Related Manuals for Novell IDENTITY MANAGER DRIVER FOR ID PROVIDER 3.6.1 - IMPLEMENTATION
Summary of Contents for Novell IDENTITY MANAGER DRIVER FOR ID PROVIDER 3.6.1 - IMPLEMENTATION
- Page 1 AUTHORIZED DOCUMENTATION implementation Guide Novell ® Identity Manager Driver for ID Provider 3.6.1 June 05, 2009 www.novell.com Identity Manager 3.6 ID Provider Driver Implementation Guide...
- Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
- Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
- Page 4 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 5: Table Of Contents
Contents About This Guide 1 Understanding the ID Provider Driver Why Use the Driver? ............9 Design Architecture . - Page 6 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 7: About This Guide
For documentation on Identity Manager, see the Identity Manager Documentation Web site (http:// www.novell.com/documentation/idm36/index.html). Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark. - Page 8 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 9: Understanding The Id Provider Driver
Understanding the ID Provider Driver The ID Provider driver enables you to create and maintain a central source of unique IDs that can be consumed by client applications or systems. When the driver receives an ID request from a client, it generates an ID based on policies you define, passes it to the client, and then stores it in the Identity Vault. - Page 10 The ID Provider driver can be used in two different scenarios: “Scenario 1: Using the Identity Vault to Store the ID Provider Policies” on page 10 “Scenario 2: Using an LDAP Database to Store the ID Provider Policies” on page 11 Scenario 1: Using the Identity Vault to Store the ID Provider Policies This is the most commonly used scenario with the driver.
-
Page 11: Schema Architecture
All events are tracked and stored in the Identity Vault. Scenario 2: Using an LDAP Database to Store the ID Provider Policies This scenario allows you to use an LDAP database to store the ID Provider policies instead of using the Identity Vault. - Page 12 Schema Attributes Table 1-1 Attribute Name Syntax Attribute Flags Description DirXML-IDPolName Case Ignore String Single valued ID Policy object name Synchronize immediately DirXML-IDPolLastID Numeric String Single-valued Last delivered ID Synchronize immediately DirXML-IDPolMin Numeric String Single-valued Minimum value for an ID DirXML-IDPolMax Numeric String Single-valued...
- Page 13 Class Name Contained By Attributes Contained ID Policy ID Policy Container IDPolACL IDPolAccessControl IDPolArea IDPolAreaEI IDPolFill IDPolLastID IDPolMax IDPolMin IDPolName IDPolPrefix Understanding the ID Provider Driver...
- Page 14 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 15: Installing Driver Files
Installing Driver Files The ID Provider Driver is a service driver that is included with the base Identity Manager product. The driver is installed when the Metadirectory engine and drivers are install. For the installation instructions, see “ Installing Identity Manager”... - Page 16 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 17: Creating A New Driver
Creating a New Driver After the ID Provider driver files are installed on the server where you want to run the driver (see Chapter 2, “Installing Driver Files,” on page 15), you can create the driver in the Identity Vault. You do so by importing the basic driver configuration file and then modifying the driver configuration to suit your environment. - Page 18 ID Policy Repository The ID policy repository parameters contain information about the location and how to access any ID policies. ID Policy Repository Table 3-1 Parameter Default Value Description LDAP Server 127.0.0.1 The IP address or DNS name of the LDAP server holding the ID policies LDAP Port The TCP port that the LDAP server listens...
- Page 19 Parameter Default Value Description ID Generation Map workforceID=wfid Enter a comma-separated list of attribute=policy pairs. For example, workforceID=wfid,uniqueID=uid. This example configures the driver to request IDs from the wfid policy and stores them in the workforceID attribute whenever a new object is created or whenever someone tries to change this attribute.
-
Page 20: Creating Id Policies
Parameter Default Value Description Trace level This is not the driver trace level, but the ID Provider trace level. The levels are: OFF: Tracing is turned off. FATAL: Displays only fatal messages. ERROR: Displays only error messages. WARN: Displays only warning messages. INFO: Displays only informational messages. - Page 21 Field Description Policy’s Last ID The last ID number that was used by this ID policy. If you have deployed this ID policy, use the Connect icon to update this field to the last ID number that was stored in the Identity Vault for this ID policy. NOTE: Only the ID Provider driver can update the last value stored in the Identity Vault.
- Page 22 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 23: Configuring Id Clients
The ID client can be used inside of DirXML style sheets calling the getNextID function of the com.novell.ncs.idsrv.IDClient Java class. xmlns:id=http://www.novell.com/nxsl/java/com.novell.idm.idprovider.IDClient To obtain the next available ID from an ID Policy object in the Identity Vault, the ID client uses the following parameters to communicate with the ID Provider driver. -
Page 24: Standalone Client
4.2 Standalone Client The standalone client is run as a Java process that calls the main function of the com.novell.ncs.idsrv.IDClient Java class. %JRE_HOME%\java -noverify -classpath %CLASSPATH% com.novell.idm.idprovider.IDClient <parameters> To obtain the next available ID from an ID Policy objects in the Identity Vault, the client uses the following parameters to communicate with the driver. - Page 25 %JRE_HOME%\java -noverify -classpath %CLASSPATH% com.novell.idm.idprovider.IDClient -h localhost -p 1099 -o Policy -t 1 -c Client -l 1 Configuring ID Clients...
- Page 26 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 27: Managing The Id Provider Driver
Managing the ID Provider Driver As you work with the ID Provider driver, there are a variety of management tasks you might need to perform, including the following: Starting, stopping, and restarting the driver Viewing driver version information Using Named Passwords to securely store passwords associated with the driver Monitoring the driver’s health status Backing up the driver Inspecting the driver’s cache files... - Page 28 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 29: Troubleshooting
Troubleshooting Viewing driver processes is necessary to analyze unexpected behavior. To view the driver processing events, use DSTrace. You should only use it during testing and troubleshooting the driver. Running DSTrace while the drivers are in production increases the utilization on the Identity Manager server and can cause events to process very slowly. - Page 30 Identity Manager 3.6 ID Provider Driver Implementation Guide...
-
Page 31: A Driver Properties
Driver Properties This section provides information about the Driver Configuration and Global Configuration Values properties for the Sentinel driver. These are the only unique properties for the Sentinel driver. All other driver properties (Named Password, Engine Control Values, Log Level, and so forth) are common to all drivers. -
Page 32: Driver Module
.jar file. If this option is selected, the driver is running locally. The name of the Java class is: com.novell.nds.dirxml.driver.sentinel .SentinelShim Connect to Remote Loader Used when the driver is connecting remotely to the connected system. Designer includes two... -
Page 33: Startup Option
Authentication Options Table A-3 Option Description Authentication ID Specify a user application ID. This ID is used to pass Identity Vault subscription information to the application. Example: Administrator Authentication Context Specify the IP address or name of the server the application shim should communicate with. -
Page 34: Driver Parameters
Option Description Disabled The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start. Do not automatically This option only applies if the driver is deployed and was previously disabled. -
Page 35: Ecmascript (Designer Only)
A.1.6 ECMAScript (Designer Only) Enables you to add ECMAScript resource files. The resources extend the driver’s functionality when Identity Manager starts the driver. A.2 Global Configuration Values Global configuration values (GCVs) allow you to specify settings for the Identity Manager features such as driver heartbeat, as well as settings that are specific to the function of an individual driver configuration. - Page 36 Identity Manager 3.6 ID Provider Driver Implementation Guide...