The Identity Manager Fan-Out driver provides one-way synchronization to a heterogeneous mix of systems including Linux and UNIX systems, and IBM* i5/OS* and z/OS* systems. The Fan-Out driver also provides authentication redirection from those systems.
Moving to the Linux and UNIX driver provides two main advantages.
Bidirectional Synchronization: The Linux and UNIX driver allows synchronization from the connected Linux or UNIX system.
Standard Identity Manager Policies That Simplify Customization: The Fan-Out driver makes minimal use of Identity Manager policies.
Consider the following before migrating from the Fan-Out driver to the Linux and UNIX driver.
Heterogeneity: The Fan-Out driver supports operating systems in addition to Linux and UNIX. You can continue to use the Fan-Out driver for those systems while using the Linux and UNIX driver for Linux and UNIX systems.
Scalability: The Fan-Out driver can fan out identities to any number of systems. The Linux and UNIX driver can replicate to only one system. (Although that system might provide account management for many computers using NIS or NIS+.)
One Linux and UNIX driver is required for each connected system. For best performance, we recommend no more than a total of 60 drivers.
Authentication Redirection: The Fan-Out driver provides authentication redirection from Linux and UNIX using PAM or LAM. The Linux and UNIX driver provides only bidirectional password synchronization.
If necessary, migrate the UID and GID numbers from the appropriate Fan-Out driver Platform Set. You can assign RFC 2307 attributes, such as homeDirectory and loginShell, to objects in the Identity Vault.
To use the Linux and UNIX Settings driver to accomplish this:
Install the Linux and UNIX Settings driver on each connected Linux or UNIX system.
Set the properties of the Linux and UNIX Settings driver to correspond to the UID/GID ranges that were specified in the Fan-Out driver.
Configure the Linux and UNIX Settings driver to populate the desired RFC 2307 attributes.
For details about installing and configuring the Linux and UNIX Settings driver, see the Linux and UNIX Settings Driver Implementation Guide on the Identity Manager 3.6.1 Drivers Documentation Web site.
Perform the following steps on your target platform system:
Stop the following processes:
asamrcvr
asampsp
Remove the Platform Services startup scripts from /etc/init.d.
Install the driver shim on the connected system.
For details, see Section 3.7, Installing the Driver Shim on the Connected System.
Install the Linux and UNIX driver PAM or LAM module.
For details, see Section 3.8, Installing the PAM or LAM Module.
Install and set up the Linux and UNIX driver on the Metadirectory server.
For details, see Section 3.6, Setting Up the Driver on the Metadirectory Server.
Make any required policy modifications.
Create or modify an appropriate policy to use the alternative naming attribute if one was used by the Fan-Out driver. For more information about policy customization, see the Policy Builder and Driver Customization Guide on the Identity Manager 3.6.1 Documentation Web site.
Start the Linux and UNIX driver.
Click the upper right corner of the driver icon, then click
.Migrate the users to make new associations. For details, see Section 5.3.1, Migrating Identities from the Identity Vault to the Connected System and Section 5.3.2, Migrating Identities from the Connected System to the Identity Vault.
Perform the steps listed in Section 3.9, Post-Installation Tasks.
After the new driver is operating properly, you can remove the Fan-Out driver components.
Delete the Platform object from the Fan-Out driver configuration.
On the connected system, uninstall Platform Services by removing all startup scripts and deleting the /usr/local/ASAM directory.
If this is the last platform being served by the Fan-Out driver, you can uninstall the Fan-Out core driver:
Remove the ASAM directory from the file system.
Remove the ASAM System container object and all of its subordinates from the tree.
Uninstall the Fan-Out driver plug-ins.