Skip to end of metadata
Go to start of metadata

Index

Soffid Sync Server installation

Download

First of all, open your favorite browser and surf on the internet to Soffid Download Manager.

Click on Synchronization server and download the latest version for your OS.

As soon as Soffid Synchronization server file (syncserver-x.y.z.sh) is stored in your computer, copy it in a folder of your server with execution rights.

Installation

Red Hat servers

Please download rpm installer version and execute:

rpm -i SoffidIAMSync_linux-1.3.0.rpm

Linux Hosts 64 bits

32 bits libraries installation will be needed: ia32-libs.

Windows Servers

If you want to install AD agent, please check if SSL access to active directory LDAP is enabled before the installatopm. If it is not enabled, please read the document named HOWTO SSL access to Active Directory

Please execute:

SoffidIAMSync_windows-1.3.0.exe -c

System will ask for optional components to install:

  • SAP connector

  • Password synchronisation for Active Directory.

SAP connector must be installed on the host responsible for the synchronisation of accounts and passwords to the SAP system. It is not necessary to install it on the synchronisation servers when synchronisation is done by a proxy server.

Active Directory synchronisation passwords should be installed on all domain controllers without exception. This module allows the immediate propagation of all password changes on the active directory to Soffid IAM.

To configure password synchronisation, please specify the server synchronisation URL during the installation process, as well as the synchronisation agent code used on the configuration (see 4.2 Configuring agents).

To install or uninstall the synchronisation server a restart of the host is needed.

Boot service configuration

Execute these commands as root to start Soffid Sync Server service on boot

ln -fs /opt/soffid/iam-sync/jboss/bin/soffid-sync /etc/init.d/soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc1.d/K01soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc2.d/S06soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc3.d/S06soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc4.d/S06soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc5.d/S06soffid-sync
ln -fs /etc/init.d/soffid-sync /etc/rc6.d/K01soffid-sync

Note that if you are running Centos, Redhat7 o version higher than Ubuntu 16.04, you should enable the service in systemctl

sudo systemctl enable soffid-sync

Once you have installed and configured Soffid Sync Server as a service, you could manage it with the following operations

service soffid-sync status
service soffid-sync restart
service soffid-sync start
service soffid-sync stop

Configuration

First synchronisation server configuration

It is not recommended to install the first sync server on the same host where BBDD is installed.

To configure the server, please execute the following commands:

On Linux:

/opt/soffid/iam-sync/bin/configure -main -hostname hostname -dbuser soffid -dbpass pass -dburl jdbc:mysql://localhost:3306/soffid

On Windows:

%ProgramFiles%\soffid\iam-sync\bin\configure -main -hostname hostname -dbuser soffid -dbpass pass -dburl jdbc:mysql://localhost:3306/soffid

User and password must be the ones created during the installation process.

The hostname must be included on the seycon.server.list configuration parameter. The Soffid installation process adds the console host name to that list. The list can be modified through the Configuration-Parameters menu. To modify the attribute seycon server list, edit the parameter value, and insert all the master synchronisation server URLs separated by comma.

The url connection parameter depends on the database system:


If the synchronisation server is installed onto the active directory server, please configure the notifier for password updates. To configure it, please ensure that the synchronisation server is running. Then, please execute:

On 32 bits systems:

../IAM-Sync/eris/eris-ad-service.exe CONFIGURE https://[HOSTNAME]:760/ [agent_name] | more

On 64 bits systems:

../IAM-Sync/eris64/eris-ad-service.exe CONFIGURE https://[HOSTNAME]:760/ [agent_name] | more

Next servers configuration

In order to configure the next server syncservers, a two step process is required: first, a normal user installs and configure the sync server softwar; next, a Soffid administrator allows the sync server to join the sync servers network.

To perform the next step, you do not need to enter the database credentials. Instead, the primary sync server URL and a Soffid console user name and password are required.

For instance, you can execute:

On Linux:

/opt/soffid/iam-sync/bin/configure -hostname hostname -user usuario -pass pass -server https://<yourserver>:760 -tenant master

On Windows:

%ProgramFiles%\soffid\iam-sync\bin\configure -hostname hostname -user usuario -pass pass -server https://<yourserver>:760 -tenant master


After executing the command, an approval task will appear in Soffid console. The administrator can take ownership of the task and approve or reject it. After approving the server creation, the server will be configured as a proxy sync server (without database access).

The administrator can open the sync servers configuration page to change the sync server role at any time.

 

 

  • No labels