8.2 Prerequisites for Configuring the BCC Drivers for Identity Manager

8.2.1 Identity Manager

Before you installed Business Continuity Clustering, you set up and configured the Identity Manager engine and an Identity Manager driver for eDirectory on one node in each cluster. For information, see Section 4.1.7, Identity Manager 3.6.1 Bundle Edition.

Identity Manager plug-ins for iManager require that eDirectory is running and working properly on the master eDirectory replica in the tree.

Identity Manager requires a credential that allows you to use drivers beyond an evaluation period. The credential can be found in the BCC license. In the Identity Manager interface in iManager, enter the credential for each driver that you create for BCC. You must also enter the credential for the matching driver that is installed in a peer cluster. You can enter the credential, or put the credential in a file that you point to.

During the setup, you will make the IDM Driver object security equivalent to an existing User object. The IDM Driver object must have sufficient rights to any object it reads or writes in the following containers:

  • The Identity Manager driver set container.

  • The container where the Cluster object resides.

  • The container where the server objects reside.

    If server objects reside in multiple containers, this must be a container high enough in the tree to be above all containers that contain server objects. The best practice is to have all server objects in one container.

  • The container where the cluster pool and volume objects are placed when they are synchronized to this cluster.

    This container is referred to as the landing zone. The NCP server objects for the virtual server of a BCC enabled resource are also placed in the landing zone.

  • In a multiple-partition business continuity cluster, the container where the User objects reside that need to be synchronized between the eDirectory partitions.

You can do this by making the IDM Driver object security equivalent to another User object with those rights.

IMPORTANT:If you choose to include User object synchronization, exclude the Admin User object from being synchronized.

8.2.2 Novell eDirectory

The cluster node where Identity Manager is installed must have an eDirectory full replica with at least read/write access to all eDirectory objects that will be synchronized between clusters. For information about the full replica requirements, see Section 4.1.5, Novell eDirectory 8.8.6.

8.2.3 Landing Zone Container

The landing zone that you specify for drivers must already exist. You can optionally create a separate container in eDirectory specifically for these cluster pool and volume objects.