windows 2000: mount_point\nt

v Windows Server 2003, Enterprise Edition: mount_point\windows2003

bw@nDqA@tCwi°íCpGqúπn

ΩΦnXCU¡Aoqiαo°C

12. uⁿw[K≈v°í

5 µ@°AwGTivoli Identity Manager °A 45

|

|

wiMΣLtmí

wbYqw Tivoli Identity Manager °ACwºßAe

XΣL°íG

1. yTivoli Identity Manager Ωwltmz

2. 48yTivoli Identity Manager º²ltmz

3. 48yTivoli Identity Manager ltmz

Tivoli Identity Manager Ωwltm

oew∩UCtmA@Ωwtm°íG

v µ@°A

v bw Network Deployment Manager qúWAiµO\αOw

otmíiHtmeABb Tivoli Identity Manager Ωw]wϕµC

⌡µUC@G

1. ϕeXuTivoli Identity Manager Ωwtmv°íAΘJAϕC

13. uwiv°í

46 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

: Tivoli Identi ty Manager wús Oracle JDBC Xí

]classes12.zip CpGzO Oracle zΩwAhϕzΩ

wsuA¼ java.lang.ClassNotFoundException TºC

Yn≤oDA⌡µUC@G

a. ÷@U°AhXΩwtmí≥w@C

b. ϕw¿A⌡µUC@G

1) N Oracle JDBC Xí]classes12.zip qz²e

²szebΣWw IBM Tivoli Identity Manager ºqúW

ITIM_HOME/lib ²ñC

po Oracle JDBC Xí]classes12.zip º÷Ω

TA\ 87² A, yHMM≤úwMzC

ps²÷ΩTA\lw Tivoli Identity Manager ºe

n⌡µez@MµC

2) oXUCⁿOuΩwtmv°íG

ITIM_HOME\bin\DBConfig

3) ¿ΩwtmC

4) ε WebSphere Application ServerCUCⁿOG

WAS_HOME\bin\stopServer.bat servername

5) WebSphere Application ServerCUCⁿOG

WAS_HOME\bin\startServer.bat servername

2. ±g Tivoli Identity Manager ΩwΩwtmµCpGΩwO IBM

DB2AhuIP vMu≡vµe(ΓC²ΣLΩwú±goµ

C±ΦíAuΩwWvuOWvAO itimdb Cuz IDv

µAhOUC@G

v UNIXGdb2inst1

14. uΩwtmv°í

5 µ@°AwGTivoli Identity Manager °A 47

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

v WindowsGdb2admin

pGnΣLΩTA\ 12ytm IBM DB2 °AzC

3. ÷@UCϕzQΩwºßAuΩwtmv°íñu IDvM

uKXvµAK¿@ñµC

4. boµ±gAϕAMß÷@U≥C

Tivoli Identity Manager º²ltm

oew∩UCtmA@²°Atm°íG

v µ@°A

v bw Network Deployment Manager qúWAiµO\αOw

ziHΘJAϕA∩²°AiµltmAδ Tivoli Identity ManagerC

⌡µUC@G

1. ΘJuLDAP °AΩTvµC±ΦíAuD≈WvµANO⌡µ

²°AºqúπD≈WC

2. ÷@UCϕzQ²°AsuºßAu¡zí²ΩTv

qñµN¿@ñC

3. u¡zí DN mvO dc=my_suffixAªiHⁿw Tivoli Identity

Manager rCpGnΣLΩTA\ 24yⁿw Tivoli Identity

Manager rzCboµ±WAϕAMß÷@U≥C

Tivoli Identity Manager ltm

w¼ún Tivoli Identity Manager °Aúuttmv°íA

≤Ωw°AB²°AMΣLAG

15. u²tmv°í

48 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

1. u@δvO@tCtm Tivoli Identity Manager °Auttmv

ϕñ@C

u@δvµw²±nCΣL÷oµΩTA\ IBM

Tivoli Identity Manager tmΓUttmΩTC

2. ÷@U²C

oeu²v°íC

nA∩²°AΩTCpGoOO¿wA≥oΩT

Xºew∩ Network Deployment Manager ] LDAP WµC

3. ÷@UΩwC

oeuΩwv°íC

16. u@δv°í

17. u²v°í

5 µ@°AwGTivoli Identity Manager °A 49

4. ΘJ Tivoli Identity Manager ΩwuΩwWvsuΩTC±ΦíAuΩ

wWviαO itimdbCw] ID O enroleCpGoOO¿

wA≥oΩTXºew∩ Network Deployment Manager ]Ω

wWµC

5. ÷@UOⁿCoeuOⁿv°íC

6. ziH ⁿw] WARNA ⌠αqAΓo∩oyL@

IC

7. ÷@Ul≤A

ul≤v°íC

18. uΩwv°í

19. uOⁿv°í

50 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

8. bul≤vΘJAMß÷@UTwCΣL÷oµΩ

TA\ IBM Tivoli Identity Manager tmΓUC

:

a. u¡z°A URLvµANO Proxy °A URL ]pAIBM

HTTP ServerC

b. ΓH≤HA∩z⌠ Tivoli Identity Manager tzqll≤

Co@wn≤AhNeUúl≤WCqll≤

C

9. ÷@U UIC

oe UI °íC

20. ul≤v°í

21. UI °í

5 µ@°AwGTivoli Identity Manager °A 51

10. ⁿ UI w]A∩xMΩTAⁿwQ-qquw∩vπ

eM⌠CuMµjpviⁿw MµWCXXCp

GnΣLΩTA\ IBM Tivoli Identity Manager tmΓUCMß÷@U

TwC

11. ÷@UwC

oeuwv°íC

pGzuWebSphere swvAB]wΘJz ID MK

XA≥oµKw²±nCpGSuWebSphere swvAoµ

Ke#C

:

a. uEJB MKXvµlANOutMKXvµCz

iαo∩uEJB MKXvµCEJB ID °,≤ 12

rC

b. pGzbottmuwv°íñA≤ EJB ID EJB KX

A≥bw Tivoli Identity Manager ºßA⌡µ@ΓBJAN

wñΓ∩M ITIM Tivoli Identity ManagerCpGnΣL

ΩTA\ 103² C, ywqzC

12. ÷@UTwA¿ttmC

13. ATwΣL]AX⌡µ Tivoli Identity Manager M÷í

tmC

22. uwv°í

52 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

µ@°AwΘxM²

¿ttmºßAOoUCΘxmG

ϕ 2. wΘxWM²

W ²

dbConfig.stdoutldapConfig.stdoutitim45_installer_debug.txtrunConfig.stdout (on cluster install)runConfigTmp.stdout (on single server

and Network Deployment Manager)

ITIM_HOME\install_logs

itim45_install.stdoutitim45_install.stderr

t ²

Tivoli_Identity_Manager_InstallLog.log pGwQ¿Ah²

ITIM_HOMECpGwóAΘx±

b Windows αWC

log.txtihs_log.txtmq_install.logserver1/SystemOut.logitim.log

WAS_HOME\logs

ΣL÷ WebSphere Application Server ΘxΩTA\ WebSphere

Application Server σ≤C

¿wtm

pGzQn J2EE wA⌡µUC@G

v HΓΦí¿∩M@ABbw Tivoli Identity Manager ºßA½s J2EE

wCpGnΣLΩTA\ 104yµIípbw Tivoli Identity

Manager ºßΓBJzC

v Tw was.policy sbCpGnΣLΩTA\ 104 ytm

was.policy zC

bw Tivoli Identity Manager ºß runConfigbw Tivoli Identity Manager ºßAH runConfig ⁿOA¿UCíttmG

v ≤ enrole KXC

v ⁿwKX[KAH≤s Tivoli Identity Manager EJB ID MKXCpGn

ΣLΩTA\ 48yTivoli Identity Manager ltmzñAut

tmv°íWíC

ΣL÷ runConfig ⁿOΩTA\ IBM Tivoli Identity Manager tm

ΓUC

5 µ@°AwGTivoli Identity Manager °A 53

∩wyÑM≤

w Tivoli Identity Manager ºßApGw]yÑúO σA∩oMⁿ

Tivoli Identity Manager °AyÑM≤ CDCⁿOµíwyÑM≤C±

ΦíAΘJUo@µG

java -jar itimlp_setup.jar

oNiH Tivoli Identity Manager yÑM≤wíFCpGn¿yÑM≤

w@AϕwíeπUCⁿC

: n⌡µ Tivoli Identity Manager yÑM≤wíAα≈qⁿOµs Java

Runtime Environment 1.3.1C

Tivoli Identity Manager °AqT

pGnΩwB²°AM Tivoli Identity Manager °AOTtmAB

OqTA⌡µUC@G

1. JDBC XíATOªb⌡µñG

a. blºeA²Ωw°AM WebSphere Application Server úb⌡µ

ñCΣL÷ WebSphere Application Server ΩTA\ WebSphere

Application Server úσ≤C

b. s WebSphere Application Server zDxC

c. ÷@UΩ -> JDBC ΣCMß∩IC

d. ∩ d≥@°AAMß∩@°A]p server1A A÷@

UMC

e. JDBC úMµAMß÷ΓU ITIM JDBC úC

f. X∩A°uΣLevCMß÷@UΩC

g. b XuΩv∩ñA÷@UsuCoeX@h

TºAⁿXGC

pGóAΓ IBM DB2 ]wm≤TmCpGzΓ IBM

DB2 7.1 7.2 ftúnM≤Ab

WebSphere Application Server ºeA²⌡µ Shell ñ usejdbc2 Shell ScriptC

MßA@suCpGsuúqAτ enrole ID MKXOú

tmCpG IBM DB2 °AO°AANP@ IBM DB2

M≤hAMΩw°AMßC

: M≤ 3 N IBM DB2 7.1 ⌠Aα IBM DB2 7.2 @δ

ihCpGnΣLΩTA\ IBM Tivoli Identity Manager

NC

2. µ@°Aw Tivoli Identity Manager °ACpG°Aúb⌡µ

ñA Tivoli Identity Manager °AH⌠≤íCpGzO

IBM DB2A²Γ IBM DB2 ]wm≤mAA WebSphere

Application ServerC

÷@Ul -> í -> IBM WebSphere -> Application Server v5.0 ->

°AC]iHΘJUCeG

WAS_HOME\bin\startServer.bat servername

54 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

pG

WAS_HOME\bin\startServer.bat server1

3. nJ Tivoli Identity ManagerC±ΦíAbs²°íΘJUo@µG

http://hostname/enrole

Σñ hostname Oⁿ⌡µ Tivoli Identity Manager °AπqúW IP C

:

a. únqP@ßqúAΓWs²Ñq@CoΓÑq@

úOP@Ñq@ IDA]ΩiαúDC

b. bw Tivoli Identity Manager ºßAYOLkaX Tivoli Identity Manager n

JABS Tº#Ads² (Microsoft Internet

Explorer) w]wCuScript @vqñu@ñ Script @v

]uvC

pGnd≤]wA⌡µUC@G

1) bs²uπCWA÷@Uuπ -> ⌠⌠⌠∩C∩uwvC

2) buwvWA@÷@UUCTñC@AMß÷qh

C

v ⌠⌠⌠

v í⌠⌠

v H⌠

3) Nu]wvMµuScript @vAMßNu@ñ Script @v]

uvC

4) w∩C@CA÷@UTwC

5) pGúzuzTwHv∩A÷@UOC

c. pG Tivoli Identity Manager w@wF WebSphere Application Server M

Tivoli Identity Manager ºßAzoLknJA⌡µUC@G

1) NnXßAnJtC

2) AnJ Tivoli Identity ManagerC

3) pGLknJ Tivoli Identity ManagerA½s≈A]\iH≤Y⌠

]wM WebSphere Embedded Messaging ΣεCDC

d. pGzOQµ@nJ\αnJA∩yÑAN /language [b⌠

ßC±ΦíAΘJG

https://mysite.myco.com/itim/enrole/language

ΣL÷tm Web s²w]yÑA\ IBM Tivoli Identity Manager t

mΓUC

4. ΘJ Tivoli Identity Manager z ID (itim manager) MKX]≥ bw

ºßΘJA O ″secret″C

5. nBJA]ITIM CΣLΩTA\uWí

IBM Tivoli Identity Manager Policy and Organization Administration GuideC

pb⌡µñºBz÷ΩTA\ IBM Tivoli Identity Manager tmΓUC

5 µ@°AwGTivoli Identity Manager °A 55

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

°A-NzíqT

pGnN Tivoli Identity Manager tft Tivoli Identity Manager NzíA

πúATO Tivoli Identity Manager °AMNzíºíqTwC

∩≤ Tivoli Identity Manager Nzºuñ (Certificate Authority)v

≤ ITIM_HOME\cert ²ñCpGzQDΣ¼A\ IBM Tivoli

Identity Manager tmΓUAHSwNzíwΓUC

:

1. @w@Nzí]wAB²Γ]wwªºßAAwt@Nz

í]wCpGPwh]wAiαó Tivoli Identity Manager °A

½s≈C

2. pGw]yÑúO σAbw@ Tivoli Identity Manager NzíºeA

²∩oMⁿ Tivoli Identity Manager NzíyÑM≤ CDCⁿ

OµíAb Tivoli Identity Manager °AwNzíyÑM≤G

java -jar itimlp_agents_setup.jar

oNiH Tivoli Identity Manager yÑM≤wíFCpGn¿yÑM

≤w@AϕwíeπUCⁿC

: n⌡µ Tivoli Identity Manager yÑM≤wíAα≈qⁿOµs Java

Runtime Environment 1.3.1C

56 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

6 OwGTivoli Identity Manager °A

Níp≤bO\αOtmϕñAwMtm Tivoli Identity Manager °A

CboºeA²\¬ 9y Tivoli Identity Manager WebSphere ⌠

¡εzC

:

1. bO⌠ñATivoli Identity Manager wúw WebSphere Application

ServerCbOw Tivoli Identity Manager ºeA²wMtm WebSphere

≤C

2. Tivoli Identity Manager wbOWA@@íqúC

3. ÷íMM≤A\IBM Tivoli Identity Manager N

.

w@UoΓíG

v ylºez

v 63yw Tivoli Identity Manager °Az

lºe

blºeA⌡µUC@G

v MwAϕ (CD) M≤w Tivoli Identity ManagerCpGnΣL

ΩTA\ 87² A, yHMM≤úwMzC

v pGzO Orac le zΩwAo Orac le JDBC Xí

]classes12.zip s²ñC

v Pw²sb≤z⌠W WebSphere Application Server tmAO 9y

Tivoli Identity Manager WebSphere ⌠¡εzC@tmC

v ¿BJc WebSphere Application Server Cell H@hOAoeN

b 59y Network Deployment Manager OzM 95ytm

Tivoli Identity Manager Ozñ[HíC

v TwUCUb⌡µñG

ϕ 3. Uoíb⌡µñ

nΘ ΣLΩTA\G

Ωw 11 3 , yΩwtmz

²°A 23 4 , y²°Atmz

Network Deployment Manager 99yTO Network Deployment Manager M

INzíb⌡µñzWebSphere Application Server INz

í

WebSphere Application Server JMS °A

oO WebSphere Embedded Messaging Σ

: pGºew WebSphere MQ 5.3 sbA\

95y WebSphere MQ 5.3 zC

© Copyright IBM Corp. 2004 57

|

|

|

|

v Xi íMΩOΘDCpGnΣLΩTA\ IBM

Tivoli Identity Manager NC

: YX IBM Tivoli Identity Manager N nwΘDñí

íΣLDAwNóC

v πTzv¡]zCpGSAoov¡AMß½s

≈AAϕv¡C

v M≡DCpGnΣLΩTA\yM≡DzC

v bznw Tivoli Identity Manager qúWAyÑ⌠]wAϕAHTOy

ѵíoHδC

v WebSphere Application Server M≤ 2 ]Mw Web °AqúWC

bwM≤ºeA² ε Web °AC

: tmϕñiαnX WebSphere Web íAΣñ]Abπ WebSphere

Application Server Network Deployment qúWw WebSphere Web Server

íC

v TwbuScript @vqñAs² (Microsoft Internet Explorer) u@ñ Script

@v]uvCp⌡µ@÷ΩTA\ 82 y

Tivoli Identity Manager °AqTzC

v ¿tmΩTu@ϕC

M≡D

UOiαo≡DG

v bw Tivoli Identity Manager ºeA²Tw WebSphere 5.0 P@ SOAP ≡A

ObUCmwqG

– Uzñ com.ibm.ws.scripting.portG

WAS_NDM_HOME\properties\wsadmin.properties

– bUzñAserver1 SOAP_CONNECTOR_ADDRESS U≡G

WAS_NDM_HOME\config\cells\cell_name\nodes\node_name\serverindex.xml

pGoú@AUCBJ≤≡G

1. wsadmin.properties C

2. Γ com.ibm.ws.scripting.port A∩zb serverindex.xml ΣC

:

1. pG] SOAP ≡úTAwóA≤≡WµAMß½s⌡µ

runConfig ⁿOC

2. pG WebSphere Application Server Network Deployment M WebSphere Application

Server OwbP@tWA serverindex.xml HM

WebSphere Application Server Network Deployment Manager ≡C

v wªºßApGΩD≈≡P Tivoli Identity Manager ú@ATivoli

Identity Manager nJKóC

Tivoli Identity Manager ΩD≈≡O 80 M 9443CpGwqTA

h≡ 9443C

58 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

bqúWw@ WebSphere °AΩAiH Tivoli Identity Manager w

ΩD≈≡AⁿwTC

²pGbP@íqúWwG WebSphere °AΩ]p Network Deployment

ManagerANW Network Deployment Manager ≡C±ΦíAΩD

≈≡W 80 81AH 9443 9444CzN≡½stm Tivoli Identity

Manager XC

pGn≤ΩD≈≡As WebSphere zDxAMß⌡µUC@G

1. ÷@U⌠ -> ΩD≈ -> w]D≈ -> D≈OWC

2. NΩD≈≡∩ 80 H 9443C

3. NtmxsbDnxswA∩N≤PIPBC

4. ÷@U≤s Web °AíAMßA÷@UTwC

5. ½sOC

Network Deployment Manager O

: ÷ⁿw WebSphere Cell ΩTA\ 95ytm Tivoli Identity

Manager OzC

pGnOABbOJO¿Abw Tivoli Identity Manager ºeA

WebSphere zDx⌡µUC@G

1. nJ Network Deployment Manager zDxC

2. b¬íµñA÷@U°A -> OC

3. ÷@UsC

oeXusOv∩C

4. ΘJsOWCpAΘJ ITIM_CLUSTERC

:

a. pGznhO\αOA½⌡µoABⁿw@O

WApA ⁿw ITIM_UI_CLUSTERA@ú Tivoli Identity Manager

hOWAⁿw ITIM_WF_CLUSTERA@ú Tivoli Identity

Manager u@yht@OWC

b. OjpgC

5. Mß÷U@BC

oeXusO°Av∩C

6. ]znXO¿nⁿwAΘJsO¿WA∩ΣIAMß

A÷@UMC

ousO°Av∩AKXO¿MµCdo

≈MµATwsO¿wg[JC

7. t[JΣLO¿AΦkOΘJC@sO¿WAB∩Σ

IC¿í[JºßAA÷U@BC

oeXuKnv∩ACXO¿Cdo≈KnATwO¿

WM°AWúSC

6 OwGTivoli Identity Manager °A 59

8. ÷@U¿C

9. ÷@UOAizO≡AMßAdΣ¿C

10. pGOTⁿwA÷@UOAA÷@UxsAΓsOxs Network

Deployment Manager DnxswCΣL÷OxswA\ WebSphere

Application Server ⌡!úΩTCpGnΩTA\ viiiy

úyzC

: bxstmA∩N≤PIPBC

11. ≤s Web °AíCYno≥A÷@U⌠ -> ≤s Web °A

í -> TwC

OwΩTu@ϕ

blwºeA²¼UCΩTG

ΩwΩT

ziHw∩÷píΩwzt¼UCΩTG

z ID ______________________________

bwΩwz ID]db2InstanceName OⁿΩwΩ

CpAIBM DB2 w]pUG

v UNIXGdb2inst1

v WindowsGdb2admin

pGnΣLΩTA\ 11yIBM DB2 tmzC

zKX ______________________________

z ID KXC

ΩwW ______________________________

iⁿw Tivoli Identity Manager °As ΩwΦíCpGΩwOw

b⌠AhuΩwWvNOⁿΩwWC±ΦíAuΩwW

vO itimdbCpGΩwOwb⌠AhuΩwWvNOⁿ

ΩwOWWCΣL÷ catalog ⁿOⁿwΩwΩTA\ 14ytm IBM DB2 JDBC XízC

Ωw¼ ______________________________

tΩw¼CpAIBM DB2 NO@ΩwC

ΩwG

Ωw ______enrole__________________

Tivoli Identity Manager °AnJΩwbßC ID O

enroleC

: o ID Lk≤C

KX ______mypassword______________

Tivoli Identity Manager °AnJΩwbßKXC

IP ______________________________

60 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

Ωw°A IP CIBM DB2 úno@ΩC² Oracle M SQL

Server 2000 (SP3) Nno@ΩFC

≡ ______________________________

Ωw°A≡CIBM DB2 úno@ΩC² Oracle M SQL

Server 2000 (SP3) Nno@ΩFC

Aw°iUCΩwxs"ΩTCΩwxs"ΩTMw Tivoli Identity

Manager °AiH±Ωw JDBC suCpGnΣLΩTA\

IBM Tivoli Identity Manager tmΓUC

ziH⌠÷≤⌠DUCUG

leq

Tivoli Identity Manager °AiH±Ωw JDBC sul

eqW¡

Tivoli Identity Manager °AiH±Ωw JDBC suW¡

nJ≡ϕ

suíjϕ

²°AΩT

¼UCΩTG

D≈W ______________________________

²°AD≈πWCpAidentity1.mylab.mydomain.comC

¡zí DN m ______________________________

bumvµΘJ]pAdc=comAPzbtm LDAP

r]pAdc=comPCpGnΣLΩTA\ 23 4

, y²°AtmzC

zW ______________________________

buzWvµΘJAπb\h Tivoli Identity Manager

í eWXϕñC@δíAo±-qW≤

íC±ΦíAIBM Corporation NO@WC

: ziHboµΘJµr (ASCII) rArrC

w]g ______________________________

buw]gvµñΘJAOb IBM Directory Server í

ANϕzCoqO-qWgC±ΦíAibmcorp NO@

gC

: uw]gvµuαΘJµr (ASCII) rAp σ

IDC

°Ωxs ______________________________

°ΩxsAOtΩiµd\CziH⌠÷⌠

Dw] (1)C

≡ ______________________________

6 OwGTivoli Identity Manager °A 61

²°A Ñ≡Ap 389C

DΘ DN ______________________________

DΘOW IDCpAcn=rootC

KX ______________________________

bw²°ADΘOW ID KXC

Aw°i Tivoli Identity Manager °Aαs LDAP suxs

"UC LDAP suxs"ΩTµCpGnΣLΩTA\ IBM Tivoli

Identity Manager tmΓUC

ziH⌠÷≤⌠DUCUG

xsjpW¡

⌠≤ LDAP suxs"hiH su

xsljp

w∩ LDAP suxs"lsu

Wqp

@.suúbñACnD@suAN[J LDAP suxs"ϕñ

suC

WebSphere Application ServerOwΩT

Otm WebSphere Application Server wπUCµCpGnΣLΩTA

\ 95ytm Tivoli Identity Manager OzC

OW _____________________________zºebc WebSphere Application Server Cell OWCpG

Oµ@OA ITIM_CLUSTER WCpGO\αOA

ITIM_UI_CLUSTER M ITIM_WF_CLUSTER WCiµµ@°AwA

úXoµC

: zΘJOWMΣL WebSphere IDAújpgC

w² ______________________________

WebSphere Application Server Base w²CpASolaris w]²O

/opt/WebSphere/AppServerCpGwgw WebSphere Application Server BaseA

NΓoµϕ@C

Oⁿh

πzblt AΣΘx/lCtziH]w INFO M

FATAL ºíuOⁿhvµXA∩ΘxCOⁿhU

Y½AtαUA]oϕgΘxΩTU,C

l≤°AW

SMTP l≤°AObΣd≥CSMTP D≈Ol≤hDC

w]w

UCµOXbuttmwvWC

u[Kv∩

iN Tivoli Identity Manager eñΩwKXBLDAP H

WebSphere Application Server z ID [K

62 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

í°Az

i²z]wMTUCKXG

t

WebSphere Application Server ID MKXCzub

uWebSphere swvA&nΘJoΩCoNO

b 103yJ2EE wzΓBJí wasadmin

IDC

EJB

bw@ºe²wqMKXCzub

uWebSphere swvA&nΘJoΩCoNO

b 103yJ2EE wzΓBJí itimadmin

IDC

: pGoµbªXwgw²±nAΣñiαtwasadmin CNoµ∩ itimadminC

Tivoli Identity Manager ΩT

NU÷ Tivoli Identity Manager ΩTG

[K≈

o≈iHO⌠≤µryCΣO Tivoli Identity Manager KXM

ΣL≈Kσr[KC b e n R o l e . p r o p e r t i e s ñOxs

enrole.encryption.passwordC

Oⁿh

πzblt AΣΘx/lCtziH]w INFO M

FATAL ºíuOⁿhvµXA∩ΘxCOⁿhU

Y½AtαUA]oϕgΘxΩTU,C

l≤°AW

SMTP l≤°AObΣd≥CSMTP D≈Ol≤hDC

ID ____itim manager________

Tivoli Identity Manager IDCwºßw]O itim managerCb

nJ Tivoli Identity Manager Ao IDC

KX ____secret______________

Qⁿw itim manager Tivoli Identity Manager z ID KXC

bwºßYw]KXO secretC

: zbnJ Tivoli Identity Manager °AA≤zbßKXC

w Tivoli Identity Manager °A

UoyANíbOtmñw Tivoli Identity Manager °A≤≥

C

6 OwGTivoli Identity Manager °A 63

Γ Tivoli Identity Manager °AwbOtmñG

: w Tivoli Identity Manager °AA²oAXz⌠ CDCpG

nΣLΩTA\ 87 ² A, yHMM≤úwM

zC

1. wbw Network Deployment Manager qúWCwAú Tivoli Identity

Manager ΩwM²°AltmC

2. wbC@íπO¿qúWC

23. Owy

64 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

: TwzºeTΩwg¿ 57ylºezúBJC

pGnw Tivoli Identity Manager °AA⌡µUC@G

1. y²luw∩vMuvv°íz

2. 66y∩w¼Mw]w²z

3. 67y∩Ωwz

4. 67y¿Owz

5. 70yⁿw WebSphere swz

6. 72yⁿw[K≈B\¬emwKnz

7. 73ywiMΣLtmíz

8. 80yOwΘxM²z

9. 80y¿wtmz

10. 82y Tivoli Identity Manager °AqTz

²luw∩vMuvv°í

wO)@tCuw∩vMuvv°íª⌡CpGn²l°íA

⌡µUC@G

1. nJznw Tivoli Identity Manager °AqúC

:

a. zπtzMvbßnJ (Administrator)C

2. N Tivoli Identity Manager ú CD íJ≈ñC

3. ÷@Ul -> ⌡µC

4. ΘJz≈NAMßAΘJUzⁿOG

instWIN-WAS.exe

oeuw∩v°íC

: YznJbßS⌡µ instWIN-WAS.exe \ivAhzPbß\i

v⌡µC

5. pGn≤weMyÑA÷@UΦe σUΣA∩t@

yÑAMß÷@UTwC

24. uw∩v°í

6 OwGTivoli Identity Manager °A 65

|

|

|

: o∩ú∩ Tivoli Identity Manager íHß⌡µyÑM

≤C

oeuvXv°íC

6. \¬vXAMwO ⁿo°CpG ⁿA∩ⁿAMß÷U@BC

∩w¼Mw]w²

oeu∩w¼v°íC

1. ∩O\αOAMß÷U@BC

: oXß≥°íA²zⁿw\αOOúO UI WF h@íCp

Gz∩O@w¼ANúXo°íC

oeu½nΩTv°íC

2. τ WebSphere Network Deployment Manager M WebSphere INzí

úiHB@AMßA≥iµCpGnΣLΩTA\ 99yTO

Network Deployment Manager MINzíb⌡µñzCMß÷U@BC

oeu∩w²v°íC

3. ⁿ Tivoli Identity Manager w] c:\itim45 w²AO÷@U∩... ¿Σúⁿwt@²CMß÷U@BC

:

a. bOtmñA∩OñCíqúW Tivoli Identity Manager w²ⁿw

PmCbwºeA²Twz∩mNúAϕíiw

bCíqúWC

25. u∩w¼v°í

66 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

b. bO⌠]@δ\αOñAO¿w²WúO

PCⁿwP²AKyßbúPO¿qúWoO HR

í⌡µDCpAbO¿qúWⁿw \itim45

²CADSML ¡≈ΘJMebC@IP@²

ñC

∩Ωw

oeu∩Ωw¼v°íC

∩UC@Ωw¼AMß÷U@BG

v IBM DB2 qΩw

v OracleCpGnΣLΩTA\ 16yTivoli Identity Manager Oracle

wMtmzC

v SQL Server 2000 (SP3). pGnΣLΩTA\ 22ySQL Server 2000

tmzC

¿Ow

oeu∩OI¼v°íC

1. ∩@I¼Cz²Γ Tivoli Identity Manager wbww Network

Deployment Manager qúWAAΓ Tivoli Identity Manager wbO¿WC

: z]iHΓ Network Deployment Manager MO¿AwbP@íqúWC

úLoíqúπnOΘBtMiíAiHtXBu@

qC

oeu∩\αO¿Ωµv°íC

26. u∩OI¼v°í

6 OwGTivoli Identity Manager °A 67

|

|

|

|

|

: pGzºeOⁿw\αO@w¼ANXUo°íCpGz∩O@w¼ANúXo°íC

2. pGO\αOA∩oíqúOuUI Ov¿AOuu@yOv¿C

Mß÷U@BC

: únPⁿw UI O¿Mu@yO¿P@íqúC

oeX@Ω°íAnDzΘJ@hOWC

3. pGOµ@]@δOAΘJ@OWAp itim_clusterC

27. u∩\αO¿Ωµv°í

68 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

∩aApGw¼O\αOAo°íKnDzΘJhOWC

4. ΘJzºewq Network Deployment Manager OWCMß÷U@BC

pGOO¿wAoeKX@uΘJ LDAP ²ΩTv°íC

28. uWebSphere Application Server Ωv°í]OW

29. uWebSphere Application Server Ωv°í]\αOw

6 OwGTivoli Identity Manager °A 69

: pG Tivoli Identity Manager wOⁿw Network Deployment ManagerAN

úXo°íC

5. buLDAP ²ΩTv°íµñAΘJzºeXºΩTu@ϕΩC

C@O¿oΩTAúXzºeb Network Deployment Manager i

µDn Tivoli Identity Manager wAs@ LDAP WµCC@O¿

ΩTú PCpGnΩTA\ 61 y²°AΩ

TzCMß÷U@BC

ⁿw WebSphere s w

oeuWebSphere wv°íC

30. uLDAP ²ΩTv°í

70 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

pGuWebSphere swvA÷@Uw WebSphere wC

oXt@°íAnDzⁿw WebSphere Application Server ID MKXC

oNOb 103yJ2EE wzºΓBJí wasadmin IDC

ΘJ ID MKXAMß÷U@BC

31. uWebSphere wv°í

32. uWebSphere zv°í

6 OwGTivoli Identity Manager °A 71

ⁿw[K≈B\¬emwKn

oeXuⁿw[K≈v°íAß≥ OuwKnv°íC

1. ΘJ[K≈A[K≈iHO⌠≤µryCΣO Tivoli Identity Manager

KXMΣL≈Kσr[KC b enRole.properties ñOxs

enrole.encryption.passwordCMß÷U@BC

oeuemwKnv°íACXznw≤Bπi

íHw²]p c:\itim45C

2. ²Twwgπ íAMßA÷@UwC

bw@nDqA@tCwi°íCpGqúπn

ΩΦnXCU¡Aoqiαo°C

33. uⁿw[K≈v°í

72 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

wiMΣLtmí

wbYqw Tivoli Identity Manager °ACwºßAe

XΣL°íG

1. ub WebSphere Network Deployment Manager qúWiµw@A&

XUC°íG

a. ΩwtmCpGnΣLΩTA\yTivoli Identity Manager Ωw

ltmzC

b. ²°ACpGnΣLΩTA\ 75yTivoli Identity Manager

º²ltmzC

2. b WebSphere Network Deployment Manager O¿qúWiµw@

LñA@ttm°íA²ztm Tivoli Identity ManagerCpGnΣ

LΩTA\ 75yTivoli Identity Manager ltmzC

Tivoli Identity Manager Ωwltm

oew∩UCtmA@Ωwtm°íG

v µ@°A

v bw Network Deployment Manager qúWAiµO\αOw

otmíiHtmeABb Tivoli Identity Manager Ωw]wϕµC

⌡µUC@G

1. ϕeXuTivoli Identity Manager Ωwtmv°íAΘJAϕC

34. uwiv°í

6 OwGTivoli Identity Manager °A 73

: Tivoli Identi ty Manager wús Oracle JDBC Xí

]classes12.zip CpGzO Oracle zΩwAhϕzΩ

wsuA¼ java.lang.ClassNotFoundException TºC

Yn≤oDA⌡µUC@G

a. ÷@U°AhXΩwtmí≥w@C

b. ϕw¿A⌡µUC@G

1) N Oracle JDBC Xí]classes12.zip qz²e

²szebΣWw IBM Tivoli Identity Manager ºqúW

ITIM_HOME/lib ²ñC

po Oracle JDBC Xí]classes12.zip º÷Ω

TA\ 87² A, yHMM≤úwMzC

ps²÷ΩTA\lw Tivoli Identity Manager ºe

n⌡µez@MµC

2) oXUCⁿOuΩwtmv°íG

ITIM_HOME\bin\DBConfig

3) ¿ΩwtmC

4) εO¿°AC

5) O¿°AC

2. ±g Tivoli Identity Manager ΩwΩwtmµCpGΩwO IBM

DB2AhuIP vMu≡vµe(ΓC²ΣLΩwú±goµ

C±ΦíAuΩwWvuOWvAO itimdb Cuz IDv

µAhOUC@G

v UNIXGdb2inst1

v WindowsGdb2admin

pGnΣLΩTA\ 12ytm IBM DB2 °AzC

35. uΩwtmv°í

74 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

3. ÷@UCϕzQΩwºßAuΩwtmv°íñu IDv

MuKXvµAK¿@ñµC

4. boµ±gAϕAMß÷@U≥C

Tivoli Identity Manager º²ltm

oew∩UCtmA@²°Atm°íG

v µ@°A

v bw Network Deployment Manager qúWAiµO\αOw

ziHΘJAϕA∩²°AiµltmAδ Tivoli Identity ManagerC

⌡µUC@G

1. ΘJuLDAP °AΩTvµC±ΦíAuD≈WvµANO⌡µ

²°AºqúπD≈WC

2. ÷@UCϕzQ²°AsuºßAu¡zí²ΩTv

qñµN¿@ñC

3. u¡zí DN mvO dc=my_suffixAªiHⁿw Tivoli Identity

Manager rCpGnΣLΩTA\ 24yⁿw Tivoli Identity

Manager rzCboµ±WAϕAMß÷@U≥C

Tivoli Identity Manager ltm

w¼únuttmv°íW Tivoli Identity Manager °Aú

A≤Ωw°AB²°AMΣLAG

1. u@δvO@tCtm Tivoli Identity Manager °Auttmv

ϕñ@C

36. u²tmv°í

6 OwGTivoli Identity Manager °A 75

u@δvµw²±nCΣL÷oµΩTA\ IBM

Tivoli Identity Manager tmΓUttmΩTC

2. ÷@U²C

oeu²v°íC

nA∩²°AΩTCpGoOO¿wA≥oΩT

Xºew∩ Network Deployment Manager ] LDAP WµC

pGoOO¿wAz÷sC÷@UCo X

@°íAiDzwgQsuC÷@UTwA÷¼°íC

3. ÷@UΩwC

oeuΩwv°íC

37. u@δv°í

38. u²v°í

76 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

4. ΘJ Tivoli Identity Manager ΩwuΩwWvsuΩTC±ΦíAuΩ

wWviαO itimdbCw] ID O enroleCpGoOO¿

wA≥oΩTXºew∩ Network Deployment Manager ]Ω

wWµC

pGoOO¿wAz÷sC÷@UCpGQ

ªANuΩwxs"ΩTvqñΣlµC÷@UTwA÷¼°

íC

5. ÷@UOⁿCoeuOⁿv°íCziH ⁿw] WARNA

⌠αqAΓo∩oyL@IC

6. ÷@Ul≤A

ul≤v°íC

39. uΩwv°í

40. uOⁿv°í

6 OwGTivoli Identity Manager °A 77

7. bul≤vΘJAMß÷@UTwCΣL÷oµΩ

TA\ IBM Tivoli Identity Manager tmΓUC

:

a. u¡z°A URLvµANO Proxy °A URL ]pAn

J Tivoli Identity Manager IBM HTTP ServerC

b. ΓH≤HA∩z⌠ Tivoli Identity Manager tzqll≤

Co@wn≤AhNeUúl≤WCqll≤

C

8. ÷@U UIC

oe UI °íC

41. ul≤v°í

42. UI °í

78 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

9. ⁿ UI w]A∩xMΩTAⁿwQ-qquw∩vπ

eM⌠CuMµjpviⁿw MµWCXXCp

GnΣLΩTA\ IBM Tivoli Identity Manager tmΓUCMß÷@U

TwC

10. ÷@UwC

oeuwv°íC

pGzºe∩∩ WebSphere Application Server wAoµNw

²±nCpGS WebSphere Application Server wAoµNOd#C

:

a. uEJB MKXvµlANOutMKXvµCz

iαo∩uEJB MKXvµCEJB ID °,≤ 12

rC

b. pGzbottmuwv°íñA≤ EJB ID EJB KX

A≥bw Tivoli Identity Manager ºßA⌡µ@ΓBJAN

wñΓ∩M ITIM Tivoli Identity ManagerC

11. ÷@UTwA¿ttmC

12. ATwΣL]AX⌡µ Tivoli Identity Manager M÷í

tmC

43. uwv°í

6 OwGTivoli Identity Manager °A 79

OwΘxM²

¿ttmºßAOoUCwΘxmG

ϕ 4. wΘxWM²

W ²

dbConfig.stdoutldapConfig.stdoutitim45_installer_debug.txtrunConfig.stdout]OwrunConfigTmp.stdout (on single server

and Network Deployment Manager)

ITIM_HOME/install_logs

itim45_install.stdoutitim45_install.stderr

t ²

Tivoli_Identity_Manager_InstallLog.log pGwQ¿Ah²

ITIM_HOMECpGwóAΘx±

bWindows αWC

÷ WebSphere Application Server wΘxA\ WebSphere Application

Server σ≤C

¿wtm

pGzQn J2EE wA⌡µΓBJA¿∩M@ABbw Tivoli

Identity Manager ºßA½s J2EE wCpGnΣLΩTA\UC@

G

v 104yµIípbw Tivoli Identity Manager ºßΓBJz

v 107yhIípbw Tivoli Identity Manager ºßΓBJz

v Tw was.policy sbCpGnΣLΩTA\ 108 ytm

was.policy zC

bw Tivoli Identity Manager ºß runConfigbw Tivoli Identity Manager ºßAH runConfig ⁿOA¿UCíttmG

v ≤ enrole KXC

v ⁿwKX[KAH≤s Tivoli Identity Manager EJB ID MKXCpGn

ΣLΩTA\ 75yTivoli Identity Manager ltmzñAut

tmv°íWíC

ΣL÷ runConfig ⁿOΩTA\ IBM Tivoli Identity Manager tm

ΓUC

∩wyÑM≤

w Tivoli Identity Manager ºßApGw]yÑúO σA∩oMⁿ

Tivoli Identity Manager °AyÑM≤ CDCⁿOµíwyÑM≤C±

ΦíAΘJUo@µG

java -jar itimlp_setup.jar

80 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

oNiH Tivoli Identity Manager yÑM≤wíFCpGn¿yÑM≤

w@AϕwíeπUCⁿC

: n⌡µ Tivoli Identity Manager yÑM≤wíAα≈qⁿOµs Java

Runtime Environment 1.3.1C

∩wq HTTP Ñq@≥

ziH∩ WebSphere Application Server wq HTTP Ñq@≥CΣL

ΩTA\ WebSphere ΩTñ HTTP Ñq@zσ≤C

: Y WebSphere Application Server b Tivoli Identity Manager OϕñóFA

Ñq@≥]ú²@δPo@IC

τµ÷A]w

τ WebSphere Application Server µ÷A]w≈jA¼HBz Tivoli

Identity Manager u@qC÷∩o]wΩTA\ 100ytm

WebSphere Application Server µ÷A]wzCpGzú∩]wBzu@

qA≥nDiαb@ 3¿ºeNOC

≤s Web °Aí

w¿ºßA≤s Web °AíCYno≥As WebSphere

Application Server zDxAMß÷@U⌠ -> ≤s Web °Aí -> T

wC

O

wªABnw∩]ú¿ºßA½sOCb

WebSphere zDx⌡µUC@G

1. ÷@U°A -> OC

2. ∩ Tivoli Identity Manager OC

3. ÷@UC Tivoli Identity Manager bOC

ziH∩bOϕñ⌠≤qúROúí⌡µUzⁿOAO¿

G

ITIM_DIR\bin\win\ssCluster start

:

1. bww Network Deployment Manager qúW⌡µoⁿOAπOC

2. oⁿO] JMS °AC

ziH∩bOϕñ⌠≤qúROúí⌡µUzⁿOA εO¿

G

ITIM_DIR\bin\win\ssCluster stop

: bww Network Deployment Manager qúW⌡µoⁿOA επOC

6 OwGTivoli Identity Manager °A 81

Tivoli Identity Manager °AqT

pGnΩwB²°AM Tivoli Identity Manager °AOTtmAB

OqTA⌡µUC@G

1. JDBC XíATOXíbSwO¿W⌡µG

a. blºeA²Ωw°AM WebSphere Application Server úb⌡µ

ñCΣL÷ WebSphere Application Server ΩTA\ WebSphere

Application Server úσ≤C

b. Γ IBM DB2 ]wm≤TmCpGzΓ IBM DB2 7.1 7.2

ftúnM≤Ab WebSphere Application

Server ºeA²⌡µ Shell ñ usejdbc2 Shell ScriptCMßA@suC

pGsuúqAτ enrole ID MKXOú tmCpG IBM

DB2 °AO°AANP@ IBM DB2 M≤hAM

Ωw°AMßC

: M≤ 3 N IBM DB2 7.1 ⌠Aα IBM DB2 7.2 @δ

ihCpGnΣLΩTA\ IBM Tivoli Identity Manager

NC

c. s WebSphere Application Server zDxC

d. ÷@UΩ -> JDBC ΣCMß∩IC

e. ÷@Us²°ACMß∩°AAA÷@UMC

f. JDBC úMµAMß÷ΓU ITIM JDBC úC

g. Γ X∩AuΣLevíµCMßbuΣLevíµ

ñA÷@UΩC

h. b XuΩv∩ñA÷@UsuCoeX@h

TºAⁿXGC

2. Tivoli Identity Manager °AH⌠≤íC

÷@Ul -> í -> IBM WebSphere -> Application Server v5.0 ->

°AC

3. nJ Tivoli Identity ManagerC±ΦíAbs²°íΘJUo@µG

http://hostname/enrole

Σñ hostname Oⁿ⌡µ Tivoli Identity Manager °AπqúW IP C

:

a. únqP@ßqúAΓWs²Ñq@CoΓÑq@

úOP@Ñq@ IDA]ΩiαúDC

b. pGzOQµ@nJ\αnJA∩yÑAN /language [b⌠

ßC±ΦíAΘJG

https://mysite.myco.com/itim/enrole/language

ΣL÷tm Web s²w]yÑA\ IBM Tivoli Identity Manager t

mΓUC

82 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

c. bw Tivoli Identity Manager ºßAYOLkaX Tivoli Identity Manager n

JABS Tº#Ads² (Microsoft Internet

Explorer) w]wCuScript @vqñu@ñ Script @v]

uvC

pGnd≤]wA⌡µUC@G

1) bs²uπCWA÷@Uuπ -> ⌠⌠⌠∩C∩uwvC

2) buwvWA@÷@UUCTñC@AMß÷qh

C

v ⌠⌠⌠

v í⌠⌠

v H⌠

3) Nu]wvMµuScript @vAMßNu@ñ Script @v]

uvC

4) w∩C@CA÷@UTwC

5) pGúzuzTwHv∩A÷@UOC

4. ΘJ Tivoli Identity Manager z ID (itim manager) MKX]≥ bw

ºßΘJA O ″secret″C

5. nBJA]ITIM CΣLΩTA\uWí

IBM Tivoli Identity Manager Policy and Organization Administration GuideC

pb⌡µñºBz÷ΩTA\ IBM Tivoli Identity Manager tmΓUC

°A-NzíqT

pGnN Tivoli Identity Manager tft Tivoli Identity Manager NzíA

πúATO Tivoli Identity Manager °AMNzíºíqTwC

∩≤ Tivoli Identity Manager Nzºuñ (Certificate Authority)v

≤ ITIM_HOME\cert ²ñCpGzQDΣ¼A\ IBM Tivoli

Identity Manager tmΓUAHSwNzíwΓUC

:

1. @w@Nzí]wAB²Γ]wwªºßAAwt@Nz

í]wCpGPwh]wAiαó Tivoli Identity Manager °A

½s≈C

2. ϕC@Nz]wúwbπ WebSphere Application Server Network

Deployment qúWA≤sUCG

ITIM_HOME\data\CustomLabels.properties

oΦ]tXbⁿw]w¼ºbß ITIM GUI ñα½C

w∩wbπ WebSphere Application Server Network Deployment ºqúC@

Nz]wAz]≤s CustomLabels.properties AªbC@ UI O

¿]YO3\αO@AhO¿WúCzqπ

W e b S p h e r e A p p l i c a t i o n S e r v e r N e t w o r k D e p l o y m e n t qúN

CustomLabels.properties H FTP eC@O¿C

6 OwGTivoli Identity Manager °A 83

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

3. bOtmϕñAwNzí]w@C≤nbOtmwNz

í]wA\SwNzíNzíwΓUC

4. WebSphere Application Server tmnDNzí ≈mAPw

Tivoli Identity Manager °A ≈m@CpAYOzNNz]ww

bΣ Tivoli Identity Manager °Awb d:\ITIM_HOME O¿WAh

≤ d:\ITIM_HOME\cert ²WCWebSphere Application Server tm]

ⁿw d:\ITIM_HOME\cert ²C

5. pGw]yÑúO σAbw@ Tivoli Identity Manager NzíºeA

²∩oMⁿ Tivoli Identity Manager NzíyÑM≤ CDCⁿ

OµíAb Tivoli Identity Manager °AwNzíyÑM≤G

java -jar itimlp_agents_setup.jar

oNiH Tivoli Identity Manager yÑM≤wíFCpGn¿yÑM

≤w@AϕwíeπUCⁿC

: n⌡µ Tivoli Identity Manager yÑM≤wíAα≈qⁿOµs Java

Runtime Environment 1.3.1C

sWúO¿

NísWúO¿C

HsqúXRO

pGnb Tivoli Identity Manager O[JsO¿A⌡µUC@G

: oBJOQºeúb WebSphere Cell ϕñqúAXROCoNO⌠¡

O@dC

1. WebSphere Application Server zDxAsO¿CpGnΣL

ΩTA\ 99yNI[J Cell ϕñzC

2. WebSphere Application Server zDxAbIW[JsO¿CpG

nΣLΩTA\ 99yOzC

3. bsqúW⌡µ Tivoli Identity Manager wA∩O¿wC

4. ≤s Web °AíCYno≥As WebSphere Application Server

zDxAMß÷@U⌠ -> ≤s Web °Aí -> TwC

5. WebSphere Application Server zDxAsO¿C

HP@íqúXRO

z]iHQO¿P@íqúA[JΣLO¿AXRO

C

⌡µUC@G

1. bO¿bqú WebSphere Application Server zDxWAs

O¿C

: oNO½O@dC

2. ≤s Web °AíCYno≥As WebSphere Application Server

zDxAMß÷@U⌠ -> ≤s Web °Aí -> TwC

84 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

3. WebSphere Application Server zDxAsO¿C

úO¿

pGnΓqúW@O¿úA⌡µUC@G

v pGqúWu@O¿A⌡µUC@G

1. ⌡µ Tivoli Identity Manager úwíCpGnΣLΩTA\

127² G, yúw Tivoli Identity ManagerzC

2. b WebSphere Application Server zDxWAqORúO¿C

3. ≤s Web °AíCYno≥As WebSphere Application Server

zDxAMß÷@U⌠ -> ≤s Web °Aí -> TwC

v pGqúWnXO¿]½OA⌡µUC@G

1. b WebSphere Application Server zDxWAqORúO¿C

2. ≤s Web °AíCYno≥As WebSphere Application Server

zDxAMß÷@U⌠ -> ≤s Web °Aí -> TwC

6 OwGTivoli Identity Manager °A 85

86 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

² A. HMM≤úwM

HUUú Tivoli Identity ManagerG

v ⁿ Tivoli Identity Manager 4.5.0 Σ¡xíM≤Cp

ooM≤÷ΩTA\ yo 4.5.1 M≤zC

v Tivoli Identity Manager 4.5.1 Σs¡xº (CD)C

p CD eA\H CD Mú ITIM-4.5.1-CD-IMAGES.txt C

v ]t²e Tivoli Identity Manager 4.5.0 í CDC

pⁿΣ¡xΣí÷ΩTA\IBM Tivoli Identity Manager

NC

WebSphere í PQ77521 úb CD 4.5.1 wMW

ú CD Tivoli Identity Manager 4.5.1 wMW3úí

PQ77521C[ Messaging Interim Fix for WebSphere Application Server 5.0.2

H≤ WebSphere Embedded Messaging Σ MQJMS2013 XA C

Tº@µpUG

[8/6/03 13:30:54:484 EDT] f341ce J2CXAResource W J2CA0061W: Error creatingXA Connection and Resource javax.resource.spi.ResourceAdapterInternalException:createQueueConnection failed atcom.ibm.ejs.jms.JMSCMUtils.mapToResourceException(JMSCMUtils.java:123)

±ΦíApG WebSphere Application Server bu@y⌡µ εANiαoo

C3¿µ÷OLk A²pGzMíANiH ΩC

nooíAΘJUo@µAso⌠G

http://www.ibm.com/support/docview.wss?uid=swg24005451

o 4.5.1 M≤

bUC⌠Woⁿ Tivoli Identity Manager 4.5.0 Σ¡xº Tivoli Identity

Manager 4.5.1 M≤G

http://www-1.ibm.com/support/dlsearch.wss?rs=644&q;=&tc;=SSTFWV&dc;=D420&loc;=en_US&cs;=utf-8&lang;=en&sort;=desc&rankfile;=8&p;=1

pAM≤WⁿUíG

4.5.1-TIM-platform-WAS-0001.zip

Σñ platform O@O AIX C

⌡µUC@G

1. s IBM Online Software Σ⌠C

a. bUC⌠Wn²zH IBM uW IDG

http://www.ibm.com/software/support/

© Copyright IBM Corp. 2004 87

|

|

|

|

|

|

||

|

|

|

|

|

|

|

b. ÷@UíAHo¿u≤s@Xv∩ºq÷ΩTC

c. b IBM Online nO@Xñúz ßX]) IBM Passport

Advantage Software Maintenance Agreement ⁿwC

4.5.0

Tivoli Identity Manager °A 4.5.0 úUC (CD)CpG3NCX CD

Ap IBM ΣñC

yÑM≤ CDUϕNCXyÑM≤ CD eC

ϕ 5. yÑM≤ CD e

ú W

yÑM≤ itimlp_setup.jar, itimlp_agents_setup.jar

Tivoli Identity Manager ≥íX Solaris CD] WebSphereApplication Server

UϕNCX Tivoli Identity Manager ≥íX Solaris CD] WebSphere

Application ServereG

ϕ 6. Tivoli Identity Manager ≥íX Solaris CD] WebSphere Application Servere

ú W

Tivoli Identity Manager 4.5 ]WebSphere

Application Server

instSOL-WAS.bin

ReadMeFirst σ≤ Docs-ReadMeFirst.pdf

Tivoli Identity Manager ≥íX Solaris CD]D IBM í°A

UϕNCX Tivoli Identity Manager ≥íX Solaris CD]D IBM

í°A(WebLogic) eG

ϕ 7. Tivoli Identity Manager ≥íX Solaris CD] WebLogice

ú W

Tivoli Identity Manager 4.5 ]WebLogic instSOL-WL.bin

ReadMeFirst σ≤ Docs-ReadMeFirst.pdf

R Solaris CD 1UϕNCXR Solaris CD 1 eG

ϕ 8. R Solaris CD 1 e

ú W

WebSphere Application Server Base 5.0

M≤ 2

was50_fp2_solaris.zip

88 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

ϕ 8. R Solaris CD 1 e (≥)

ú W

WebSphere Appl icat ion Server Network

Deployment 5.0 M≤ 2

was50_nd_fp2_solaris.zip

WebSphere Application Server Base 5.0.2

í (APAR PQ75794)

PQ75794.zip

WebSphere Application Server Base M WebSphere

Application Server Network Deployment 5.0.2

í (APAR SOV62778)

ibmorb.jar

WebSphere Application Server JSP s

í (APAR PQ77263)

PQ77263.zip

R Solaris CD 2UϕNCXR Solaris CD 2 eG

ϕ 9. R Solaris CD 2 e

ú W

IBM Directory Server 5.1 ids510-solaris-ismp-us.tar

IBM Directory Server 5.1 M≤ 1 FP510S-01.tar.Z

IBM Directory Server πí DelRef/aix/libdelref.a

DelRef/hpux/libdelref.sl

DelRef/nt/libdelref.dll

DelRef/sun/libdelref.so

Tivoli Identity Manager 4.5 tm DelRef/timdelref.conf

R Solaris CD 3UϕNCXR Solaris CD 3 eG

ϕ 10. R Solaris CD 3 e

ú W

IBM DB2 8.1 M≤ 2]32 M 64 Sol-FP2_U486567.tar.Z

R Solaris CD 4UϕNCXR Solaris CD 4 eG

ϕ 11. R Solaris CD 4 e

ú W

Oracle Type 4 JDBC Xí classes12.zip

Oracle Type 4 JDBC Xív LI_en

Tivoli Identity Manager ≥íX AIX CD] WebSphereApplication Server

UϕNCX Tivoli Identity Manager ≥íX AIX CD] WebSphere

Application ServereG

² A. HMM≤úwM 89

ϕ 12. Tivoli Identity Manager ≥íX AIX CD] WebSphere Application Servere

ú W

Tivoli Identity Manager 4.5 ] WebSphere

Application Server

instAIX-WAS.bin

ReadMeFirst σ≤ Docs-ReadMeFirst.pdf

Tivoli Identity Manager ≥íX AIX CD]D IBM í°A

UϕNCX Tivoli Identity Manager ≥íX AIX CD]D IBM í

°A(WebLogic) eG

ϕ 13. Tivoli Identity Manager ≥íX AIX CD] WebLogice

ú W

Tivoli Identity Manager 4.5 ]WebLogic instAIX-WL.bin

ReadMeFirst σ≤ Docs-ReadMeFirst.pdf

R AIX CD 1

: )≤jp¡εA]R CD WSú AIX M≤ 2 (IBM DB2)C

pGno AIX M≤ 2 (IBM DB2)AsUo FTP ⌠G

ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aix5v8/fixpak/FP2_U486566/

sUo⌠G

http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/v8fphist.d2w/report#AIX5

UϕNCXR AIX CD 1 eG

ϕ 14. R AIX CD 1 e

ú W

WebSphere Application Server Base 5.0

M≤ 2

was50_fp2_aix.zip

WebSphere Appl icat ion Server Network

Deployment 5.0 M≤ 2

was50_nd_fp2_aix.zip

WebSphere Application Server Base 5.0.2

í (APAR PQ75794)

PQ75794.zip

WebSphere Application Server Base M WebSphere

Application Server Network Deployment 5.0.2

í (APAR SOV62778)

ibmorb.jar

WebSphere Application Server JSP s

í (APAR PQ77263)

PQ77263.zip

90 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

R AIX CD 2UϕNCXR AIX CD 2 eG

ϕ 15. R AIX CD 2 e

ú W

IBM Directory Server 5.1 ids510-aix-ismp-us.tar

IBM Directory Server 5.1 M≤ 1 FP510A-01.tar

IBM Directory Server πí DelRef/aix/libdelref.a

DelRef/hpux/libdelref.sl

DelRef/nt/libdelref.dll

DelRef/sun/libdelref.so

Tivoli Identity Manager 4.5 tm DelRef/timdelref.conf

R AIX CD 3UϕNCXR AIX CD 3 eG

ϕ 16. R AIX CD 3 e

ú W

Oracle Type 4 JDBC Xí classes12.zip

Oracle Type 4 JDBC Xív LI_en

Tivoli Identity Manager ≥íX HP-UX CD]D IBM í°A

UϕNCX Tivoli Identity Manager ≥íX HP-UX CD]D IBM í

°A(WebLogic) eG

ϕ 17. Tivoli Identity Manager ≥íX HP-UX CD] WebLogice

ú W

Tivoli Identity Manager 4.5 ] WebLogic instHPUX-WL.bin

ReadMeFirst σ≤ Docs-ReadMeFirst.pdf

Tivoli Identity Manager ≥íX Windows 2000 CD]

WebSphere Application ServerUϕNCX Tivoli Identity Manager ≥íX Windows 2000 CD]

WebSphere Application ServereG

ϕ 18. Tivoli Identity Manager ≥íX Windows 2000 CD] WebSphere ApplicationServere

ú W

Tivoli Identity Manager 4.5 ] WebSphere

Application Server

instW2K-WAS.exe

ReadMeFirst σ≤ Docs-ReadMeFirst.pdf

² A. HMM≤úwM 91

Tivoli Identity Manager ≥íX Windows 2000 CD]D IBM í

°A

UϕNCX Tivoli Identity Manager ≥íX Windows 2000 CD]D IBM

í°A(WebLogic) eG

ϕ 19. Tivoli Identity Manager ≥íX Windows 2000 CD] WebLogice

ú W

Tivoli Identity Manager 4.5 ]WebLogic instW2K-WL.exe

ReadMeFirst σ≤ Docs-ReadMeFirst.pdf

R Windows 2000 CD 1UϕNCXR Windows 2000 CD 1 eG

ϕ 20. R Windows 2000 CD 1 e

ú W

WebSphere Application Server Base 5.0

M≤ 2

was50_fp2_win.zip

WebSphere Appl icat ion Server Network

Deployment 5.0 M≤ 2

was50_nd_fp2_win.zip

WebSphere Application Server Base 5.0.2

í (APAR PQ75794)

PQ75794.zip

WebSphere Application Server Base M WebSphere

Application Server Network Deployment 5.0.2

í (APAR SOV62778)

ibmorb.jar

WebSphere Application Server JSP s

í (APAR PQ77263)

PQ77263.zip

R Windows 2000 CD 2UϕNCXR Windows 2000 CD 2 eG

ϕ 21. R Windows 2000 CD 2 e

ú W

IBM Directory Server 5.1 ids510-windows-us.zip

IBM Directory Server 5.1 M≤ 1 FP510W-01.zip

IBM Directory Server πí DelRef\aix\libdelref.a

DelRef\hpux\libdelref.sl

DelRef\nt\libdelref.dll

DelRef\sun\libdelref.so

Tivoli Identity Manager 4.5 tm DelRef\timdelref.conf

92 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

R Windows 2000 CD 3UϕNCXR Windows 2000 CD 3 eG

ϕ 22. R Windows 2000 CD 3 e

ú W

IBM DB2 8.1 M≤ 2 W2K-FP2.zip

R Windows 2000 CD 4UϕNCXR Windows 2000 CD 4 eG

ϕ 23. R Windows 2000 CD 4 e

ú W

Oracle Type 4 JDBC Xí classes12.zip

Oracle Type 4 JDBC Xív LI_en

² A. HMM≤úwM 93

94 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

² B. WebSphere ⌠

Nízbµ@°AOtmw Tivoli Identity Manager °AºeA

WebSphere Application Server ⌠@δBJCpGOOtmA NúwPt

m WebSphere Application Server Network Deployment M WebSphere Application Server

Base BJC

: pGnΣLΩTA\ WebSphere Application Server wσ≤C

w WebSphere Application Serverbw WebSphere Application Server ºeA²Tw¼≈i íAiHN

úYCpGnΣLΩTA\ IBM Tivoli Identity Manager N

C

WebSphere MQ 5.3

WebSphere Embedded Messaging °AMß]WebSphere Embedded Messaging Σ

O Tivoli Identity Manager n WebSphere 5.0 ≤CpGnQwo

WebSphere ≤Aú IBM MQSeries 5.2 ]pGªwgbqúWC

pGqúW WebSphere MQ 5.3 Abw WebSphere Embedded Messaging

ΣßM°AºeA²wUC WebSphere MQ ≤G

v π CSD03 ≤sí WebSphere MQ 5.3

v °AM Java T WebSphere MQ S

YnPwA⌡µ WebSphere MQ ú mqver -íC

pGnΣLΩTA\ WebSphere Application Server wσ≤C

τ≡ 9090 i

WebSphere Application Server tXΣzDx≡ 9090CpGtWwb

≡Ahz WebSphere zDx∩úPi≡CziHΘJUCⁿOA

≡ObñG

netstat -an

tm Tivoli Identity Manager O

OwMtmpUG

1. 96yw WebSphere Application Server Network Deploymentz

2. 97yw IBM HTTP Server M WebSphere Web °Aíz

3. 98yN Base wbC@IWz

4. 99yNI[J Cell ϕñz

5. 99yTO Network Deployment Manager MINzíb⌡µñz

© Copyright IBM Corp. 2004 95

|

ºßAz@hOAí≤ 59y Network Deployment Manager

OzC

w WebSphere Application Server Network Deployment

: pGoO@AWebSphere Application Server Network Deployment 5.0 Ni

HⁿJ Tivoli Identity Manager 4.4.x Dnn°AC

pGnw WebSphere Application Server Network DeploymentA⌡µUC@G

1. PqúO¼≈OΘMi íC

2. ²onM≤ APAR]pGCpGnΣLΩTA

\ IBM Tivoli Identity Manager NC

3. ⁿlú CDC÷ú CD ΣeΩTA\ 87² A,

yHMM≤úwMzC

4. ΘJUCⁿOA WebSphere Application Server Network Deployment wíG

drive:\nt\LaunchPad.bat .\nt

5. bl∩ñA ⁿvDC

wídnΘC±ΦíAªiαoíApAπΘ

σrr¼C\ WebSphere Application Server Network Deployment

úσ≤ApG⌠≤zo½níAN[HC

: bdnΘAwíºew WebSphere Application Server

Network Deployment ABπ@αM@s∩CpGzµ²Γ

WebSphere Application Server Network Deployment PsbA∩

FPsb∩s ≡AMßq@s∩∩≡Cbw

FAz≤≤ W A S _ N D M _ H O M E \ p r o p e r t i e s U

wsadmin.properties ñ SOAP suº≡Xs≡C

6. ÷U@BC

oeX@∩A²z∩ Network Deployment \αC

7. ⁿw]AMß÷U@BC

oeX@∩ACXUCΩTGwa²Bπh,

íHeh,iíC

8. ⁿ∩w]²ATw¼≈ íiHiµwAMß÷U@BC

oeX@∩AnDzΘJIWBD≈WM Cell WC

9. ⁿw]AΘJnDµCpG

IW

ziH ⁿw]rΩAú@NqrΩO IC

pGhostname

D≈W IP

ziHΘJqúπD≈W IP C

Cell W

ziHΘJO Cell C±ΦíAΘJG

ITIM_CELL_A1

96 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

10. ½÷U@BA²UC∩G

v wKn

v wi

v ún²

v ¿

v ¿

11. unBJv∩Aªúz°AAH⌡µwτCz

iHbUo⌠szDxG

http://networkdeploymenthost:9090/admin

Σñ networkdeploymenthost Oⁿzw WebSphere Application Server Network

Deployment ºqúπD≈WC

: pGΓ WebSphere Application Server Network Deployment PsbA

Γw]≡½¿zbwtm≡C

12. w Fix Pack APARC

: bwM≤ APAR ºeA² ε WebSphere Application Server

Network Deployment tCpGnΣLΩTA\ IBM Tivoli Identity

Manager NC

w IBM HTTP Server M WebSphere Web °Aí

pGnw IBM HTTP Server M WebSphere Web Server íA⌡µUC@G

1. ⁿlú CDC÷ú CD ΣeΩTA\ 87² A,

yHMM≤úwMzC

2. WebSphere Application Server Base úw@C

3. ²UCw∩A ⁿw]C

4. pGw∩úUC∩A÷@U∩ ⁿ½stmG

Reconfigure the product to coexist with other versions of itself

5. ²u@thdvAH²ΣLdnΘ∩C

6. ϕeXto∩∩A∩qC

7. ÷U@BC

oeX@\α∩∩C

8. b\α∩∩WAu∩UCG

v IBM HTTP Server

v Web Server í]w∩ IBM HTTP Server

9. ÷U@BC

oeX@∩Aπw]²AHiMní

C

: pGow[c0ΓPe@w[cPsbAhw]w²iH≤ IBM HTTP Server 5.0A]ªP IBM HTTP Server 4.0 wt

w]²úPC

² B. WebSphere ⌠ 97

|

|

|

10. ⁿw]²A∩A∩qúi íC÷U@

BC

oeX@∩ACXznw\αΣmC

11. ½÷U@BA²ß≥tUC∩G

v i°i

v ún²

v ¿

12. oMwn WebSphere Application Server Base M≤AΣñ]t IBM

HTTP Server íCpGnΣLΩTA\ IBM Tivoli Identity

Manager NC

ú WebSphere Web °Aítm

ú WebSphere Web Server ítmCbwíºeA² ε

IBM HTTP ServerC⌡µUC@G

1. nJ Network Deployment Manager zDxC

2. qDx¬íµñA÷@U⌠ -> ≤s Web °Aí -> TwA≤s

Web °AíCoNb NDM_HOME\config\cells ñú Web °A

ítm plugin-cfg.xmlC

3. ϕí≤sªºßA÷@UxsAΓztmxsDnxswC

: xstmA∩uN≤PIPB.vC

4. pG IBM HTTP Server wb Network Deployment Manager qúWA

τ http_server_installdir\conf\httpd.conf tmñtUo@µC

: pG IBM HTTP Server M Network Deployment Manager OwbúPqú

WANú⌡µoBJC

WebSpherePluginConfig drive:"\Program Files\WebSphere\DeploymentManager\config\cells\plugin-cfg.xml"

N Base wbC@IW

ziHw WebSphere Application Server BaseAb¡ Cell ¿C@IWA

½UCBJG

1. WebSphere Application Server Base wíC

2. ²∩AX@∩Cznw\αεC

:

a. bdnΘAwíºew WebSphere Application Server

Base ABπ@αM@s∩CpGzµ²Γ

WebSphere Application Server Base PsbA∩FPsb

∩s ≡AMßq@s∩∩≡Cbw⌠Az≤≤

WAS_HOME\AppServer\properties U wsadmin.properties ñ SOAP su

º≡Xs≡C

b. FúαAε Web Dx@o⌠≤DAzúnwd

íBíXPípuπH WebSphere Application Server t Ant

-íC

3. ÷U@BC

98 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

oeX@∩ACXznw\αCqMµñ∩zn

\αC

4. ½÷U@BA²ß≥tUC∩G

v i°i

v ún²

v ¿

5. wM≤CpGnΣLΩTA\ IBM Tivoli Identity Manager

NC

6. ⌡µUC@A²sIJ Cell ϕñG

a. 1½ WebSphere bin l²C

b. HUCⁿO°AG

startServer server1

NI[J Cell ϕñ

blºeA² WebSphere Application Server (server1) bzn[J Cell ñ

IW⌡µC

ziHb Network Deployment Manager zDxW⌡µUC@ANI[J Cell

ϕñG

1. ÷@Utz -> CellC

2. U@∩A÷@UutmvIC

3. b XuIv∩ϕñA÷@UsWICⁿwID≈WM≡A

Mß÷@UTwC

oeX@i∩A°iosWI@C

z]iH⌡µ addNode.bat ScriptAΓI[J Cell ϕñAMßA⌡µ startNode.bat

ScriptC±ΦíAbzn[JIqúWΘJUCⁿOG

drive:"\Program Files\WebSphere\AppServer\bin\addNode.bat serverNodeName 8879"drive:"\Program Files\WebSphere\AppServer\bin\startNode.bat"

O

ziHb Network Deployment Manager zDxW⌡µUC@OG

1. ÷@U°A -> OC

2. bß≥X∩ñA÷@UsC

3. ΘJOWA∩Aϕ°AAMß÷U@BC

4. ±gusO°Av∩Aⁿw@O¿AMß÷@UMCpGnt

ⁿwΣLO¿A½oⁿw@C¿MµºßA÷U@BC

5. dO¿KnATwO¿MµTCMßA÷@U¿C

6. ∩uN≤PIPB.vAMßNtmxsDnxswC

TO Network Deployment Manager MINzíb⌡µñ

FTO Network Deployment Manager M WebSphere Application Server I

Nzíb⌡µñA⌡µUC@G

² B. WebSphere ⌠ 99

|

1. ΘJUCⁿOAbw Network Deployment Manager qúWszDxG

http://NDM_host:9090/admin

pGnP Network Deployment Manager ¼AAiHbw Network Deployment

Manager qúW⌡µUC@G

drive:"\Program Files\WebSphere\DeploymentManager\bin\serverStatus.bat"

pGnP JMS °ABí°AMINzí¼AAiHbw

WebSphere Application Server Base qúW⌡µUC@G

drive:"\Program Files\WebSphere\AppServer\bin\serverStatus.bat"

2. oBJO]ww Tivoli Identity ManagerCPOTwqMⁿwC@

I JDBC Xí⌠⌠M ITIM_HOMECb Network Deployment

Manager zDxA÷@U⌠ -> z WebSphere C±ΦíAd

MµA ITIM_HOME OTC

3. C@O¿INzíBJMS °AMí°ACpA÷@

U°A -> °AC÷@UΣñ@°A]p server1∩AM

ßA÷@UC

4. bINzíºßAYnTw INzíOb⌡µñA÷@Ut

z -> INzíCoe@°íACXINzíΣ¼AC

5. oBJO]ww Tivoli Identity ManagerCbs²ΘJ⌡µ IBM HTTP Server

qú⌠G±ΦíAΘJG

http://myhost.mylab.mycity.mycompany.com/enrole

oXuTivoli Identity Manager nJveCnJ Tivoli Identity Manager

íC

tm WebSphere Application Server µ÷A]w

w] WebSphere Application Server µ÷A]w*CALkBzjí

u@qC]Az∩oµ÷A]wAHKµ÷OípoC

w] WebSphere Application Server µ÷A]wpUG

v µ÷R¡O = 120

v ßú@O = 60

z,nΓoΓOú¬ 1200 M 600CpGz0Γiµjq@Aiα

n]o≤¬CziHQ WebSphere Application Server zDx∩oΓC

UCNíp≤≤µ÷A]wCpGznΩ@ Tivoli Identity Manager O

tmAbOC@¿½⌡µoC

1. nJ WebSphere Application ServerA WebSphere Application Server zD

xC

2. ∩°A -> í°AADx¬Σ≡¼cñΣAMß∩

z°AWC

3. buΣLevqñA∩µ÷AC

4. tXzwu@qA∩uµ÷R¡OvMußú@

Ov]wC

100 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

5. ÷@UTwAxsz≤C

² B. WebSphere ⌠ 101

102 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

² C. w q

NíziHB⌡µ Tivoli Identity Manager ⌠úwCΣDD

pUG

v yJ2EE wz

v 109ytm HTTP °AΣLΦkz

J2EE w

pG J2EE wAªTOgLOAπn\iviHs Tivoli

Identity Manager Enterprise Java Bean (EJB) ≤Ctmow≤@A]AF

tmO≈εMn²bCΓBJhn°íp@O≤µItmOh

ItmwC

ΣBJpUG

1. bw Tivoli Identity Manager ºeA²HΓΦítmO≈εMn²C

2. bw Tivoli Identity Manager Aⁿww ID MKXC

3. bwºßAHΓΦíNz∩M Tivoli Identity Manager ñΓC

tmµIípw

Níp≤HΓΦíAw∩µIíptm J2EE wC

bw Tivoli Identity Manager ºeAw∩µIípΓBJ

pGntm J2EE w≤Abw Tivoli Identity Manager ºe⌡µUC@G

ⁿwz: ⌡µUC@ⁿwzG

1. b@tn²ñA∩@zCb UdϕñA

o@utv wasadminC

2. b@tn²ñA∩t@zCb Udϕ

ñAo@uEJB v itimadminC

ⁿwO≈εMn²: nⁿwO≈εMn²A⌡µUC@G

1. WebSphere z°ABnJDxC

2. ÷@Uw -> s wC

3. ∩UC∩G

v @ñO≈εGSWAM]í WebSphere O≈ε

v @ñn²G OS

4. xstm≤C

tm OS n²: ntm OS n²A⌡µUC@G

1. ÷@Uw -> n²-> OSC

2. ΘJt ID (wasadmin) MKXC

3. xstm≤C

© Copyright IBM Corp. 2004 103

w: wC⌡µUC@G

1. ÷@Uw -> s wC

2. ÷@UwC

3. pGzn Java 2 wA∩a÷@Ujε Java 2 wCun∩o

∩AíúΣ Java 2 wC

4. xstm≤C

bµIípw: pGnbµIípwA½s WebSphere z

°ACz°AAiαⁿw WebSphere z ID MKXCpG

WAS_HOME\bin\stopServer server1 [-username wasadmin -password wasadminpassword]WAS_HOME\bin\startServer server1 [-username wasadmin -password wasadminpassword]

µIípbw Tivoli Identity Manager ºßΓBJ

pGn¿ J2EE w≤tmAbw Tivoli Identity Manager ºß⌡µUC

@G

Nz∩M Tivoli Identity Manager ñΓ: pGnNz∩M Tivoli

Identity Manager ñΓA⌡µUC@G

1. b WebSphere Application Server zDxWA÷@Uí -> °

íC

2. ÷@U enRoleC

3. UAbuΣLev÷@UNwñΓ∩M/sC

4. ∩ ITIM_SYSTEM ∩C

5. ÷@Ud\C

6. ÷@UjMC

7. qMµñ∩ EJB (itimadmin)C

8. Mß÷@UTwC

9. dUún∩uC@HvuwOHv∩C

: Fε3gvsµA o∩C

10. xstm≤C

tm was.policy : Tw was.policy sb≤IUz²UG

WAS_HOME\config\cells\<cellname>\applications\enRole.ear\deployements\enrole\META-INF

oh∩ Tivoli Identity Manager 3ª⌡µ\ivC÷Mohú

∩ Tivoli Identity Manager IH⌠≤¡εA²O Java 2 wAOiHb

WebSphere zΣLí⌡µwO@CpGoúsbAqú CD

MΣMs Abⁿw²U C

ejpUG

grant codeBase "file:;$application" permission java.security.AllPermission;;

HtM EJB ≤s Tivoli Identity Manager tm: pGz≤∩Ft

M EJB AhHstM EJB A≤s Tivoli

Identity Manager tmC⌡µUC@G

104 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

1. uttmvíCΦkOΘJUzⁿOG

ITIM_HOME\bin\runConfig

2. ∩uwvC

oeuwv°íC

3. Hzb OS n²ñ wasadmin IDA≤sutvµ

ΣKXC

4. Hzb OS n²ñ itimadmin IDA≤suEJB vµ

ΣKXC

5. Mß÷@UTwC

bµIíp½s Tivoli Identity Manager: pGnbµIípwA

beXú½s Tivoli Identity Manager BnJC±ΦíApGn½s

Tivoli Identity ManagerAΘJUCⁿOG

ITIM_HOME\bin\itim stop wasadmin wasadminpasswordITIM_HOME\bin\itim start wasadmin wasadminpassword

]ww]O Oíj: pGtúb@ñwF@wíAwONCw]O 120 A²pGn Tivoli Identity ManagerAoqíiαú

šC

: bYtWAΩOíjiα±ⁿwíj≤uCOiᲬznJC]oOA½ Network Deployment ManagerBOM

INzíC

FTOOí≈jA¼HKoNOA⌡µUC@G

1. s WebSphere Application Server zDxC

2. ÷@Uw -> τ -> LTPA -> OC

3. ΓOííjA]j≤z⌠wtD@íjW¡C

44. uwv°í

² C. wq 105

tmhIípw

Níp≤HΓΦíAhIíptm J2EE wC

hIípbw Tivoli Identity Manager ºeΓBJ

pGntm J2EE w≤Abw Tivoli Identity Manager ºe⌡µUC@G

hIw]w LDAP: pGnhIw]w LDAPA⌡µUC@G

1. ²°AzuπAµ ou=wasSecurity,dc=comAΣñ com O

ⁿQrC

2. H½≤ cn=wasadmin,ou=wasSecurity,dc=comCbodϕñA

WebSphere Application Server zOⁿwutv(wasadmin)C

]wUCµG

v sn=wasadmin

v uid=wasadmin

v userPassword=wasadminpassword

3. AH½≤ cn=itimadmin,ou=wasSecurity,dc=comCbodϕ

ñATivoli Identity Manager zOⁿw EJB (itimadmin)C]w

UCµG

v sn=itimadmin

v uid=itimadmin

v userPassword=itimadminpassword

]wO≈εMn²: pGn]wO≈εMn²A⌡µUC@G

1. WebSphere z°AABnJDxC

2. ÷@Uw -> s wC

3. ∩UC∩G

v @ñO≈εGLTPA]p¼²≈c

v @ñn²GLDAP

4. xstm≤C

tmO≈ε: pGntmO≈εA⌡µUC@G

1. ÷@Uw -> τ≈ε -> LTPAC

2. MT LTPA O≈εKXC

3. xstm≤C

tm LDAP n²: pGntm LDAP n²A⌡µUC@G

1. ÷@Uw -> n²-> LDAPC

2. ∩UC∩G

v °A ID = wasadmin

v °AKX = wasadminpassword

v ¼ = directoryservertype

Σñ directoryservertype Oⁿ²°AAp IBM_Directory_ServerC

v D≈ = ITIM LDAP server hostname

106 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

|

|

|

|

v ≥OW (DN)Gou=wasSecurity,dc=com

v sOW (DN)GΘJsOWAp cn=rootC

v sKXGΘJsOWKXC

v újpgG∩o∩

3. xstm≤C

w: nwA⌡µUC@G

1. ÷@Uw -> s wC

2. ÷@UwC

3. pGzn Java 2 wA∩a÷@Ujε Java 2 wCun∩o

∩AíúΣ Java 2 wC

4. xstm≤C

bhI⌠w: pGnwA⌡µUC@G

1. bπ Network Deployment Manager qúWΘJG

WAS_NDM_HOME\bin\stopManager [-username wasadmin -password wasadminpassword]WAS_NDM_HOME\bin\startManager [-username wasadmin -password wasadminpassword]

2. bΣLπINzíqúWΘJG

WAS_HOME\bin\stopNode [-username wasadmin -password wasadminpassword]WAS_HOME\bin\startNode [-username wasadmin -password wasadminpassword]

3. ½sOC⌡µUC@G

a. H wasadmin ID MKXAbDxnJ WebSphere z°AC

b. ÷@U°A -> OC

c. ∩ OC

d. ÷@UεAMßA÷@UC

4. ½s JMS °AC⌡µUC@G

a. nJ WebSphere z°AC

b. ÷@U°A -> JMS °AC

c. ∩ °AC

d. ÷@UεAMßA÷@UC

hIípbw Tivoli Identity Manager ºßΓBJ

pGn¿ J2EE w≤tmAbw Tivoli Identity Manager ºß⌡µUC

@G

Nz∩M Tivoli Identity Manager ñΓ: pGnNz∩M Tivoli

Identity Manager ñΓA⌡µUC@G

1. b WebSphere Application Server zDxWA÷@Uí -> °

íC

2. ÷@U enRoleC

3. UAbuΣLev÷@UNwñΓ∩M/sC

4. ∩ ITIM_SYSTEM ∩C

5. ÷@Ud\C

6. ÷@UjMC

² C. wq 107

7. qMµñ∩ EJB (itimadmin)C

8. Mß÷@UTwC

9. dUún∩uC@HvuwOHv∩C

: Fε3gvsµA o∩C

10. xstm≤C

tm was.policy : Tw was.policy sb≤ Network Deployment Manager

IUz²UG

WAS_NDM_HOME\config\cells\<cellname>\applications\enRole.ear\deployements\enrole\META-INF

oh∩ Tivoli Identity Manager 3ª⌡µ\ivC÷Mohú

∩ Tivoli Identity Manager IH⌠≤¡εA²O Java 2 wAOiHb

WebSphere zΣLí⌡µwO@CpGoúsbAqú CD

MΣMs Abⁿw²U C

ejpUG

grant codeBase "file:;$application" permission java.security.AllPermission;;

ziHN WebSphere Application Server Network Deployment tmP Cell ñIP

B.C½s Tivoli Identity Manager OC

bhI⌠½s Tivoli Identity Manager: pGn½s Tivoli Identity

ManagerA⌡µUC@G

1. ÷@U°A -> OC

2. ∩OW∩C

3. ÷@UεCÑO εºßAA÷@UC

]ww]O Oíj: pGtúb@ñwF@wíAwONCw]O 120 A²pGn Tivoli Identity ManagerAoqíiαú

šC

: bYtWAΩOíjiα±ⁿwíj≤uCOiᲬznJC]oOA½ Network Deployment ManagerBOM

INzíC

FTOOí≈jA¼HKoNOA⌡µUC@G

1. s WebSphere Application Server zDxC

2. ÷@Uw -> τ -> LTPA -> OC

3. ΓOííjA]j≤z⌠wtD@íjW¡C

J2EE w

pGn WebSphere zDx J2EE wA⌡µUC@G

1. ÷@Uw -> s wC

2. ú∩] wM Java wC

3. εMßAINzíBJMS °AMí°AC

108 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

tm HTTP °AΣLΦk

pGnúBwO@Ab Tivoli Identity Manager wºßAtm IBM

HTTP Server HTTP °AA²ª≤ Cell íqúWCo]Aw Web

°ABq Network Deployment Manager sMtm Web °AAb°A

ⁿJMtm WebSphere C

UO Solaris ¡xW IBM HTTP Server Apache dCtXz¡x∩

UCBJG

1. bíqúWwMtm HTTP °AC

2. b http_server_dir/conf ²UA@s WebSphere ²C

3 . ΓUCq N e t w o r k D e p l o y m e n t M a n a g e r qús

http_server_dir/conf/WebSphere ²G

v was_deployment_mgr/bin/mod_ibm_app_server_http.so

v was_deployment_mgr/config/cells/plugin-cfg.xml

v was_deployment_mgr/etc/plugin-key.kdb

v was_deployment_mgr/etc/plugin-key.sth

4. b Cell íqúWAHσrsΦ plugin-cfg.xml ABiµUC∩G

v Γ w a s _ d e p l o y m e n t _ m g r / e t c / ²C@ΩA∩

h t t p _ s e r v e r / c o n f / W e b S p h e r e ²C]NOíAΓ r e p l a c e

/ o p t / W e b S p h e r e / D e p l o y m e n t M a n a g e r / e t c ½¿

/opt/IBMHttpServer/conf/WebSphereC

45. W[wO@]w HTTP °Atm

² C. wq 109

v Γ http_plugin.log ²A∩ http_server/logsC]NOíAΓ

/ o p t / W e b S p h e r e / A p p S e r v e r / l o g s / h t t p _ p l u g i n . l o g ½¿

/opt/IBMHttpServer/logs/http_plugin.logC

5. HσrsΦ http_server_home/conf/httpd.conf ²Ab [WU

XµG

# WebSphere plugin settingsLoadModule ibm_app_server_http_module http_server/conf/WebSphere/mod_ibm_app_server_http.soWebSpherePluginConfig http_server/conf/WebSphere/plugin-cfg.xml

±ΦíAΘJUo@µG

# WebSphere plugin settingsLoadModule ibm_app_server_http_module /opt/IBMHttpServer/conf/WebSphere/mod_ibm_app_server_http.soWebSpherePluginConfig /opt/IBMHttpServer/conf/WebSphere /plugin-cfg.xml

: N WebSphere Application Server M≤ 2 ]wbw WebSphere

Web Server íqúWC

110 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

² D. q Tivoli Identity Manager 4.3 Tivoli IdentityManager 4.5 ß 4.5.1 C

Níp≤N²eΩM⌡Aq WebLogic Tivoli Identity Manager 4.3

A WebSphere Application Server Tivoli Identity Manager 4.5 C

Yn¿αA WebLogic Tivoli Identity Manager 4.3 wN²

WebLogic Tivoli Identity Manager 4.5 Co Tivoli Identity

Manager 4.3 ΩwM LDAP ²A²ªP Tivoli Identity Manager 4.5 eC

¿l@ºßAs WebSphere Application Server Tivoli Identity

Manager 4.5 ANwbtwΩ¿AB[HtmC

b¿²e≤OwΩ¿ñtm Tivoli Identity Manager 4.5 BJº

ßAz Tivoli Identity Manager 4.5.1 wMAN Tivoli Identity Manager 4.5

4.5.1 CpGnΣLΩTA\ 123² F, yq Tivoli

Identity Manager 4.5 4.5.1 zC

lºe

bq Tivoli Identity Manager 4.3 Tivoli Identity Manager 4.5 ºeA⌡

µUC@G

1. tXs Tivoli Identity Manager DAN⌠≤≤ Tivoli Identity Manager

⌠nΘA[HMtmCΣñ]]AΩwM²°AC

2. b²°AAy Tivoli Identity Manager l≡ñAMΣ enrole

rΩ]újpgCpGt enrole rΩAorΩK∩¿ itimC

úF ITIM_HOME\data\enRoleUnchangedAttributes.properties CºA

ú⌡µo@C

biµºeA²N Tivoli Identity Manager 4.3 LDAP l≡eAX

LDIF CMßb LDIF jM enrole rΩCpGzotúb

≤A⌡µUC@G

a. bw Tivoli Identity Manager 4.5 A∩ LDAP ²∩ C

b. sΦ ITIM_HOME\data\enRoleUnchangedAttributes.properties A[Jo

WC

c. HΓΦíIs LDAP ²C

3. ²²°AB⌡µC

4. ≈µ Tivoli Identity Manager ΩTAΣñ]AeMtm]wCo

≤ ITIM_HOME\data ñC

5. bºeATw Tivoli Identity Manager GUI mñεCwMúAB½

soXw≤]pπúwRúCq Tivoli Identity Manager 4.3 O 4.4

Tivoli Identity Manager 4.5 ºßAúOdu@yCbºeAY

3Twu@ybómñAhϕ Tivoli Identity Manager ¬be@w

½soXm≤AiαPßXº¼pC

© Copyright IBM Corp. 2004 111

|

|

|

|

|

|

|

|

|

|

|

|

|

|

b⌡µºeAbPw Tivoli Identity Manager εCOºßAε Tivoli

Identity Manager]²Oún ε WebLogic ServerC

@tτ Tivoli Identity Manager u@yObómñΦkAOd

u@yεCñTº]]Au@yMu@ymCziH WebLogic

Admin Console dεCC

⌡µUC@G

v WebLogic Admin ConsoleC

v b≡¼cñz⌠C

v ÷@U⌠≡¼cñA -> JMS -> °A -> JMSServerC

v ÷@Ukíµñu°vC

v ÷@U°@ñ JMS aC

v ÷@UTºC

CXεCºuTºvúOsC

6. TwΩw°Awb⌡µñC

pGzO Oracle Tivoli Identity Manager ΩwAiHPMv

uenrolevbßnJ SQLPlusC@δÑA Oracle usystemviH

PoMvC

pAQUínJG

sqlplus system/password@itim_db_instance

P\ivuenroleviHu⌠≤vCΘJUzⁿOG

SQL> GRANT CREATE ANY PROCEDURE to enrole;

hXÑq@CΘJUzⁿOG

SQL> quit;

q WebLogic Tivoli Identity Manager 4.3 WebLogic TivoliIdentity Manager 4.5

NíΓ WebLogic Tivoli Identity Manager 4.3 A WebLogic

Tivoli Identity Manager 4.5 A⌡µBJCbw WebSphere

Application Server Tivoli Identity Manager 4.5 ºeA²⌡µo@C

1. Is Tivoli Identity Manager 4.5 WebLogic wíAiµw

δFAeXuzw BEA Weblogic Server 7.0 Hv∩εC

2. ÷@U C

oeXuzn≥wHv∩C

3. ÷@UOC

oeXuznbw Weblogic Server OHv∩C

4. ÷U@BA ⁿw] WebLogic Server ²C

oeXu∩wΩ¿v∩C

112 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

5. ΘJ Tivoli Identity Manager 4.3 l²C

oeXuznHv∩C

6. ÷@UOC

oeXuznbw LDAP ²Hv∩C

7. ÷@UOCoNiHl LDAP ²@C

: ziH∩ A∩bwºßA LDAP ²CwºßAIs bin ²

U ldapUpgrade -íC

≤s⌡ºßAeNXuwg¿Ωw⌡v∩C

8. ÷@UTwC

LDAP ªºßAeNXu²°A⌡MΩwgQFv∩

C

oANΓ WebLogic Tivoli Identity Manager 4.3AQ WebLogic

Tivoli Identity Manager 4.5 FC

WebSphere Application Server w Tivoli Identity Manager 4.5

Níp≤b WebLogic Tivoli Identity Manager 4.3 ⌠wqñA

w WebSphere Application Server Tivoli Identity Manager 4.5 C

1. Is Tivoli Identity Manager 4.5 WebSphere wíA÷iµwδ

FAeXu∩w²v∩εC

2. ∩@Ω¿AwPl Tivoli Identity Manager 4.3 w[cúP Tivoli

Identity Manager 4.5CpAitim45C

oeXu∩Ωw¼v∩C

3. ∩l Tivoli Identity Manager 4.3 w[cΩw¼C

4. ≥iµ@δwAXuIBM Tivoli Identity Manager Ωwtmv∩

C

5. ÷@U°C

oeXu²tmv∩C

6. ÷@U°C

oeXuttmuπv∩C

7. ∩u²vAΘJ²°AsuΩTC

8. ÷@UAτzΘJsuΩTTC

9. ∩uΩwvAΘJΩwsuΩTC

10. ÷@UAτzΘJsuΩTTC

11. ÷@Uul≤vA

ul≤v°íC

12. Nu¡z°A URLvµA∩z°AAMß÷@UMC

13. ÷@UTwA¿w@C

² D. q Tivoli Identity Manager 4.3 Tivoli Identity Manager 4.5 ß 4.5.1 C 113

|

|

|

|

|

oANΓ WebSphere Application Server Tivoli Identity Manager 4.5 w

ªFC

tmsw

NízΓ WebLogic Tivoli Identity Manager 4.3 α WebSphere

Application Server Tivoli Identity Manager 4.5 AiµtmBJCo

BJnÑzΓ WebLogic Tivoli Identity Manager 4.3 WebLogic

Tivoli Identity Manager 4.5 AB]wF WebSphere Application Server

Tivoli Identity Manager 4.5 ºß&⌡µC

1. Γ CustomLabels.properties q Tivoli Identity Manager 4.3 data lΩ¿A

s Tivoli Identity Manager 4.5 data lΩ¿C

2. Tivoli Identity Manager 4.3 enRole.properties xseA∩ Tivoli

Identity Manager 4.5 enRole.properties ñUCeG

v enrole.defaulttenant.id

v enrole.organization.name

q 4.5 4.5.1

b¿²e≤OwΩ¿ñtm Tivoli Identity Manager 4.5 BJº

ßA Tivoli Identity Manager 4.5.1 wMAN Tivoli Identity Manager 4.5

4.5.1 CpGnΣLΩTA\ 123² F, yq Tivoli

Identity Manager 4.5 4.5.1 zC

114 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

|

² E. q Tivoli Identity Manager 4.4.x Tivoli IdentityManager 4.5 ß 4.5.1 C

Níp≤q Tivoli Identity Manager 4.4.x Tivoli Identity Manager 4.5

MßA 4.5.1 CPNíp≤Nµ@°AMO Tivoli Identity

Manager tm[HC

Tivoli Identity Manager ¿UC@G

v NnΘCztXs Tivoli Identity Manager DAN⌠≤≤

Tivoli Identity Manager ⌠nΘA[HMtmCΣñ]]AΩ

wM²°AC

v Tivoli Identity Manager wíw Tivoli Identity Manager 4.5 CTivoli

Identity Manager wí]tXs Tivoli Identity ManagerANΩwϕµB

²°A⌡He[HC

v b¿²e Tivoli Identity Manager 4.5 BJºßA Tivoli Identity

Manager 4.5.1 wMAN Tivoli Identity Manager 4.5 4.5.1 C

pGnΣLΩTA\ 123² F, yq Tivoli Identity Manager 4.5

4.5.1 zC

:

1. úⁿA]znwMtm WebSphere Application Server 5.0

sw[cAOP WebSphere Application Server 4.0 PsbC

bΓ WebSphere Application Server w[c@s⌠UATO

WAS_HOME\properties\wsadmin.propertiesñ com.ibm.ws.scripting.port AP

server1 SOAP_CONNECTOR_ADDRESS U≡@:

WAS_HOME\config\cells\<cell_name>\nodes\<node_name>\serverindex.xml

pGΓú@AKLkQíp Tivoli Identity Manager Mtm Tivoli Identity

Manager/WebSphere Application ServerC

pGzúµOd WebSphere Application Server 4.0 w[cA²Q

WebSphere Application Server 4.0 úwíAHΓΦíNªúwC

2. pGzQn Tivoli Identity Manager 4.5 wíw WebSphere Application

Server 5.0 A²úwUCúG

v WebSphere Application Server 4.0

v IBM MQSeries

v IBM MQSeries ΣM≤ MA88

3. ºßA²efMΘxΩAPsΩNú@w÷FC

lºe

bq Tivoli Identity Manager 4.4.x Tivoli Identity Manager 4.5 ºeA

⌡µUC@G

© Copyright IBM Corp. 2004 115

|

|

|

|

|

|

|

|

|

|

|

|

1. ≈µ WebSphere Application Server tm]wAΣñ]A Tivoli Identity

Manager 4.4.x ]wbCoO≤ WAS_HOME\config UC

2. ≈µ Tivoli Identity Manager ΩTAΣñ]AeMtm]wCo

≤ ITIM_HOME\data ñC

3. ≈²°AC\Aϕúσ≤C

4. ≈ΩwC\Aϕúσ≤C

5. ²w⌠XWV Tivoli Identity Manager 4.5 ≥DCpG

nΣLΩTA\ IBM Tivoli Identity Manager NC

6. tX Tivoli Identity Manager 4.5 wDAN²°AMΩwnΘC

pGnΣLΩTA\ IBM Tivoli Identity Manager NC

7. TwΩw°Awb⌡µñC

pGzO Oracle Tivoli Identity Manager ΩwAiHPM

vuenrolevbßnJ SQLPlusC@δÑA Oracle usystemv

iHPoMvC

pAQUínJG

sqlplus system/password@itim_db_instance

P\ivuenroleviHu⌠≤vCΘJUzⁿOG

SQL> GRANT CREATE ANY PROCEDURE to enrole;

hXÑq@CΘJUzⁿOG

SQL> quit;

8. bºeATw Tivoli Identity Manager GUI mñεCwMúAB½

soXw≤]pπúwRúCq Tivoli Identity Manager 4.4

Tivoli Identity Manager 4.5 ºßAúOdu@yCbºeAY3Twu

@ybómñAhϕ Tivoli Identity Manager ¬be@w

½soXm≤AiαPßXº¼pC

b⌡µºeAbPw Tivoli Identity Manager εCOºßAε Tivoli

Identity Manager]²Oún ε WebSphereC

@tτ Tivoli Identity Manager u@yObómñΦkAOd

u@yεCñTº]]Au@yMu@ymC

WebSphere MQ ú@-í runmqsc.exe HΣεCdMzAΣ≤w]² WebsphereMQ_HOME\bin ñC runmqsc.exe ís Websphere εCzíA display ⁿOπεC¼AC

UCO Tivoli Identity Manager εCMµG

v itim_wfAu@yεC

v itim_wf_pendingAu@ymñεC

v itim_rsAAεC

v itim_msAl≤AεC

v itim_adhocSyncAq°iAεC

116 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

pA] WebSphere MQ wípbIuAv°Auserver1vWCUCⁿO

s ípbIM°AW JMS zíG

runmqsc WAS_A_server1

UCⁿOπ Tivoli Identity Manager u@yεC¼AG

display qlocal(’WQ_itim_wf’)

búπeñACURDEPTH πεCñTºCpG itim_wf M

itim_wf_pending εCúOAh Tivoli Identity Manager u@yÑiα

ObómñCpG

AMQ8409GπεCΩCDESCR(WebSphere Application Server queue - do not delete)PROCESS( ) BOQNAME(SYSTEM.DEAD.LETTER.QUEUE)

.

.

.IPPROCS(10) OPPROCS(0)

CURDEPTH(0)

9. WebSphere Application Server ⌠C\ 95yw WebSphere

Application ServerzC

10. ÷¼O]pGC

Nµ@°Atm

Dnbí Tivoli Identity Manager µ@°AtmC¿UCA

o@@UCΓ@G

1. w WebSphere Application Server Base 5.0C÷íΩTA\

98yN Base wbC@IWzC⌠≤ Network Deployment Manager

OMΩTAúnBzC

2. N Tivoli Identity Manager 4.4.x 4.5 C÷íΩTA

\yN Tivoli Identity Manager 4.4.x 4.5 zC

N Tivoli Identity Manager 4.4.x 4.5

DnbíN Tivoli Identity Manager 4.4.x 4.5 C

1. Tivoli Identity Manager wíC

instW2K-WAS.exe

oeuw∩v°íC

2. ∩AϕyÑAMß÷@UTwC

oeuvXv°íC

3. \¬vXAMwO ⁿo°CpG ⁿA∩ⁿAMß÷U@BC

oeu∩w¼v°íC

4. ∩µ@°AAMß÷U@BC

oeu∩w²v°íC

5. ÷@U∩....AMß∩ Tivoli Identity Manager 4.4.x l²C

6. ÷U@BC

² E. q Tivoli Identity Manager 4.4.x Tivoli Identity Manager 4.5 ß 4.5.1 C 117

|

|

|

|

|

|

|

|

|||||||||

|

|

|

oeXuznq 4.4 4.5 Hv∩C

7. ∩OC

oeXuT WebSphere mv∩C

8. T WebSphere l²mAMß÷U@BC

eWX WebSphere w∩C

9. PztWuWebSphere swvOb@ñCpGuWebSphere

swvA÷@Uw WebSphere wAhA∩w WebSpherewCpGz∩uw WebSphere wvAB÷U@BAeNXt@

°íAnDzⁿw WebSphere í°A ID MKXCpGn

ΣLΩTA\ 103² C, ywqzC

oeXuemwKnv∩C

10. ÷@UwC

oeXUCU∩G

v LDAP Q¿

v ΩwQ¿

v ttmuπ

11. ÷@UTwA¿w@C

:

1. D∩ºetmΩwM LDAP °AⁿΩTCpGLks oΩ

AiHuttmuπvA½stmotsueCpGnut

tmuπvΩT÷ΩTA\ IBM Tivoli Identity Manager tmΓUC

2. pGzbwA¼÷≤ enrole.ear TºANϕ Network Deployment

Manager iαLks SOAP ≡CTw SOAP tm≡ANObw

WebSphere 5.0 tm≡C

bΓ WebSphere Application Server w[c@s⌠UATO

WAS_HOME\properties\wsadmin.propertiesñ com.ibm.ws.scripting.port AP

server1 SOAP_CONNECTOR_ADDRESS U≡@:

WAS_HOME\config\cells\<cell_name>\nodes\<node_name>\serverindex.xml

pGΓú@AKLkQíp Tivoli Identity Manager Mtm Tivoli Identity

Manager/WebSphere Application ServerC

NOtm

Dnbí Tivoli Identity Manager OtmCo@@UC

X@G

1. wMtmOtm WebSphere ≤G

a. w WebSphere Application Server Network DeploymentC֒

ΩTA\ 96 yw WebSphere Application Server Network

DeploymentzC

b. w IBM HTTP Server M Web í≤C÷íΩTA

\ 97yw IBM HTTP Server M WebSphere Web °AízC

118 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

c. N WebSphere Application Server Base 5.0 wbn°AC÷í

ΩTA\ 98yN Base wbC@IWzC

d. tmO⌠CΣL÷ΩTA\ 95ytm Tivoli Identity Manager

OzC

2. N Network Deployment Manager t Tivoli Identity Manager 4.4.x 4.5

C÷íΩTA\yN Network Deployment Manager t

Tivoli Identity Manager 4.4.x 4.5 zC

3. N¿It Tivoli Identity Manager 4.4.x 4.5 C÷í

ΩTA\ 120yN¿t Tivoli Identity Manager 4.4.x

4.5 zC

N Network Deployment Manager t Tivoli Identity Manager 4.4.x 4.5

Dnbíp≤bz Network Deployment Manager ttWAN Tivoli

Identity Manager 4.4.x 4.5 C

: WebSphere Application Server Network Deployment 5.0 iHⁿJ Tivoli Identity

Manager 4.4.x Dnn°AC

1. Network Deployment Manager qúW Tivoli Identity Manager wíG

instWIN-WAS.exe

oeuw∩v°íC

2. ∩AϕyÑAMß÷@UTwC

oeuvXv°íC

3. \¬vXAMwO ⁿo°CpG ⁿA∩ⁿAMß÷U@BC

oeu∩w¼v°íC

4. ∩OAMß÷U@BC

oeu½nΩTv°íC

5. ÷U@BC

oeu∩w²v°íC

6. ÷@U∩....AMß∩ Tivoli Identity Manager 4.4.x l²C

7. ÷U@BC

oeXuznq 4.4 4.5 Hv∩C

8. ∩OC

oeu∩OI¼v°íC

9. I¼A∩ Network Deployment ManagerAMß÷U@BC

oeXuT WebSphere mv∩C

10. T WebSphere l²mAMß÷U@BC

eWXOW∩C

² E. q Tivoli Identity Manager 4.4.x Tivoli Identity Manager 4.5 ß 4.5.1 C 119

|

|

|

|

|

|

|

|

|

11. ΘJb Network Deployment Manager OWC

12. ÷U@BC

eWX WebSphere w∩C

13. PztWuWebSphere swvOb@ñCpGuWebSphere

swvA÷@Uw WebSphere wAhA∩w WebSpherewCpGz∩uw WebSphere wvAB÷U@BAeNXt@

°íAnDzⁿw WebSphere í°A ID MKXCpGn

ΣLΩTA\ 103² C, ywqzC

oeXuemwKnv∩C

14. ÷@UwC

oeXUCU∩G

v LDAP Q¿

v ΩwQ¿

v ttmuπ

: pGzbwA¼÷≤ enrole.ear TºANϕ Network

Deployment Manager iαLks SOAP ≡CTw SOAP tm≡A

NObw WebSphere 5.0 tm≡C

bΓ WebSphere Application Server w[c@s⌠UATO

WAS_HOME\properties\wsadmin.propertiesñ com.ibm.ws.scripting.port A

P server1 SOAP_CONNECTOR_ADDRESS U≡@:

WAS_HOME\config\cells\<cell_name>\nodes\<node_name>\serverindex.xml

pGΓú@AKLkQíp Tivoli Identity Manager Mtm Tivoli Identity

Manager/WebSphere Application ServerC

oeXuttmuπv∩C

15. ÷@UTwA¿w@C

: D∩ºetmΩwM LDAP °AⁿΩTCpGLks oΩ

AiHuttmuπvA½stmotsueCpGnut

tmuπvΩT÷ΩTA\ IBM Tivoli Identity Manager tmΓUC

N¿t Tivoli Identity Manager 4.4.x 4.5

Dnbíp≤NO¿tW Tivoli Identity Manager 4.4.x 4.5

C

: WebSphere Application Server Network Deployment 5.0 iHⁿJ Tivoli Identity

Manager 4.4.x Dnn°AC

1. ¿I≈W Tivoli Identity Manager wíG

instW2K-WAS.exe

oeuw∩v°íC

2. ∩AϕyÑAMß÷@UTwC

120 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

oeuvXv°íC

3. \¬vXAMwO ⁿo°CpG ⁿA∩ⁿAMß÷U@BC

4. ÷U@BC

oeu∩w¼v°íC

5. ∩OAMß÷U@BC

oeu½nΩTv°íC

6. ÷U@BC

oeu∩w²v°íC

7. ÷@U∩....AMß∩ Tivoli Identity Manager 4.4.x l²C

8. ÷U@BC

oeXuznq 4.4 4.5 Hv∩C

9. ∩OC

oeu∩OI¼v°íC

10. I¼A∩O¿AMß÷U@BC

oeXuT WebSphere mv∩C

11. T WebSphere l²mAMß÷U@BC

eWXOW∩C

12. ΘJb Network Deployment Manager OWC

13. ÷U@BC

eWX WebSphere w∩C

14. PztWuWebSphere swvOb@ñCpGuWebSphere

swvA÷@Uw WebSphere wAhA∩w WebSpherewCpGz∩uw WebSphere wvAB÷U@BAeNXt@

°íAnDzⁿw WebSphere í°A ID MKXCpGn

ΣLΩTA\ 103² C, ywqzC

oeXuemwKnv∩C

15. ÷@UwC

: pGzbwA¼÷≤ enrole.ear TºANϕ Network

Deployment Manager iαLks SOAP ≡CTw SOAP tm≡A

NObw WebSphere 5.0 tm≡C

bΓ WebSphere Application Server w[c@s⌠UATO

WAS_HOME\properties\wsadmin.properties ñ com.ibm.ws.scripting.port A

P server1 SOAP_CONNECTOR_ADDRESS U≡@G

WAS_HOME\config\cells\<cell_name>\nodes\<node_name>\serverindex.xml

pGΓú@AKLkQíp Tivoli Identity Manager Mtm Tivoli Identity

Manager/WebSphere Application ServerC

² E. q Tivoli Identity Manager 4.4.x Tivoli Identity Manager 4.5 ß 4.5.1 C 121

|

oeXuttmuπv∩C

16. ÷@UTwA¿w@C

: D∩ºetmΩwM LDAP °AⁿΩTCpGLks oΩ

AiHuttmuπvA½stmotsueCpGnut

tmuπvΩT÷ΩTA\ IBM Tivoli Identity Manager tmΓUC

q 4.5 4.5.1

b¿²etm Tivoli Identity Manager 4.5 BJºßA Tivoli Identity

Manager 4.5.1 wMAN Tivoli Identity Manager 4.5 4.5.1 Cp

GnΣLΩTA\ 123² F, yq Tivoli Identity Manager 4.5

4.5.1 zC

122 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

² F. q Tivoli Identity Manager 4.5 4.5.1

Níp≤q Tivoli Identity Manager 4.5 Tivoli Identity Manager 4.5.1

CPNíp≤Nµ@°AMO Tivoli Identity Manager tm[HC

: ßATivoli Identity Manager °A N≥²°AMΩwC

lºe

bq Tivoli Identity Manager 4.5 Tivoli Identity Manager 4.5.1 ºeA

⌡µUC@G

1. ≈µ WebSphere Application Server tm]wA]A Tivoli Identity

Manager 4.5 ]wCo≤ WAS_HOME\config ñC

2. ≈µ Tivoli Identity Manager ΩTAΣñ]AeMtm]wCo

≤ ITIM_HOME\data ñC

3. ≈²°AC\Aϕúσ≤C

4. ≈ΩwC\Aϕúσ≤C

5. bºeATw Tivoli Identity Manager u@ySw∩πB¡≈

BhIµ@b⌡µñA]S⌠≤ΣL@CbºeAY3T

wu@ybómñAhϕ Tivoli Identity Manager ¬be@w

½soXm≤AiαPßXº¼pC

b⌡µºeAbPw Tivoli Identity Manager εCOºßAε Tivoli

Identity Manager]²Oún ε WebSphereC

@tτ Tivoli Identity Manager u@yObómñΦkAOd

u@yεCñTº]]Au@yMu@ymC

WebSphere MQ ú@-í runmqsc.exe HΣεCdMzAΣ≤w]² WebsphereMQ_HOME\bin ñC runmqsc.exe ís Websphere εCzíA display ⁿOπεC¼AC

UCO Tivoli Identity Manager εCMµG

v itim_wfAu@yεC

v itim_wf_pendingAu@ymñεC

v itim_rsAAεC

v itim_msAl≤AεC

v itim_adhocSyncAq°iAεC

pA] WebSphere MQ wípbIuAv°Auserver1vWCUCⁿO

s ípbIM°AW JMS zíG

runmqsc WAS_A_server1

UCⁿOπ Tivoli Identity Manager u@yεC¼AG

display qlocal(’WQ_itim_wf’)

© Copyright IBM Corp. 2004 123

|

|

|

|

|

||

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

búπeñACURDEPTH πεCñTºCpG itim_wf M

itim_wf_pending εCúOAh Tivoli Identity Manager u@yÑiα

ObómñCpG

AMQ8409GπεCΩCDESCR(WebSphere Application Server queue - do not delete)PROCESS( ) BOQNAME(SYSTEM.DEAD.LETTER.QUEUE)

.

.

.IPPROCS(10) OPPROCS(0)

CURDEPTH(0)

6. ÷¼O]pGC

Nµ@°Atm

Dnbíp≤bµ°AtmñN Tivoli Identity Manager 4.5 4.5.1

C⌡µUC@G

1. Tivoli Identity Manager wíC

instWIN-WAS.exe

oeuw∩v°íC

2. ∩AϕyÑAMß÷@UTwC

oeuvXv°íC

3. \¬vXAMwO ⁿo°CpG ⁿA∩ⁿAMß÷U@BC

oeu∩w¼v°íC

4. ∩µ@°AAMß÷U@BC

oeu∩w²v°íC

5. ÷@U∩....AMß∩ Tivoli Identity Manager 4.5 l²C

6. ÷U@BC

oeXuznq 4.5 4.5.1 Hv∩C

7. ∩OC

oeXuemwKnv∩C

8. ÷@UwC

oeXUCU∩G

v LDAP Q¿

v ΩwQ¿

v ttmuπ

9. ÷@UTwA¿w@C

: D∩ºetmΩwM LDAP °AⁿΩTCpGLks oΩ

AiHuttmuπvA½stmotsueCpGnut

tmuπvΩT÷ΩTA\ IBM Tivoli Identity Manager tmΓUC

124 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|||||||||

||

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

NOtm

Dnbí Tivoli Identity Manager OtmCo@@UC

X@G

1. N Network Deployment Manager System ñ Tivoli Identity Manager 4.5

4.5.1 C÷íΩTA\yN Network Deployment Manager

System Tivoli Identity Manager 4.5 4.5.1 zC

2. N ¿Itñ Tivoli Identity Manager 4.5 4.5.1 C÷í

ΩTA\ 126yN¿tñ Tivoli Identity Manager 4.5

4.5.1 zC

N Network Deployment Manager System Tivoli Identity Manager4.5 4.5.1

Dnbíp≤bx Network Deployment Manager System tWAN Tivoli

Identity Manager 4.5 4.5.1 C⌡µUC@G

1. Network Deployment Manager qúW Tivoli Identity Manager wíG

instWIN-WAS.exe

oeuw∩v°íC

2. ∩AϕyÑAMß÷@UTwC

oeuvXv°íC

3. \¬vXAMwO ⁿo°CpG ⁿA∩ⁿAMß÷U@BC

oeu∩w¼v°íC

4. ∩OAMß÷U@BC

oeu½nΩTv°íC

5. ÷U@BC

oeu∩w²v°íC

6. ÷@U∩....AMß∩ Tivoli Identity Manager 4.5 l²C

7. ÷U@BC

oeXuznq 4.5 4.5.1 Hv∩C

8. ∩OC

oeXuemwKnv∩C

9. ÷@UwC

oeXUCU∩G

v LDAP Q¿

v ΩwQ¿

v ttmuπ

oeXuttmuπv∩C

10. ÷@UTwA¿w@C

² F. q Tivoli Identity Manager 4.5 4.5.1 125

||

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

: D∩ºetmΩwM LDAP °AⁿΩTCpGLks oΩ

AiHuttmuπvA½stmotsueCpGnut

tmuπvΩT÷ΩTA\ IBM Tivoli Identity Manager tmΓUC

N¿tñ Tivoli Identity Manager 4.5 4.5.1

Dnbíp≤bO¿tWAN Tivoli Identity Manager 4.5 4.5.1

C⌡µUC@G

1. ¿I≈W Tivoli Identity Manager wíG

instWIN-WAS.exe

oeuw∩v°íC

2. ∩AϕyÑAMß÷@UTwC

oeuvXv°íC

3. \¬vXAMwO ⁿo°CpG ⁿA∩ⁿAMß÷U@BC

4. ÷U@BC

oeu∩w¼v°íC

5. ∩OAMß÷U@BC

oeu½nΩTv°íC

6. ÷U@BC

oeu∩w²v°íC

7. ÷@U∩....AMß∩ Tivoli Identity Manager 4.5 l²C

8. ÷U@BC

oeXuznq 4.5 4.5.1 Hv∩C

9. ∩OC

oeXuemwKnv∩C

10. ÷@UwC

oeXuttmuπv∩C

11. ÷@UTwA¿w@C

: D∩ºetmΩwM LDAP °AⁿΩTCpGLks oΩ

AiHuttmuπvA½stmotsueCpGnut

tmuπvΩT÷ΩTA\ IBM Tivoli Identity Manager tmΓUC

126 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

|

² G. úw Tivoli Identity Manager

Tivoli Identity Manager úwiHúwUCG

v Tivoli Identity ManagerA]Abw Tivoli Identity Manager Ast

W ITIM_HOME

v b WebSphere Application Server W Tivoli Identity Manager Tivoli Identity

Manager íMtm]w

úw Tivoli Identity Manager ú∩Ωwϕµ²°A⌡C

Tivoli Identity Manager úwíq WebSphere Application Server ú Tivoli

Identity Manager íC

pGntúwΣLbw Tivoli Identity Manager iαwgwú]p

WebSphere Application Server IBM HTTP ServerA\Aϕúσ≤C

: pGznqOtmN Tivoli Identity Manager úwA²qO¿

ú Tivoli Identity ManagerAAqw Network Deployment Manager qúW

ú Tivoli Identity ManagerC

lºe

pGzQnΓ Tivoli Identity Manager tmΩTxsb WebSphereAbúw Tivoli

Identity Manager ºeA²Γ WebSphere tm≈C

1. WebSphere Application ServerC≤÷o°AΩTA\

WebSphere Application Server úσ≤C

2. bz WebSphere Application Server s@≈qúWA⌡µUzⁿOG

WAS_HOME\bin\backupConfig.bat

ⁿO@O WebSphereConfig_2003-07-10.zip úYAΣ]t

µ Tivoli Identity Manager tm]wC Obz⌡µ backupConfig ⁿO

²UC

: pGntm]wA⌡µUzⁿOG

WAS_HOME\bin\restoreConfig.bat WebSphereConfig_datevalue.zip

:

1. pGznqOtmúw Tivoli Identity ManagerA² Network Deployment

Manager b⌡µñCA]τb⌡µúwA@í°AM

Network Deployment Manager ºíqTºeA²²INzíbtW⌡µC

2. pGznq Network Deployment Manager túw Tivoli Identity ManagerA

²tWS JVM 1.3 AO WebSphere Application Server Base

w[cAoiαoDCboípUAziHw@≈ JVM 1.3

A≤s <ITIM_HOME>/itimUninstallerData/Uninstall ITIM.lax LAX

JVM wqC

ΓUo@µG

© Copyright IBM Corp. 2004 127

lax.nl.current.vm=\java\bin\javaw.exe

∩¿

lax.nl.current.vm=was_ndm_home\java\bin\javaw.exe

úw Tivoli Identity Manager BJ

pGnúw Tivoli Identity ManagerA⌡µUC@G

1. bw Tivoli Identity Manager qúW⌡µUCⁿOAN Tivoli Identity Manager

íúwC

ITIM_HOME\itimUninstallerData\Uninstall_ITIM

2. zLúwδFeATznúw Tivoli Identity ManagerC

3. Q¿úwºßAΓU Tivoli Identity Manager ²BtmMΘx

AqtúC

Tivoli Identity Manager úwí]Γípb WebSphere Application Server W

Tivoli Identity Manager íúC

pGnτ Tivoli Identity Manager wgq WebSphere Application Server úw

BúA⌡µUC@G

1. WebSphere Application Server zDxAMßnJC

2. q²≡¼c²IAMß÷U°íC

oeX@≈wbí°A°íMµCpGΣñC

enRole oíA Tivoli Identity Manager úwíKLkq WebSphere

Application Server ú Tivoli Identity Manager íCziHΓΦí

úoíCpGS enRole íANϕ Tivoli Identity Manager

úwíwgQq WebSphere Application Server ú Tivoli Identity

Manager úwíFC

pGnHΓΦíAq WebSphere Application Server ú Tivoli Identity Manager

íA⌡µUC@G

1. WebSphere Application Server zDxAMßnJC

2. q²≡¼c²IAMß÷U°íC

oeX@≈wbí°A°íMµC

3. ∩ enRole ∩C

4. ÷@Uε÷sC

5. enRole íQ εºßAA∩ enRole í∩C

6. ÷@Uúw÷sC

7. d enrole.ear ²OwqUCúG

WAS_HOME\AppServer\config\cells\servername\applications

8. ú WAS_HOME\AppServer\logs ñ itim.log

128 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

: bO⌠ñAunq Network Deployment Manager tú Tivoli Identity

Manager ºßAONA]úα Tivoli Identity Manager FCziHWz

HΓΦíNíúwⁿAqOO¿ú Tivoli Identity

ManagerC

WebSphere ⌠ ORACLE_JDBC_DRIVER_PATHbwí∩F Oracle ΩwATivoli Identity Manager N WebSphere Application

Server ⌠ ORACLE_JDBC_DRIVER_PATH ] classes12.zip b

ITIM_HOME/libCO]wb WebSphere Application Server IhC

úw Tivoli Identity Manager iαú classes12.zip CpGzt@

íAzN½] classes12.zip ºbs

mC

² G. úw Tivoli Identity Manager 129

|

|

|

|

|

|

|

130 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

² H. N

σ≤Yw∩ IBM bⁿΩúºúPAoFbΣLΩañAIBM úúo

ú≤ñúUúBA\αCóϕa IBM NϕAHo

ϕaeúúMAº÷ΩTCo≈σ≤bú IBM úBíAA

úϕtuα IBM úBíACun3I8 IBM z]úvA

⌠≤\αϕúBíAúiHN IBM úBíACúLA⌠≤

D IBM úBíAAµtd@⌠Mτd⌠C

o≈σ≤íDDeAIBM iα ΣMQMQ9Cúo≈σ≤úNϕ

úoMQvCziHúXvdAτHG

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

pGO÷ (DBCS) ΩTvdAóbΩ IBM z]úíA

úXvdAτHG

IBM World Trade Asia CorporationLicensing2-31 Roppongi 3-chome, Minato-kuTokyo 106-0032, Japan

UCq¿úA≤Ω°PϕakΦΣLΩaGInternational Business

Machines Corporation) uypzúXAúú⌠≤tºOAΣ

ñ]ABú¡≤úHWwBiSwºA⌠tOCab

Swµ÷WAú4\útOA]Aonú@wAXzC

oΩTñiαNWLΩW C]AIBM wqFNqß

eJsñCIBM H∩iM/≤XúúM/íAút

µqC

o≈ΩTñú⌠≤D IBM ⌠uAIBM úo⌠úOCo⌠

úΩúO IBM úΩeApGno⌠ΩAz

µßIC

IBM oHUAϕΦíG)zú⌠≤ΩTAL∩ztdC

pGí≥vHF (i) bOíMΣLí]]Aíºíµ½

ΩTAH (ii) ¼µ½ΩTA]n÷ΩTAóG

IBM Corporation2ZA4/10111400 Burnet RoadAustin, TX 78758U.S.A.

© Copyright IBM Corp. 2004 131

oΩTiAϕ°oAbYípUIOΦoC

IBM ≥≤Φº IBM ΩívX]⌠≤PÑX°AúΩTú

víPΣAvΩC

Bt⌠≤αΩAObⁿε⌠UoXAPbΣL@⌠UoX

GAiαjtºCqΩObotWAúOPΣLqt

WqΩ@CAqΩiαOzL [Hw⌠AΩGúú

oPCσTΣSw⌠AΩC

úºD IBM úΩTAúAΣoGnΣL-DC

IBM 3LoúA]LkToD IBM ú⌡µαBe⌠≤∩

úΣLDiOL C÷D IBM úαD ó úC

UCⁿJO International Business Machines Corporation bⁿΩ/ΣLΩa

UG

AIX

DB2

IBM

IBM x

SecureWay

Tivoli

Tivoli x

Universal Database

WebSphere

Lotus O Lotus Development Corporation / IBM Corporation UC

Domino O International Business Machines Corporation M Lotus Development Corporation

bⁿΩ/ΣLΩaC

MicrosoftBWindowsBWindows NT M Windows xO Microsoft Corporation bⁿΩ

/ΣLΩaC

UNIX O The Open Group bⁿΩΣLΩaUC

Java™ MH Java ≥ªMxAO Sun

Microsystems, Inc. bⁿΩMΣLΩaUC

ΣL-qBúAWAiαOTAxC

132 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

Wⁿ

T

l (subprocess). Qϕ@t@u@y]p@íu@y]pC

u@y (workflow). ÷°⌡µíC

w¿nD (completed requests). wgeXtABwg¿nDC

úe\@ (disallowed action). AªiHwqϕ Tivoli Identity Manager Server obß

HLv ∩AbßA⌡µ@Co

ub∩udhv∩&C

ñíΩxsw (central data repository). oΩwiHO²Mxsn²MsMvΩ

AΣñ]Aµ÷M@O²bC

Σ (branch). ≡¼cñC@hAú@ΣC≡¼cñC@ΣAú)úPⁿ

XCziH÷@UlµΣΣ[ (+)A°Σ

eC

¡

²AOyÑ (Directory Services MarkupLanguage, DSML). O@ XML Ω@AiHú@

µíAíM@úP²t²AΩTC

@KX (shared secret). @[KAΣO

lKXAs Tivoli Identity Manager tC

oObHΩTⁿJtwqC

Xⁿ (join directive). @WhAoWhiwqϕΓΓHWho≡A p≤Bz

C

s (access). xsbqútWΩTΩMvC

sεΩT (access control informationAACI). oΩiHO@sDΘsvCt\us

εvC

C

m (location). iH[Jñ@l-qΩΘCq

AmOHΦΦíazmAiµ

zC

@ñbß (active account). @sbBe) sΩbßC

@°i (operation report). o≈°iO @¼BΘB)nD@AHw∩nD@AC

Tivoli Identity Manager @nDC

OW (alias). @¡AqOⁿ IDC

@HiHnXOWApGGSmith M GWSmithC

tz (system administrator). vstHC

Tivoli Identity Manager tñú@w²tm

uITIM svCouITIM svQ]pnNt

¬sv3¿C¡zuITIM sv¿

Avst\αMΩC

¡Oh (identity policy). Tivoli Identity Manager

twqp≤ ID WhC

K

(user). Pt¼@⌠≤HC

(user interfaceAUI). Pt¼

πeC

W (user name). st IDC

o ID ]iHw∩tOAB²t

bUñΓM ITIM sñ¿ΩµAMw

svC

°i (user report). o≈°iO ΘB)nD@Hw∩nD@ACX Tivoli Identity

Manager @C

O (user class). @ LDAP OAp

inetorgperson BPPersonC

© Copyright IBM Corp. 2004 133

(provision). iH]wM@∩tsvC

h (provisioning policy). ohiHwqUⁿzAsvAp Tivoli Identity Manager @

tCsv3HA HñΓ

[H3Csv]iHSO3úO⌠≤ñΓ¿

HC

eú (delegate). oHQⁿútdπt@nDAw∩t@nDúΩTC

tbß (orphanAorphan account). ΩbßA bßb Tivoli Identity Manager tñ Lk

PwC

A (service). ⌡µ°A÷nΘñDn\α

íC

A∩h (service selection policy). bh

ñAtdMwn@A JavaScript LoC

D@ñbß (inactive account). sb≤tñA²ebß úbñbßC

E

Mµ (to do list). ⁿú¿@MµC

d (query). ¡ε@ p¼]ΦkC

nD (request). O Tivoli Identity Manager tñAn

DπΩT@@C

nD (requestor). eXnDHC

nDΩT (request for information, RFI). bz¡

OAVⁿwPnDΣLΩT@Aobu

@yO@nBJC

¡ε (constraint). h¡εC

Q

HΩT (personal information). HΩTCoΩTiH]tm≤BWrBϕaaBqXBq

lHcaB-XMÑC

h (policy). b Tivoli ñA@M≤ⁿzΩW

hC±ΦíAhiHMKXAMQ

nsΩC

hIµ (policy enforcement). Tivoli Identity Manager

t ⁿú ⁿHhºbΦíC

Q@

P (participant). b¡zñAvw∩zLu@yeXnDX HCPiQ°H

ñΓAQq JavaScript Script [HOC

µ (business unit). ñ@l-qΩΘC

±H (business partner person). ±ñ@HC

± (business partner organization). @

HOAúO-q uA²Oiαns

-qΩC

KX (password). bqúM⌠⌠wñA)ΘJHtOSwrΩAªiH²stA

HxsbΣñΩC

KXh (password policy). wqKXXº]wWhAp°AHe\Múe\r

¼C

KX¡ (password expiration period). bjó≤∩KXºeAªα≈h[C

bß (account). wqnJΩTMsεΩT

C

bß°i (account report). o≈°iCXHΣ÷bßAH bßOµhC

ε¼ (control type). Java ¼O@ΩAN

ϕ Wµ¼C

v (authorization). bqúwñA3qútPqútqTv¡C3∩½

≤BΩτπ¡svC

jíwtúOΓBJC@Ñq

OOATwNOLnHCGÑqO

vAe\o ¡sUΩC

v (authorization owner). oO@s

ALiHbΣµ⌠wqñAwqs

εΩT (ACI)C

(organization). b¡zñAWMΩDΘC÷MºíiH@ΩA²ºí

πXhoϕCCqNOⁿ-qC

ñΓ (organizational role). b¡zñAMwvsUⁿzΩºh¿ΩµC

µ (organizational unit). ñMΩDΘAtdNhiHzsCu

134 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

αⁿú@µCΩ]uαⁿú@µ

]úDªQwqqC

≡ (organization tree). ÑhícAiúΦíBsMxsΩTC

Q°i (rejected report). o≈°iO ΘB)nD@Hw∩nD@ACFQn

DC

QnD (requestee). nDOw∩oHeXC

QG

ú¡ε (escalation limit). biµú@ºeAP∩nDX q]ΘBBϕC

úP (escalation participant). b¡zñAvbⁿwúíA∩≤PS nDX

HCúPiQ°HñΓAQ

q JavaScript Script [HOC

ú DSML ¡ (DSML identity feed). Tivoli Identity

Manager Tw]A¼Σñ@C

ú DSML ¡AiqHOΩΩwAN

ΩJ Tivoli Identity Manager ²ñABNΩT

m≤ Tivoli Identity Manager ²UCoAiHQU

C@Φk ¼ΩTG@YNQRúq

C

ú HR (HR feed). Tivoli Identity Manager tqH

OΩΩwJΩC

uú DSML ¡vC

QT

Ω (resource). ) Tivoli nΘzwΘBnΘ

ΩΩΘCt\uⁿzΩvC

Ωz (resource provisioning management,rpm). XTDn]ΦBu@yzHeNzízhAtdñzvsΩT

MΩºC

qlϕµ (electronic form). qlϕµO@dAiHw∩nDsvwqC

Q

ΩΘ (entity). 1) ⁿH½≤AΩTNOw∩oH½

≤xsC

2) Tivoli Identity Manager tUC@OG

v Person

v BPPerson

v Organization

v BPOrganization

(supervisor). Tivoli Identity Manager tñA

Qⁿúµ HC

zΓ (admin domain). @µAHΦΦíjd⌠zsv¡C

(credential). e\sbß ID M

KXΩTC

Γ z (domain administrator). oziHwqMzbΣzΓΩΘBhBABu@

ywqBñΓHA²u¡≤LvzΓ

d≥C

fO² (audit trail). qútbYqñµ÷O

²C

oε (de-provision). úA≤C±ΦíAoεbßOⁿqΩRúYbßC

(digital certificate). FwúqlTº≤C

(suspend). °bßA²bß LknJΩ@C

Ld (challenge response). oO@OΦkAªnDbnJ⌠⌠AúMΩTτ¡A

∩úX C

d≥ (scope). hαvTd≥C

qd≥Owqµ@l≡CpGd≥Qwqµ@d

≥AhhuvTwqªP@ΣñΩΘCpGd

≥Qwql≡Ahhú²vTwqªΣA

vTΣL≤ hIΣΣC

(reconciliation). b¡≈zñANñíΩxswWbßMΣΩPⁿzΩWbßMΣΩP

B.C

°i (reconciliation report). o≈°iCFqW@⌡µºßAΣtbßC

Q

zñ (Certificate Authority). tdoX

CzñO ¡H

Wⁿ 135

vABoXsB≤sAH

oεúAvªC

(owner). Tivoli Identity Manager tñ bß

AHC

RAñΓ (static organizational role). uαHΓΦíⁿúñΓC

QC

ovQ (entitlement). bwzñANϕhΩTΩcBAMµC

mnD (pending request). wgeXtA² 3¿nDC

(restore). ½s bßC

QE

Wv¡ (signature authority). ov¡iHπeXu@ynDCsOQ

ⁿúu@y]pñPúPAQ3

Wv¡C

÷Σr (keyword). bjM@ñAOh

C

GQ@

⌡µΦí (attribute enforcement). tzwqbßHwqºC

GQG

O (authentication). OH¡ (qO

WMKX[HO) CbwtñAOPv

OIMúPAvOⁿ H¡Aw∩H3t

½≤svCOuOTwoHNOLn

¡A²3ú÷≤HsvΩTHC

A

ACI (ACI target). ) ACI εΩΘC

ACI I (ACI origin). ACI º≡¼cñ

ΣC

I

ITIM s (ITIM group). Tivoli Identity Manager °A

ñsC

tsMziHw∩ ITIM scA²OA

²π ITIM bßA&αⁿú ITIM sCu

noHπF ITIM bßALNO@ ITIM A

iH[J ITIM sC

S

Secure Socket Layer (SSL). zL⌠⌠⌠ΘpKσ≤qT≤wCSSL kOQpK≈ANzL

SSL suαeΩ[KC

T

Tivoli Identity Manager Nzí (Tivoli IdentityManager Agent). ⁿztM Tivoli Identity

Manager °Aºíz¼ Cªϕ≤HΩz

ABOα½nD½n≤AiHúU

twtmsvC

Tivoli Identity Manager °A (Tivoli Identity ManagerServer). Q]pníph¼MΦnΘMAM≤C

136 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

HñσrA σrASϕº

CC

e@fu@δv 49, 75

eTfu@ϕ

µ@°A 34

O 60

u@yh, Tivoli Identity Manager 6

u@D≈W, WebSphere Application Server µ 36

ef

ºe 111, 115, 123

tm 114

µ@°Atm 117, 124

Otm 118, 125

IBM HTTP Server 118

Tivoli Identity Manager 111, 115, 123

Σñ, pnΘ x

σ≤, Tivoli Identity Manager w vii

÷σ≤ ix

uWsσ≤ ix

Θx

µ@°Aw 53

Ow 80

e¡fD≈W, ²°Aµ 35, 61

DΘ DN, ²°Aµ 36, 62

X, Tivoli Identity Manager w vii

÷σ≤ ix

uWsσ≤ ix

[K

≈ 45, 72

WebSphere Application Server 37, 62

\αOtm

hORW (UIBWF) 6, 59

WebSphere Application Server 8

u@ϕ

µ@°A 34

O 58, 60

w, µ@°A 31

nΘ (≥)

O 59

IBM HTTP Server 31

WebSphere Application Server 31

WebSphere Embedded Messaging Σ 31

µ@°A

²°A 31

Ωw 31

zv¡ 32, 58

WebSphere sw 32

O

²°A 58

INzí 58

Ωw 58

HTTP Ñq@≥ 81

JMS °A 58

Network Deployment Manager 58

WebSphere Application Server Base 58

IBM HTTP Server

w, µ@°A 31

root 58

root v¡ 58

WebSphere Application Server Base

w, µ@°A 31

WebSphere Embedded Messaging Σ

w, µ@°A 31

Windows Wzv¡ 32

u²v 49, 76

²°A

tm, l 48, 75

µ

D≈W 35, 61

DΘ DN 36, 62

¡zí DN m 35, 61

≡ 36, 62

KX 36, 62

zW 35, 61

w]g 35, 61

Wqp 36, 62

xs"jpW¡ 36, 62

xs"ljp 36, 62

°Ωxs 35, 61

efhI, J2EE wtm 106, 107

uwv 52, 79

© Copyright IBM Corp. 2004 137

w

Θx

µ@°A 53

O 80

½sO 81

ΣLtm 46, 73

µ@°A 39

O 64

∩Ωw 41, 67

IBM HTTP Server 97

Oracle

AIX 16

HP-UX 19

Solaris 18

Windows 20

SQL Server 2000 22

Tivoli Identity Manager °A

31

y, µ@°A 38

y, O 63

µ@°A 31

O 57

WebSphere Application Server Base 98

WebSphere Application Server Network Deployment 96

IBM HTTP Server µ 38

WebSphere Application Server Base µ 62

WebSphere Application Server µ 37

WebSphere Embedded Messaging Σ 37

, wµ@°AnΘ 31

eCf°A

HΓΦíw, O 95

w, µ@°A 31

°AW, WebSphere Application Server µ 37

utvµ, WebSphere Application Server 37, 63

¡zí DN m, ²°Aµ 35, 61

eKf ID, Tivoli Identity Manager µ 38, 63

h, Tivoli Identity Manager 6

KX, Ωwµ 34, 60

D x

O@⌡µw

runConfig]ttm 53, 80

eEfⁿO

db2 connect 12

db2 create 12

ⁿO (≥)

db2 create bufferpool 12

db2 force application all 13

db2 update 12

db2 ¼² 14

db2cmd 12

db2set 11

db2start 13

db2stop 13

usejdbc2 15

y

µ@°Aw 38

Ow 63

¡ε

P@íqúW UIBWF O¿ 9

PΦ@t 9

h WebSphere Application Server Ω, P@íqú 9

WebSphere Embedded Messaging Σ 95

eQfeqW¡, Ωwxs"µ 35, 61

uOⁿv 50, 77

Oⁿh 38, 62, 63

OΘú¼ , applheapsz 15

leq, Ωwxs"µ 35, 61

tm

²°A 48, 75

MWⁿ 3

W 3

º[ 3

Ωw 46, 73

IBM DB2 11

IBM DB2

b°A 13

bOqúW 14

°A 12

w" 12

applheapsz 15

JDBC Xí 14

IBM Directory Server

π 24

4.1 24

Oracle 20

SQL Server 2000 22

Sun ONE Directory Server 29

Tivoli Identity Manager

u@δv 49, 75

u²v 49, 76

uwv 52, 79

uOⁿv 50, 77

ul≤v 50, 77

uΩwv 49, 76

UI 51, 78

WebSphere Application Server

\αO 8

138 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

tm (≥)

WebSphere Application Server (≥)

Tivoli Identity Manager 9

µ@°A 4

µ@O 7

eQ@f , J2EE wtm 108

IBM HTTP Server 31

WebSphere Application Server 31

WebSphere Embedded Messaging Σ 31

π

IBM Directory Server 24

timdelref.conf 25

²°Aµ 36, 62

≡, R 28

2809 28

8880 28

9043 28

9080 28

9090 28, 37

9090, MP wsmserver ≡ 95

9091 37

9443 28

Bootstrap/rmi 29

SOAP s 29

WebSphere Application Server µ 37

≡, Ωwµ 35, 61

≥D

CA 56, 83

KX

²°Aµ 36, 62

wºßlO ″secret″ 38, 63

Tivoli Identity Manager µ 38, 63

MWⁿ

u@y (WF) 6

(UI) 6

I 3

INzí 3

í°A 3

O 4

O¿ 4

Cell 3

jmsserver 9

Network Deployment Manager 3

WebSphere Application Server 3

WebSphere Embedded Messaging Σ 9

WebSphere Web Server í 4

N IBM DB2 Ωws¿¼² 14

zW, ²°Aµ 35, 61

nΘΣñ, p x

eQGfµ@°A

u@ϕ 34

²°A 31

Ωw 31

zv¡ 32, 58

WebSphere sw 32

w

Θx 53

ΣLtm 46

39

Tivoli Identity Manager °A 31

wy 38

tm

w 31

WebSphere Application Server 4

µ@Otm

w 64

WebSphere Application Server 7

µI, J2EE wtm 103

nJ≡ϕ, Ωwxs"µ 35, 61

ul≤v 50, 77

l≤°AW 38, 62, 63

w, µ@°A 39

w, O 64

ΣLtm 46, 73

D, Ow 57

eQTfI

[J Cell ñ 99

WebSphere Application Server 3

INzí

nM⌡µ 99

WebSphere Application Server 3

IW, WebSphere Application Server µ 37

úw

Tivoli Identity Manager 127

²°A⌡ 127

ΓtmΩTxsb WebSphere 127

BJ 128

ΣLú 127

Ωwϕµ 127

Ωw

bw∩ 41, 67

tm

l 46, 73

IBM DB2 11

µ

KX 34, 60

≡ 35, 61

ΩwW 34, 60

139

Ωw (≥)

µ (≥)

Ωw 34, 60

Ωw¼ 34, 60

z ID 34, 60

zKX 34, 60

IP 35, 61

uΩwv 49, 76

Ωwß, JDBC Xí 14

ΩwW, Ωwµ 34, 60

Ωw, Ωwµ 34, 60

Ωwxs"

eqW¡ 35, 61

leq 35, 61

nJ≡ϕ 35, 61

Ωw¼, Ωwµ 34, 60

w]g, ²°Aµ 35, 61

eQfz ID, Ωwµ 34, 60

z ID, WebSphere Application Server µ 36

zKX, WebSphere Application Server µ 36

zKX, Ωwµ 34, 60

zv¡, Windows 32

zv¡, wºe²Tw 58

zv¡, we²Tw 32

íσ≤≤Uuπn x

eQ¡fWqp, ²°Aµ 36, 62

h

u@y (WF) 6, 59

\αlwq 6

(UI) 6, 59

sw

we²Mw¼A 32

tm 103

itimadmin 105

wasadmin 105

WebSphere Application Server

utvµ 37, 63

]w 37, 43, 62, 70

uEJB vµ 37, 63

@δ 49, 75

² 49, 76

w 52, 53, 79, 80

Oⁿ 50, 77

l≤ 50, 77

Ωw 49, 76

UI 51, 78

uWsσ≤ ix

w", IBM DB2 12

w", IBM DB2 12

eQfzñ

Σ¼ 56, 83

°A-NzíqT 56, 83

eQCfxs"jpW¡, ²°Aµ 36, 62

xs"ljp, ²°Aµ 36, 62

í°A, WebSphere Application Server 3

pnΘΣñ x

eQKfO

u@ϕ 60

²°A 58

INzí 58

Ωw 58

HTTP Ñq@≥ 81

JMS °A 58

Network Deployment Manager 58

WebSphere Application Server Base 58

WebSphere sw 103

b Network Deployment Manager zDx 99

w

Θx 80

b¿Uz@ºß½s 81

ΣLtm 73

D 57

64

Tivoli Identity Manager °A 57

wy 63

¿

ΣLtm 73

JOϕñ 59

Network Deployment Manager ºßw 64

WebSphere Application Server 4

bw Tivoli Identity Manager ºe 59

WebSphere Application Server 4

OW, WebSphere Application Server µ 62

°Ωxs, ²°Aµ 35, 61

eGQGf¬∩H vii

140 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

erf2809

≡ 28

m 29

8880

≡ 28

m 29

9043

≡ 28

9080

≡ 28

9090

≡ 28, 37

P wsmserver ≡≡, M 95

9091

≡ 37

9443

≡ 28

Aapplheapsz

OΘú¼ , ≤ 15

d, ≤s itimdb 12

BBootstrap/rmi ≡ 29

CCA

≥D 56, 83

ITIM_HOME/cert ² 56, 83

CD 88

Cell

sWI 99

WebSphere Application Server 3

Ddb2 connect, ⁿO 12

db2 create bufferpool, ⁿO 12

db2 create, ⁿO 12

db2 force application all, ⁿO 13

db2 update, ⁿO 12

db2 ¼², ⁿO 14

db2cmd, ⁿO 12

db2set, ⁿO 11

db2start, ⁿO 13

db2stop, ⁿO 13

EuEJB vµ, WebSphere Application Server 37, 63

enrole

b IBM DB2 °A 13

bOqúW 14

w] ID, Ωw 50, 77

HHTTP °A

tmí Cell 109

HTTP Ñq@≥, O 81

IIBM DB2

ⁿO

s¿¼² 14

db2 connect 12

db2 create 12

db2 create bufferpool 12

db2 force application all 13

db2 update 12

db2cmd 12

db2set 11

db2start 13

db2stop 13

usejdbc2 15

OΘú¼ , applheapsz 15

tm 11

b°A 13

bOqúW 14

°A 12

w" 12

applheapsz 15

JDBC Xí 14

TCP/IP qT 11

IBM Directory Server

tm

π 24

P WebSphere – Express o≡≡ 28

4.1 24

IBM HTTP Server

118

bw Tivoli Identity Manager ºe 31

w 97

w², µ 38

w, µ@°A 31

HTTP Ñq@≥ 81

IP , Ωwµ 35, 61

itimadmin

37, 106

ID, WebSphere Application Server 63

EJB 103, 104, 105

141

JJ2EE w

ΓBJ 53, 80

tm

hI 106, 107

µI 103

108

JDBC

su, Ωwxs"eqW¡ 35, 61

Xí@ IBM DB2 Ωwß 14

JMS °A

WebSphere Embedded Messaging Σ 9

Llibdelref

¿\Tº 26, 27

π 24

Mmqver -í, WebSphere MQ 95

NNetwork Deployment Manager

nM⌡µ 99

WebSphere Application Server 3

OOracle

w

AIX 16

HP-UX 19

Solaris 18

Windows 20

tm 20

Rroot

58

v¡ 58

runConfig, ≤ttm 53, 80

SSOAP s ≡ 29

SQL Server 2000

w 22

tm 22

Sun ONE Directory Server

tm 29

TTCP/IP tm, IBM DB2 11

timdelref.conf 25

Tivoli Identity Manager

tm

u@δv 49, 75

u²v 49, 76

uwv 52, 79

WebSphere Application Server ¡ε 9

uOⁿv 50, 77

ul≤v 50, 77

uΩwv 49, 76

UI 51, 78

MWⁿ

u@y (WF) 6

(UI) 6

úw 127

²°A⌡ 127

ΓtmΩTxsb WebSphere 127

BJ 128

ΣLú 127

Ωwϕµ 127

µ

ID 38, 63

KX 38, 63

Tivoli Identity Manager °A

w

31

y, µ@°A 38

y, O 63

µ@°A 31

O 57

qT 54, 82

CA 56, 83

UUI 51, 78

usejdbc2, ⁿO 15

Wwasadmin

t 103, 105

106

ID, WebSphere Application Server 37

wasadmin ID, WebSphere Application Server 63

WebSphere Application Server

[K 37, 62

bw Tivoli Identity Manager ºe 31

142 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

WebSphere Application Server (≥)

tm

\αO 8

Tivoli Identity Manager ¡ε 9

µ@°A 4

µ@O 7

P WebSphere – Express o≡≡ 28

MWⁿ

I 3

INzí 3

í°A 3

O 4

O¿ 4

Cell 3

jmsserver 9

Network Deployment Manager 3

WebSphere Embedded Messaging Σ 9

WebSphere Web Server í 4

sw

utvµ 37, 63

]w 37, 43, 62, 70

uEJB vµ 37, 63

itimadmin 105

wasadmin 105

µ

u@D≈W 36

w² 37, 62

°AW 37

Oⁿh 38, 62, 63

≡ 37

l≤°AW 38, 62, 63

IW 37

z ID 36

zKX 36

OW 62

WebSphere Application Server Base

Γw, O 99

w 98

w, µ@°A 31

WebSphere Application Server Network Deployment

w 96

WebSphere Embedded Messaging Σ

bw Tivoli Identity Manager ºe 31

w², µ 37

w, µ@°A 31

@ 9

M WebSphere MQ 9

w²sb WebSphere MQ 95

WebSphere MQ

n CSD ≤sí 95

nS 95

M WebSphere Embedded Messaging Σ 9

mqvr -í 95

eSϕrf″secret″, w Tivoli Identity Manager ºßlKX 38, 63

ITIM_HOME 105

ITIM_HOME/cert ², CA 56, 83

WAS_HOME 104

143

144 IBM Tivoli Identity Manager: °AwΓU Windows - WebSphere

íX: 5724-C34

Printed in Denmark by IBM Danmark A/S

SC40-1841-02