1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1 -...
  6. Implementation manual

Novell IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1 - IMPLEMENTATION Implementation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
AUTHORIZED DOCUMENTATION
Implementation Guide
Novell
®
Identity Manager Entitlements Service Driver
3.6.1
June 05, 2009
www.novell.com
Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1 - IMPLEMENTATION and is the answer not in the manual?

Questions and answers

Related Manuals for Novell IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1 - IMPLEMENTATION

Summary of Contents for Novell IDENTITY MANAGER ENTITLEMENTS SERVICE DRIVER 3.6.1 - IMPLEMENTATION

  • Page 1 AUTHORIZED DOCUMENTATION Implementation Guide Novell ® Identity Manager Entitlements Service Driver 3.6.1 June 05, 2009 www.novell.com Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...
  • Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks For a list of Novell trademarks, see Trademarks (http://www.novell.com/company/legal/trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
  • Page 4 Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 5: Table Of Contents

    Contents About This Guide 1 Overview How the Entitlements Service Driver Works........9 Role-Based Entitlements Versus Other Entitlements.
  • Page 6 A.1.3 Authentication ............38 A.1.4 Startup Option .

  • Page 7: About This Guide

    In this documentation, a greater-than symbol (>) is used to separate actions within a step and items within a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. About This Guide...
  • Page 8 Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 9: Overview

    Overview The following overview assumes that you understand entitlements (as explained in the Entitlement Overview (http://www.novell.com/documentation/idm36/idm_entitlements/?page=/documentation/ idm36/idm_entitlements/data/be4rlrn.html#be4rlrn) in the Identity Manager 3.6.1 Entitlements Guide (http://www.novell.com/documentation/idm36/idm_entitlements/data/bookinfo.html)) and have created the entitlements you want managed by the Entitlements Service driver. The Entitlements Service driver is one of three entitlement agents that you can use to grant entitlements, or permission slips, to users.
  • Page 10 Entitlements Service Driver Process Figure 1-1 The driver implements entitlements through the use of entitlement policies. An entitlement policy contains the following: Membership: The list of users assigned to a policy. A user can be dynamically assigned to a policy when he or she meets the criteria for the policy, or the user can be statically (manually) assigned to the policy.

  • Page 11: Role-Based Entitlements Versus Other Entitlements

    For information about creating entitlements and the policies to support them, see the Identity Manager 3.6.1 Entitlements Guide (http://www.novell.com/documentation/ idm36/idm_entitlements/data/bookinfo.html). 1.2 Role-Based Entitlements Versus Other...
  • Page 12 Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 13: Implementation Checklist

    Metadirectory engine is installed. You need to use the configuration file to create a driver in each driver set where you want to use Role-Based Entitlements. For instructions, see the Identity Manager 3.6.1 Entitlements Guide (http://www.novell.com/documentation/idm36/idm_entitlements/ Upgrade an existing data/bookinfo.html) Entitlements Service...
  • Page 14 Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 15: Creating A New Driver

    Creating a New Driver The Entitlements Service driver files are installed on the Metadirectory server at the same time as the Metadirectory engine. No other installation configurations are supported; you cannot use the Remote Loader to run the Entitlements Service driver. The installation program extends the Identity Vault’s schema and installs both the driver shim and the driver configuration file.

  • Page 16: Configuring The Driver Settings

    3.1.2 Configuring the Driver Settings After you import the driver configuration file, the Entitlements Service driver will run. However, there are many configuration settings that you can use to customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs).

  • Page 17: Starting The Driver

    3.1.4 Starting the Driver When a driver is created, it is stopped by default. To make the driver work, you must start the driver and cause events to occur. Identity Manager is an event-driven system, so after the driver is started, it won’t do anything until an event occurs.
  • Page 18 Prompt Description Define Security Equivalences The driver requires rights to User objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.

  • Page 19: Configuring The Driver Settings

    3.2.2 Configuring the Driver Settings After you import the driver configuration file, the Entitlements Service driver will run. However, there are many configuration settings that you can use to customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs).
  • Page 20 For information on activation, refer to Activating Novell Identity Manager Products (http:// www.novell.com/documentation/idm36/idm_install/data/afbx4oc.html) in the Identity Manager 3.6.1 Installation Guide (http://www.novell.com/documentation/idm36/idm_install/data/ be1l0t1.html). Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 21: Upgrading An Existing Driver

    Version 3.6.1 of the driver does not include any new features. 4.3 Upgrade Procedure The process for upgrading the Entitlement Services driver is the same as for other Identity Manager drivers. For detailed instructions, see Upgrading (http://www.novell.com/documentation/idm36/ idm_install/data/be1l4ik.html) in the Identity Manager 3.6.1 Installation Guide (http:// www.novell.com/documentation/idm36/idm_install/data/be1l0t1.html).
  • Page 22 Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 23: Creating Entitlement Policies

    Creating Entitlement Policies The Entitlements Service driver implements entitlements through the use of entitlement policies. An entitlement policy contains the following: Membership: The list of users assigned to the policy. A user can be dynamically assigned to the policy when he or she meets the criteria for the policy, or the user can be statically (manually) assigned to the policy.
  • Page 24 5 On the Step 1 of 6: Name and describe the Entitlement Policy page, fill in the fields: Entitlement Policy Name: Provide a name that indicates the purpose of the entitlement. The name must be unique within the driver set and cannot include more than 64 characters. Description: Provide any additional information you want to identity the policy.
  • Page 25 By default, the criteria include all User class objects (and objects of classes derived from the User class) within the search scope. If you create a new object class derived from User, an existing entitlement policy does not recognize that class until you make a modification to the entitlement policy. This prevents users of a new class from being granted entitlements unintentionally.
  • Page 26 Add Object: Use this option to browse for and select the objects that you want to make the policy a trustee of. Rights to Selected Objects: Click an object in the Object Name list to view the policy’s rights to the object. You can add or remove rights by selecting or deselecting the desired rights. The Inherit check box determines whether the rights flow down in the tree.

  • Page 27: Controlling The Meaning Of Granting Or Revoking Entitlements

    Controlling the Meaning of Granting or Revoking Entitlements You can control the consequences of granting or revoking an entitlement. Each driver provides a list of supported choices that control the meaning of “grant” or “revoke.” ® For example, when adding a GroupWise account, you can specify that grant actually means to grant the user an account in a disabled state, so that the administrator must intervene before the user can access the account.
  • Page 28 Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 29: Managing The Driver

    Managing the Driver As you work with the Entitlements Service driver, there are a variety of management tasks you might need to perform, including the following: Starting and stopping the driver Viewing driver version information Using Named Passwords to securely store passwords associated with the driver Monitoring the driver’s health status Backing up the driver Inspecting the driver’s cache files...
  • Page 30 Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 31: Troubleshooting Role-Based Entitlements

    Troubleshooting Role-Based Entitlements The following sections provide information to help you troubleshoot problems with the Entitlements Service driver: Section 8.1, “General Troubleshooting Issues,” on page 31 Section 8.2, “Conflict Resolution between Entitlement Policies,” on page 31 8.1 General Troubleshooting Issues When troubleshooting, keep in mind these issues: When you make any changes to policies by clicking New, Edit, or Remove on the page where the policies are listed, the Entitlements Service Driver is stopped.

  • Page 32: Conflict Overview

    8.2.1 Conflict Overview The following list describes how conflicts are resolved. For some entitlements, you can change the conflict resolution. Entitlements that don’t have values are additive. In most cases an account entitlement doesn’t have values. If a user is granted an account on a connected system by any entitlement policy, the user receives an account on that system.

  • Page 33: Changing The Conflict Resolution Method For An Individual Entitlement

    This functionality is useful if, for example, you configure your environment to use Role- Based Entitlements to place users in a hierarchical structure on another system. You would want the user to be placed in either one place or another, not in two places at the same time.

  • Page 34: Prioritizing Entitlement Policies

    11 Click Restart to restart the driver. 12 Click Identity Manager Overview to browse to and restart the Entitlements Service driver. 8.2.3 Prioritizing Entitlement Policies By default, the order of the list of Entitlement Policies does not matter. This is because the driver configurations shipped with Identity Manager have as the conflict-resolution="union"...
  • Page 35 4 Click Close to restart the driver. Changes in priority don’t take effect until the driver is restarted. Troubleshooting Role-Based Entitlements...
  • Page 36 Identity Manager 3.6.1 Driver for Role-Based Entitlements: Implementation Guide...

  • Page 37: A Driver Properties

    Driver Properties This section provides information about the Driver Configuration and Global Configuration Values properties for the Entitlements Service driver. These are the only unique properties for drivers. All other driver properties (Named Password, Engine Control Values, Log Level, and so forth) are common to all drivers.

  • Page 38: Driver Module

    If this option .jar is selected, the driver is running locally. The name of the Java class is: com.novell.nds.dirxml.driver.entitlement.EntitlementSe rviceDriver Native Used to specify the name of the .dll file that is instantiated for the application shim component of the driver.

  • Page 39: Driver Parameters

    Option Description Auto start The driver starts every time the Identity Manager server is started. Manual The driver does not start when the Identity Manager server is started. The driver must be started through Designer or iManager. Disabled The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start.
  • Page 40 2b If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set. 2c Click the driver set to open the Driver Set Overview page. 3 Locate the Entitlements Service driver icon, then click the upper right corner of the driver icon to display the Actions menu.

This manual is also suitable for:

Identity manager entitlements service driver 3.6.1

Table of Contents