Chapter 1. Prerequisites for establishing a trust
This documentation aims to help you create a trust between your Identity Management IdM server and Active Directory (AD), where both servers are located in the same forest.
- First, read the Planning a cross-forest trust between Identity Management and Active Directory document.
- AD is installed with a domain controller on it.
The IdM server is installed and running.
For details, see Installing Identity Management.
- Both the AD server and the IdM server must have their clocks in sync because Kerberos requires max 5 mins delay in communication.
Unique NetBIOS names for each of the servers placed in the trust because the NetBIOS names are critical for identifying the Active Directory domain.
The NetBIOS name of an Active Directory or IdM domain is usually the first part of the corresponding DNS domain. If the DNS domain is
ad.example.com, the NetBIOS name is typically
AD. However, it is not required. Important is that the NetBIOS name is just one word without periods. The maximum length of a NetBIOS name is 15 characters.
The IdM system must have the IPv6 protocol enabled in the kernel.
If IPv6 is disabled, then the CLDAP plug-in used by the IdM services fails to initialize.
- In RHEL 7, synchronization and trust were two possible approaches to indirect integration of RHEL systems to Active Directory (AD). In RHEL 8, synchronization is deprecated and in RHEL 9, it is not available any more. To integrate IdM and AD, use the trust approach instead. To migrate from synchronization to trust in RHEL 8, see Migrating an existing environment from synchronization to trust in the context of integrating a Linux domain with an Active Directory domain.