8.2.3 Changing the operation to one using the expanded directory server linkage function
This subsection describes the procedure for changing the operation from one not using the expanded directory server linkage function to one using that function.
This procedure is based on the directory server structure as shown in the figure below, assuming that both the primary and secondary authentication servers are used.
![[Figure]](GRAPHICS/ZU061300.GIF)
- Directory server linkage settings before change:
-
The following is a part of the directory server linkage settings before the change:
[JP1_DEFAULT\JP1BASE\DIRSRV] "SERVER"="host-A.domain.local" "BASE_DN"="OU=eigyo,OU=osaka,DC=domain,DC=local" "ATTR_NAME"="CN"
- Change:
-
-
Only the sales department of the Osaka branch was linked to the directory server before the change. Specify the settings so that the materials department of the Osaka branch will also be linked to the directory server.
-
Change the attribute name used for a JP1 user name from CN to sAMAccountName.
-
To change the operation to one using the expanded directory server linkage function:
-
Change the settings for directory server linkage.
Add or change the following parameters in the directory server linkage definition file (jp1bs_ds_setup.conf).
Table 8‒5: Definitions in the directory server linkage definition file Parameter
Before the change
After the change
SEARCH_USER_DN
No settings
"CN=Osakaleader,OU=osaka,DC=domain,DC=local"
BASE_DN
"OU=eigyo,OU=osaka,DC=domain,DC=local"
"OU=osaka,DC=domain,DC=local"
ATTR_NAME
"CN"
"sAMAccountName"
Here, set the name of the directory server user (Osakaleader) who has view permission for the search-origin container object for the information-search user.
Change the settings for directory server linkage on both the primary and secondary authentication hosts.
-
Execute the jbssetcnf command.
The settings are applied to the common definition information. For details about the jbssetcnf command, see jbssetcnf in 15. Commands.
-
Register the information-search user and the password in the authentication server host.
Register the information-search user and the password used to log in to the directory server as the password management information in JP1/Base on the authentication server host. Use the jbsmkpass command, jbspassmgr command, or jbsumappass command for registration.
Specify the information-search user to be registered in the format of aduser/information-search-user-name. In this procedure, user name aduser/Osakaleader and the password are registered as an example.
For details about individual commands, see jbsmkpass (Windows only), jbspassmgr (Windows only), or jbsumappass (Windows only) in 15. Commands.
-
Add JP1 users.
After the settings are changed, the materials department of the Osaka branch will be also linked to the directory server. Therefore, register new JP1 users who will be linked to the directory server. For details, see 8.2.2 Setting JP1 users (linked users).
Now, register JP1 user names with the same names as sAMAccountName of the users linked to the directory server. If CN and sAMAccountName are different for the users who were linked to the directory server in the sales department, JP1 users for those users must also be registered. After this registration, delete the JP1 users who were linked to the directory server before, because they are no longer required.
-
Copy the settings on the primary authentication server to the secondary authentication server.
Copy the settings on the primary authentication server to the secondary authentication server. For details, see 8.1.4 Copying settings from the primary authentication server.
-
Confirm the login.
On both the primary and secondary authentication server hosts, execute the jbschkds command to check the settings for directory server linkage and whether login authentication is available for the users linked to the directory server. Also check whether the users can log in to the primary and secondary authentication servers.
For details about the jbschkds command, see jbschkds (Windows only) in 15. Commands.