View
3
Download
0
Category
Preview:
Citation preview
Tivoli® Identity Manager
N
4.6
GI10-2741-03
Tivoli® Identity Manager
N
4.6
GI10-2741-03
G
bΩTΣΣúºeA²\¬ 63 ² B, yNzñΩTC
G]2005 6 δ
úDbsqñtíAhqA≤ Tivoli Identity Manager 4.6 ]ús 5724-C34Hß≥MqC
N GI11-4212-02C
ú]t Adaptx KO XSLT BzC(C) 1998-2002 Keith Visco and Contributors.
© Copyright International Business Machines Corporation 2003, 2005. All rights reserved.
²
1 ÷≤ . . . . . . . . . . 1Nq . . . . . . . . . . . 1s\α . . . . . . . . . . . . . 1YN≤°A\α . . . . . . . . . . 2YN≤BN@ot . . . . . . . . 3oµ∩D APAR . . . . . . . . 5X÷ΩT . . . . . . . . . . . . . 6
Tivoli Identity Manager σ≤w . . . . . . . 6núX . . . . . . . . . . . . 8÷X . . . . . . . . . . . . . . 9uWsX . . . . . . . . . . . . 10
2 nwΘD . . . . . . . . . 11εΣ\α≤ . . . . . . . . . . . 11Java Runtime Environment (JRE) M IBMDevelopment Kit for Java D . . . . . . . . 12UNIX D . . . . . . . . . . . . . . 12
AIX D . . . . . . . . . . . . . . 12Solaris D . . . . . . . . . . . . . 13Linux D. . . . . . . . . . . . . . 14
Windows D . . . . . . . . . . . . . 14ΩwD . . . . . . . . . . . . . . 15²°AD . . . . . . . . . . . . . 17WebSphere Application Server Base MípzíD . . . . . . . . . . . . . . . . . 18IBM Tivoli Directory Integrator D . . . . . . 19Σ Web s². . . . . . . . . . . . 19Crystal Report ú . . . . . . . . . . . . 20Σth . . . . . . . . . . . . 20
3 w¡εBDµMΦk 21úwPúDMµMΦk . . . . . 21Tivoli Identity Manager ¡ε . . . . . . . . . 22@tDMµMΦk . . . . . . . . 22IBM Tivoli Directory Integrator DMµMΦk 23WebSphere MQ DMµMΦk . . . . . . 24
tPADMµMΦk . . . . . . 25ΩPRWDMµMΦk . . . . . . . 27s²DMµMΦk . . . . . . . . . 29°ϕDMµMΦk . . . . . . . . . . 29Tivoli Identity Manager DMµMΦk . . . . . . . . . . . . . . . . . 30hDMµMΦk . . . . . . . . . . 33\ivDMµMΦk . . . . . . . . . 34²°ADMµMΦk . . . . . . . . 34ΣLDMµMΦk . . . . . . . . . . 35
4 íσ≤≤s . . . . . . . . 39yD≤ . . . . . . . . . . . . . . 39wPtmΓUDMµMΦk . . . . . 39TºPqll≤DMMΦ . . . . . . . 40ΩTñDMMΦ . . . . . . . . . . 41ΩDMMΦ . . . . . . . . . . . 56Adobe Acrobat Reader D . . . . . . . . . 56
5 wMMM≤ . . . . . 57wM . . . . . . . . . . . . . . 57τM≤h . . . . . . . . . . . . 57oM≤ . . . . . . . . . . . . . . 58
² A. ΣΩT . . . . . . . . . . 59jMw . . . . . . . . . . . . . . 59jMt⌠⌠WΩTñ . . . . 59jM⌠⌠⌠ . . . . . . . . . . . . . 59
oí . . . . . . . . . . . . . . 60p IBM nΘΣñ . . . . . . . . . . 60PD∩° . . . . . . . . . . 61yzDJIΩT . . . . . . . . . 61V IBM nΘΣñúXD . . . . . . . 61
² B. N . . . . . . . . . . 63 . . . . . . . . . . . . . . . . . 64
© Copyright IBM Corp. 2003, 2005 iii
iv IBM Tivoli Identity Manager: N
1 ÷≤
w∩ IBM® Tivoli® Identity Manager NCo≈uNvσ≤
t Tivoli Identity Manager NΩTA]AsΩTApDMµMΦ
AHíiC
: Nu²ÑAyñΩT¬≤úΣLyuWíñΩTC
Nq
UCqϕµCXo@uNvñG
ϕ 1. q
Θ DD
2005 6 δ oµG
s\α
HUOñsW≤G
v h
ú≈°h≤bß≤]bΩeX≤ºeC
v X-J
b Tivoli Identity Manager Mí@⌠ºíΩTA]ARg@
WhBu@yBABhBd Script ñΓÑΩTC
v RgWh
i²zo≤AHg½o≤XµdCRg
Whi²zbWhP Tivoli Identity Manager ≤Rg@ºí
÷pC
v u@y[j\α
sWHu@yDh⌡µΦíAHIsqu@y⌡µ@Ap
@bßBh≤Bπ¡≤Cqll≤diHú¬qBg
\αhCu@yu²i²Θ≤≤¬u²ApKX
A±°í⌡µBz≤u²BzC
v @
W[UC\αG
– qΩTπPnD (RFI) IAiΣ
– h½M
– ú
– αµΣLH
– ΩwHΣLHs
© Copyright IBM Corp. 2003, 2005 1
– \u@qµⁿϕu@qµOQ¿
– \HΦíX
v bßΓ
iHⁿw JavaScript scriptAbbß∩ObßC
v qll≤l
l\αNⁿqll≤qX µ@qAAwNX qα
C
v ≤hw]°i
≤h°iúDu@yí÷ΩTApbßPHBhBvQB
bßBπPBABsεπpΩC
v ¡úBu@yΣL\αi∩
v ΣL\αA]Az@fBOOⁿαO Tivoli Identity Manager
°APtºíV Secure Sockets Layer (SSL) OC
v ∩ΣL¡xíwΣW≤Aí≤HUG
– 11yεΣ\α≤z
– 11 2 , ynwΘDz
v πwΣL≤AHWiΩTsNWδTC
YN≤°A\α
UC\αYN≤CoπCXYN≤\αCp÷ΩTA\ IBM
Tivoli Identity Manager ΩTñ /extensions/API ²U deprecated_list.html C
v CA_CERT_DIR eYN≤CIBM Tivoli Identity Manager ΩTñuWíñ
tedúTC
HUOYN≤e»zídG
env.put("com.ibm.daml.jndi.DAMLContext.CA_CERT_DIR", certDirLocation);
YnYN≤ekA¿UC@G
1. ú@ CA_CERT_DIR rΩíµCpAúUCHΘπ
íµG
Hashtable env = new Hashtable();env.put (Context.INITIAL_CONTEXT_FACTORY,"com.ibm.daml.jndi.DAMLContextFactory");env.put(Context.SECURITY_PRINCIPAL, serviceUserName);env.put(Context.SECURITY_CREDENTIALS, servicePassword);env.put("com.ibm.daml.jndi.DAMLContext.CA_CERT_DIR", certDirLocation);env.put(Context.PROVIDER_URL, providerURL);env.put("com.ibm.daml.jndi.DAMLContext.URL_TARGET_DN", serviceDN);DirContext damlContext = new InitialDirContext (env);
2. YnbuJava RW² (JNDI) ¡úvíípw qTAT
woXtºoµ≈coµ]Awwb JNDI í
Java Virtual Machine (VM) H⌠xswCoD WebSphere Application
Server Java VM]÷MoΓ VM iαPCw]H⌠xsw⌠
WO JRE\lib\security\cacertsAΣñ JRE Java Runtime Environment
m]pAWAS_HOME\java\jreCziHQ WebSphere Application Server
2 IBM Tivoli Identity Manager: N
IBM Key Management í (ikeyman) GUI uπ Java Secure Socket
Extension (JSSE) ≈uπí (keytool) TCpGnΣLΩTA
\ IBM Tivoli Identity Manager ΩTñC
v ″Access Control Information (ACI)″]sεΩT@ⁿw∩ ″Access Control Item
(ACI)″]sεC
v ⌠wq JavaScript
ú⌠wq JavaScript Σ Tivoli Identity ManagerAA≤
vu@yC⌠wq JavaScript í≈bßMτA]A
getService()BisAccountDataChanged() getAccountParameter()AúA≤PbßL÷
@u@yCiαoε⌠wq JavaScript C
v qll≤dq
qll≤dqOqqdñYN≤ΦkCp (GUI)
q IBM Tivoli Identity Manager qd÷ΩTA\ IBM Tivoli Identity
Manager ΩTñC
v u@qµAeOΩ
ΩkOYN≤u@qµAeOC
v enRole2ldif.properties
YN≤oekC≤q enRole 3.x α 4.4C
v Sw JavaScript
– ⌠wq½≤¼
½≤¼OYN≤ JavaScript C∩s JavaScript A
puBzvMuívu÷ΩvJavaScriptCúbqu@y
ñ⌠wq JavaScript C
– Enrole.getAttributeValue()
v bßípAService.createEntity() ΦkúACKbßo
ΦkCb API íñAO Service Γ createEntity ΦkúwgYN
@oC
v signIn ΦkYN≤CSNΦkCExternalLogonServlet Oq LogonMediator
Is signIn ΦkC
signIn Φkn Home Bean getLogonInfo ΦkA Home Bean b]YN≤
C
YN≤BN@ot
4ϕ 2 ñ Tivoli Identity Manager tYN≤AbSwúñQ
NCúsΣΣñí≈tCoNoµϕwoMµ
seCetMµiαC
Tivoli Identity Manager °ANσ≤w]t Tivoli Identity Manager Ω@Φít
≤íσ≤CbUC⌠MΣtíσ≤G
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html
1 ÷≤ 3
b A-Z úMµñ÷@U I rAMß÷@U IBM Tivoli Identity Manager C
bUC⌠MΣ Tivoli Identity Manager tG
http://www.lotus.com/services/passport.nsf/WebDocs/
Passport_Advantage_Home
ϕ 2. YN≤Nt
út YN≤t Σt
ACF2 6.3 6.4A¡≤uAvC
Cisco ACS - 3.2
Clarify 8 12
CLI-X LCz IBM Tivoli
Directory Integrator úú
sπXC
Documentum - 4.2
Entrust - 6B7
GroupWise - 6.5
HP-UX 10.20B11.0 11iB11i 2
HP-UX NIS 10.20B11.0 11iB11i 2
IBM AIX 4.3B5.0 5.1B5.2B5.3
IBM OS/400 4 5
IBM DB2 UDB 7.x 8.1
IBM Informix® 7.3 9.2
IBM Lotus Domino (Windows) 4.xB5.x 6.0B6.5
IBM Lotus Domino (AIX) εΣ AIX tC
IBM RACF (z/OS) OS/390 2.9B2.10 M zOS
1.1B1.2B1.3
1.4B1.5B1.6
IBM Tivoli Access Manager - 4.1B5.1
IBM VMS 5.xB6.xB7.0B7.1 7.2B7.3
LDAP-X LCz IBM Tivoli
Directory Integrator úú
LDAP sπ
XC
Linux (x86) RedHat 7B8B9 M SuSE
7B8B9
RHEL 2.1B3.0 M SLES 9
Microsoft Exchange 5.5 2000 M 2003A Windows
AD tΣ
Microsoft SQL Server 6.5B7.0 2000
Microsoft Windows 2000 M 2003 Windows AD tN
Microsoft Windows AD - 2000B2003C Windows AD
tΣCεΣ
Windows 2000 tC
Windows Local - 2 0 0 0B 2 0 0 3BX PC
Windows NT NzíN
bßzC
4 IBM Tivoli Identity Manager: N
ϕ 2. YN≤Nt (≥)
út YN≤t Σt
Microsoft Windows NT 4.0 LCεΣC
Novell NDS eDirectory - 8.7
Oracle Database 7.xB8.x 9iB10g
Oracle ERP - 11i
PeopleTools - 8.18B8.19B8.43B8.45
RDBMS-X LCz IBM Tivoli
Directory Integrator úú
Ωwsπ
XC
Remedy - 5.1
RSA ACE/Server 3.xB4.xB5.0B5.1 5.2
SAP R/3 - 4.6cB4.6dB6.10B6.20
SAP Enterprise Portal - 6
Siebel 7.5 LCz IBM Tivoli
Directory Integrator úú
Siebel Web As
πXC
Sun Solaris 6B7 8B9
Sun Solaris NIS LCñεΣC
Sybase 10B11 12
Teradata Database LCñεΣC
Top Secret 5.1 5.2A¡≤uAvC
Tru64 UNIX - 5.1a
UPA - MAPIBNotes 6 6.5C
Tivoli Identity Manager
u@qµ\αC
oµ∩D APARUCuvíR°i (APAR)víoµDG
APAR í
IY71026 ϕzσ Windows ßnJwwΘσyÑM≤ Tivoli Identity
Manager °AATºHΘσúTaXG
z≥v⌡µ@C
IY71972 ϕsjMLoµAWindows 2000 sWúTaHb
ßµíπC
IY72116 ÷@Us²÷sºßA∩ñΓNs SAP bßNóAX
Java CWXd≥C
IY71238 bjMñAuMµv]tuGivC
1 ÷≤ 5
X÷ΩT
\¬ Tivoli Identity Manager σ≤wíCYnPΣLXiα∩zA
\¬ 8ynúXzM 9y÷XzCMwznX
ºßA\ 10yuWsXzⁿC
Tivoli Identity Manager σ≤w
Tivoli Identity Manager Nσ≤wñys¿UCG
v ΩT
v wBtmqW
v uWUΩ
v °AwPtm
v DPw
v NR
v twMtm
ΩTG
v IBM Tivoli Identity Manager N
ú Tivoli Identity Manager nwΘDAHΣLíBíMΣLΣ
ΩTC
v IBM Tivoli Identity Manager Documentation Read This First Card
CX Tivoli Identity Manager XC
wBtmqWG
IBM Tivoli Identity Manager Planning for Deployment Guide íú≤B\α
αOBúp≤vT≥ª[cBúΩ@ΦízhAH
¡Oz\απXí@⌠ªñC
uWUΩG
úA≤ Tivoli Identity Manager z@uWíDDMΩTñCΩTñ
]A IBM Tivoli Identity Manager tmΓUM IBM Tivoli Identity Manager Policy and
Organization Administration Guide ²ewúΩTC
°AwPtmG
IBM Tivoli Identity Manager Server Installation and Configuration Guide for WebSphere
Environments ú Tivoli Identity Manager wMtmΩTC
²eb IBM Tivoli Identity Manager tmΓUñútmΩTAb]¼²bwΓ
U IBM Tivoli Identity Manager ΩTñC
DPwG
IBM Tivoli Identity Manager Problem Determination Guide ú Tivoli Identity Manager
úDPwBOⁿTºΩTC
6 IBM Tivoli Identity Manager: N
NRG
UCNRío∩úΣLΘúG
v IBM Tivoli Identity Manager Performance Tuning Guide
úbí@⌠ñπ Tivoli Identity Manager °AΩTCiHqUC
⌠oG
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html
b A-Z úMµñ÷@U I rAMß÷@U IBM Tivoli Identity Manager Cs²ΩTñ Technical Supplements qC
v UC⌠ú⌡MG
http://www.ibm.com/software/sysmgmt/products/support/
IBMTivoliIdentityManager.html
s² Self Help qAb Learn ñA÷@U Redbooks C
v UC⌠úNΩTKnG
http://www.redbooks.ibm.com/redbooks.nsf/tips/
v UC⌠úΓUG
http://www.ibm.com/software/sysmgmt/products/support/Field_Guides.html
v pΣL Tivoli Identity Manager ΩMµAjMUC IBM developerWorks
⌠G
http://www.ibm.com/developerworks/
twMtmG
Tivoli Identity Manager °ANσ≤w]t Tivoli Identity Manager Ω@Φít
≤íσ≤CbUC⌠MΣtíσ≤G
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html
b A-Z úMµñ÷@U I rAMß÷@U IBM Tivoli Identity Manager C
bUC⌠MΣ Tivoli Identity Manager tG
http://www.lotus.com/services/passport.nsf/WebDocs/
Passport_Advantage_Home
NPVmG
Tivoli Identity Manager ÷VΦ]tUCDDG
v W
v ≥ªMiÑz
v wMtm
v u@y
1 ÷≤ 7
z]iH∩zq¡qVmCp÷ΩTB²íϕAyXU
C IBM Tivoli ÷V⌠G
http://www.ibm.com/software/tivoli/education
z]iHNqll≤HUC÷VñG
v ⁿwGtivamedu@us.ibm.com
v wGtivtrainingap@au1.ibm.com
v wBñFDw (EMEA)Gtived@uk.ibm.com
UC⌠úΣLαMNVmΩT
v IBM Ma
http://www.ibm.com/certify/
jM ″identity manager″ MΣAϕMC
v Tivoli nΘΩNñ⌠G
http://www.cgselearning.com/tivoliskills/
v Tivoli Nµy⌠G
http://www.ibm.com/software/sysmgmt/products/support/
supp_tech_exch.html
núX
pGnΩTAF Tivoli Identity Manager °AúCzi
HqUCmoyG
v @t
– IBM AIX®
http://www16.boulder.ibm.com/pseries/en_US/infocenter/base/aix52.htm
– Sun Solaris
http://docs.sun.com/db?q=solaris+9
– Red Hat Linux™
http://www.redhat.com/docs/
– Microsoft® Windows Server™ 2003
http://www.microsoft.com/windowsserver2003/proddoc/default.mspx
v Ωw°A
– IBM DB2 Universal Database™
- ΣGhttp://www.ibm.com/software/data/db2/udb/support.html
- ΩTñGhttp://publib.boulder.ibm.com/infocenter/db2help/index.jsp
- íσ≤Ghttp://www.ibm.com/cgi-bin/db2www/data/db2/udb/
winos2unix/support/v8pubs.d2w/en_main
- DB2® tCúGhttp://www.ibm.com/software/data/db2
8 IBM Tivoli Identity Manager: N
- M≤Ghttp://www.ibm.com/software/data/db2/udb/support/downloadv8.html
- tDGhttp://www.ibm.com/software/data/db2/udb/sysreqs.html
– Oracle
http://www.oracle.com/technology/documentation/index.html
http://otn.oracle.com/tech/index.html
http://otn.oracle.com/tech/linux/index.html
– Microsoft SQL Server 2000
http://www.msdn.com/library/
http://www.microsoft.com/sql/
v ²°Aí
– IBM Tivoli Directory Server
5.2 Ghttp://publib.boulder.ibm.com/tividd/td/IBMDS/IDSapinst52/
en_US/HTML/ldapinst.htm
6.0 Ghttp://publib.boulder.ibm.com/infocenter/tiv2help/index.jsp?
toc=/com.ibm.IBMDS.doc/toc.xml
– Sun ONE Directory Server
http://docs.sun.com/app/docs/coll/S1_DirectoryServer_52
v IBM WebSphere® Application Server
bú²⌠WiHΣΣLΩTC
http://publib.boulder.ibm.com/infocenter/ws51help/index.jsp
http://www.redbooks.ibm.com/
v WebSphere Embedded Messaging
http://www.ibm.com/software/integration/wmq/
v IBM HTTP Server
http://www.ibm.com/software/webservers/httpservers/library.html
v Web Proxy Server
– IBM HTTP Server
http://www.ibm.com/software/webservers/httpservers/library.html
– Microsoft IIS HTTP Server
http://www.microsoft.com/technet/prodtechnol/iis/default.asp
– Apache HTTP Server
http://httpd.apache.org/docs-project
÷X
UCXú Tivoli Identity Manager °A÷ΩTG
1 ÷≤ 9
v Tivoli Software Library úFU Tivoli yApABΩu@ϕBdB
⌡MqHτCziHbUz⌠Σ Tivoli Software LibraryG
http://www.ibm.com/software/tivoli/literature/
v Tivoli Software Glossary t\h Tivoli nΘ÷NywqCTivoli Software Library
⌠ Glossary ú Tivoli Software GlossaryA⌠OG
http://publib.boulder.ibm.com/tividd/glossary/tivoliglossarymst.htm
uWsX
CϕúΣL Tivoli úXoµ≤sAIBM Gb Tivoli nΘ
ΩTñ⌠CUC⌠s Tivoli nΘΩTñG
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html
b A-Z Mµñ÷@U I rAMß÷@U IBM Tivoli Identity Manager súσ≤wC
: pGzbD Letter oiWCL PDF σ≤Ab → CL°íñ]w∩
A² Adobe Reader iHbziWCL Letter oC
10 IBM Tivoli Identity Manager: N
2 nwΘD
íb WebSphere Application Server W⌡µº Tivoli Identity Manager °A
nwΘDCbO⌠ñA²w WebSphere Application Server ΣA
Mßw Tivoli Identity Manager °ACpGnΣLΩTA\ IBM Tivoli
Identity Manager Server Installation and Configuration Guide for WebSphere EnvironmentsC
CXnwΘ²Mn≤pCoiHF¿ Tivoli Identity Manager ≥
Czn jAHí¼zí@⌠nDCp÷ΩTA
\ IBM Tivoli Identity Manager Planning for Deployment Guide M IBM Tivoli Identity
Manager Performance Tuning Guide NRC
XúXDu²≤ Tivoli Identity Manager XñúΣL⌠≤DCo
DOylIΩCXDCΩTiα≤sAPzßΣ
ñNϕpAHoo≤sC
εΣ\α≤
Tivoli Identity Manager úAΣUC\αnΘ@t≤]Σ
G
v @t
– AIX 4.3.3B5.1
– Solaris 8
– Windows 2000 Advanced Server
– Red Hat Linux Enterprise for Intel (x86) AS 2.1]¡ 2.4
v Web í°A
– WebSphere Application Server 5.0.x
b AIX Wúw WebSphere Application Server 5.0.2 Aú ú
≤CuIBM Σvú aixclean.sh M odmcleanup.sh script ¿úC
Abw WebSphere Application Server 5.1 ºeAzHΓΦíRú
/usr/WebSphere ²CppuIBM Σv÷ΩTA\ 59²
A, yΣΩTzC
pα WebSphere Application Server M WebSphere MQ ⌠÷ΩTA]
A≈M A\ WebSphere Application Server ΩTñC
– úΣ WebSphere Application Server \αOC
– WebLogic Server 7.0.3.0
v Ωw
– DB2 Universal Database 7.2 M 8.1 ]MM≤ 8C
²ΣwMM≤ 8 DB2 UDB 8.1 Aϕ≤ DB2 UDB 8.2.1 Cp
GnΣLΩTA\ 15yΩwDzC
– Oracle 8i
v ²°A
© Copyright IBM Corp. 2003, 2005 11
– IBM Tivoli Directory Server 4.1B5.1
– Sun ONE Directory Server 5.1
v s²
– NetscapeA²Σ⌠≤
v 4.5 He Tivoli Identity Manager NzíCb Tivoli Identity Manager 4.6
ñANzíbtCpGnΣLΩTA\ 20yΣ
thzC
Java Runtime Environment (JRE) M IBM Development Kit for Java D
Tivoli Identity Manager n Java Runtime Environment 1.4 C÷≤n Java
íu@yBhϕµ]pí Applet ÷ΩTA\ IBM Tivoli Identity
Manager ΩTñC
Tivoli Identity Manager 4.6 IBM Development Kit for Java 1.4.2AuπH
b WebSphere Application Server 5.1 WAS_HOME/java ²ñC
UNIX D
UCϕµNⁿXwn UNIX @tBíHwΘDU¡Co
ú]AΣL⌡µDCpG⌡µ°A¼úu@ApAbP@íqú
Wí°AMΩw°AANboíqúWAtΣLwΘΩ
]W[ RAMC
AIX D
ϕ 3 CXw@ IBM AIX @tBíCwΘDC
ϕ 3. b WebSphere Application Server Ww Tivoli Identity Manager í AIX @tMCwΘD
@t í@hD CwΘD
AIX 5.2B5.3 @h 3
\UC 1 4C
v RAMG2 GB
v BzGIBM 604e BzA375 MHz ≤
v iíG
– /tmp - 512 MB
– ITIM_HOME - 500 MB
12 IBM Tivoli Identity Manager: N
ϕ 3. b WebSphere Application Server Ww Tivoli Identity Manager í AIX @tMCwΘD (≥)
@t í@hD CwΘD
1. q AIX 5.1 α AIX 5.2 q DB2 8.1 ú²ñúAp libdb2.a Cz≈ Tivoli
Identity Manager DB2 ΩwBúw DB2BN AIX 5.1 5.2 B½sw DB2AMßA DB2
ΩwC
2. YnPw@hAΣJⁿOG
bash-2.05a# oslevel -r
GπⁿUCzAⁿX@hO 03G
5200-03
3. bw AIX 5.3 ºeAziαnNqúΘshCp÷ΩTAyXUC⌠G
http://www.ibm.com/servers/eserver/support/pseries/news/2004/08/53installtips.html
http://techsupport.services.ibm.com/server/mdownload
4. WebSphere Application Server zD≈w]≡ 9090CAIX wsmserver Bziα≡ 9090 ⌡µuWeb
¼tzív°ACpM≡BJ÷ΩTA\ IBM Tivoli Identity Manager Server Installation
and Configuration Guide for WebSphere EnvironmentsC
÷≤D÷ΩTAyXUC⌠G
v í
http://www.ibm.com/servers/eserver/support/pseries/aixfixes.html
v íσ≤
http://www16.boulder.ibm.com/pseries/en_US/infocenter/base/aix52.htm
http://publib.boulder.ibm.com/infocenter/pseries/index.jsp
Solaris D
ϕ 4 CXw@ Sun Solaris @tBíCwΘDC
ϕ 4. b WebSphere Application Server Ww Tivoli Identity Manager í Solaris @tMCwΘD
@t í@hD CwΘD
Solaris 9
\UC 1C
WebSphere Application Server
5.1.1 2003/11
O
v RAMG2 GB
v BzGSolaris Sparc BzA440 MHz ≤
v iíG
– /tmp - 512 MB
– ITIM_HOME - 500 MB
1. ∩≤ WebSphere Application Server M WebSphere Embedded MessagingATivoli Identity Manager Σ²Mn≤A
nΣL]wCb Solaris 9 WA÷≤Tw²Mn≤dΣLBzAyXUC⌠G
http://publib.boulder.ibm.com/infocenter/ws51help/index.jsp?
topic=/com.ibm.websphere.base.doc/info/aes/relnotes/relnotes_aes.html
2. p WebSphere Application Server ²Mn≤÷ΩTAyXUC⌠G
http://www.ibm.com/software/webservers/appserv/doc/
v51/prereqs/was_v511.htm
2 nwΘD 13
÷≤D÷ΩTAyXUC⌠G
v nwΘDAbwσ≤ñí
http://docs.sun.com/db?q=solaris+9
v í
http://sunsolve.sun.com/private-cgi/show.pl?target=patches/patch-access
Linux D
ϕ 5 CXw@ RedHat Linux @tBíCwΘDG
ϕ 5. b WebSphere Application Server Ww Tivoli Identity Manager í Linux @tMCwΘD
@t í@hD CwΘD
RedHat Linux Enterprise
for Intel (x86) 3.0 for
IA32
≤s 3C÷≤ΣL²Mn≤@
A\UC 1Cv RAMG2 GB
v BzGIntel BzA500 MHz ≤
v iíG
– /tmp - 512 MB
– ITIM_HOME - 500 MB
1. TwzπNΩTKn ″Preparing Red Hat Enterprise Linux 3 (RHEL 3) to run WebSphere Application Server
V5.1 products″ ñíΣL²Mn≤Cp÷ΩTAyXUC⌠G
http://www-1.ibm.com/support/docview.wss?uid=swg21164634
÷≤D÷ΩTAyXUC⌠G
http://www.redhat.com/docs/
Windows D
ϕ 6 CXw@ Microsoft Windows @tBíCwΘDCo
ú]tΣL⌡µDCpG⌡µ°A¼úu@ApAbP@íq
úWí°AMΩw°AANboíqúWAtΣLwΘ
Ω]W[ RAMC
ϕ 6. b WebSphere Application Server Ww Tivoli Identity Manager í Windows @tMCwΘD
@t í@hD CwΘD
Windows Server 2003
Standard Edition
L v RAMG2 GB OΘ
v BzGIntel Pentium ÑA1 GHz ≤
v iíG
– /tmp - 512 MB
– ITIM_HOME - 500 MB
Windows Server 2003,
Enterprise Edition
÷≤D÷ΩTAyXUC⌠G
v Σ
14 IBM Tivoli Identity Manager: N
http://www.microsoft.com/windowsserver2003/support/default.mspx
v íσ≤
http://www.microsoft.com/windowsserver2003/proddoc/default.mspx
ΩwD
ϕ 7 CXΣb WebSphere Application Server W⌡µ Tivoli Identity Manager °A
ΩwCCXw∩ΩwⁿwBM≤íCΩwbX
( U) ¡xWⁿΣCípn JDBC XíCptm°AM JDBC
Xí÷ΩTA\ IBM Tivoli Identity Manager Server Installation and
Configuration Guide for WebSphere EnvironmentsC
ϕ 7. b WebSphere Application Server W⌡µº Tivoli Identity Manager °AiΩw
Ωw M≤B
í@hD
AIX 5.2B5.3 Solaris 9 R e d H a tLinux
W i n d o w sS e r v e r2 0 0 3S t a n d a r dEdition
Windows Server2003, EnterpriseEdition
D B 2 U n i v e r s a l
Database EnterpriseEdition °A 8.2
\UC 1C
M≤ 1 U
\UC
2 4
6C
U U U U
Oracle 9i
\UC 5C
2 (9.2.0.5) U U U U U
Microsoft SQL Server
2000
Service Pack 3a U U
2 nwΘD 15
ϕ 7. b WebSphere Application Server W⌡µº Tivoli Identity Manager °AiΩw (≥)
Ωw M≤B
í@hD
AIX 5.2B5.3 Solaris 9 R e d H a tLinux
W i n d o w sS e r v e r2 0 0 3S t a n d a r dEdition
Windows Server2003, EnterpriseEdition
1. DB2 UDB 8.2.1 ϕ≤MM≤ 8 DB2 UDB 8.1 C
2. q AIX 5.1 α AIX 5.2 q DB2 8.1 ú²ñúAp libdb2.a Cz≈ Tivoli
Identity Manager DB2 ΩwBúw DB2BN AIX 5.1 5.2 B½sw DB2AMßA DB2
ΩwC
3. pG∩ DB2 UDBATivoli Identity Manager wíb DB2 °AbqúWw²tm 1 GB Ωwϕµ
íCTw DB2 °AWπoqiíCpΩwϕµí÷ΩTA\ IBM Tivoli
Identity Manager Performance Tuning Guide NRC
4. JDBC XíúsqúWΩwsuαOCDB2 UDB úú Type 2 Java Database Connectivity X
íAº DB2 UDB ⌡µßCSQL Server 2000 JDBC XíO JNetDirect JSQLConnect 3.3.0 A
oOb Tivoli Identity Manager wLñúCOracle 9i 2 9.2.0.5 JDBC Xí (ojdbc14.jar)A
oúO Tivoli Identity Manager úM≤úC
w Tivoli Identity Manager °AºeAq Oracle Database Server w ORACLE_HOME/ora92/jdbc/lib/ ²
ño JDBC Xí (ojdbc14.jar)CAz]iHqUC⌠UⁿXíG
http://www.oracle.com/technology/software/tech/java/
sqlj_jdbc/index.html
5. Oracle w@n 512 MB RAMAHϕ≤tΩΘOΘí 1 GBAΣñjCw
íb /tmp ²ñhn 400 MB íCpΣLíDBSϕ@tDí÷ΩTA
\ Oracle úwíσ≤C
6. IBM Tivoli Directory Integrator 6.0 M IBM Tivoli Directory Server 5.2 n DB2 Universal Database 8.1 ]t
M≤ 8 8.2 ]tM≤ 1C
pΩwD÷ΩTAyXUC⌠G
v IBM DB2 Universal Database
http://www.ibm.com/software/data/db2/udb/support.html
http://publib.boulder.ibm.com/infocenter/db2help/index.jsp]ΩTñ
http://www.ibm.com/software/data/db2
http://www.ibm.com/software/data/db2/udb/support/downloadv8.html
http://www.ibm.com/software/data/db2/udb/sysreqs.html]@t²Mn≤
http://www.ibm.com/cgi-bin/db2www/data/db2/udb/
winos2unix/support/v8pubs.d2w/en_main
v Oracle
http://www.oracle.com/technology/documentation/index.html
http://otn.oracle.com/tech/index.html
http://otn.oracle.com/tech/linux/index.html
16 IBM Tivoli Identity Manager: N
v Microsoft SQL Server 2000
http://www.msdn.com/library/
http://www.microsoft.com/sql/
²°AD
ϕ 8 CXb WebSphere Application Server W⌡µ Tivoli Identity Manager °A
i²°ACSw²°AⁿwBM≤íC (U)
¡xϕΣ²°AC
ϕ 8. b WebSphere Application Server W⌡µ Tivoli Identity Manager °Ai²°A
²°A M≤B
í@
hD
AIX 5.2B5.3 Solaris 9 Redhat Linux Windows Server2003, StandardEdition
Windows Server2003, EnterpriseEdition
I B M T i v o l i
Directory Server
5.2
\UC
1C
M≤ 2 U
\
2C
U U
\ 3C
U U
I B M T i v o l i
Directory Server
6.0
U U U U U
S u n O N E
Directory Server
5.2
U \ 4C U U
1. IBM Tivoli Directory Server 5.2 n DB2 Universal Database Universal Database 8.1 ]tM≤ 8 8.2
]tM≤ 1CATwzosπX libdelref.aC
2. IBM Tivoli Directory Server 6.0 n AIX 5.2 @h 5C
pGznb AIX 5.2 @h 3 qúWw Tivoli Identity ManagerAhbt@í AIX 5.2 @h 5
qúWw IBM Tivoli Directory Server 6.0 C
3. ¡≤ RedHat Linux Enterprise 3.0 C
4. Sun ONE Directory Server 5.2 úΣ RedHat Linux Enterprise for Intel (x86) 3.0 for IA32Cp÷ΩTAy
XUC⌠G
http://www.sun.com/software/products/directory_srvr/home_directory.xml
http://www.sun.com/software/products/directory_srvr/home_directory.xml
÷≤D÷ΩTAyXUC⌠G
v IBM Tivoli Directory Server
– nwΘDíσ≤
5.2 Ghttp://publib.boulder.ibm.com/tividd/td/IBMDS/IDSapinst52/
en_US/HTML/ldapinst.htm
6.0 Ghttp://publib.boulder.ibm.com/infocenter/tiv2help/index.jsp?
toc=/com.ibm.IBMDS.doc/toc.xml
2 nwΘD 17
– í
http://www.ibm.com/software/sysmgmt/products/support/
IBMDirectoryServer.html
v Sun ONE Directory Server
– kM@
http://www.sun.com/software/products/directory_srvr_ee/index.html
http://www.sun.com/download/index.jsp
– íσ≤
http://docs.sun.com/app/docs/coll/S1_DirectoryServer_52
WebSphere Application Server Base MípzíD
Tivoli Identity Manager 4.6 IBM Development Kit for Java 1.4.2AuπH
b WebSphere Application Server 5.1 WAS_HOME/java ²ñC
úΣ IBM ΣLú Java WwouπcC
ϕ 9 CX WebSphere Application Server Base M WebSphere Application Server Network
Deployment ú Tivoli Identity Manager °A²Mn≤G
ϕ 9. WebSphere Application Server Tivoli Identity Manager °AnΘ
í°A M≤D ní ΣL APAR
WebSphere Application
Server Base ú 5.1
M≤ 1 3
\UC 1C
PK00346BPK02976B
PK02640
\ 2C
WebSphere Application
S e r v e r N e t w o r k
Deployment ú 5.1
ípzí≤C
\ 3C
PK00346BPK02976
\ 2C
1. Mní 3AAM APARC
2. M WebSphere níP≤suπM APARC
3. pgípzí (deployment manager) ϕ Tivoli Identity Manager úM≤]t WebSphere Application Server
Network Deployment úípzíA²ú]AΣL≤C
4. b AIX Wúw WebSphere Application Server 5.0.2 Aú ú≤CuIBM Σvú aixclean.sh
M odmcleanup.sh script ¿úCAbw WebSphere Application Server 5.1 ºeAzHΓΦíR
ú /usr/WebSphere ²CppuIBM Σv÷ΩTA\ 59² A, yΣΩTzC
pα WebSphere Application Server M WebSphere MQ ⌠÷ΩTA]A≈M A\ WebSphere
Application Server ΩTñC
÷≤D÷ΩTAyXUC⌠G
v nwΘD
http://www.ibm.com/software/webservers/appserv/doc/latest/prereq.html
18 IBM Tivoli Identity Manager: N
http://www.ibm.com/software/webservers/appserv/doc/
v51/prereqs/was_v511.htm
v í
http://www.ibm.com/software/webservers/appserv/was/support/
v íσ≤
http://publib.boulder.ibm.com/infocenter/ws51help/index.jsp
http://www.redbooks.ibm.com/
IBM Tivoli Directory Integrator D
ϕ 10 CX Tivoli Identity Manager Σ IBM Tivoli Directory Integrator C
ϕ 10. IBM Tivoli Directory Integrator Tivoli Identity Manager °A²Mn≤
²πX M≤B
í@
hD
AIX 5.2B5.3 Solaris 9 Redhat Linux Windows Server2003, StandardEdition
Windows Server2003, EnterpriseEdition
I B M T i v o l i
D i r e c t o r y
Integrator 6.0
\UC
1C
M≤ 1 M
í
4
U U U U U
1. IBM Tivoli Directory Integrator 6.0 n DB2 Universal Database Universal Database 8.1 ]tM≤ 8 8.2
]tM≤ 1C
÷≤D÷ΩTAyXUC⌠G
5.2 Ghttp://publib.boulder.ibm.com/tividd/td/IBMDS/IDSapinst52/
en_US/HTML/ldapinst.htm
6.0 Ghttp://publib.boulder.ibm.com/infocenter/tiv2help/index.jsp?
toc=/com.ibm.IBMDS.doc/toc.xml
Σ Web s²
ΣUC Web s²G
ϕ 11. Tivoli Identity Manager °A Web s²D
s²W AIX 5.2B5.3 Solaris 9 R e d H a tLinux 3.0
Windows
Mozilla 1.7 U U U U
I n t e r n e t
Explorer
6.0At Service
Pack 1
U
1. CookieC
2. bP@íß≈WAPqΓs²nJ Tivoli Identity Manager °AA]
u@Ñq@ IDAiαPΩoDC
2 nwΘD 19
Crystal Report ú
ziHNq Crystal Report dπX Tivoli Identity Manager ⌠ñCTivoli
Identity Manager b Windows tWΣ Crystal Report 10 P Crystal Enterprise
10 MC]Σ Windows t Crystal Enterprise 10 M°Ab Unix
M Linux W⌡µ Tivoli Identity Manager °A P Crystal Enterprise 10 Mß
C
Σth
N Tivoli Identity Manager °A°A 4.6 ºßATivoli Identity Manager
Nzí 4.5 MiHQB@C∩≤ßAIBM MΣ 4.5 Nz
íA²ß Tivoli Identity Manager 4.6 tCw Tivoli Identity
Manager °A 4.6 sßAuw Tivoli Identity Manager 4.6 tC
b Tivoli Identity Manager úñAutvNzíC
20 IBM Tivoli Identity Manager: N
3 w¡εBDµMΦk
íwnΘ¡εBDµMΦkC
úwPúDMµMΦk
ziαJo Tivoli Identity Manager °AwúúDAo
µMΦkG
v DG
pGΩwO OracleAnΣL\ivα Oracle ΩwºC
µMΦkG enrole ºßAbw Tivoli Identity Manager ºeA
o\ivCYn\ivAbw Oracle Ωw°AqúWAH SYS
¡⌡µUCⁿOG
grant select on pending_trans$ to public;grant select on dba_2pc_pending to public;grant select on dba_pending_transactions to public;grant execute on dbms_system to <user>;
user O enroleC
v DG
b Windows tWAϕ Tivoli Identity Manager wN Tivoli Identity Manager
wb C H≈ApG≈²ñúsb \temp ²Aw
\temp ²CTivoli Identity Manager w¿úRú \temp ²C
µMΦkGHΓΦíRú \temp ²C
v DGbúíAb Linux Wúw Tivoli Identity Manager A
ípRú /tmp ²APΣLíM@tLkB@C
µMΦkGúw Tivoli Identity Manager ºeA²≈ /tmp ²CpG
ú Tivoli Identity Manager Rú /tmp ²AUCBJ½ /tmp ²
]w\ivG
1. H root ¡nJC
2. ΘJUCⁿOG
$ mkdir /tmp$ chmod 777 /tmp
v DGbO⌠ñAN Tivoli Identity Manager wbípzí Tivoli Identity
Manager O¿ Windows Server 2003 Wo java.lang º¼pA
pAº¼p]tUCo@µG
## ZGGfxUtil.loadImageGMⁿJóGcom/zerog/ia/installer/images/introImage.png
µMΦkGñº¼pAoúvT Tivoli Identity Manager w@ß
≥@C
© Copyright IBM Corp. 2003, 2005 21
Tivoli Identity Manager ¡ε
UCO Tivoli Identity Manager ¡εG
v DGΩPBóAo OutOfMemoryErrorCpG\h⌠≤µ@ΩΘ
¼½≤ABb∩MΩΘºß∩MΩΘºß⌡µΩPB
AYiαoDC
¡εGbµ@xsñ 300K uHvΩΘWAB LDAP ñC@ΩΘ½≤ 15
Awb°≤U¿\ΩPBCb 110K ADubßvΩΘWAB
LDAP ñC@½≤ 100 HWAb°≤U]w¿\ΩPBC
b JVM jΩ∩]w 1.2 GB M Tivoli Identity Manager °Ap
tⁿ°≤U⌡µC
v DG∩u@y]pBϕµhíAiαWLÑq@Oí
jCFKñAbuu@y]pívBuϕµ]pívuhv
Applet ⌡µANñ web.xml ñOA²Ñq@úOA
µMΦkGTwz¿∩u@y]pBϕµhC@í
C
v DGTivoli Identity Manager SúΦk²zbq°i]píñíX
C
µMΦkGLC
v DGu@y UNTIL jΘB@ípP DO...WHILE jΘC÷MjΘ≥
iµXⁿwjΘ°≤A²O DO...WHILE jΘ≥iµⁿw°≤ó
C
µMΦkGN°≤½]ⁿwjΘ°≤VCpA°≤n½]G
a<b
UCO½]ß°≤G
a>=b
@tDMµMΦk
ziαJo@tDAoµMΦkG
v DGb Linux WA jw]]wiαpCpAXpU
TºG
hC
µMΦkGWebSphere ONw]j ú¬ 8000C
¿UCBJG
1. sΦ /etc/security/limit.conf C
2. Nⁿw nofiles »zí∩ 8000C
3. ]∩Yn²≤beÑq@ñAΣJⁿOG
ulimit -n 8000
v DGb RedHat Linux Enterprise for Intel (x86) 3.0 for IA32 W]t≤s 3A
Red Hat Package Manager (RPM) ΩwiαlAPM≤W≥óAy¿ß≥
22 IBM Tivoli Identity Manager: N
⌠≤ RPM w@óCNΩα RPM DΩwy¿ RPM D
ΩwlCúLAíMΩúⁿvTC
HUíiαo RPM ΩwlípG
– ≥b WebSphere Application Server 5.1.x wºß
– C@wAM≤BJava Software Development Kit í°AAM≤
ºß
– ⌡µUC@w@ºßG
1. w⌠≤ RPM N LD_ASSUME_KERNEL ]ⁿX LinuxThreads A
p 2.2.5 2.4.19C
2. wt@M RPMA²ú]w LD_ASSUME_KERNEL C
µMΦkGb¿e÷Dⁿ RPM ΩwlvT⌠≤íºßAY⌡
µUC@G
1. bt /var/lib/rpm ²ñRúUCΩG
– db.001
– db.002
– db.003
2. τ RPM ΩwπXCΘJⁿOG
rpm -qa ’ > /dev/null
TºdⁿXqjpG
GrpmdbNextIteratorGñL h#684 blob jp (1568)GA8 + 16 + il(41) + dl(916)
3. pG≥oAp Red Hat ΣñAHo÷ΩTla
RPM ΩwC
IBM Tivoli Directory Integrator DMµMΦk
ziαJo IBM Tivoli Directory Integrator DAoµMΦkG
v DGIBM Tivoli Directory Integrator 6.0 iαo Socket MΩwCIBM IBM
Tivoli Directory Integrator AIX t Java Virtual Machine (JVM) DA
iαy¿b IBM Tivoli Directory Integrator ⌡µjqbßo Socket
MΩwC]ASwbß@óAíiαL¡aóúeC
µMΦkGIBM Tivoli Directory Integrator APAR #IO01620 wMoDC
p÷ΩTAyXUC⌠G
http://www.ibm.com/software/sysmgmt/products/support/
IBMDirectoryIntegrator.html
v DGIBM Tivoli Directory Integrator 6.0 b@tWiαo
TBSFExceptionC≤ IBM Tivoli Directory Integrator o BSFExceptionAzL IBM
Tivoli Directory Integrator ⌡µbßMz@óCBSFException o
b IBM Tivoli Directory Integrator Rhino javascript C
3 w¡εBDµMΦk 23
µMΦkGN IBM Tivoli Directory Integrator Rhino 1.5R4.1 Y
iMoDCIBM Tivoli Directory Integrator 6.0 eú Rhino 1.5R2
A²]Σ 1.5R4.1 Cz Rhino 1.5R4.1 C
Yn⌡µA¿UCBJG
1. q Rhino Uⁿ⌠Uⁿ Rhino 1.5R4.1 zip G
http://www.mozilla.org/rhino/download.html
2. qzUⁿ zip ñX js.jar C
3. N ITDI_HOME/jars ²U js.jar N zip ñ js.jar C
v DGIBM Tivoli Directory Integrator 6.0 b@tWiαo OutOfMemory
C
bjqbßπíAIBM Tivoli Directory Integrator iαo OutOfMemoryError
]b 1 GB RAM qúWAj 50,000 bßHWCOutOfMemoryError
P Tivoli Identity Manager πBzóAy¿ IBM Tivoli Directory Integrator
íLkC
µMΦkGIBM Tivoli Directory Integrator APAR IO01580 wMoDAN
b Fix Pack 2 for IBM Tivoli Directory Integrator 6.0 ñúXCp÷ΩTA
yX IBM Tivoli Directory Integrator Σ⌠G
http://www.ibm.com/software/sysmgmt/products/support/
IBMDirectoryIntegrator.html
v DGIBM Tivoli Directory Integrator 6.0 úΣV SSLC
ITIM_HOME/extensions/examples/idi_integration ²ñ README @q¿í
Tivoli Identity Manager P IBM Tivoli Directory Integrator 6.0 ºíV
¼ SSL OCúLA IBM Tivol i Di rec tory In tegra tor 6 .0 ]t
DSMLv2EventHandler ≤BzíAeΣµV SSL OC
µMΦkGIBM Tivoli Directory Integrator APAR IO01580 wMoDAN
b Fix Pack 2 for IBM Tivoli Directory Integrator 6.0 ñúXCp÷ΩTA
yX IBM Tivoli Directory Integrator Σ⌠G
http://www.ibm.com/software/sysmgmt/products/support/
IBMDirectoryIntegrator.html
WebSphere MQ DMµMΦk
ziαJo WebSphere MQ DAoµMΦkG
v DGb AIX W WebSphere sw y¿ JMS TºeC
w WebSphere Application Server for AIX 5.1.1 tH Java Virtual Machine
(JVM) oDAbO@OíTεCw s⌠⌠suWADy
¿ Socket CoiαP JMS TºeA≤ WebSphere ΘxñXⁿ
UCG
MQJMS2008GLk MQ εC WQ_itim_wf
WebSphere jmsserver Θxñ]XUCG
24 IBM Tivoli Identity Manager: N
MSGS0504EGJMS °AwA⌡µⁿ¼ Socket º¼pGjava.net.SocketExceptionGSocket w÷¼
µMΦkGb AIX tW⌡µ Tivoli Identity Manager íw
WebSphere APAR PK07924AΣñw≤ JVM DCbw Fix Pack 1 for
WebSphere Application Server 5.1 ºßAM APARAΣñ]w≤s WebSphere
Application Server JVMCAPAR PK07924 iHq WebSphere Application Server Σ
⌠oG
http://www.ibm.com/software/webservers/appserv/was/support/
v DGb Windows tWAb Tivoli Identity Manager bߺU⌡µ DSML
íAWebSphere OTóCTºⁿXLk εCBFv¡s
Ω Java TºACziαⁿUCTº WebSphere OT
G
AMQ9181 ⌡Xí]wLC
µMΦkGbO¿WAN≡d≥]j 65534C÷≤s
5000 HW TCP/IP ≡iαDAyXUC⌠Ho÷ΩTG
http://support.microsoft.com/default.aspx?scid=kb;EN-US;196271
v DGN Tivoli Identity Manager wb Windows Server 2003 ALk
WebSphere Embedded Messaging oGMq\ACHΓΦí ªP
MUCTºG
LkbqúW Websphere Embedded Messaging Publish MSubscribe WAS__server1 AC 1075G÷YAíúsbAwRú
µMΦkGñTº≥wCTivoli Identity Manager ún Websphere
Embedded Messaging Publish and Subscribe AíCún AíC
v DGεCzíoCAmqerr*.log ñpUG
AMQ9213Go TCP/IP qTCíGbqTñoDwC@GTCP/IP (ioctlsocket) IsX 10038 (X’2736’)COUoAitzC
µMΦkG10038 XⁿXAWebSphere MQ ÑxsqÑl
Socket xsoDCoípbπ⌡≡⌠OúCYnMo
DAHUC⌠xsG
set MQNOREMPOOL=1
tPADMµMΦk
ziαJo Tivoli Identity Manager tDAoµMΦkG
v DGb Tivoli Identity Manager °AWAremove_service_profiles.sh ⁿOúA]wCpAq /usr/IBM/itim/bin/unix ²ñA⌡µ
./remove_service_profiles.sh ServiceProfile ⁿOCúA]wABX
TºG
btmAC
3 w¡εBDµMΦk 25
µMΦkGp⌡µµMΦkABϕnúuA]wv
bßMAΩq Tivoli Identity Manager úºß⌡µC
nJ IBM Tivoli Directory Server zDx iPlanet ConsoleA⌠≤i²zú
n² LDAP ß]p LDAP s²AA⌡µoBJAHΓΦíúA
]wG
1. i ou=serviceProfileC±ΦíApG Tivoli Identity Manager rO ’dc=com’A
O ’IBM’Aq ou=serviceProfile,ou=itim,ou=IBM,dc=com i≡¼c
2. ú ou=serviceProfile UΦNϕubßvMuAv]wΓn²CpAY
nú Notes ubßv]wn²Aq
ou=serviceProfile,ou=itim,ou=IBM,dc=com UΦú erobjectprofilename=NotesAccount
n²CYnú Notes uAv]wn²Aq
ou=serviceProfile,ou=itim,ou=IBM,dc=com UΦú erobjectprofilename=NotesProfile
n²C
3. i ou=formTemplatesC±ΦíApG Tivoli Identity Manager rO ’dc=com’A
O ’IBM’Aq ou=formTemplates,ou=itim,ou=IBM,dc=com i≡¼c
4. ú ou=formTemplates UΦNϕubßvMuAvϕµdΓn²CpA
Ynú Notes ubßvϕµdAq
ou=formTemplates,ou=itim,ou=IBM,dc=com UΦú erformname=erNotesAccount
n²CYnú Notes uAvϕµdAq
ou=formTemplates,ou=itim,ou=IBM,dc=com UΦú
erformname=erNotesDAMLService n²C
5. ½s Tivoli Identity Manager]pGnC
v DG¿A¿\A²b¿ADSMLv2 AúMaπ
TºG
µíL
µMΦkGUCBJG
– bt DSML TºñAsW searchResultEntry n²At
namingContexts M AGENT_CONTEXTCpG
<?xml version=’1.0’?><batchResponse xmlns=’urn:oasis:names:tc:DSML:2:0:core’><searchResponse><searchResultEntry dn="" xmlns="urn:oasis:names:tc:DSML:2:0:core"><attr name="namingContexts"><value>AGENT_CONTEXT</value></attr></searchResultEntry><searchResultDone xmlns="urn:oasis:names:tc:DSML:2:0:core"><resultCode code="0" /></searchResultDone></searchResponse></batchResponse>
– b⌡µ DSMLv2 At resource.def ñAwq namingContexts
eCpAwqoeG
<BehaviorProperties><Property Name = "com.ibm.itim.remoteservices.ResourceProperties.SERVICE_PROVIDER_FACTORY"
Value = "com.ibm.itim.remoteservices.provider.dsml2.DSML2ServiceProviderFactory"/><Property Name = "namingContexts"
Value = "AGENT_CONTEXT" /></BehaviorProperties>
26 IBM Tivoli Identity Manager: N
v DGTivoli Identity Manager Active Directory t ergroup AH
QirΩϕAb Active Directory ≡tñ@aO Active Directory s
Cb Tivoli Identity Manager hM Script ñAsW
úbßsC]OWδosADa@ IDAío
MtzdX@ ID bhM Script ñC
µMΦkGUCBJG
– íoMtziH⌡µ LDAP jMAb Tivoli Identity Manager xs
wñ÷AºUMΣsCsWiH⌡µjMAAq s
½≤ñ¬@ IDC
– ∩≤hAiHQv°ejMsCΣsºßA
tziH½iÑ°eA⌡µ⌠≤niÑtmC
v DGϕteXnDAziαnb≥dbßWñLKXτC
µMΦkGenRole.properties ]tUCeAiHbNzíeXnDAb
≥dbßWñLKXτCN] trueAñLKXτG
reversePasswordSynch.bypassPwdValidationOnOrphanAccount
v DGziαnbAAϕµWsWíCFOdPNzíe
AAϕµw]útíC
µMΦkGϕµ]píAHΓΦíbAAϕµWsWí
C
v DGDSMLProvider bH ADD | DELETE @e∩nDCoñ
en REPLACE @ß DSML íXC
µMΦkGb enRole.properties ñATwzTaqíX]wU
CeG
############################################################ Remote Services: DSMLv2 provider’s mode of sending modify request## for attributes. Property value: true | false.## true= REPLACE operation and false= ADD, DELETE operation###########################################################com.ibm.itim.remoteservices.DSML2ServiceProvider.modifyAsREPLACE=true
oG
true úⁿw
w]CpG true ⁿwATivoli Identity Manager b REPLACE
@ñe DSMLv2 ∩nDC
false Tivoli Identity Manager H ADD | Delete M REPLACE @e∩nDC
ΩPRWDMµMΦk
ziαJo Tivoli Identity Manager ΩRWDAoµMΦkG
v DGpGtεu@y¿Ah LDAP Ωµ½µí (LDIF)
J≈²ΩTAiαoDC
µMΦkG LDIF J≈²ΩTATwí°Aw
εCpG LDIF J∩u@y@Ahb⌡µ LDIF JºeATww
¿u@yCpJ LDIF ÷ΩTA\²°Aíσ≤C
3 w¡εBDµMΦk 27
v DGbbßzñAziHSϕr Tivoli Identity Manager bßWA
²ßNLkA∩bßW]túSϕrC
µMΦkGKSϕr∩ Tivoli Identity Manager bßWC
v DGbOW (DN) ΩΘwqñALk]tSϕrAprIC
LdapUtil.explodeDN() ΦkúΣHAϕSϕrAΣOHAϕrIC
pAUCwqñrIy¿G
entry dn="uid=\"My Name\"\,1"
µMΦkGKb DN wqñSϕrAprIC
v DGpGHWL 100 rWqΩΘAho DB2Exception C
µMΦkGbqΩΘAKbΩΘWñΘJWL 100 rC
v DG Oracle ApGHúPWG Tivoli Identity Manager ΩwA
Mß½sw Tivoli Identity Manager ⌡µ DBConfig ⁿOANoΩwCⁿX Oracle enrole_data_001.dbf C
UC@y¿G
1. Oracle l Tivoli Identity Manager ΩwC
2. wMtm Tivoli Identity ManagerC
3. úw Tivoli Identity ManagerC
4. Oracle t@ Tivoli Identity Manager ΩwAⁿwPe@Ωw
WúPΩwWC
5. ⌡µUCΣñ@@G
– wtm Tivoli Identity ManagerC
– ⌡µ DBConfig ⁿOC
µMΦkGYnbP Oracle Ωw°AWtmh Tivoli Identity Manager
ΩwAHΓΦí≤s enrole_admin.sql ≤ΩWC
v DGpGzbPMPhWwqh ACIABC@ ACI We
255 rúPAhu@sε (ACI) gJ ACI ϕµC°iñ
ACI lCACI °iuπ@ ACIAB trace.log ñXUCG
com.ibm.websphere.ce.cm.DuplicateKeyExceptionGORA-00001GH@¡ε°≤(ENROLE.SYS_C003110)
µMΦkGbwq ACI AKb ACI WñΘJWL 255 rC
bPMPhWA]KwqhPW ACIC
v DG w]ATivoli Identity Manager uú 1990-2010 Θd≥C
µMΦkG LDAP s²ΣL LDAP íXj≈d≥C
pAb SAP bßϕµW≤s ersapdateuntil C
: zL Tivoli Identity Manager UI]uϕµsΦvApplet¿⌠≤qA
b[J⌠≤ΓΘ∩ºe¿CuϕµsΦvUI LkBzΘ
WiH⌡µoBqABbsΦAú²e[J⌠≤Γ
∩AuϕµsΦvUI gX Date C
¿UC@G
28 IBM Tivoli Identity Manager: N
1. b LDAP ñAΣXUC DNG
erformname=erSAPAccount,ou=formTemplates,ou=itim,ou=tenant,dc=com
2. sΦ erXML C
3. MΣⁿUCo@µG
<formElement name="data.ersapdateuntil" label="$ersapdateuntil">
≥U@µⁿ <dateInput/> <optDateInput/>CAo@µiαΣL
Ap hoursAndMinutes="false"C
4. Yn]wj≈AsW maxYearCpAΣJUCⁿOG
<dateInput maxYear="9999"/>
pGzntA 1990 He≈AtQ ″minYear″ CUCdⁿw1974 G
<dateInput minYear="1974"/>
5. Ynⁿw±g 2010 M maxYear ºí≈AsW spanYearRangeG
<dateInput maxYear="2099" spanYearRange="yes"/>
: X spanYearRange M 9999 maxYearA]XπW[
es²ΩqAPαUC
6. xs XML CUs SAP bßϕµAersapdateuntil p≤]t
q 1990 2099 C
s²DMµMΦk
ziαJos²DAoµMΦkG
v DGpG Mozilla s²Ab GUI eWΘJΩApG÷W@B÷sA
iα≥ózwΘJΩC
pAϕzNuHvsWuvbuHvO²ñ±gΩApG÷W
@B÷sA÷U@BANy¿zbµñΘJΩ≥óCqA÷W@By¿
Ω≥óΣLDC
µMΦkGb Mozilla s²ΘJΩAKW@B÷sC
°ϕDMµMΦk
ziαJo Tivoli Identity Manager °iDAoµMΦkG
v DGϕSw°ijqΩú°iAziαoαwCoºO
C
µMΦkG\ IBM Tivoli Identity Manager Performance Tuning Guide
NRAob°i DB ϕµµW]wⁿAH∩αMεO¼
pC
v DGúuiΓσ≤µí (PDF)v°io OutOfMemory C
µMΦkGb WebSphere Application Server ñW[ JVM Ω∩jpCMßA
½s WebSphere Application Server ½s⌡µ PDF °iCtANΘ
3 w¡εBDµMΦk 29
Jqw]∩SwA¡ε PDF °iΘXO²CpGoµMΦkLk
AqΘJeú CSV µí°iC
v DGLkPOb⌡µΩPBAPß@PB¼AC
µMΦkGuMµvΩµπ¼ACHUOiα
G
– úPB⌠≤Ω
– iµñ
– L
– ¿ß@PBΘMí
v DGpGzúuiΓσ≤µí (PDF)v°iΘXAMßNπΩTY
p²O AhLkút@°iAúD÷¼@ñ°iC
µMΦkG÷¼²e⌠≤°iAAút@°iC
v DG°i\αusεΩTvoYN≤CsOus
ε (ACI)vCb°usεΩT ACIv°imA÷@U⌡µ°i
-> s°i -> sεΩT ACI πu°ivAziαYN≤C
µMΦkGsΦ ITIM_HOME/data/reportingLabels.properties AHΓΦí
≤Σ accessControlInformation C
– YN≤GaccessControlInformation=sεΩT ACI
– sGaccessControlInformation=sε ACI
v DG°iπr¼pA°H\¬C
µMΦkGH PDF CSV µíxs°iºßAACL°iCYnxs°iA
b°iΘX°íñAq\αϕ∩ñ∩tssCs²²AM
ßΘJWxsσ≤CiHCL PDF M CSV µí°iCPDF °i
iHCL¿VεVµíCCSV °ii²CLLkµεVCL°iC
p≤CL CSV °iG
– ú°iA∩ CSV °iµíC
– b∩ñA∩tss∩C
– úmMWxs°iC
– Microsoft Excel ΣL⌠≤ CSV ¬A °iC
– CL∩CLσ≤C
Tivoli Identity Manager DMµMΦk
ziαJo Tivoli Identity Manager DAoµMΦkG
v DGpGHO²wΩsbAϕzuNv∩∩HOsWΘ
µAHbosµñ¿CúLANΘµwq
WwúαC
µMΦkGNp≤¼quNΘεv∩uw]Θvε
¼As ACIA∩ ACI ñsuNΘεp≤vPgJ
vC
30 IBM Tivoli Identity Manager: N
v DGbbßϕµWsWP java.lang.UnsupportedOperationException
CTºpUG
CTGIMO002E. oLkBzº¼pCGjava.lang.UnsupportedOperationExceptionGuLkv≤]AbßC
µMΦkGuϕµ]pívbbßϕµWsWC
Tivoli Identity Manager úbßΓM≥d@]wMúbßC
v DGuµWvúαWL 100 rAhLkWCX 100 r
¡ε°WbπúΘµC
µMΦkGΘJWL 100 ruµWvC
v DG≥≤qAziαn≤uπMµvñuπvM
uv÷sCpAziαNuπv÷s∩u½sv
(Recertify)ANuv÷s∩uv(Decline)C
µMΦkG¿UC@G
1. sΦ CustomLabels.properties A[Jsu½svMuv÷sG
RAA=½sRAR=
≤uπv AA M AR A]uπvnC
2. ≤uπvIu@vσruπvNX¬ RAAA≤uvNX
¬ RARC
3. ≤]÷ΓU≈uπvIαuCTwαuoG
– ½s⌠
activity.resultSummary == "RAA"
– ⌠
activity.resultSummary == "RAR"
v DGb ITIM_HOME\data\CustomLabels.properties ñA\hC
pAuhv erProvisioningPolicy C
µMΦkGzHΓΦíb ITIM_HOME\data\CustomLabels.properties
ñWChAπCsWUC
G
erProvisioningPolicy=herWorkflowDefinition=u@ywqerSystemRole=ITIM serIdentityPolicy=OherPasswordPolicy=KXherHostSelectionPolicy=D≈∩herBPOrg=±
v DGuhvsεπ\ivAiHπ eroriginalpolicydn
M erdraft WADC
µMΦkGsεúA≤⌠CHΓΦíNUCsW
ITIM_HOME\data\enroleHiddenAttributes.properties ñG
eroriginalpolicydn=eroriginalpolicydn
erdraft=erdraft
3 w¡εBDµMΦk 31
v DGijM\αϕ]tUCG
erpersonstatus
eraccountstatus
erorgstatus
erbporgstatus
eraccountcompliance
µMΦkG⌠]]LkjMOb
enRoleHiddenAttributes.properties ñⁿwCYn²o¿iHjMA
HΓΦíq enRoleHiddenAttributes.properties ñúoC
\h⌠úOtzAúα∩CN⌠¿ Tivoli
Identity Manager iHúASOpC
v DGpGΘΘJíB≤¬íAhH 12 pµíπíA
BúúW (a.m.) U (p.m.) íⁿC
µMΦkGNΘΘJíµ]¬gíCíH 24 pµíπAi
AíLC¡zA⌡µUC@G
– ∩tm -> qC
– ∩¬Σµñ¡zíAMß∩ ITIMAccountC
– ∩eW erpswdlastchangedC
– eqµíWATwµB≤¬gíC]NOíAbu∩vWA
µúQ∩u¬vCxs≤C
pGΘΘJµOu¬víAb ITIM_HOME\data ² Labels.properties
ñ∩U@µG
readOnlyDateFormat=MMM dd, yyyy hh:mm:ss z
¬pUG
readOnlyDateFormat=MMM dd, yyyy hh:mm:ss a z
v DGb UíAuQnDvµbuHvu@δWvñπDw
C
µMΦkG∩uHvΩΘ selfRegister @C⌡µUC@G
: tm -> ΩΘ -> HñuWv] snCpGuWv
∩ cnAú Script IC
1. H ITIM z¡≈nJC
2. ÷@UtmC
3. ÷@UΩΘ¼C
4. ∩U\αϕñHC
5. ÷@U selfRegister @C
6. b selfRegister u@yWAbulvMuselfRegister πvIºííJHM
WRW Script IC
7. ÷ΓUs Script IC
oeXueGScript Iv°íC
32 IBM Tivoli Identity Manager: N
8. buev°íñAΘJUC Java ScriptG
var personData = person.get();var snValue = personData.getProperty("sn")[0];process.setRequesteeData(snValue);
9. ÷@UTwCxs@C
hDMµMΦk
ziαJohDAoµMΦkG
v DGDzw²ibßMµAiHbßaπ
uú\vCpAS\iv ITIM ⌡µUCBJG
1. H ITIM ¡nJ
2. ÷@U -> wqhC
3. ÷@Uih -> w²C
4. ∩jε⌡µuπhvAA÷@U≥C
ITIM ΩWiHbßAauú\vC
µMΦkGzPu¬vv¡S\iv ITIM A\
°hCµMΦkiHKjM API úπh½≤
¼pCpG⌡µjMSAϕ\ivAh½≤iα erEntitlement
ΣL½nC
NPou¬v\ivG
erPolicyItemNameerLabelerKeywordsdescriptionerEnablederScopeerPolicyTargeterReqPolicyTargeterEntitlementserPriorityerPolicyMembershiperDrafterOriginalPolicyDNerGlobalIderLastModifiedTimeerAclerAuthorizationOwnererParenterIsDeletederLifecycleEnable
v DG∩hAo÷UeXA÷U½]ALk½]w∩
µC
µMΦkG²÷@U½]Cb÷UeXºßS÷U½]C
v DGb°AñJsOhAhPe@ñOhAiα
]tPWµOMA]²y¿¼pC
µMΦkGbJsOhºeA∩≤@ñOhMYNJ
OhAdM± ΓOMAC∩≤nJsOhAKP
e@ñOhPWµOMAC
3 w¡εBDµMΦk 33
\ivDMµMΦk
ziαJo\ivDAoµMΦkG
v DG∩HΩT ITIM Ap∩qll≤Aúiñ
TºC ITIM bñΓWSu¬vv¡A²∩≤uHvϕµΣ
L⌠≤πu¬/gJvv¡C
v pAITIM ⌡µUCBJG
1. HbßnJC
2. b≡ñ∩mAp My_Location_AC
3. ÷@U -> zHC
4. ∩ ITIM IDAp PatC
5. ÷@UsHΩTCMß∩qTΩTC
6. ΘJqll≤ IDAp pat@mycompany.comAA÷@UeXC
XTºG
tú\qHñúAñΓCNñ≤C÷UeXw≤C
MΦGñTºCqll≤ ID QeXC
v DGHΦ OtOºßApGttme≥óKXDµ
]½]KXAhOOiIs API u
SelfPasswordManager.resetPassword()C
MΦGpGttme≥óKXDµ]ΘJAhiHO
OIs⌠≤ APIC Tivoli Identity Manager 4.6 ºßA⌡µUCΣñ
@@G
– Φ Ot¿OºßAu SelfPasswordManager.resetPassword()
½]KXC
– Nttme≥óKXDµ∩ΘJA²⌠≤ API IsC
v DGbUMµ@δMµApGSh\iviH
¬gJ÷µAh Tivoli Identity Manager ϕµYXvº¼pC]w
µAϕµ°N]Mµ@C]SgJvAN
YXvº¼pC
µMΦkG⌡µUCΣñ@G
– Aϕh\ivAbDµñ]wCϕµ]w⌠
≤ºßAS¬g\ivYi∩ΩΘAúy¿v¡HWC
– bMµsWCNΓϕµ°∩A]úov¡HWA]
Mú∩O@CtAbuϕµqvUMµWA
∩uCv∩C
– ∩≤S¬gJ\ivAP¬MgJ\ivC
µMΦkA≤D≈KΩC
²°ADMµMΦk
ziαJo²°ADAoµMΦkG
34 IBM Tivoli Identity Manager: N
v DG Sun ONE Directory Server ¿wºßA½t@í LDAP °
A≥óYC
µMΦkGql LDAP °AW er-indexes.conf ñAHΓΦíN≥
sWs LDAP °AC Sun ONE Directory Server zDx
¿UC@G
1. s² Data=itim_suffixCpAitim_suffix Oⁿ dc=com C
2. ÷@UsW÷sC
3. sWUCG
index erparent eqindex erroles eqindex erservice eqindex ersupervisor eqindex ersponsor eqindex erhost eqindex erauthorizationowner eqindex erprerequisite eqindex erenabled eqindex errolename pres,eqindex eraliases eq,subindex erservicename pres,eq,subindex erobjectprofilename pres,eqindex ercustomclass eqindex eroid eqindex erisdeleted presindex erpolicyitemname pres,eq,subindex erlabel eq,subindex erkeywords eq,subindex erpolicytarget eq,subindex erreqpolicytarget eq,subindex erpolicymembership eq,subindex eroverride eqindex eruserclass eqindex erprocessname pres,eqindex eracl presindex eruid eq,sub
4. xsCMßAsWWΣⁿwWhC
5. s² Data=itim_suffixAH½kΣ÷@U itim_suffixC
6. ∩u½sv∩C
ΣLDMµMΦk
ziαtJoDAoµMΦkG
v DGbqdíoAS¼≈ΩTC
µMΦkG lCpGoAd trace.log AHo÷ΩT
]σTºC
v DGpGbnJºßYjMAAjMóCºTºσrpUG
°A⌡µⁿoº¼pF¼º¼pOGjava.rmi.RemoteExceptionF¼º¼pOGjava.lang.IllegalArgumentException: com.ibm.itim.dataservices.INVALID_ARGUMENT
µMΦkGnJºßA⌡µ@líAps²≡CMßAjMA
C
3 w¡εBDµMΦk 35
v DG AIX t]wMAºßAϕzhiÑ∩s
WKXAoº¼pC
µMΦkGϕq°e½iÑ°eAMßsW
KXAoº¼pCϕzbhñwqv¡A²²iÑ
°esWKXCMßA≡ °eC
v DGP∩@ Tivoli Identity Manager ½≤iµh∩AiαoDw
GóAXiTºCoDiαob Tivoli Identity Manager
API Apb while/for jΘñeXhnD∩P@½≤CbP½≤W⌡
µµ@Pvº¼pAy¿LkwGC
µMΦkGYnTwm@Q¿A@qíAp@
AA∩P@ Tivoli Identity Manager ½≤G∩CAbP½≤W¼
n≤AAHµ@∩nDΦíeX≤C Tivoli Identity
Manager API AH while/for jΘ¼½≤≤AAHµ@
∩nDΦíeX≤C
v DG LDAP 3 Loy¿túú@PGA¿tú
ⁿΘJCbπLoñΓHWiαPAúDhB
ΓlCpAUCLoP FilterException G
(&(eruid=a*)(ersql2000defdatabase=i*)(ersql2000deflanguage-E*))
µMΦkG LDAP 2 eLoC
(&(eruid=a*)(ersql2000defdatabase=i*)(ersql2000deflanguage-E*))
v DGbUCuú¼pUATivoli Identity Manager iα≤OΘú¼óG
– jqµhX Tivoli Identity ManagerA²Sb 10 HAϕanXC
±ΦíApGµ÷@U X]u÷¼v÷¼s²A²MOnJ Tivoli Identity ManagerAhiαo¼pC
– Tivoli Identity Manager °AΩΘOΘM Java Ω∩jp]wú≈jCϕ
íÑq@OΘWX°AtmOΘqANoOΘú¼
¼pC
µMΦkGπUC@hG
– b WebSphere zDx¿UC@A¡ε WebSphere Application Server ú
OΘÑq@G
1. ÷@Uí -> °í -> enRole -> Web -> app_web.war-> Ñq@zC
2. ∩gÑq@zC
3. °∩C
4. εOΘÑq@W¡µC
¡ε Tivoli Identity Manager @hiH @ñs²Ñq@C
°°AtmOΘqAH Tivoli Identity Manager
WebSphere OIA]wC
5. ÷@UTwAN≤xsDntmC
– ¿UCBJXANÑq@ómíε 10 HUG
36 IBM Tivoli Identity Manager: N
1. MΣ
WAS_HOME/installedApps/nodename/enRole.ear/app_web.war/WEB-INF/web.xml
C
2. sΦ web.xml AN session-time q 10 ∩≤pAp
5 C
3. xs web.xml C
4. b WebSphere zDxAε½s enRole.ear °íC
3 w¡εBDµMΦk 37
38 IBM Tivoli Identity Manager: N
4 íσ≤≤s
íúσ≤DMµMΦkC
yD≤
w≤UCXDG
²eD sD
IBM Tivoli Identity Manager ΩTñwOU
CDG
v ΩTñe]t IBM Tivoli Identity
M a n a g e r P o l i c y a n d O r g a n i z a t i o n
Administration GuideC
v IBM Tivoli Identity Manager °AtmΓU
v IBM Tivoli Identity Manager @δΓU
IBM Tivoli Identity Manager ΩTñbú
zMtmΩTAúuWUC
IBM Tivoli Identity Manager Server Installation
and Configuration Guide for WebSphere
Environments ]tw@÷tmΩTC
wPtmΓUDMµMΦk
íwPtmDMµMΦkG
DGIBM Tivoli Identity Manager Server Installation and Configuration Guide for
WebSphere Environments ∩aJtyÑM≤BJC
RσrGYnb Tivoli Identity Manager °AW∩aJtyÑM≤A
bπ Tivoli Identity Manager °AqúW¿UCBJG
1. o Tivoli Identity Manager yÑΣ CDCMßAΣX itimlp_agents_setup.jar
C
2. ⁿOµíwyÑM≤CpAbⁿOúWΘJyÑM≤ⁿOG
java -jar itimlp_agents_setup.jar
Tivoli Identity Manager yÑM≤wíl⌡µCϕwíeπ
ⁿA¿yÑM≤w@C
3. AnJ Tivoli Identity ManagerC
4. Tivoli Identity Manager GUIA÷@Utm -> J/X -> JC
5. buJ/Xv°íAs² ITIM_HOME/timpla/AllAgents.jar C
6. ÷@UNΩJ Identity Manager C
7. yÑM≤w¿A÷@U≥C
DGIBM Tivoli Identity Manager Server Installation and Configuration Guide for
WebSphere Environments íúw°AtyÑM≤ⁿC
RσrGYnúwyÑM≤Abπ Tivoli Identity Manager °AqúW
¿UCBJG
© Copyright IBM Corp. 2003, 2005 39
1. ⁿOµíúwyÑM≤C
v °AyÑM≤
a. ½²G
ITIM_HOME/itimlp/lp_uninst
b. ΣX tidlp_uninstall.jar C
c. úwíCpAbⁿOúUΘJyÑM≤ⁿOG
java -jar tidlp_uninstall.jar
v tyÑM≤G
a. ½²G
ITIM_HOME/itimlpa/lpa_uninst
b. ΣX tidlpa_uninstall.jar C
c. úwíCpAbⁿOúUΘJyÑM≤ⁿOG
java -jar tidlpa_uninstall.jar
2. Tivoli Identity Manager yÑM≤úwíl⌡µCϕí°íπ
ⁿA¿yÑM≤úw@C
TºPqll≤DMMΦ
íTºPqll≤DMMΦG
DGTºX CTGIMA616E πσrC
µMΦkGTº CTGIMA616E σrpUG
úe\Nbß∩¿úXWw¼ACíGbu≤//vjε⌡µhAWAúXWwbßóCAbu≤//vjε⌡µhAWANbß∩úXWwóC
zGbß÷Aπjε⌡µ]wAú\Nbß∩¿úXWwbßCd]wApGn\úXWwbßA∩uvC
DGN Tivoli Identity Manager 4.5.1 4.6 ºßALotus® Notes eq
ll≤qMπ Tivoli Identity Manager 4.5.1 xCúLAΣLs²
qll≤qAoTBwxC
µMΦkGñH Lotus Notes eqll≤qπ Tivoli Identity
Manager 4.5.1 xC
DGΩJíiαX@hTºníMíG
σrGnJΩMΩñwsbΩo≡C∩H@Ω
u²C
≤GnJΩMtWwsbΩo≡C∩H@Ω
u²C
DGbnD°ímóbß°iAn≤δTTºH≤TΦíí
≤@C
40 IBM Tivoli Identity Manager: N
b°iWATivoli Identity Manager ∩≡vbßΘd≥]w¡εCWLr
íj≡vbß°iOnDC
TºG°íⁿXuΘJΘJvC
sTºGznD≡vbß°iííj]jπ¡εA2147483647Aú
αj≤ 1951/1/1 eΘεítZCΘJ u≡víjC
ΩTñDMMΦ
NUC IBM Tivoli Identity Manager ΩTñ≤G
v buHzvo@AUCσrnRΩTG
σrGQ≡ujMvUΦjMAiHMΣHCw]j
M]wbH cnCϕ ACI T jM\αsvA
αújMC
RσrG∩≡sv¡]OzLusv¿ΩµPC
v buRúHvpñAUCσrníMíG
σrGBJ 4GbuzHvA∩znRúH∩AMß÷
@UuRúvC
RσrG ACI wT v¡sRú\αAαRúHC
v buzsvo@uRúñΓvpñAUCσrn≤G
σrGz²TñΓMµú]t⌠≤HABñΓúO
h¿AαRúñΓCun⌠@°≤¿ATivoli Identity Manager Server
Núe\zRúñΓCtπTºAⁿXúD≤°≤AhLkR
úznRúñΓC
≤GRúñΓnUC°≤G
– AñΓ
AñΓúαOh¿CúLApGAñΓtMµñ
HAhiHRúAñΓC
– RAñΓ
RAñΓúαOh¿CApGRAñΓtMµñ
HAhúαRúRAñΓC
zTRAñΓúOh¿ABñΓúα]tMµñ
HAαRúRAñΓCun⌠@°≤¿ATivoli Identity Manager
Server Núe\zRúñΓCtπTºAⁿXúD≤°≤Ah
LkRúznRúñΓC
v buq IBM Tivoli Identity Manager qvo@un⌡≈rM
JavaScriptvpñAnΣLΩTíp≤ⁿwεrC
σrG⌡≈UCr]Aϕ HTML ΩΘµí - &entity;ATOq
d XML µíTC
4 íσ≤≤s 41
RσrGqdΘXALkAϕa⌡≈rCKbσrdñ
orAúDzQbΘXñπ⌡≈rCpAr &
Sϕr &AΩΘµí &C
v buq IBM Tivoli Identity Manager qvo@uqAevp
ñA[JRσrAí Lotus Notes 5.0 bet XHTML Y <?xml
version=″1.0″ encoding=″UTF-8″?> XHTML qll≤qwDC
σrGqµ]D«BσrBXHTMLH XML ≥ªF]AX
XML ¡εMµíπWh (http://www.w3.org/XML/)C
µMΦkRσrGpGb Lotus Notes 5.0 ñuσrdAhe
t XHTML Y <?xml version=″1.0″ encoding=″UTF-8″?> XHTML qll≤
qoDC
v bu°i¡zΩvo@uq°itmvpñAnRΩTC
σrGziH∩eH≤Pq°i÷]wAHsWwq
τq°i@ñC
qσrGziHb ITIM_HOME/data ²U∩oeAH≤q°i
÷]wABNwqτsWq°i@G
Abumq°iΩvpñA]nRΩTC
σrGzb∩°iún⌡µΩPB@CMApGz≤°i
⌡BACI °iΩΘΩ]±ΦíApGzNYH[JtñBQnHm
WXb°iñAh⌡µΩPBA≤C
RσrGb⌡µΩPBíLk°iC
v bu°i¡zΩvo@u°iLoG°i]píd JOIN °
≤vpñAϕµnUC≤G
– 2uLovµ
σrGPerson.Organization Roles = Organization Role.DN
≤GPerson.Organization Roles = Role.DN
– 7uLovµ
σrGBusiness Partner Person.Organization Roles = Organization Role.DN
≤GBPPerson.Organization Roles = Organization Role.DN
– 22uΩΘvµ
σrGACIB Organizational Uni
≤GACIBOrganizational Unit
v buft IBM Tivoli Identity Manager Crystal Reportsvo@ñAbUCX
pUC≤G
– ub Windows tWwMtm Crystal Enterprisev
σrGNGqAepUG
42 IBM Tivoli Identity Manager: N
²AnΘúⁿ⌡µ Crystal Enterprise πwCCrystal Enterprise
nΘiP IBM Tivoli Identity Manager í°A≤P@í Windows ≈
úP Windows ≈WCbtm Crystal Enterprise ºeATwzw]w
Crystal zDx (CMC)C\Aϕúσ≤]w CMCC
≤σrGbtm Crystal Enterprise ºe
1. ow Crystal Enterprise °AqúD≈WATwziHD≈
WsoíqúC±ΦíApGπWO server1.ibm.comATwziH
uD≈W server1 sCziαnb hosts ñsWn²CYn
su\αAbw Tivoli Identity Manager qúWΘJⁿOG
ping server1
2. Twzw]w Crystal zDx (CMC)C\Aϕúσ≤]w
CMCC
– utm IBM Tivoli Identity Manager Crystal Reports]Windows
WebSphere Application Serverv
σrG3. ≤s ITIM_HOME\data\crystal.properties ñUCeG
]ún≤A]úπMwqC
cmsHostNo]w Crystal Enterprise ≈ºD≈WC
≤σrG
cmsHostNo]w Crystal Enterprise ≈ºD≈WCH IP
πqúW]τY server1.ibm.com]wCpG Crystal
Enterprise z°AwtmDw]≡A hostname:portC
w]≡O 6400C
v utm IBM Tivoli Identity Manager]UNIX WebSphere Application Serverv
σrG3. ≤s ITIM_HOME/data/crystal.properties ñUCeG
]ún≤A]úπMwqC
cmsHostNo]w Crystal Enterprise ≈ºD≈WCpG Crystal
Enterprise z°AwtmDw]≡]w]≡O 6400Ah]
hostname:portC
≤σrG
cmsHostNo] Crystal Enterprise b≈D≈WCH IP
πqúW]τY server1.ibm.com]wCpG Crystal Enterprise
z°AwtmDw]≡A hostname:portCw]≡O 6400C
v bu⌡µ°iGΘJLovo@ϕ 38uΘJLovñAW
[\h≤Ap 44ϕ 12 G
4 íσ≤≤s 43
ϕ 12. ΘJLo
°iW ΘJ w] ]pí°iLo Crystal Reports Lo
bß A ⌠≤ Service.DN = _USERINPUT_ Service.DN = &ParamField
µ ⌠≤ Organ i z a t i ona lCon t a i n e r .DN =
_USERINPUT_
O r g a n i z a t i o n a l C o n t o . D N =
&ParamField ()
≡vbß A ⌠≤ Service.DN = _USERINPUT_ Service.DN = &ParamField ()
≡v 14 Last Accessed Date = _USERINPUT_ Account.erLastAccess Date =
&ParamField ()
@ nDí ⌠≤ Process.REQUESTER = _USERINPUT_ P r o c e s s . R E Q U E S T E R =
&ParamField ()
QnD ⌠≤ Process.REQUESTEE = _USERINPUT_ P r o c e s s . R E Q U E S T E E =
&ParamField ()
@ A c c o u n t A d d
] eñ
ⁿw
Process.Type = _USERINPUT Process.Type = &ParamField ()
lΘ eΘe
30 !
Process.Completed > _USERINPUT_
A N D P r o c e s s . C o m p l e t e d <
_USERINPUT_
Process.Completed > &ParamField1
() AND Process.Completed <
&ParamField2 ()⌠Θ eΘ
nDí ⌠≤ Process.REQUESTER = _USERINPUT_
]⌠≤
P r o c e s s . R E Q U E S T E R =
&ParamField ()
QnD ⌠≤ Process.REQUESTEE = _USERINPUT_
]⌠≤
P r o c e s s . R E Q U E S T E E =
&ParamField ()
lΘ eΘe
30 !
Process.Completed > _USERINPUT_
A N D P r o c e s s . C o m p l e t e d <
_USERINPUT_
Process.Completed > &ParamField1
() AND Process.Completed <
&ParamField2 ()⌠Θ eΘ
nDí ⌠≤ Process.REQUESTER = _USERINPUT_
]⌠≤
P r o c e s s . R E Q U E S T E R =
&ParamField ()
QnD ⌠≤ Process.REQUESTEE = _USERINPUT_
]⌠≤
P r o c e s s . R E Q U E S T E E =
&ParamField ()
lΘ eΘe
30 !
Process.Completed > _USERINPUT_
A N D P r o c e s s . C o m p l e t e d <
_USERINPUT_
Process.Completed > &ParamField1
() AND Process.Completed <
&ParamField2 ()⌠Θ eΘ
Hbß H ⌠≤ Person.Dn = _USERINPUT_ Person.DN = &ParamField ()
µ ⌠≤ Organ i z a t i ona lCon t a i n e r .DN =
_USERINPUT_
O r g a n i z a t i o n a l C o n t o . D N =
&ParamField ()
Hbß]
ñΓ
ñΓ L]ⁿwñ
Γ
Organization Role.DN = _USERINPUT_ Role.DN = &ParamField (sΦB
n)
µ ⌠≤ O r g a n i z a t i o n C o n t a i n e r . D N =
_USERINPUT_
O r g a n i z a t i o n a l C o n t o . D N =
&ParamField ()
AbßKn A ⌠≤ Service.DN = _USERINPUT_ Service.DN = &ParamField ()
bß¼A ⌠≤] e
ñⁿw
A c c o u n t . A c c o u n t S t a t u s =
_USERINPUT_
A c c o u n t . e r a c c o u n t s t a t u s =
&ParamField ()
ñΓ
h
ñΓ ⌠≤ Organization Role.DN = _USERINPUT_ Role.DN = &ParamField
44 IBM Tivoli Identity Manager: N
ϕ 12. ΘJLo (≥)
°iW ΘJ w] ]pí°iLo Crystal Reports Lo
HA
H ⌠≤ Person.DN = _USERINPUT_ Person.DN = &ParamField ()
bß@ ⌠≤ Process.Type = _USERINPUT_ R o o t P r o c e s s V i e w . T y p e =
&ParamField ()
bß@ ⌠≤ Activity.Type = USERINPUT_ S u b P r o c e s s V i e w . T y p e =
&ParamField ()
lΘ eΘe
30 !
Process.Completed > _USERINPUT_
A N D P r o c e s s . C o m p l e t e d <
_USERINPUT_
SubProcessView.Completed >
& P a r a m F i e l d 1 ( ) A N D
Process.Completed < &ParamField2
(⌠Θ eΘ
A¼ ⌠≤ Service.servicetype = _USERINPUT_ service.servicetype = &ParamField ()
A ⌠≤ Service.DN = _USERINPUT_ Service.DN = &ParamField ()
ID ⌠≤ Activity.Subject = _USERINPUT_ S u b P r o c e s s V i e w . s u b j e c t =
&ParamField ()
¼A ⌠≤ A c t i v i t y . R e s u l t _ S u m m a r y =
_USERINPUT_]⌠≤
SubProcessView.
R E S U L T _ S U M M A R Y =
&ParamField ()
H⌡µb
ß@
eX ⌠≤ Process.REQUESTER = _USERINPUT_ person.DN= &ParamField ()
bß@ ⌠≤ Activity.Type = USERINPUT_ S u b P r o c e s s V i e w . T y p e =
&ParamField ()
lΘ eΘe
30 !
Process.Completed > _USERINPUT_
A N D P r o c e s s . C o m p l e t e d <
_USERINPUT_
SubProcessView.Completed >
& P a r a m F i e l d 1 ( ) A N D
Process.Completed < &ParamField2
()⌠Θ eΘ
A¼ ⌠≤ Service.servicetype = _USERINPUT_ Service.erservicetype = &ParamField
()
A ⌠≤ Service.DN = _USERINPUT_ service.servicetype = &ParamField ()
ID * Activity.Subject = _USERINPUT_ S u b P r o c e s s V i e w . s u b j e c t =
&ParamField ()
¼A ⌠≤ A c t i v i t y . R e s u l t _ S u m m a r y =
_USERINPUT_
S u b P r o c e s s V i e w . R E S U L T _
SUMMARY = &ParamField ()
πP π ⌠≤ PERSON.DN like _USERINPUT_ AND
P E R S O N . C N =
PROCESSLOG.REQUESTOR
PERSON.DN like &ParamField1 ()
A N D P E R S O N . C N =
PROCESSLOG.REQUESTOR
lΘ eΘe
30 !
Process.Completed > _USERINPUT_
A N D P r o c e s s . C o m p l e t e d <
_USERINPUT_
Process.Completed > &ParamField1
() AND Process.Completed <
&ParamField2 ()⌠Θ eΘ
A¼ ⌠≤ Service.servicetype = _USERINPUT_ service.servicetype = &ParamField ()
A ⌠≤ Service.DN = _USERINPUT_ Service.DN = &ParamField ()
ID * Process.Subject = _USERINPUT_ Process.Subject = &ParamField ()
¼A * PROCESS.RESULT_ SUMMARY like
_USERINPUT_
PROCESS.RESULT_ SUMMARY
like &ParamField ()
πí ACTIVITY. DEFINITION_ID like
_USERINPUT_
ACTIVITY. DEFINITION_ID like
&ParamField ()
4 íσ≤≤s 45
ϕ 12. ΘJLo (≥)
°iW ΘJ w] ]pí°iLo Crystal Reports Lo
bß bß ⌠≤ Account.DN = _USERINPUT_ account.eruid = &ParamField ()
H ⌠≤ Person.DN = _USERINPUT_ Person.DN = &ParamField ()
A¼ ⌠≤ Service.servicetype = _USERINPUT_ service.servicetype = &ParamField ()
A ⌠≤ Service.DN = _USERINPUT_ Service.DN = &ParamField ()
Θ eΘ Process.Completed < _USERINPUT_ Process.Completed < &ParamField1
()
H H ⌠≤ Person.DN = _USERINPUT_ Person.DN = &ParamField ()
µ ⌠≤ Organ i z a t i ona lCon t a i n e r .DN =
_USERINPUT_
O r g a n i z a t i o n a l C o n t o . D N =
&ParamField ()
¡≤ eΘ Process.Completed < _USERINPUT_ Process.Completed < &ParamField1
()
A A ⌠≤ Service.DN = _USERINPUT_ Service.DN = &ParamField ()
A¼ ⌠≤ Service.servicetype = _USERINPUT_ Service.erservicetype = &ParamField
()
⌠≤ Peson.DN = _USERINPUT_ Peson.DN = &ParamField ()
µ ⌠≤ Organ i z a t i ona lCon t a i n e r .DN =
_USERINPUT_
O r g a n i z a t i o n a l C o n t o . D N =
&ParamField ()
h hW
⌠≤ ProvisioningPolicy.PolicyName =
_USERINPUT_
P r o v i s i o n i n g P o l i c y . D N =
&ParamField ()
sε ACI W ⌠≤ ACI.name = _USERINPUT_ ACI.name = &ParamField ()
ACI ⌠w
q
⌠≤ ACI.category = _USERINPUT_ ACI.category = &ParamField ()
½≤¼ ⌠≤ ACI.Target = _USERINPUT_ ACI.target = &ParamField ()
ACI d≥ ⌠≤ ACI.scope = _USERINPUT_ ACI.scope = &ParamField ()
µ ⌠≤ Organ i z a t i ona lCon t a i n e r .DN =
_USERINPUT_
O r g a n i z a t i o n a l C o n t o . D N =
&ParamField ()
πp A L]nΘJ Service.DN = _USERINPUT_ Service.DN = &ParamField (sΦB
n)
v uñΓHbßvíñⁿX∩ñΓC
σrGíπGu÷@UjMMΣⁿwzn¡ε°iñΓCpG
zúⁿwñΓAh°i]tXΣLⁿwhñΓCvYnΣXoqí
A⌡µUC@G
1. H itim z¡nJC
2. bD\αϕ²C÷@U°iC
3. bu@C÷@U⌡µ°iC
4. ∩uO°iv°i¼C
5. ∩uñΓHbßvl\αϕC
6. ÷@U ? oíC
≤σrG÷@UujMvMΣⁿwzn¡ε°iñΓC∩ñ
Γα⌡µ°iC
46 IBM Tivoli Identity Manager: N
v buwWíΩPBívo@ñAu≤Θxvp@q
nRΩTC
σrGpGO IBM Directory ServerAN DB2 Ωww]uíΩ
∩jpvW[ jApG4096Co]wO IBM Directory Server x
s≤ΘxC\ DB2 ΓUAH∩íΩ∩jpC
RσrGOracle SQL Server 2000 únΣLBJC
v buwWíΩPBívo@ñAubt@tñwWí
ΩPBívp@qnRΩTC
σrGGsynchronizer_computer OΣñnwuWíΩPBív
qúCitim_computer OΣñww Tivoli Identity Manager qúC
RσrGb Tivoli Identity Manager OtmñAitim_computer O⌠≤ⁿzIC
v buwWíΩPBívo@ñAuπWíΩPB
ívnⁿww]C
σrG
– changeLogFetchSize
– maximumChangeLogsToSynchronize
– changeLogsToAnalyzeBeforeSynchronization
≤σrG
UCw]G
– changeLogFetchSize=200
– maximumChangeLogsToSynchronize=10000
– changeLogsToAnalyzeBeforeSynchronization=5000
í≡w]O 30 ϕC
v butmtevo@ñAsW@Σ enRole.properties tmVK
XPBC
σrGLC
RσrGVKXPBtm
# This is the configuration flag to bypass the password
# validation on the orphan account when the request is
# submitted from the agent.
reversePasswordSynch.bypassPwdValidationOnOrphanAccount=false
pGΣ] ″true″ BoKXPBbßO≥dbßAhñLKXτC
v bu⌡µ°iGΘJLovo@ϕ 37uΘJvñAn
UC≤G
– uACI WvbuⁿwΘJípUw]vµñAπ
u⌠≤voADu*]ⁿ⌠≤vC
4 íσ≤≤s 47
– uπívCOuπíWvC
– u≡vvCOu≡v]!vC
– uµvCOuµvC
– u@vCbuⁿwΘJípUw]vµñAπ
usWbßvADu⌠≤vC
v buwWíΩPBívo@ñAú@úsbeC
σrGbubt@tñwWíΩPBívñAXBJ 15 π
G
15. ∩ synchronizer_computer º ITIM_HOME/data ²ñ enRoleLogging.properties
ApUG
– N jlog.logCmdPort e] 9992 HC≡ 9992 w IBM Tivoli Identity
Manager Server A]uWíΩPBívLk≡ 9992
ΘxíC
≤Gú]ñ⌠≤ú jlog.logCmdPort eσrCeúsbC
v butmbßΩTvo@ñAn≤Mµñ@C
σrGutmvuevi²z]wUCKXBnJzw]
u@yú∩G
– πΘtu@yúMútm
≤σrGMµ≤uu@yqvC
v buq IBM Tivoli Identity Manager qvo@usbßdvpñA
UC»zíG
σrG
EmailContext =com.ibm.itim.mail.workflow.TemplateWorkflowNewAccountContext
≤σrG
EmailContext =com.ibm.itim.workflow.notification.TemplateNewAccountNotification
σrGbusKXdvpñAUC»zíG
EmailContext =com.ibm.itim.mail.workflow.TemplateWorkflowNewPasswordContext
≤σrG
EmailContext =com.ibm.itim.workflow.notification.TemplateNewPasswordNotification
σrGbu≤bßdvpñAUC»zíG
EmailContext =com.ibm.itim.mail.workflow.TemplateWorkflowNewAccountContext
≤σrG
EmailContext =com.ibm.itim.workflow.notification.TemplateNewAccountNotification
48 IBM Tivoli Identity Manager: N
σrGbubßdvpñAUC»zíG
EmailContext = com.ibm.itim.mail.workflow.TemplateWorkflowDeProvisionContext
≤σrG
EmailContext = com.ibm.itim.workflow.notification.TemplateDeprovisionNotification
v buJavaScript vo@ Activity.description pñAíínR
ΩTC
σrGo¬µO@urΩvAªíbu@y]píñwq
ⁿwíC
RσrGbΓíñ]πBRFI u@qµAo¬µOurΩvAN
ϕu@y]píñwqu@σrdvC∩≤ΣLíAo¬µ
OurΩvAíbu@y]píñwqⁿwíC
v buft IBM Tivoli Identity Manager Crystal ReportsvpñAnRΩ
TC
σrGbutm IBM Tivoli Identity Manager Crystal Reports]Windows
WebSphere Application Servervputm IBM Tivoli Identity
Manager]UNIX WebSphere Application ServervpñABJ 1 πG
pG Crystal Enterprise P Tivoli Identity Manager wbP@í≈WA⌡Lo
BJBJ 2ChAbw Tivoli Identity Manager ≈W⌡µ Crystal
Enterprise qwC
WGb IBM Tivoli Identity Manager OípñAbOC@ⁿz
IWA⌡µ Crystal Reports tmBJC
v buft IBM Tivoli Identity Manager Crystal Reportsvo@ñAnR
ΩTC
σrGbutm IBM Tivoli Identity Manager Crystal Reports]Windows
WebSphere Application Servervputm IBM Tivoli Identity
Manager]UNIX WebSphere Application ServervpñABJ 3 πG
3. ≤s ITIM_HOME\data\crystal.properties ñUCeG]HUuπ≤
Ωw No] IBM Tivoli Identity Manager ΩwCw∩ DB2 Ω
wtmApGΩw≤ Crystal Enterprise H≈AⁿwⁿV IBM
Tivoli Identity Manager ΩΩwºΩwOWC
WGw∩ OracleApGΩwb≈úO Crystal Enterprise ≈Aⁿw IBM
Tivoli Identity Manager ºΩΩw TNS AWCw∩ MS-SQL ServerA
ⁿw IBM Tivoli Identity Manager ºΩwΩWC
v buft IBM Tivoli Identity Manager Crystal Reportsvo@ñAnR
ΩTC
σrGbutm Crystal Reports °idvpñABJ 2 πG
4 íσ≤≤s 49
2. Y DB2AN db2jcc.jar M db2java.zip q SQLLIB/java ²s
ITIM_HOME/lib ²CY OracleAN Oracle wñ ojdbc14.jar s
ITIM_HOME/lib ²ñC
WG∩≤ MS-SQL ServerAúnBJ⌠≤@C
v bu]w¡úMαΩvo@uMwH±mvpñAJavaScript d
pgr ″o″ATOπsC
σrGUC JavaScript íXiH≤±mWhHiµoα½G
return "ou=" + entry.dept[o] + ",ou=" + entry.bu[o] + ",ou=" + entry.dw[o];
≤G
return "ou=" + entry.dept[0] + ",ou=" + entry.bu[0] + ",ou=" + entry.dw[0];
v bu°i¡zΩvo@ñAnRΩTí½≤LoC
RσrGbuWϕíϕkvpßAAW[uACI ½≤Lob°iñ
kvo@pAtUCΩTG
u°iv ACI ñwqu½≤LovANΩM ACI ΩTmbΩw
ñCu°ivnXUCD½≤LoG
– LDAP SQL α½ΣLo≤ LDAP LoWµ RFC 2254 ñú
@í≈LoC
– úΣ±∩WhB±ⁿo Lo±ⁿBΓlC
– bWϕíñAΣ *]PUrC
– LDAP LoñuⁿUCSϕrG
- $]⌠
- @]at
- _]u
- *]P
- ? ]
- /]u
- \]u
- . yI
- :]
- µ
- Tab Σ
LDAP LoñúΣUCrCpGzb½≤LoñorAh°i
bm ACI ΩTúqorG
- ¬jA
- kjA
- [ ¬ΦA
- ] kΦA
- %]±
- &]«
50 IBM Tivoli Identity Manager: N
- ,]rI
v RFC 2254 WwAiHUCSϕrϕ@δrG
– \2a * @δrADUr
– \28 ( ¬A r
– \29 ) kA r
– \5c \ ur
v butmbßΩTvo@uKXPBvpñAu PBKXv∩
∩u KXPBv∩C
σrGbutmvuevWAu PBKXv∩i²z
PBKXC
≤GbutmvuevWAu KXPBv∩i²zP
BKXC
v butmbßΩTvo@uKXLd/ vpñAWºí@
µC
σrGutmvuLd v
≤GutmvuLd/ vC
v butmbßΩTvo@uADMIN-DEFINED LdívpñG
σrGb∩÷@UoHwqLdX°íñAiHwqM
∩uADMIN-DEFINED LdívLdDC
≤Gb∩÷@UoHwqzLdX°íñAiHwqM
∩uADMIN-DEFINED LdívLdDC
bñAt@aΦXPG
σrG4. ÷@U÷@UoHwqLdABwquKXLd/ vDC
≤G4. ÷@U÷@UoHwqzLdABwquKXLd/ vDC
v butmbßΩTvo@uwqLdDvpñA≥@µG
σrG∩GqyÑMµ∩LdDyÑ⌠]w]yÑ⌠O∩
Cp÷ΩTA\uyÑ⌠MLdvC
≤G∩GqyÑMµ∩LdDyÑ⌠]w]yÑ⌠O∩C
p÷ΩTA\uyÑ⌠MLdvC
v buq IBM Tivoli Identity Manager qvo@ulFvpñA″-email″ orXLΩ]σC
σrGWLoqíßAlFNEπPusqll≤DDvq
AlFdE¿@qll≤]σbBO ″-email″C@qll≤¼≤C
≤GWLoqíßAlFNEπPusqll≤DDvqA
lFdE¿@qll≤]B≤ ″e-mail″C@qll≤¼≤C
4 íσ≤≤s 51
v buq IBM Tivoli Identity Manager qvo@ñAuⁿw@δlFevM
ulFdvpú HTMLA≤ XHTMLC
σrGb HTML σµAΘJqll≤ñπσr⌠≤ JavaScript í
XAeC
≤Gb XHTML σµAΘJqll≤ñπσr⌠≤ JavaScript íX
AeC
v buq IBM Tivoli Identity Manager qvo@ñAulFAeqv
pú ″newline″ orA≤ ″new line″]½µC
σrG rΩA]tC@lqσrσAH newline rjC
≤G rΩA]tC@lqσrσAH½µrjC
v buq IBM Tivoli Identity Manager qvo@ñAulFevpC
X POST_OFFICE_TEST_ALT=lFdA²oúOC
σrGb Labels.properties ñsΦUCeAiHqlFtm GUI
G
– POST_OFFICE_TEST_ALT=lFd
≤GUCMµLAñG
– POST_OFFICE_TEST_ALT=lFd
v buq IBM Tivoli Identity Manager qvo@uw]Aevp
ñAϕ 27 dσrWXCΣñíσrO
<RE key=″readOnlyDateFormat″>″C
v buq IBM Tivoli Identity Manager qvo@utqvpñAuí
OdvBuOdvu¿dvpñ≥@µC
σrGp÷ΩTA\u⌠wq JavaScriptvC
≤Gp÷ΩTA\u⌠wq JavaScript vC
v butm IBM Tivoli Identity Manager ⌠vo@uµV SSL OvpñA
PuSSL Mº[vXΓC
≤Gñ½C
v buq IBM Tivoli Identity Manager vo@u ϕµdvpñA
@BJDC
σrG÷@UqµC
≤G÷@UϕµqC
v buq IBM Tivoli Identity Manager vo@utmqxvpñA
s GIF qxBJúT⌠C
σrGWAS_HOME/installedApps/enrole.ear/enrole.war/images
≤GWAS_HOME/installedApps/cell_name/enRole.ear/app_web.war/images
v bu°i¼vo@uH°ivpñAUCDG
52 IBM Tivoli Identity Manager: N
σrGHbß
≤GHbß
σrGHbß]ñΓ
≤GH@°i
σrG Hv
≤G H°iv
Abus°ivpñAUCDG
σrGu≡vbßvúOus°ivMµñß@°iC
≤GNu≡vbßvus°ivMµßmC
v butm Tivoli Identity Manager °A SSL Ovo@utm Tivoli Identity
Manager Server vpñAGq[J@BG
σrGpGzb Tivoli Identity Manager Server M@htºí
iµV SSL OA¿tmµV SSL OA≈zí
°AMpK≈AMß]DpK≈ANP@
wC@tWH⌠ CA]oMµC
RσrGz]NϕuvAwb Tivoli Identity
Manager ñPwΣL CA H⌠xswñ]≈xswC±ΦíApG
M CA PH⌠xsw]≈xswAN]
uvsWzP@≈xswCpGzúP
≈xswjzM CA ANwbwq CA
≈xswñC
: noRBJA] Tivoli Identity Manager Server JSSE Σ
Abww∩≈WAnD CA ]sbH⌠
xswñ]≈xswC
v butm Tivoli Identity Manager °A SSL Ovo@udΩGb
⌠ñV SSL tm Tivoli Identity Manager Server M ADK ¼tvp
ñAAbBJ 5 ßW[@BBJG
σrG
1. IBM Key Management íG
...
2. zΓw]H⌠xswG
...
3. NDnπWΦUD≤uHvC∩ww
]pGπXC
4. G
...
4 íσ≤≤s 53
5. u]úP÷pK≈G
a. buHvºUA∩C
b. TwuGi DER ΩvπbuΩ¼vµñC
c. buWvµñAΘJznⁿúWAbd
ñΘJ cacert_selfsigned.derC
d. bumvµñAΘJzn±m⌠Abdñ
ΘJ WAS_HOME\AppServer\java\jre\bin\C÷@UTwC
6. ⌠ iKeymanC
Rσr]bWzBJ 5 ßW[UCBJ 6G
– 6. N] CA sW Tivoli Identity Manager Server
H⌠xswG
- a. NDnπWΦUD∩C∩iHπww
CA C
- b. ÷@UsWC
- c. NuΩ¼v∩uGi DER ΩvC
- d. ÷@Us²As² WAS_HOME\AppServer\java\jre\bin\ ²C
- e. ∩ cacert_selfsigned AA÷@UC
- f. úzΘJAΘJ uzWAp
cacert_ITIMserver_selfsignedC
v buúπbßvo@ñALDIF dúTC
σrGúbπºbßAOb LDIF ñⁿwCUNO LDIF ñ
dG
dn: ou=excludeAccounts, ou=ITIM, ou=ITIM, dc=comou: excludeAccountsobjectClass: topobjectClass: organizationalunitdn: cn=SolarisProfile, ou=excludeAccounts, ou=ITIM, ou=ITIM, dc=comerObjectProfileName: SolarisProfileobjectClass: topobjectClass: eridentityexclusioncn: SolarisProfileerAccountID: rooterAccountID: admin
≤σrGúúπbßOb LDIF ñⁿwCHUO LDIF ñdC
bdñAou=ibm ibm Ow] zb LDAP ²ñ Tivoli Identity
Manager tmH IDC
dn: ou=excludeAccounts, ou=itim, ou=ibm, dc=comou: excludeAccountsobjectClass: topobjectClass: organizationalunitdn: cn=SolarisProfile, ou=excludeAccounts, ou=itim, ou=ibm, dc=comerObjectProfileName: SolarisProfileobjectClass: topobjectClass: eridentityexclusioncn: SolarisProfileerAccountID: rooterAccountID: admin
54 IBM Tivoli Identity Manager: N
v buft IBM Tivoli Identity Manager Crystal Reportsvo@utm IBM
Tivoli Identity Manager Crystal Reports]Windows WebSphere Application
ServervpñAUCΩTn≤G
σrGBJ 2 nUC≤G
o .jar q≤UC²ñG
C:\Program Files\Common Files\Crystal Decisions\2.5\java\lib
≤σrGo .jar q≤UC²ñG
C:\Program Files\Common Files\Crystal Decisions\2.5\java\libC:\Program Files\Common Files\Crystal Decisions\2.5\java\lib\external
lib\external ²t log4j.jar C
v buft IBM Tivoli Identity Manager Crystal Reportsvo@utm IBM
Tivoli Identity Manager Crystal Reports]UNIX WebSphere Application
ServervpñAUCΩTn≤G
σrG1. pG Crystal Enterprise P Tivoli Identity Manager wbP@í≈
WA⌡LoBJBJ 2ChAbw Tivoli Identity Manager ≈
W⌡µ Crystal Enterprise qwC Crystal Enterprise wíANUCΓ
≤w≈WG
– Crystal Publishing Wizard
– Crystal Enterprise Java SDK
≤σrG1. pG Crystal Enterprise P Tivoli Identity Manager wbP@í≈
WA⌡LoBJBJ 2ChAbw Tivoli Identity Manager ≈
Ww Crystal Enterprise webtier ≤CoqiHg⌡µ Crystal wM≤
]t install_webtier.sh script F¿C
:
1. Crystal webtier ≤w@Ω⌡µ WebSphere Application Server M
Tivoli Identity Manager °A Script UNIX ⌡µC Crystal w
@ Tivoli Identity Manager CpGt@ns
Crystal webtier ≤Ah⌡µt@w@C²h UNIX
@P Crystal webtier ≤w@C
2. Tw Tivoli Identity Manager °Aqú /etc/hosts ñsbUCn²G
ip_address host
ip_address O Crystal Enterprise °AqúΩ IP Chost O
Crystal Enterprise °AqúD≈W]út⌠Cb /etc/hosts ñ[J
n²ºßAYnTwiHQD≈Ws Crystal °AAΣJⁿOG
ping host
3. ¡≤ LinuxGT /etc/hosts ñS⌠≤n²N≈qúD≈W∩
j⌠ IP CpAUCn²ND≈W∩j⌠ IP G
127.0.0.1 host localhost.localdomain localhost
UCn²iHKoDG
127.0.0.1 localhostIPaddress_server1 host
4 íσ≤≤s 55
IPaddress_server1 O server1 IP Chost O Tivoli Identity Manager
°AqúD≈WC
σrGBJ 2 nUC≤G
o .jar q≤UC²ñG
CRYSTAL_HOME/java/lib
≤σrGo .jar q≤UC²ñG
CRYSTAL_HOME/java/libCRYSTAL_HOME/java/lib/external]]t log4j.jar
ΩDMMΦ
íσ≤DMMΦG
v DGbΘσ⌠UALkb Microsoft Outlook Express ñ\¬q Tivoli Identity
Manager el≤qD«C
µMΦkG TºMµCNibTºMµñ¬D«CAz]i÷@U
TºMµñTºAbt°íñoi¬D«C
v DGbwσ⌠UA″Tivoli Identity Manager deinstallieren″ °íbUCzñXσkG
Bitte warten Sie während des Deinstallers von InstallAnywhere die folgenden Funktionen
entfernt...
µMΦkGTzOG
Bitte warten Sie während der Deinstaller von InstallAnywhere die folgenden Funktionen
entfernt...
v DGΦZ"σ Tivoli Identity Manager w@H servidor1 WebSphere
Application Server WA²ⁿw server1C
MΦGún servidor1 WebSphere Application Server WC
W server1C
Adobe Acrobat Reader D
DGA Adobe Acrobat Reader 4.05 ≤¬°s Tivoli
Identity Manager σ≤CziqUC⌠o Adobe Acrobat ReaderG
http://www.adobe.com/products/acrobat/readstep2.html
56 IBM Tivoli Identity Manager: N
5 wMMM≤
CXwMúúM≤⌠C
wM
C@@t≥ CD ]t Tivoli Identity Manager úwMµC
MΣz@tAXwMG
v itim-4.6-cd-images-linux.txt
v itim-4.6-cd-images-aix.txt
v itim-4.6-cd-images-sun.txt
v itim-4.6-cd-images-windows.txt
pAYnMΣb AIX @tWw Tivoli Identity Manager A
AIX ≥ CD W itim-4.6-cd-images-aix.txt C
pΣ¡xí÷ΩTA\ IBM Tivoli Identity Manager
NC
τM≤h
τ WebSphere Application Server M≤OThCΘJUCΣñ@ⁿOG
v WindowsG
– µ°AO¿
WAS_HOME\bin\versionInfo.bat
– ípzí
WAS_NDM_HOME\bin\versionInfo.bat
v UNIXG
– µ°AO¿
WAS_HOME/bin/versionInfo.sh
– ípzí
WAS_NDM_HOME/bin/versionInfo.sh
pAⁿUCΘXG
v WebSphere Application Server Base
Installed Product-----------------------------------------------Name IBM WebSphere Application ServerVersion 5.1.1.3ID BASE
v ípzí
© Copyright IBM Corp. 2003, 2005 57
Installed Product-----------------------------------------------Name IBM WebSphere Application Server for Network DeploymentVersion 5.1.1.3ID ND
oM≤
Tivoli Identity Manager M≤ⁿUCWG
4.6.0-TIV-TIM-platform-WAS-000n.zip
Σñ platform iαO AIXAn OπAp 1C
UC⌠ú Tivoli Identity Manager íG
http://www-1.ibm.com/support/dlsearch.wss?rs=644&q=&tc=SSTFWV
&dc=D420&loc=en_US&cs=utf-8&lang=en&sort=desc&rankfile=8&p=1
pU IBM HuW ID oM≤ΣLΦk÷ΩTA\ 60
yoízC
58 IBM Tivoli Identity Manager: N
² A. ΣΩT
íUC∩AΦKo IBM úΣG
v yjMwz
v 60yoíz
v 60yp IBM nΘΣñz
jMw
pGz IBM nΘΦDAz@wQ¿MC²jMiwAPz
DOwMΦC
jMt⌠⌠WΩTñ
IBM úIíσ≤AiHwbqúí⌠⌠°AWCziHQΩ
TñjM\αAdºΩTB@¿ⁿBΩTΣσ≤C
jM⌠⌠⌠
pGbΩTñΣúD¬A⌠⌠⌠WjMsBπΩTAiα
U≤MzDCYnMΣzúb⌠⌠⌠WΩAyXUCΣñ@
⌠G
v IBM Tivoli Identity Manager Performance Tuning Guide
úbí@⌠ñπ Tivoli Identity Manager °AΩTCiHqUC
⌠oG
http://publib.boulder.ibm.com/tividd/td/tdprodlist.html
b A-Z úMµñ÷@U I rAMß÷@U IBM Tivoli Identity Manager Cs²ΩTñ Technical Supplements qC
v UC⌠ú⌡MG
http://www.ibm.com/software/sysmgmt/products/support/
IBMTivoliIdentityManager.html
s² Self Help qAb Learn ñA÷@U Redbooks C
v UC⌠úNΩTKnG
http://www.redbooks.ibm.com/redbooks.nsf/tips/
v UC⌠úΓUG
http://www.ibm.com/software/sysmgmt/products/support/Field_Guides.html
v pΣL Tivoli Identity Manager ΩMµAjMUC IBM developerWorks
⌠G
http://www.ibm.com/developerworks/
© Copyright IBM Corp. 2003, 2005 59
oí
úíiαMzDCziHdUCúΣ⌠AMwz IBM nΘ
úiíG
1. yX IBM nΘΣñ⌠ (http://www.ibm.com/software/support)C
2. b Products support pages A to Z UΦA∩zúWrC
3. bSwúMµñA÷@U IBM Tivoli Identity ManagerC
4. b Self help UΦAziHúAíBM≤ΣLA≤síMµC
5. ÷@UíWA\¬íAMßiH∩UⁿíC
YnCg¼÷ IBM úíΣLsDqll≤qAϕUCBJG
1. b⌠≤ IBM úΣ⌠WA÷@U¬Wñ My supportC
2. pGzwUA⌡U@BCpGUA÷@UΣ⌠kWñUA
z ID MKXC
3. nJ My supportC
4. b My support ⌠WA÷@U¬Σ²íµñ Edit profilesA SelectMail PreferencesC∩tCúA znΩT¼∩Aϕ∩C
5. ÷@U SubmitC
6. pΣLúqll≤qA½BJ 4 M 5C
pí¼÷ΩTA\ Software Support Handbook
(http://techsupport.services.ibm.com/guides/handbook.html)C
p IBM nΘΣñ
IBM nΘΣñúMúD≤UC
bp IBM nΘΣñºeAQqo IBM nΘ@XABz
≥ovV IBM úXDCznΘ@X¼°zú¼wG
v Y IBM enΘú]]A²ú¡≤b Windows UNIX @tW⌡µ
TivoliBLotus Rational úAH DB2 M WebSphere úAQUCΣñ
@ΦínO Passport AdvantageG
– uWG\ Passport Advantage ⌠
(http://www.lotus.com/services/passport.nsf/WebDocs/ Passport_Advantage_Home)A÷
@U How to Enroll
– qG÷≤bzΩaiHqXAyX IBM nΘΣñ⌠
(http://techsupport.services.ibm.com/guides/contacts.html)A÷@Uzbaz
WC
v Y IBM eServer nΘú]]A²ú¡≤b zSeriesBpSeries iSeries ⌠ñ⌡
µ DB2 M WebSphere úAziHp IBM Nϕ IBM
±RnΘ@XCp eServer nΘúΣ÷ΩTA\ IBM
Technical Support Advantage ⌠ (http://www.ibm.com/servers/eserver/techsupport.html)C
60 IBM Tivoli Identity Manager: N
pGzúTwn≤nΘ@XAbⁿΩa 1-800-IBMSERV
(1-800-426-7378)AΣLΩayX IBM Software Support Handbook ⌠
(http://techsupport.services.ibm.com/guides/contacts.html)A÷@UzbazWA
oϕaΣHqXC
DDBJp IBM nΘΣñG
1. PD∩°C
2. yzDJIΩTC
3. V IBM nΘΣñúXDC
PD∩°
V IBM °iDANVzY½C]AzA⌠z°iº
D∩°CQUChG
Y½ 1 Y½°GzLkíAPτBⁿY½C¼p
nYMΦC
Y½ 2 π°GíiHB@A²\αY½ⁿ¡C
Y½ 3 í≈°GíiHB@A²Lkn\α]∩τBú
½nC
Y½ 4 p°GD∩τBy¿LvTAw∩DXz
]IC
yzDJIΩT
V IBM DA¿iαaπΘ»zC]A÷IΩTA² IBM nΘ
ΣñMHα≈t≤UzMDCFíA²TUCD
¬G
v Do⌡µ#≥nΘH
v Dg¼O⌠≤÷ΘxBlTºH IBM nΘΣñiαno
ΩTC
v α²DΩHpGiHA#≥BJy¿óGH
v tOL⌠≤H]pAwΘB@tB⌠⌠nΘÑC
v zeO∩D⌠≤µMΦkHpGAbú°D@ í
C
Tivoli Identity Manager AuπiH≤UJΩTú IBM nΘΣñNϕC
uπ¼ Tivoli Identity Manager ÷ΘxBdú JAR BJ@
¡tmΩAHtoΩTúYCMßAúYiHeHq
ll≤HΣNϕC
¡bzΣNϕⁿUouπCp÷ΩTA\ IBM Tivoli Identity
Manager Problem Determination GuideC
V IBM nΘΣñúXD
ziHzLΓDúXDG
² A. ΣΩT 61
v uWGyX IBM nΘΣñ⌠ ″Submit and track problems″ ⌠(http://www.ibm.com/software/support/probsub.html)CbAϕDú°uπñΘJz
ΩTC
v qG÷≤bzΩaiHqXAyX IBM Software Support Handbook
⌠pH⌠ (http://techsupport.services.ibm.com/guides/contacts.html)A÷@Uz
bazWC
pGzúXDO÷≤nΘD°iAíσ≤AIBM nΘΣñ
uvíR°i (APAR)vCAPAR yzDCb APAR ≥oM
MGíºeAIBM nΘΣñ¿iαúµMΦkzΩ@CIBM C
!búΣ⌠WoGwM APARA²ΣLDJPDiHqP
MΦño¬C
pDMΦ÷ΩTA\ 59yjMwzM 60yo
ízC
62 IBM Tivoli Identity Manager: N
² B. N
σ≤Yw∩ IBM bⁿΩúºúPAoFbΣLΩañAIBM úúo
ú≤ñúUúBA\αCóϕa IBM NϕAHo
ϕaeúúMAº÷ΩTCo≈σ≤bú IBM úBíAA
úϕtuα IBM úBíACunI IBM z]úvA
⌠≤\αϕúBíAúiHN IBM úBíACúLA⌠≤
D IBM úBíAAµtd@⌠Mτd⌠C
o≈σ≤íDDeAIBM iαΣMQMQCúo≈σ≤úNϕ
úoMQvCziHúXvdAτHG
IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.
pGO÷ (DBCS) ΩTvdAóbΩ IBM z]úíA
úXvdAτHG
IBM World Trade Asia CorporationLicensing2-31 Roppongi 3-chome, Minato-kuTokyo 106-0032, Japan
UCq¿úA≤Ω°PϕakΦΣLΩaGInternational Business
Machines Corporation uypzúXAúú⌠≤tºOAΣ
ñ]ABú¡≤úHWwBiSwºA⌠tOCab
Swµ÷WAú\útOA]Aonú@wAXzC
oΩTñiαNWLΩWC]AIBM wqFNqß
eJsñCIBM H∩iM/≤XúúM/íAút
µqC
o≈ΩTñú⌠≤D IBM ⌠uAIBM úo⌠úOCo⌠
úΩúO IBM úΩeApGno⌠ΩAz
µßIC
IBM oHUAϕΦíGzú⌠≤ΩTAL∩ztdC
pGí≥vHF (i) bOíMΣLí]]Aíºíµ½
ΩTAH (ii) ¼µ½ΩTA]n÷ΩTAóG
IBM Corporation2ZA4/10111400 Burnet RoadAustin, TX 78758U.S.A.
© Copyright IBM Corp. 2003, 2005 63
oΩTiAϕ°oAbYípUIOΦoC
IBM ≥≤Φº IBM ΩívX]⌠≤PÑX°AúΩTú
víPΣAvΩC
Bt⌠≤αΩAObⁿε⌠UoXAPbΣL@⌠UoX
GAiαjtºCqΩObotWAúOPΣLqt
WqΩ@CAqΩiαOzL[Hw⌠AΩGúú
oPCσTΣSw⌠AΩC
úºD IBM úΩTAúAΣoGnΣLDC
IBM LoúA]LkToD IBM ú⌡µαBe⌠≤∩
úΣLDiO LC÷D IBM úαDóúC
UCNyO International Business Machines Corporation bⁿΩ/ΣLΩa
UGIBMBIBM xBAIXBDB2BDominoBLotusBSecureWayBTivoliBTivoli
xBUniversal DatabaseBWebSphereC
MicrosoftBWindowsBWindows NT M Windows xO Microsoft Corporation bⁿΩ
/ΣLΩaC
IntelBIntel Inside]xBMMX Pentium O Intel Corporation bⁿΩ/ΣLΩ
aC
UNIX O The Open Group bⁿΩΣLΩaUC
Linux O Linus Torvalds bⁿΩ/ΣLΩaC
Java MH Java ≥ªO Sun Microsystems, Inc.
bⁿΩ/ΣLΩaC
ΣLqBúAWAiαOTAxC
64 IBM Tivoli Identity Manager: N
íX: 5724-C34
GI10-2741-03
Recommended