This section explains how to make the following changes in the operating environment for the Systemwalker Single Sign-On Server.
Changing the host name, IP address or port number
Changing the certificate
Migrating to another system
Changing the host name, IP address or port number
Delete the environment for the Systemwalker Single Sign-On Server by referring to "Deleting the Systemwalker Single Sign-On Server Settings" and then recreate an environment for the Systemwalker Single Sign-On Server by referring to "Creating an Environment for the Systemwalker Single Sign-On Server".
Changing the certificate
When the certificate expires, authentication can no longer be performed. Obtain another certificate file and import it to the Systemwalker Single Sign-On Server by referring to "Certificate Management" under "Authentication and Encrypted Communications through Support for SSL" in the Interstage Application Server Security System Guide.
Migrating to another system
Use the following procedure to migrate to another system.
Install a Systemwalker Single Sign-On Server and a Systemwalker authentication repository on the destination server.
Systemwalker Single Sign-On Server
Install the Systemwalker Single Sign-On Server on the destination server by referring to "Installing the Systemwalker Single Sign-On Server".
Systemwalker authentication repository
Install the Systemwalker authentication repository on the destination server by referring to "Creating an Environment for the Systemwalker Authentication Repository".
Create the certificate environment that was created on the source system, by referring to "Creating an SSL Environment".
Back up the Systemwalker authentication repository.
This section explains how to back up the Systemwalker authentication repository when the Systemwalker Single Sign-On function is being used.
When the Interstage Directory Service is used
Export the common user information by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapsearch - <host name> -p <port number> -D <administrator DN> -w <password> -b <public directory> "(objectclass=*)"> <output file path> (*1) |
[UNIX]
ldapsearch -h <host name> -p <LDAP port number> -D <DSA administrator DN> -w <password for the DSA administrator DN> -b <top entry> "(objectclass=*)" > <output file path> (*1) |
(*1) Any path can be defined for the output file path.
The ldapsearch command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapsearch command.
Example:
When the authorization information directory has been created as follows:
Host name: SWSSO.fujitsu.com
Port number: 389
Administrator DN: CN=Administrator, DC=fujitsu, DC=com
Password: password
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administraotr,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/tmp/dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > /tmp/dir.ldif |
When Active Directory is used
Export the data from Active Directory by referring to the relevant Microsoft manual, and then export authorization information by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapsearch -h <host name> -p <port number> -D <administrator DN> -w <password> -b <public directory> "(objectclass=*)" > <output file path> (*1) |
[UNIX]
ldapsearch -h <host name> -p <LDAP port number> -D <DSA administrator DN> -w <password for the DSA administrator DN> -b <top entry> "(objectclass=*)" > <output file path> (*1) |
(*1) Any path can be defined for the output file path.
The ldapsearch command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVidsdk/C/bin/ |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapsearch command.
Example:
When the authorization information directory has been created as follows:
Host name: SWSSO.fujitsu.com
Port number: 389
Administrator DN: CN=Administrator, DC=fujitsu, DC=com
Password: password
Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administraotr,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/tmp/dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > /tmp/dir.ldif |
This section explains how to back up the Systemwalker authentication repository when only the Systemwalker User Management function is being used.
When the Interstage Directory Service is used
Export the common user information by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapsearch -h <host name> -p <port number> -D <administrator DN> -w <password> -b <public directory> "(objectclass=*)" ><output file path> (*1) |
[UNIX]
ldapsearch -h <host name> -p <port number> -D <administrator DN> -w <password> -b <public directory> "(objectclass=*)" > <output file path> (*1) |
(*1) Any path can be defined for the output file path.
The ldapsearch command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapsearch command.
Example:
When the common user information directory has been created as follows:
Host name: SWSSO.fujitsu.com
Port number: 389
Administrator DN: CN=Administrator, DC=fujitsu, DC=com
Password: password
Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administraotr,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/tmp/dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > /tmp/dir.ldif |
When Active Directory is used
Export common user information by referring to the relevant Microsoft manual.
Import the Systemwalker authentication repository data to the new environment.
Use the following procedure to import the Systemwalker authentication repository data.
When the Interstage Directory Service is used
Import the authorization information and common user information to the Interstage Directory Service by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
[UNIX]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
*1 For <input file path>, specify the path to the output file that was specified when the Systemwalker authentication repository was backed up.
The ldapmodify command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapmodify command.
Example:
When the authorization information directory has been created as follows:
Host name: SWSSO.fujitsu.com
Port number: 389
Administrator DN: CN=Administrator, DC=fujitsu, DC=com
Password: password
Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/tmp/dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f /tmp/dir.ldif |
When Active Directory is used
After importing the common user information exported from the old environment by referring to the relevant Microsoft manual, import the authorization information and common user information to the Interstage Directory Service by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
[UNIX]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
*1: For <input file path>, specify the path to the output file that was specified when the Systemwalker authentication repository was backed up.
The ldapmodify command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapmodify command.
Example:
When the authorization information directory has been created as follows:
Host name: SWSSO.fujitsu.com
Port number: 389
Administrator DN: CN=Administrator, DC=fujitsu, DC=com
Password: password
Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/tmp/dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f /tmp/dir.ldif |
Use the following procedure to import the Systemwalker authentication repository data.
When the Interstage Directory Service is used
Import the common user information to the Interstage Directory Service by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
[UNIX]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
*1 For <input file path>, specify the path to the output file that was specified when the Systemwalker authentication repository was backed up.
The ldapmodify command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapmodify command.
Example:
When the common user information directory has been created as follows:
Host name: SWSSO.fujitsu.com
Port number: 389
Administrator DN: CN=Administrator, DC=fujitsu, DC=com
Password: password
Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/tmp/dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f /tmp/dir.ldif |
When Active Directory is used
Import the common user information exported from the old environment by referring to the relevant Microsoft manual.
