1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. IDENTITY MANAGER 3.6. - INTEGRATION
  6. Integration manual

Novell IDENTITY MANAGER 3.6. - INTEGRATION Integration Manual

For novell audit
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
AUTHORIZED DOCUMENTATION
Integration Guide For Novell Audit
Novell
®
Identity Manager
3.6
July 23, 2008
www.novell.com
Identity Manager 3.6 Integration Guide for Novell Audit

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IDENTITY MANAGER 3.6. - INTEGRATION and is the answer not in the manual?

Questions and answers

Related Manuals for Novell IDENTITY MANAGER 3.6. - INTEGRATION

Summary of Contents for Novell IDENTITY MANAGER 3.6. - INTEGRATION

  • Page 1 AUTHORIZED DOCUMENTATION Integration Guide For Novell Audit Novell ® Identity Manager July 23, 2008 www.novell.com Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 2: Legal Notices

    Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.

  • Page 5: Table Of Contents

    Updating the Novell Audit Certificate Infrastructure ....... . . 31...
  • Page 6 User Provisioning Report ........... . . 56 Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 7: About This Guide

    Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there. Documentation Updates For the most recent version of the Identity Manager 3.6 Integration Guide for Novell Audit, visit the Identity Manager Documentation Web site (http://www.novell.com/documentation/idm36). Additional Documentation...
  • Page 8 Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 9: Overview

    5. The Secure Logging Server sends the event to the data store, which stores the events. The data store is a database that stores the events until they are needed. The stored events are displayed through Novell Audit reports and iManager queries. For more information about the Novell Audit architecture, see “System...
  • Page 10 Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 11: Installing And Configuring Novell Audit

    Novell Audit 2.0 Administration Guide. 2.4 Configuring System Notifications Novell Audit provides the ability to send a notification when a specific event occurs or does not occur. Notifications can be sent based on any value in one or more events. Notifications can be sent to any logging channel, enabling you to log notifications to a database, a Java* application or SNMP management system, or several other locations.
  • Page 12 Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 13: Installing And Configuring The Platform Agent

    3.1 Installing the Platform Agent The Platform Agent is automatically installed if either the Novell Identity Manager Metadirectory Server or Novell Identity Manager Connected System option is selected during the Identity Manager installation. For more information on the Identity Manager installation, see the Identity Manager 3.6...
  • Page 14 Novell Audit Secure Logging Server becomes unavailable. LogEnginePort=port The port at which the Platform Agent can connect to the Novell Audit Secure Logging Server. By default, this is port 289. LogCachePort=port The port at which the Platform Agent connects to the Logging Cache Module.
  • Page 15 Setting Description LogReconnectInterval=seconds The interval, in seconds, at which the Platform Agent and the Platform Agent Cache try to reconnect to the Novell Audit Secure Logging Server if the connection is lost. LogDebug=Never|Always|Server The Platform Agent debug setting. Set to Never to never log debug events.
  • Page 16 Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 17: Managing Identity Manager Events

    4.1.1 Selecting Events for the User Application The User Application enables you to change the log level settings of individual loggers and enable logging to the Novell Audit Platform Agent: 1 Log in to the User Application as the User Application Administrator.
  • Page 18 Writes Fatal, Error, Warn, and Info level messages to the log. Debug Writes Fatal, Error, Warn, Info, and debugging information to the log. Trace Writes Fatal, Error, Warn, Info, debugging, and tracing information to the log. Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 19: Selecting Events For The Driver Set

    5 Select the Also send logging messages to Novell Audit check box to send the events to the Platform Agent. 6 (Optional) Select Also send logging messages to Open XDAS, if you want to send the messages to Open XDAS.

  • Page 20: Selecting Events For A Specific Driver

    This is the default log level. The Identity Manager Instrumentation logs user-defined events and all events with an error status. You receive only events with a decimal ID of 196646 and an error message stored in the Text1 field. Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 21: User-Defined Events

    4.2 User-Defined Events Identity Manager enables you to configure your own events to log to Novell Audit. Events can be logged by using an action in the Policy Builder, or within a style sheet. Any information you have access to when defining policies can be logged.
  • Page 22 3 KB of information, unless a larger data field is enabled in your environment. The following table provides an explanation of the Identity Manager event structure: Identity Manager 3.6 Integration Guide for Novell Audit...
  • Page 23 The value of this field depends upon the event. It can contain any text string up to 255 characters. NOTE: The Text1 field is vital to the function of the Novell Audit CVR driver. The CVR driver looks in the event’s Text1 and Text2 fields to identify the defined attribute and object for a given policy.

  • Page 24: Using Status Documents To Generate Events

    Status documents generated through style sheets using the <xsl:message> element are sent to Novell Audit with an event ID that corresponds to the status document level attribute. The level attributes and corresponding event IDs are defined in the following table:...

  • Page 25: Edirectory Objects That Store Identity Manager Event Data

    The following example generates a Novell Audit event 0x004 and value1=7778, with a level of EV_LOG_STATUS_ERROR: <xsl:message> <status level="error" text1="This would be text1" text2="This would be text2" value1="7778">This data would be in the blob only for this case, since a value for text2 is specified in the attributes.</status>...
  • Page 26 Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 27: Using Status Logs

    Using Status Logs ® In addition to the functionality provided by Novell Audit, Identity Manager logs a specified number of events on the driver set and the driver. These status logs provide a view of recent Identity Manager activity. After the log reaches the set size, the oldest half of the log is permanently removed to clear room for more recent events.

  • Page 28: Setting The Log Level And Log Size For The Driver

    5 Select Log Level. 6 Deselect Use log settings from the driver set option, if it is selected. 7 Specify the maximum log size in the Maximum number of entries in the log field: Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 29: Viewing Status Logs

    8 After you have specified the maximum number, click OK. 5.2 Viewing Status Logs The status logs are short-term logs for the driver set, the Publisher channel, and the Subscriber channel. They are accessed through different locations in iManager. Section 5.2.1, “Accessing the Driver Set Status Log,” on page 29 Section 5.2.2, “Accessing the Publisher Channel and Subscriber Channel Status Logs,”...

  • Page 30: Accessing The Publisher Channel And Subscriber Channel Status Logs

    2 Browse to and select the driver set. 3 Click the driver set to access the driver set overview page. 4 Click the desired driver object. 5 Click the Publisher channel or the Subscriber channel status log icon. Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 31: Securing The Connection With Novell Audit

    Novell Audit Certificate Authority (CA). Also, by default, the Identity Manager Instrumentation utilizes a public certificate that is signed by the Secure Logging Server root certificate. You can, however, configure Novell Audit to use certificates generated by an external CA.

  • Page 32: The Novell Audit Audcgen Utility

    IMPORTANT: There are many versions of the AudCGen utility. This section documents the version of AudCGen that is available with Novell Audit 2.0.2 FP2. If you are using a different version of AudCGen, refer to the help file for that version.
  • Page 33 –base parameter. –capkey:filename The path and filename to the private key used by the Novell Audit Secure Logging Server. The Secure Logging Server certificate key pair must be provided when generating a certificate key pair for a logging application.
  • Page 34 This can be useful in maintaining and tracking your system’s certificates. This parameter is optional. Generates a self-signed root certificate key pair for the Novell Audit Secure Logging Server. This option uses the internal Novell Audit CA. NOTE: Do not use this option if you want to use a certificate signed by a third-party CA.

  • Page 35: Creating A Root Certificate For The Secure Logging Server

    The certificate key pair used by the Secure Logging Server is the logging system's Certificate Authority (CA); that is, it is the trusted root certificate that is used to validate all other Novell Audit logging application certificates. By default, this certificate is self-signed. However, you can use a certificate signed by a third-party CA.

  • Page 36: Creating Logging Application Certificates

    NOTE: This command is used to generate logging application certificates by using either the internal Novell Audit CA or one signed by a third-party CA. Use the -cacert and -capkey parameters to specify the root certificate used by your Secure Logging Server.

  • Page 37: Validating Certificates

    -Dnovell.dirxml.remoteloader.audit_key_directory=<directory_name> 6.5 Validating Certificates In Novell Audit, all logging application certificates must be signed by the Secure Logging Server root certificate and they must contain an application identifier. Use the following AudCGen command to determine whether a certificate is valid: audcgen -cacert:filename -capkey:filename -verify -appcert:filename When you use the -verify command, AudCGen checks the integrity of the target certificate.

  • Page 38: Windows

    2 Assign mode 0400 to the file; verify that the owner of the file is root. If you have granted rights to the auditor and the root group, assign mode 0440 to the file. Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 39: A Identity Manager Events

    Section A.12, “Driver Start and Stop Events,” on page 41 NOTE: Novell Audit provides the ability to send a notification when a specific event occurs or does not occur. Notifications can be sent based on any value in one or more events. Notifications can be sent to any logging channel, enabling you to log notifications to a database, a Java application or SNMP management system, or several other locations.

  • Page 40: Job Events

    Section 5.1, “Setting the Log Level and Maximum Log Size,” on page A.3 Job Events The following link lists the Job events that can be audited through Novell Audit or Novell Sentinel Identity Manager Job Events (../samples/idm_combo_events.xls) A.4 Remote Loader Events...

  • Page 41: Password Events

    A.6 Password Events The following link lists the change password events that can be audited through Novell Audit or Novell Sentinel: Identity Manager Password Events (../samples/idm_combo_events.xls) A.7 Search List Events The following link lists search list events that can be audited through Novell Audit or Novell Sentinel: Identity Manager Search List Events (../samples/idm_combo_events.xls)
  • Page 42 To log driver stops, select the Log Errors and Warnings log level, or select the Log Specific Events log level and specify this event. For more information, see Section 5.1, “Setting the Log Level and Maximum Log Size,” on page Identity Manager 3.6 Integration Guide for Novell Audit...

  • Page 43: B Novell Audit Reports

    Novell Audit Reports ® This section provides examples of the following Novell Audit reports for Identity Manager and the events associated with each report: Section B.1, “Administrative Action Report,” on page 43 Section B.2, “Historical Approval Flow Report,” on page 44 Section B.3, “Resource Provisioning Report,”...

  • Page 44: Historical Approval Flow Report

    B.2 Historical Approval Flow Report The Historical Approval Report is generated from the events listed in the following table. For more information on the events, see Appendix A, “Identity Manager Events,” on page Identity Manager 3.6 Integration Guide for Novell Audit...
  • Page 45 Occurs when the workflow is not claimed. 31529 Workflow_Denied Occurs when the workflow is denied. 3152A Workflow_Completed Occurs when the workflow is completed. 3152B Workflow_Timedout Occurs when the workflow timed out. 31533 Workflow_Retracted Occurs when the workflow is retracted. Novell Audit Reports...

  • Page 46: Resource Provisioning Report

    B.3 Resource Provisioning Report The Resource Provisioning Report is generated from the events listed in the following table. For more information on the events, see Appendix A, “Identity Manager Events,” on page Identity Manager 3.6 Integration Guide for Novell Audit...
  • Page 47 31530 Provision_Failure Occurs upon failure of the step during the provisioning step. 31531 Provision_Granted Occurs on granting of an entitlement during the provisioning step. 31532 Provision_Revoked Occurs on the revoking of an entitlement during the provisioning step. Novell Audit Reports...

  • Page 48: Specific User Audit Trail Report I

    B.4 Specific User Audit Trail Report I The Specific User Audit Trail Report I is generated from the events listed in the following table. For more information on the events, see Appendix A, “Identity Manager Events,” on page Identity Manager 3.6 Integration Guide for Novell Audit...
  • Page 49 Occurs when the workflow is not claimed. 31529 Workflow_Denied Occurs when the workflow is denied. 3152A Workflow_Completed Occurs when the workflow is completed. 3152B Workflow_Timedout Occurs when the workflow timed out. 31533 Workflow_Retracted Occurs when the workflow is retracted. Novell Audit Reports...

  • Page 50: Specific User Audit Trail Report Ii

    B.5 Specific User Audit Trail Report II The Specific User Audit Trail Report II is generated from the events listed in the following table. For more information on the events, see Appendix A, “Identity Manager Events,” on page Identity Manager 3.6 Integration Guide for Novell Audit...
  • Page 51 Metadirectory engine or driver. 31410 Change_Password_Failure Occurs when a password change fails. 31411 Change_Password_Success Occurs when a password change is successful. 31420 Forgot_Password_Change_Failure Occurs when the Forgot Password change fails. 31421 Forgot_Password_Change_Success Occurs when the Forgot Password change is successful. Novell Audit Reports...

  • Page 52: Specific User Audit Trail Iii

    B.6 Specific User Audit Trail III The Specific User Audit Trail III Report is generated from the events listed in the following table. For more information on the events, see Appendix A, “Identity Manager Events,” on page Identity Manager 3.6 Integration Guide for Novell Audit...
  • Page 53 Administration Action Events Table B-6 Event ID Description Trigger 31400 Delete_Entity Occurs when an object is deleted. 31401 Update_Entity Occurs when an object is modified. Novell Audit Reports...

  • Page 54: Specific User Provisioning Report

    B.7 Specific User Provisioning Report The Specific User Provisioning Report is generated from the events listed in the following table. For more information on the events, see Appendix A, “Identity Manager Events,” on page Identity Manager 3.6 Integration Guide for Novell Audit...
  • Page 55 31530 Provision_Failure Occurs upon failure of the step during the provisioning step. 31531 Provision_Granted Occurs on granting of an entitlement during the provisioning step. 31532 Provision_Revoked Occurs on the revoking of an entitlement during the provisioning step. Novell Audit Reports...

  • Page 56: User Provisioning Report

    B.8 User Provisioning Report The User Provisioning Report is generated from the events listed in the following table. For more information on the events, see Appendix A, “Identity Manager Events,” on page Identity Manager 3.6 Integration Guide for Novell Audit...
  • Page 57 31530 Provision_Failure Occurs upon failure of the step during the provisioning step. 31531 Provision_Granted Occurs on granting of an entitlement during the provisioning step. 31532 Provision_Revoked Occurs on the revoking of an entitlement during the provisioning step. Novell Audit Reports...
  • Page 58 User Provisioning Report Figure B-8 Identity Manager 3.6 Integration Guide for Novell Audit...

Table of Contents