9.2 Target operation locking

Some target systems do not allow multiple client connection attempts to occur simultaneously, so ID-Synch agents write lock files to prevent this from happening.

Locks are also created when other programs, such as list utilities, connect to a target.

Internal locks are pre-defined in the PLATATTR table. For example:

• Novell NDS (and related targets such as Groupwise) have a pre-defined lock file:
  %LDIR%NWCLIENT.lock. So if an operation on the Novell NDS target NDS1 triggers a lock, the following lock file is created:

        ...\P-Synch\Locks>NWCLIENT.lock
  

  No other targets that use this lock (Groupwise1, NDS2) can do anything until the lock is removed.

• NT compatible targets have a pre-defined lock: %LDIR%NTCLIENT%HOST%.lock. So if an operation on the NT target NT1 triggers a lock, the following lock file is created:

       ...\P-Synch\Locks>NTCLIENTNT1.lock.
  

  No other operations can be performed on NT1, however operations can still be performed on other NT targets.

9.2.1 When to add manual locks

Under normal circumstances you do not need to set manual locks because there are already internal locks set in ID-Synch.

However, in some circumstances manual locks are necessary. For example, when using a mainframe system and a Telnet agent with no inherent locks, your mainframe target may limit the target administrator to have only one login at a time. In this situation, you need to set a manual lock so you do not attempt to simultaneously have two login sessions using the same administrator ID.

WARNING:

The arbitrary use of manual locks may interfere with internal locking behavior in ID-Synch.

9.2.2 Defining a lock file directory

The lock file directory is defined during the initial installation of each instance of ID-Synch. The location of the lock files directory is controlled by the PS LOCK DIR system variable. If this variable is not defined, lock files are created in the temporary directory specified by the PSTEMPDIR system variable.

By default, lock files are stored in the LOCK directory. However, you can configure ID-Synch to write the files to a different directory if required.

WARNING:

To prevent failures on targets which require locking, it is recommended that the value for PS LOCK DIR remain constant for all instances of ID-Synch and P-Synch.

To define a lock file directory using the Central console (nph-psa.exe):

1. Log in and navigate to the Target options configuration page.

2. Click the On toggle box next to PS LOCK DIR, and type the directory path for the lock files location.

3. Click Update at the bottom of the form.

9.2.3 Setting lock file rules

Set lock file rules to define under what circumstances a system will be locked. The more circumstances you apply to a rule, the less restrictive it is. To set lock file rules:

1. Log into the Central console (nph-psa.exe).

2. Click Targets -$>$ Lock files to see the Lock File Rules page.

3. Select the target, on which you want the lock to occur, from the Target drop-down list.

4. Select one of the following options from the Operation drop-down list:

   ACHG

   any operation where target administrator credentials are used. This includes enable, disable, lock, rename, list, and many other operations.

   VERI

   a password verification operation.

   The lock file is created when the operation selected from this drop-down list occurs on the selected target.

5. Select the appropriate Lock File check boxes to determine the circumstances under which the lock file will be created (multiple selections make the lock file less restrictive):

   Local

   sets a lock on the ID-Synch server rather than on a proxy.

   Target

   sets a lock on the target so multiple client servers cannot communicate with the target simultaneously.

   Platform

   sets locks across platforms so ID-Synch components can access different platforms (e.g., Windows NT and LDAP) simultaneously, but cannot have multiple servers accessing the same platform.

   PID

   sets a lock so the same process cannot access multiple targets simultaneously.

   User

   sets a lock so an individual user cannot access multiple targets simultaneously. For example, if you are logged in as user1 on one target, you cannot log in as user1 on any other targets.

   Admin

   sets a lock so that only one of the multiple admin IDs for the target can have access to the target at a given time.

   Operation

   sets a lock when the selected operation occurs on the target system.

   Check box values determine the name of the lock file.

   For example, if you select Target and User, then when user BSMITH verifies his password on SYSTEM1, the resulting lock file is named SYSTEM1BSMITH.lock. This means that BSMITH will not be able to perform the same operation on SYSTEM1 until the initial operation is complete. However, user JWHITE can access SYSTEM1 simultaneously, and generates a lock file named SYSTEM1WHITE.lock.

6. Optional: Use the Replace with field to override the name of the lock file as defined by the check box values.

   You can use macros where the order of the variables is important, or use additional text. For example, you can define the lock file name as %ADMIN%%PID%mylock. The %LDIR% (lock file directory) variable and .lock suffix are appended automatically. The macros available are:

   Macro	Corresponding check box
   %LOCAL%	Local
   %HOST%	Target
   %PLATFORM%	Platform
   %PID%	PID
   %USER%	User
   %ADMIN%	Admin
   %OPER%	Operation

7. Click Add.

   The lock file rule is displayed on the Lock file rules page. You can now update the rule or add another rule.