How it Works
Novell
Loading...
G
I
K
L
Loading...
Loading...
IDENTITY MANAGER
Client Login Extension Guide
32 pgs623.73 Kb0
Common Driver Administration Guide
120 pgs1.51 Mb0
Driver Implementation Guide
72 pgs760.12 Kb0
Drivers Implementation Guide
30 pgs522.83 Kb0
DTD Reference
546 pgs5.55 Mb0
E-Mail Notification Guide
30 pgs506.88 Kb0
Entitlements Guide
44 pgs794.78 Kb0
implementation Guide
40 pgs762.49 Kb0
implementation Guide
36 pgs523.59 Kb0
Installation Guide
104 pgs2.65 Mb0
Installation Guide 3.6.1
96 pgs2.66 Mb0
Integration Guide For Novell Audit
58 pgs1.26 Mb0
Jobs Guide
38 pgs604.98 Kb0
Overview
32 pgs3.49 Mb0
Password Management Guide
78 pgs1.37 Mb0
Remote Loader Guide
54 pgs713.78 Kb0
Reporting Guide for Novell Sentinel
54 pgs908.96 Kb0
Security Guide
20 pgs406.24 Kb0
Staging Best Practices Guide
26 pgs522.69 Kb0
Understanding Policies
64 pgs895 Kb0
User Manual
108 pgs2.73 Mb0
User Manual
356 pgs8.46 Mb0
User Manual
52 pgs849.22 Kb0
User Manual 3,0
106 pgs2.44 Mb0
User Manual 3,5
172 pgs4.69 Mb0
WorkOrder Driver Implementation Guide
54 pgs883.28 Kb0
Table of contents
Loading...

Novell IDENTITY MANAGER Drivers Implementation Guide

Download
Novell®
www.novell.com
AUTHORIZED DOCUMENTATION
Null Service and Loopback Service Drivers Implementation Guide
Identity Manager
novdocx (en) 17 September 2009
3.6.1

Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide

Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the International Trade Services (http://www.novell.com/company/policies/trade_services) for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
novdocx (en) 17 September 2009
Copyright © 2008-2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 17 September 2009
novdocx (en) 17 September 2009
4 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
Contents
About This Guide 7
1Overview 9
2 Creating a New Null Service Driver 11
2.1 Creating the Driver in Designer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.1 Importing the Driver Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.2 Configuring the Driver Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1.3 Configuring the Driver Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1.4 Deploying the Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1.5 Starting the Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2 Creating the Driver in iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2.1 Importing the Driver Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.2.2 Configuring the Driver Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.3 Configuring the Driver Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.4 Starting the Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.3 Activating the Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
novdocx (en) 17 September 2009
3 Creating a New Loopback Service Driver 17
3.1 Creating the Driver in Designer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.1.1 Importing the Driver Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.1.2 Configuring the Driver Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.3 Configuring the Driver Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.4 Deploying the Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.1.5 Starting the Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2 Creating the Driver in iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2.1 Importing the Driver Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.2.2 Configuring the Driver Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.2.3 Configuring the Driver Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.2.4 Starting the Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.3 Activating the Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
4 Upgrading an Existing Driver 23
4.1 Supported Upgrade Paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.2 What’s New in Version 3.6.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.3 Upgrade Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5 Managing the Driver 25
A Driver Properties 27
A.1 Driver Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
A.1.1 Driver Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
A.1.2 Driver Object Password (iManager Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
A.1.3 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
A.1.4 Startup Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Contents 5
A.1.5 Driver Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
A.1.6 ECMAScript (Designer Only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
A.2 Global Configuration Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
novdocx (en) 17 September 2009
6 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide

About This Guide

This guide provides information about the Identity Manager Loopback Service and Null Service drivers. Service drivers are used only for Metadirectory engine functions, not for connecting with external systems. They are automatically installed when you install Identity Manager.
The guide is organized as follows:
Chapter 1, “Overview,” on page 9
Chapter 2, “Creating a New Null Service Driver,” on page 11
Chapter 3, “Creating a New Loopback Service Driver,” on page 17
Chapter 4, “Upgrading an Existing Driver,” on page 23
Chapter 5, “Managing the Driver,” on page 25
Appendix A, “Driver Properties,” on page 27
novdocx (en) 17 September 2009
Audience
This guide is intended for administrators, consultants, and network engineers who require a high­level introduction to Identity Manager business solutions, technologies, and tools.
Documentation Updates
For the most recent version of this document, see the Identity Manager Documentation Web site
(http://www.novell.com/documentation/idm36/index.html).
Additional Documentation
For documentation on other Identity Manager drivers, see the Identity Manager Drivers Web site
(http://www.novell.com/documentation/idm36drivers/index.html).
Documentation Conventions
In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol ( trademark.
When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
®
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
About This Guide 7
novdocx (en) 17 September 2009
8 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
1

Overview

Novell® Identity Manager includes two utility drivers, Null Service and Loopback Service, whose purpose is to implement custom behavior through policies established on the drivers’ Subscriber and Publisher channels. Like other service drivers such as Entitlement and Workflow, the Null Service and Loopback Service drivers do not connect to external applications or systems.
The Null Service driver performs any tasks that are implemented through policies on the Subscriber channel. The Publisher channel is not used; the driver does not connect the Subscriber channel to the Publisher channel, but rather acts as a sink for most operations, simulates doing something with operations, and then returning success. Typical uses for the Null Service driver include the following:
Adding the classes and attributes that you want to monitor for change in the Subscriber Filter as
Synchronize for the class and Notify for the attribute.
Adding Subscriber Event Transformation policies that react to specific object or attribute
changes, and performing actions such as:
novdocx (en) 17 September 2009
1
Making modifications back into the Identity Vault (using actions that manipulate source
attributes and objects).
Sending e-mail.
Generating custom Audit Events.
Calling extension functions to communicate the change outside of Identity Manager.
Adding a final Subscriber Event Transformation policy that vetoes all events.
The Null Service driver should be sufficient for the majority of the tasks you’ll want to perform. However, if you need to process policies on both the Subscriber and Publisher channels, you can use the Loopback Service driver instead. The only difference between the two drivers is that the Loopback driver’s Subscriber channel connects to the Publisher channel so that events can also be processed on the Publisher channel.
Overview
9
novdocx (en) 17 September 2009
10 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
2

Creating a New Null Service Driver

The Null Service driver files are installed on the Metadirectory server at the same time as the Metadirectory engine. No other installation configurations are supported; you cannot use the Remote Loader to run the Null Service driver.
The installation program extends the Identity Vault’s schema and installs both the driver shim and the driver configuration file. It does not create the driver in the Identity Vault. You create the driver by importing the driver configuration file and then modifying the driver configuration to suit your environment. The following sections provide instructions:
Section 2.1, “Creating the Driver in Designer,” on page 11
Section 2.2, “Creating the Driver in iManager,” on page 13
Section 2.3, “Activating the Driver,” on page 16

2.1 Creating the Driver in Designer

novdocx (en) 17 September 2009
2
You create the Null Service driver by importing the driver’s basic configuration file and then modifying the configuration to suit your environment. After you’ve created and configured the driver, you need to deploy it to the Identity Vault and start it.
Section 2.1.1, “Importing the Driver Configuration File,” on page 11
Section 2.1.2, “Configuring the Driver Settings,” on page 12
Section 2.1.3, “Configuring the Driver Policies,” on page 12
Section 2.1.4, “Deploying the Driver,” on page 12
Section 2.1.5, “Starting the Driver,” on page 13

2.1.1 Importing the Driver Configuration File

1 In Designer, open your project.
2 In the Modeler, right-click the driver set where you want to create the driver, then select New >
Driver to display the Driver Configuration Wizard.
3 In the Driver Configuration list, select GenericNull, then click Run.
At this point, the driver is created from the basic configuration file and will run. As with all Identity Manager drivers, the Null Service driver includes configuration settings you can use to customize and optimize the driver for you environment.
4 To review or modify the default configuration settings, click Configure, then continue with the
next section, Configuring the Driver Settings.
or
To skip the configuration settings at this time, click Close. When you are ready to configure the settings, continue with the next section, Configuring the Driver Settings.
Creating a New Null Service Driver
11

2.1.2 Configuring the Driver Settings

After you import the driver configuration file, the Null Service driver will run. However, there are many configuration settings that you can use to customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs). The settings are described in Appendix A, “Driver Properties,” on
page 27.
If you do not have the Driver Properties page displayed in Designer:
1 Open your project.
2 In the Modeler, right-click the driver icon or the driver line, then select Properties.

2.1.3 Configuring the Driver Policies

The basic driver configuration does not include any policies. To have the driver perform any work, you need to create the appropriate policies. For information about creating policies, see the Policies
in Designer 3.5 guide.
novdocx (en) 17 September 2009

2.1.4 Deploying the Driver

After a driver is created in Designer, it must be deployed into the Identity Vault.
1 In Designer, open your project.
2 In the Modeler, right-click the driver icon or the driver line, then select Live > Deploy.
3 If you are authenticated to the Identity Vault, skip to Step 5; otherwise, specify the follow
information:
Host: Specify the IP address or DNS name of the server hosting the Identity Vault.
Username: Specify the DN of the user object used to authenticate to the Identity Vault.
Password: Specify the user’s password.
4 Click OK.
5 Read the deployment summary, then click Deploy.
6 Read the successful message, then click OK.
7 Click Define Security Equivalence to assign rights to the driver.
The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
7a Click Add, then browse to and select the object with the correct rights.
7b Click OK twice.
8 Click Exclude Administrative Roles to exclude users that should not be synchronized.
You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.
8a Click Add, then browse to and select the user object you want to exclude.
8b Click OK.
12 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
8c Repeat Step 8a and Step 8b for each object you want to exclude.
8d Click OK.
9 Click OK.

2.1.5 Starting the Driver

When a driver is created, it is stopped by default. To make the driver work, you must start the driver and cause events to occur. Identity Manager is an event-driven system, so after the driver is started, it won’t do anything until an event occurs.
To start the driver:
1 In Designer, open your project.
2 In the Modeler, right-click the driver icon or the driver line, then select Live > Start Driver.
For information about management tasks for the driver, see Chapter 5, “Managing the Driver,” on
page 25.
novdocx (en) 17 September 2009

2.2 Creating the Driver in iManager

You create the Null Service driver by importing the driver’s basic configuration file and then modifying the configuration to suit your environment. After you’ve created and configured the driver, you need to start it.
Section 2.2.1, “Importing the Driver Configuration File,” on page 13
Section 2.2.2, “Configuring the Driver Settings,” on page 15
Section 2.2.3, “Configuring the Driver Policies,” on page 15
Section 2.2.4, “Starting the Driver,” on page 15

2.2.1 Importing the Driver Configuration File

1 In iManager, click to display the Identity Manager Administration page.
2 In the Administration list, click Import Configuration to launch the Import Configuration
Wizard.
3 Follow the wizard prompts, filling in the requested information (described below) until you
reach the Summary page.
Prompt Description
Where do you want to place the new driver?
You can add the driver to an existing driver set, or you can create a new driver set and add the driver to the new driver set. If you choose to create a new driver set, you are prompted to specify the name, context, and server for the driver set.
Import a configuration into this driver set
Use the default option, Import a configuration from the server (.XML file).
In the Show field, select Identity Manager 3.6 configurations.
In the Configurations field, select the GenericNull file.
Creating a New Null Service Driver 13
Prompt Description
Driver name Type a name for the driver. The name must be unique within the
driver set.
Define Security Equivalences The driver requires rights to User objects within the Identity
Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
Exclude Administrative Roles You should exclude any administrative User objects (for
example, Admin and DriversUser) from synchronization.
When you finish providing the information required by the wizard, a Summary page similar to the following is displayed.
novdocx (en) 17 September 2009
At this point, the driver is created from the basic configuration file and will run. As with all Identity Manager drivers, the Null Service driver includes configuration settings you can use to customize and optimize the driver for you environment.
4 To modify the default configuration settings, click the linked driver name, then continue with
the next section, Configuring the Driver Settings.
or
To skip the configuration settings at this time, click Finish. When you are ready to configure the settings, continue with the next section, Configuring the Driver Settings.
14 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide

2.2.2 Configuring the Driver Settings

After you import the driver configuration file, the Null Service driver will run. However, there are many configuration settings that you can use to customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs).
To configure the settings:
1 Make sure the Modify Object page for the Null Service driver is displayed in iManager. If it is
not:
1a In iManager, click to display the Identity Manager Administration page.
1b Click Identity Manager Overview.
1c Browse to and select the driver set object that contains the new driver.
1d Click the driver set name to access the Driver Set Overview page.
1e Click the upper right corner of the driver, then click Edit properties.
2 Review the settings on the various pages and modify them as needed for your environment.
The configuration settings are explained in Appendix A, “Driver Properties,” on page 27.
novdocx (en) 17 September 2009
3 After modifying the settings, click OK to save the settings and close the Modify Object page.
4 (Conditional) If the Null Service driver’s Summary page for the Import Configuration wizard
is still displayed, click Finish.
WARNING: Do not click Cancel on the Summary page. This removes the driver from the Identity Vault and results in the loss of your work.

2.2.3 Configuring the Driver Policies

The basic driver configuration does not include any policies. To have the driver perform any work, you need to create the appropriate policies. For information about creating policies, see the Policies
in iManager for Identity Manager 3.6.1 guide.

2.2.4 Starting the Driver

When a driver is created, it is stopped by default. To make the driver work, you must start the driver and cause events to occur. Identity Manager is an event-driven system, so after the driver is started, it won’t do anything until an event occurs.
To start the driver:
1 In iManager, click to display the Identity Manager Administration page.
2 Click Identity Manager Overview.
3 Browse to and select the driver set object that contains the driver you want to start.
4 Click the driver set name to access the Driver Set Overview page.
5 Click the upper right corner of the driver to display the Actions menu, then click Start driver.
For information about management tasks with the driver, see Chapter 5, “Managing the Driver,” on
page 25.
Creating a New Null Service Driver 15

2.3 Activating the Driver

If you created the driver in a driver set where you’ve already activated the Metadirectory engine and service drivers, the driver inherits the activation. If you created the driver in a driver set that has not been activated, you must activate the driver within 90 days. Otherwise, the driver stops working.
For information on activation, refer to “Activating Novell Identity Manager Products” in the Identity
Manager 3.6.1 Installation Guide.
novdocx (en) 17 September 2009
16 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
3
Creating a New Loopback Service
novdocx (en) 17 September 2009
Driver
The Loopback Service driver files are installed on the Metadirectory server at the same time as the Metadirectory engine. No other installation configurations are supported; you cannot use the Remote Loader to run the Loopback Service driver.
The installation program extends the Identity Vault’s schema and installs both the driver shim and the driver configuration file. It does not create the driver in the Identity Vault. You create the driver by importing the driver configuration file and then modifying the driver configuration to suit your environment. The following sections provide instructions:
Section 3.1, “Creating the Driver in Designer,” on page 17
Section 3.2, “Creating the Driver in iManager,” on page 19
Section 3.3, “Activating the Driver,” on page 22

3.1 Creating the Driver in Designer

You create the Loopback Service driver by importing the driver’s basic configuration file and then modifying the configuration to suit your environment. After you’ve created and configured the driver, you need to deploy it to the Identity Vault and start it.
3
Section 3.1.1, “Importing the Driver Configuration File,” on page 17
Section 3.1.2, “Configuring the Driver Settings,” on page 18
Section 3.1.3, “Configuring the Driver Policies,” on page 18
Section 3.1.4, “Deploying the Driver,” on page 18
Section 3.1.5, “Starting the Driver,” on page 19

3.1.1 Importing the Driver Configuration File

1 In Designer, open your project.
2 In the Modeler, right-click the driver set where you want to create the driver, then select New >
Driver to display the Driver Configuration Wizard.
3 In the Driver Configuration list, select GenericLoopback, then click Run.
At this point, the driver is created from the basic configuration file and will run. As with all Identity Manager drivers, the Loopback Service driver includes configuration settings you can use to customize and optimize the driver for you environment.
4 To review or modify the default configuration settings, click Configure, then continue with the
next section, Configuring the Driver Settings.
or
To skip the configuration settings at this time, click Close. When you are ready to configure the settings, continue with the next section, Configuring the Driver Settings.

Creating a New Loopback Service Driver

17

3.1.2 Configuring the Driver Settings

After you import the driver configuration file, the Loopback Service driver will run. However, there are many configuration settings that you can use to customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs). The settings are described in Appendix A, “Driver Properties,” on
page 27.
If you do not have the Driver Properties page displayed in Designer:
1 Open your project.
2 In the Modeler, right-click the driver icon or the driver line, then select Properties.

3.1.3 Configuring the Driver Policies

The basic driver configuration does not include any policies. To have the driver perform any work, you need to create the appropriate policies. For information about creating policies, see the Policies
in Designer 3.5 guide.
novdocx (en) 17 September 2009

3.1.4 Deploying the Driver

After a driver is created in Designer, it must be deployed into the Identity Vault.
1 In Designer, open your project.
2 In the Modeler, right-click the driver icon or the driver line, then select Live > Deploy.
3 If you are authenticated to the Identity Vault, skip to Step 5; otherwise, specify the follow
information:
Host: Specify the IP address or DNS name of the server hosting the Identity Vault.
Username: Specify the DN of the user object used to authenticate to the Identity Vault.
Password: Specify the user’s password.
4 Click OK.
5 Read the deployment summary, then click Deploy.
6 Read the successful message, then click OK.
7 Click Define Security Equivalence to assign rights to the driver.
The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
7a Click Add, then browse to and select the object with the correct rights.
7b Click OK twice.
8 Click Exclude Administrative Roles to exclude users that should not be synchronized.
You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.
8a Click Add, then browse to and select the user object you want to exclude.
8b Click OK.
18 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
8c Repeat Step 8a and Step 8b for each object you want to exclude.
8d Click OK.
9 Click OK.

3.1.5 Starting the Driver

When a driver is created, it is stopped by default. To make the driver work, you must start the driver and cause events to occur. Identity Manager is an event-driven system, so after the driver is started, it won’t do anything until an event occurs.
To start the driver:
1 In Designer, open your project.
2 In the Modeler, right-click the driver icon or the driver line, then select Live > Start Driver.
For information about management tasks for the driver, see Chapter 5, “Managing the Driver,” on
page 25.
novdocx (en) 17 September 2009

3.2 Creating the Driver in iManager

You create the Loopback Service driver by importing the driver’s basic configuration file and then modifying the configuration to suit your environment. After you’ve created and configured the driver, you need to start it.
Section 3.2.1, “Importing the Driver Configuration File,” on page 19
Section 3.2.2, “Configuring the Driver Settings,” on page 21
Section 3.2.3, “Configuring the Driver Policies,” on page 21
Section 3.2.4, “Starting the Driver,” on page 21

3.2.1 Importing the Driver Configuration File

1 In iManager, click to display the Identity Manager Administration page.
2 In the Administration list, click Import Configuration to launch the Import Configuration
Wizard.
3 Follow the wizard prompts, filling in the requested information (described below) until you
reach the Summary page.
Prompt Description
Where do you want to place the new driver?
You can add the driver to an existing driver set, or you can create a new driver set and add the driver to the new set. If you choose to create a new driver set, you are prompted to specify the name, context, and server for the driver set.
Import a configuration into this driver set
Use the default option, Import a configuration from the server (.XML file).
In the Show field, select Identity Manager 3.6.1 configurations.
In the Configurations field, select the GenericLoopback file.
Creating a New Loopback Service Driver 19
Prompt Description
Driver name Type a name for the driver. The name must be unique within the
driver set.
Define Security Equivalences The driver requires rights to User objects within the Identity
Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
Exclude Administrative Roles You should exclude any administrative User objects (for
example, Admin and DriversUser) from synchronization.
When you finish providing the information required by the wizard, a Summary page similar to the following is displayed.
novdocx (en) 17 September 2009
At this point, the driver is created from the basic configuration file and will run. As with all Identity Manager drivers, the Loopback Service driver includes configuration settings you can use to customize and optimize the driver for you environment.
4 To modify the default configuration settings, click the linked driver name, then continue with
the next section, Configuring the Driver Settings.
or
To skip the configuration settings at this time, click Finish. When you are ready to configure the settings, continue with the next section, Configuring the Driver Settings.
20 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide

3.2.2 Configuring the Driver Settings

After you import the driver configuration file, the Loopback Service driver will run. However, there are many configuration settings that you can use to customize and optimize the driver. The settings are divided into categories such as Driver Configuration, Engine Control Values, and Global Configuration Values (GCVs).
To configure the settings:
1 Make sure the Modify Object page for the Loopback Service driver is displayed in iManager. If
it is not:
1a In iManager, click to display the Identity Manager Administration page.
1b Click Identity Manager Overview.
1c Browse to and select the driver set object that contains the new driver.
1d Click the driver set name to access the Driver Set Overview page.
1e Click the upper right corner of the driver, then click Edit properties.
2 Review the settings on the various pages and modify them as needed for your environment.
The configuration settings are explained in Appendix A, “Driver Properties,” on page 27.
novdocx (en) 17 September 2009
3 After modifying the settings, click OK to save the settings and close the Modify Object page.
4 (Conditional) If the Loopback Service driver’s Summary page for the Import Configuration
wizard is still displayed, click Finish.
WARNING: Do not click Cancel on the Summary page. This removes the driver from the Identity Vault and results in the loss of your work.

3.2.3 Configuring the Driver Policies

The basic driver configuration does not include any policies. To have the driver perform any work, you need to create the appropriate policies. For information about creating policies, see the Policies
in iManager for Identity Manager 3.6.1 guide.

3.2.4 Starting the Driver

When a driver is created, it is stopped by default. To make the driver work, you must start the driver and cause events to occur. Identity Manager is an event-driven system, so after the driver is started, it won’t do anything until an event occurs.
To start the driver:
1 In iManager, click to display the Identity Manager Administration page.
2 Click Identity Manager Overview.
3 Browse to and select the driver set object that contains the driver you want to start.
4 Click the driver set name to access the Driver Set Overview page.
5 Click the upper right corner of the driver to display the Actions menu, then click Start driver.
For information about management tasks with the driver, see Chapter 5, “Managing the Driver,” on
page 25.
Creating a New Loopback Service Driver 21

3.3 Activating the Driver

If you created the driver in a driver set where you’ve already activated the Metadirectory engine and service drivers, the driver inherits the activation. If you created the driver in a driver set that has not been activated, you must activate the driver within 90 days. Otherwise, the driver stops working.
For information on activation, refer to “Activating Novell Identity Manager Products” in the Identity
Manager 3.6.1 Installation Guide.
novdocx (en) 17 September 2009
22 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
4

Upgrading an Existing Driver

The driver shim files are installed when you update the Metadirectory server. The 3.6.1 version of the driver shim supports drivers created by using any 3.x version of the driver configuration file. You can continue to use these driver configurations until you want to upgrade them.
The following sections provide information to help you upgrade an existing driver’s configuration to version 3.6.1:
Section 4.1, “Supported Upgrade Paths,” on page 23
Section 4.2, “What’s New in Version 3.6.1,” on page 23
Section 4.3, “Upgrade Procedure,” on page 23

4.1 Supported Upgrade Paths

You can upgrade from any 3.x version of the Null Service driver or Loopback Service driver. Upgrading a pre-3.x version of the driver directly to version 3.6.1 is not supported.
novdocx (en) 17 September 2009
4

4.2 What’s New in Version 3.6.1

Version 3.6.1 of the driver does not include any new features.

4.3 Upgrade Procedure

The process for upgrading the Null or Loopback driver is the same as for other Identity Manager drivers. For detailed instructions, see “Upgrading” in the Identity Manager 3.6.1 Installation Guide.
Upgrading an Existing Driver
23
novdocx (en) 17 September 2009
24 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
5

Managing the Driver

As you work with the Null Service driver and the Loopback Service driver, there are a variety of management tasks you might need to perform, including the following:
Starting and stopping the driver
Viewing driver version information
Using Named Passwords to securely store passwords associated with the driver
Monitoring the driver’s health status
Backing up the driver
Inspecting the driver’s cache files
Viewing the driver’s statistics
Using the DirXML
Securing the driver and its information
®
Command Line utility to perform management tasks through scripts
novdocx (en) 17 September 2009
5
Because these tasks, as well as several others, are common to all Identity Manager drivers, they are included in one reference, the Identity Manager 3.6.1 Common Driver Administration Guide.
Managing the Driver
25
novdocx (en) 17 September 2009
26 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
A
Driver Properties
This section provides information about the Driver Configuration and Global Configuration Values properties for the Null Service driver and the Loopback Service driver. These are the only unique properties for drivers. All other driver properties (Named Password, Engine Control Values, Log Level, and so forth) are common to all drivers. Refer to “Driver Properties” in the Identity Manager
3.6.1 Common Driver Administration Guide for information about the common properties.
novdocx (en) 17 September 2009
A
The properties information is presen Designer, it is marked with a
Section A.1, “Driver Configuration,” on page 27
Section A.2, “Global Configuration Values,” on page 29
ted from the viewpoint of iManager. If a field is different in
icon.

A.1 Driver Configuration

In iManager:
1 In iManager, click to display the Identity Manager Administration page.
2 Ope
n the driver set that contains the driver whose properties you want to edit. To do so:
2a In the Administration li
2b If
the driver set is not listed on the Driver Sets tab, use the Search In field to search for and
display the driver set.
ick the driver set to open the Driver Set Overview page.
2c Cl
3 Locat
4 Cl
5 Cl
e the driver icon, then click the upper right corner of the driver icon to display the Actions
menu.
ick Edit Properties to display the driver’s properties page.
ick Driver Configuration.
st, click Identity Manager Overview.
In Designer:
en a project in the Modeler.
1 Op
2 R
ight-click the driver icon or line, then select click Properties > Driver Configuration.
The Driver Configuration options are divided into the following sections:
Section A.1.1, “Driver Module,” on page 28
Section A.1.2, “Driver Object Password (iManager Only),” on page 28
Section A.1.3, “Authentication,” on page 28
Section A.1.4, “Startup Option,” on page 29
Section A.1.5, “Driver Parameters,” on page 29
Section A.1.6, “ECMAScript (Designer Only),” on page 29
Driver Properties
27

A.1.1 Driver Module

The Driver Module section lets you change the driver from running locally to running remotely or the reverse.
Option Description
Java Used to specify the name of the Java* class that is instantiated for the shim
component of the driver. This class can be located in the directory as a class file, or in the is selected, the driver is running locally.
The name of the Java class for the Null Service driver is:
com.novell.nds.dirxml.driver.nulldriver.NullDriverShim
The name of the Java class for the Loopback Service driver is:
com.novell.nds.dirxml.driver.loopback.LoopbackDriverSh im
lib
directory as a
classes
.jar
file. If this option
novdocx (en) 17 September 2009
Native Used to specify the name of the
application shim component of the driver. If this option is selected, the driver is running locally.
Connect to Remote Loader This setting does not apply to the Null Service driver or the Loopback
rvice driver. You cannot use these drivers with the Remote Loader.
Se
.dll
file that is instantiated for the

A.1.2 Driver Object Password (iManager Only)

Option Description
Driver Object Password This setting does not apply to the Null Service driver or the Loopback
Service driver.

A.1.3 Authentication

The Authentication section stores the information required to authenticate to the connected system and to the Remote Loader. The Null Service driver and Loopback Service driver function only against the Identity Vault and cannot use the Remote Loader. Therefore, the authentication settings do not apply.
The only setting that applies to the
drivers is the cache setting.
Option Description
Driver Cache Limit (kilobytes)
or
Cache limit (KB)
Specify the maximum event cache file size (in file size is unlimited.
Click Unlimited to set the file size to unlimited in Designer.
KB). If it is set to zero, the
28 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide

A.1.4 Startup Option

The Startup Option section enables you to set the driver state when the Identity Manager server is started.
Option Description
Auto start The driver starts every time the Identity Manager server is started.
novdocx (en) 17 September 2009
Manual The driver does not start when the Identity Ma
driver must be started through Designer or iManager.
Disabled The driver has a cache file that stores all
set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start.
Do not automatically
synchronize the driver
This option applies only if the driver is deployed and was previously disabled. If this is not selected, the driver re-synchronizes the next time it is started.
nager server is started. The
of the events. When the driver is

A.1.5 Driver Parameters

The Driver Parameters section lets you configure the driver-specific parameters.
Parameter Description
Driver parameters for server Displays or specifies the server name or IP address of the server whose
driver parameters you want to modify.
Edit XML Opens an editor so that you can edit the driver’s configuration file.
Driver Options There are no general driver options.
Subscriber Options There are no general Subsciber channel options.
Publisher Options There are no Publisher channel options.
Publisher Heartbeat Interval Configures the driver to send a period
channel when there has been no Publisher traffic for the given number of minutes. The default is every minute.
ic status message on the Publisher

A.1.6 ECMAScript (Designer Only)

Enables you to add ECMAScript resource files. The resources extend the driver’s functionality when Identity Manager starts the driver.

A.2 Global Configuration Values

There are no predefined global configuration values (GCVs) specific to the Loopback Service driver and Null Service driver. As with all drivers, you can add GCVs that you need.
In iManager:
iManager, click to display the Identity Manager Administration page.
1 In
Driver Properties 29
2 Open the driver set that contains the driver whose properties you want to edit. To do so:
novdocx (en) 17 September 2009
2a In the Administration li
2b If
the driver set is not listed on the Driver Sets tab, use the Search In field to search for and
display the driver set.
ick the driver set to open the Driver Set Overview page.
2c Cl
3 Locat
e the driver icon, then click the upper right corner of the driver icon to display the Actions
menu.
4 Cl
ick Edit Properties to display the driver’s properties page.
5 Cl
ick Global Config Values.
In Designer:
1 Open a project in the Modeler.
ght-click the driver icon or line, then select Properties > Global Configuration Values.
2 Ri
st, click Identity Manager Overview.
30 Identity Manager 3.6.1 Null Service and Loopback Service Drivers Implementation Guide
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use