This section explains how to make the following changes in the operating environment for the Systemwalker Single Sign-On Server.
Changing the host name, IP address or port number
Changing the certificate
Migrating to another system or upgrading from older versions
Changing the host name, IP address or port number
Delete the environment for the Systemwalker Single Sign-On Server by referring to "6.4 Deleting the Systemwalker Single Sign-On Server Settings" and then recreate an environment for the Systemwalker Single Sign-On Server by referring to "4.2 Creating an Environment for the Systemwalker Single Sign-On Server".
Changing the certificate
When the certificate expires, authentication can no longer be performed. Obtain another certificate file and import it to the Systemwalker Single Sign-On Server by referring to "Certificate Management" under "Authentication and Encrypted Communications through Support for SSL" in the Interstage Application Server Security System Guide.
Migrating to another system or upgrading from older versions
Use the following procedure to migrate to another system or upgrade from older versions.
Back up the Systemwalker authentication repository.
This section explains how to back up the Systemwalker authentication repository when the Systemwalker Single Sign-On function is being used.
When the Interstage Directory Service is used
Export the common user information by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapsearch - <host name> -p <port number> -D <administrator DN> -w <password> -b <public directory> "(objectclass=*)"> <output file path> (*1) |
[UNIX]
ldapsearch -h <host name> -p <LDAP port number> -D <DSA administrator DN> -w <password for the DSA administrator DN> -b <top entry> "(objectclass=*)" > <output file path> (*1) |
*1:
Any path can be defined for the output file path.
The ldapsearch command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapsearch command.
Example:
When the authorization information directory has been created as follows:
- Host name: SWSSO.fujitsu.com
- Port number: 389
- Administrator DN: CN=Administrator, DC=fujitsu, DC=com
- Password: password
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administraotr,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/var/tmp/dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > /var/tmp/dir.ldif |
When Active Directory is used
Export the data from Active Directory by referring to the relevant Microsoft manual, and then export authorization information by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapsearch -h <host name> -p <port number> -D <administrator DN> -w <password> -b <public directory> "(objectclass=*)" > <output file path> (*1) |
[UNIX]
ldapsearch -h <host name> -p <LDAP port number> -D <DSA administrator DN> -w <password for the DSA administrator DN> -b <top entry> "(objectclass=*)" > <output file path> (*1) |
*1:
Any path can be defined for the output file path.
The ldapsearch command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVidsdk/C/bin/ |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapsearch command.
Example:
When the authorization information directory has been created as follows:
· Host name: SWSSO.fujitsu.com
· Port number: 389
· Administrator DN: CN=Administrator, DC=fujitsu, DC=com
· Password: password
· Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administraotr,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/var/tmp/dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > /var/tmp/dir.ldif |
This section explains how to back up the Systemwalker authentication repository when only the Systemwalker User Management function is being used.
When the Interstage Directory Service is used
Export the common user information by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapsearch -h <host name> -p <port number> -D <administrator DN> -w <password> -b <public directory> "(objectclass=*)" ><output file path> (*1) |
[UNIX]
ldapsearch -h <host name> -p <port number> -D <administrator DN> -w <password> -b <public directory> "(objectclass=*)" > <output file path> (*1) |
*1:
Any path can be defined for the output file path.
The ldapsearch command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapsearch command.
Example:
When the common user information directory has been created as follows:
· Host name: SWSSO.fujitsu.com
· Port number: 389
· Administrator DN: CN=Administrator, DC=fujitsu, DC=com
· Password: password
· Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administraotr,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/var/tmp/dir.ldif"
ldapsearch -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -b DC=fujitsu,DC=com "(objectclass=*)" > /var/tmp/dir.ldif |
When Active Directory is used
Export common user information by referring to the relevant Microsoft manual.
Delete the Systemwalker Single Sign-On Server and the Systemwalker authentication repository from the migration source server or the older version server.
When migrating to another system, delete them by referring to the steps described in "6.4 Deleting the Systemwalker Single Sign-On Server Settings" and subsequent sections in "Chapter 6 Uninstallation".
When upgrading from older versions, perform the steps equivalent to those for migrating to another system. Refer to each manual of older versions for steps.
Install the Systemwalker Single Sign-On Server and the Systemwalker authentication repository on the migration destination server or the server to be upgraded.
To create an environment for the Systemwalker Single Sign-On Server, refer to "4.2 Creating an Environment for the Systemwalker Single Sign-On Server".
Import the Systemwalker authentication repository data to the new environment.
Note
Error output by the ldapmodify command
The following error may be output when executing the ldapmodify command.
This will be output when an entry already exists, so no action is required.
adding new entry "<entry>" IREP: ERROR: irep14207: ldapmodify: Failed to modify the entry. <entry> ldap_add: Already exists (68) # Error: Already exists (68), additional info: <variable message> |
Use the following procedure to import the Systemwalker authentication repository data.
When the Interstage Directory Service is used
Import the authorization information and common user information to the Interstage Directory Service by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
[UNIX]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
*1:
For <input file path>, specify the path to the output file that was specified when the Systemwalker authentication repository was backed up.
The ldapmodify command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapmodify command.
Example:
When the authorization information directory has been created as follows:
· Host name: SWSSO.fujitsu.com
· Port number: 389
· Administrator DN: CN=Administrator, DC=fujitsu, DC=com
· Password: password
· Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/var/tmp/dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f /var/tmp/dir.ldif |
When Active Directory is used
After importing the common user information exported from the old environment by referring to the relevant Microsoft manual, import the authorization information and common user information to the Interstage Directory Service by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
[UNIX]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
*1:
For <input file path>, specify the path to the output file that was specified when the Systemwalker authentication repository was backed up.
The ldapmodify command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapmodify command.
Example:
When the authorization information directory has been created as follows:
· Host name: SWSSO.fujitsu.com
· Port number: 389
· Administrator DN: CN=Administrator, DC=fujitsu, DC=com
· Password: password
· Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/var/tmp/dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f /var/tmp/dir.ldif |
Use the following procedure to import the Systemwalker authentication repository data.
When the Interstage Directory Service is used
Import the common user information to the Interstage Directory Service by executing the following command on the server where the Systemwalker Single Sign-On Server or Interstage Application Server has been installed.
[Windows]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
[UNIX]
ldapmodify -h <host name> -p <port number> -D <administrator DN> -w <password> -c -a -f <input file path> (*1) |
*1:
For <input file path>, specify the path to the output file that was specified when the Systemwalker authentication repository was backed up.
The ldapmodify command is stored in the following location.
[Command location]
OS | Location |
|---|---|
Windows | <Interstage installation directory>\bin |
UNIX | /opt/FJSVirepc/bin |
Refer to the Interstage Application Server Reference Manual (Command Edition) for details on the ldapmodify command.
Example:
When the common user information directory has been created as follows:
· Host name: SWSSO.fujitsu.com
· Port number: 389
· Administrator DN: CN=Administrator, DC=fujitsu, DC=com
· Password: password
· Public directory: DC=fujitsu, DC=com
[Windows]
When the directory for storing LDIF files is "C:\tmp\dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f C:\tmp\dir.ldif |
[UNIX]
When the directory for storing LDIF files is "/var/tmp/dir.ldif"
ldapmodify -h SWSSO.fujitsu.com -p 389 -D CN=Administrator,DC=fujitsu,DC=com -w password -c -a -f /var/tmp/dir.ldif |
When Active Directory is used
Import the common user information exported from the old environment by referring to the relevant Microsoft manual.
If the Systemwalker Single Sign-On function is used, perform the following operations.
Delete the Systemwalker Single Sign-On Agent settings by referring to "6.1 Deleting the Systemwalker Single Sign-On Agent Settings".
Download the business system setup file by referring to steps 15 - 19 in "4.2.5 Creating an Environment for the Authentication Server".
Perform setup for the Systemwalker Single Sign-On Agent by referring to "4.4.2 Setting up the Systemwalker Single Sign-On Agent".
Note that you must use the business system setup file that you have downloaded in step b.
