Preparation

Creating the Linux User Used to Execute Directory Sync

A Linux user used for scheduled executions of Directory Sync must be created.

This user will execute Directory Sync on a schedule through the job scheduler.

Creating the User Used to Connect to Active Directory

A user with privileges to view all users and groups that will be synchronized over OpenLDAP must be created.

This user will perform authentication when Directory Sync establishes LDAP connections, and then will retrieve information on users and groups.

[ Reference ]

Configure access control as necessary for this user.

Creating the IIJ ID User Used to Connect to the IIJ ID Service

Create an IIJ ID user used to send OpenLDAP changes to the IIJ ID Service and grant administrator privileges to this user.

Refer to the "IIJ ID Service Online Manual [For Administrators]" for more information on creating IIJ ID users and granting administrator privileges.

[ Note ]

Do not delete or disable the IIJ ID Service user created for this purpose. If this user is deleted or disabled, the access token will be revoked and unusable.

Obtaining an Access Token for the Created IIJ ID User
  1. Log into "IIJ ID Console (https://www.auth.iij.jp/console/)" as the user created as described in "Creating the IIJ ID User Used to Connect to the IIJ ID Service."
  2. Click the "Access Token Management" in My Menu.
  3. Click "Issue Access Token."
  4. Enter the access token name and expiration date and then click "Issue."

    [ Reference ]

    Configure expiration dates as appropriate in accordance with the usage of access tokens.

  5. The access token appears.

    [ Note ]

    Exercise caution regarding the handling of these access tokens.

    [ Reference ]

    • Access tokens can only be viewed right after they have been issued.
    • If you forget the access token, you must revoke the access token and then issue a new one. Directory Sync must be updated with the access token.