Management Agent for Sun and Netscape Directory Servers

Applies To: Windows Server 2003 with SP1

Use the management agent for Sun and Netscape directory servers to synchronize with Sun and Netscape directory servers.


Available in Identity Integration Feature Pack for Microsoft® Windows Server™ Active Directory® (IIFP)


Management agent type


Supported connected data source versions

  • Sun ONE Directory Server 4.12, 4.13, 5.0, 5.1 and 5.2 (formerly iPlanet Server)

  • Netscape Directory Server 4.1 and 6.11

MIIS 2003 features supported

  • Password management

  • Full import

  • Delta import

  • Export

Schema Information

The schema is generated based on the dynamic discovery of the data source by the management agent. When you refresh the schema for this management agent, the connected data source schema is rediscovered, the current management agent schema is updated, and then Management Agent Designer starts. In Management Agent Designer, you can correct any inconsistencies introduced by the updated schema, such as deleted object types or deleted attributes.


  • If you want to synchronize with Sun ONE Directory Server 4.12 or 4.13 and you use the distinguished name for the anchor attribute, 2007 FP1 cannot support rename operations.

  • If you upgrade your Netscape Directory Server 4.1 to version 5.0 or greater, it is recommended that you use the following procedure to synchronize with ILM 2007 FP1:

    To synchronize the Netscape Directory Server with MIIS 2003

    1. Upgrade your Netscape Directory Server.

    2. Create a new management agent for Sun and Netscape directory servers.

    3. Configure your join rules for the new management agent so that the objects on the upgraded server join to the existing metaverse objects.

    4. Run a full import of the new management agent.

    5. Remove the old management agent for the 4.1 server.

  • If changelog is not enabled on Sun ONE Directory Server, ILM 2007 FP1 cannot support delta import operations.

  • The management agent for Sun and Netscape directory servers does not automatically detect changes made to the configuration of the Sun or Netscape directory server, such as enabling or disabling changelog. If you change the configuration of the Sun or Netscape directory server, you must refresh the management agent by using the Refresh button on the Configure Naming Context page of the management agent. For more information, see Configure naming contexts in the ILM 2007 FP1 Product Help.

  • During move operations, ILM 2007 FP1 first creates the new object and then deletes the old object. If you stop an export from ILM 2007 FP1 that is in progress and that contains renamed or moved objects, both the objects and their copies might be left on the Sun ONE Directory Server 5.0 or 5.1 server.

  • If the management agent for Sun and Netscape directory servers is requested to rename or move an object, but not change the uuid, and the uuid uniqueness plug-in is enabled on the Sun ONE Directory Server 5.0 or 5.1 server, then the rename or move operation fails. Disable the uuid uniqueness plug-in.

  • When you rename or move an object, all references to that object on the Sun ONE Directory Server 5.0 or 5.1 server that have their referential integrity managed by the Sun ONE Directory Server 5.0 or 5.1 server (that is, a valid intrapartition distinguished name attribute with the referential integrity plug-in enabled) are removed (that is, a renamed or moved user object is removed from all groups).

  • When running a delta synchronization to a Netscape Directory Server 6.11, particularly when using slower hardware, a delete-add operation might not be processed in order, resulting in the object being deleted. In this case, the object can be restored by running a full import.

  • If you have an object on a Sun ONE Directory Server 5.2 server with a multi-value attribute that has more than 7 values, and if you delete several of those values through an Export Attribute Flow operation, then the Sun ONE Directory Server might delete the remaining values. Running a full import and export restores the missing attribute values.

  • If another Lightweight Directory Access Protocol (LDAP) call is made to a Sun ONE Directory Server 5.0 or 5.1 server before it is able to finish the first operation, Referential Integrity Post-Operations might fail. Run the Referential Integrity plug-in with a delay of one second. This logs the changes in a file, runs the referential integrity on only one thread, and checks changes sequentially. For more information about how to configure your server, see your Sun ONE Directory Server 5.1 documentation.

  • The Sun and Netscape directory servers management agent has a default timeout value for run profiles of 30 seconds.

  • When you update a Sun and Netscape directory server management agent, the management agent configuration file must be from the same Sun ONE Directory Server version.

See Also


Management Agents in MIIS 2003