20.3 Deploying a Driver Set to an Identity Vault

Suppose you finish a new driver set that you want to deploy into a test tree, or suppose you have imported a driver set, made modifications, and now you want to deploy the driver set back into its working tree. Use the following procedure to deploy an Identity Manager Driver Set object (and all contained Identity Manager drivers) into an existing Identity Manager system in an eDirectory Tree:

  1. Right-click the Driver Set icon in the Modeler view, then click Live > Deploy.

    Deploying all driver sets within an Identity Vault

    You can also select the Driver Set object from the Outline view. Click the Outline tab, right-click the Driver Set object, then click Live > Deploy.

    The Identity Vault Credentials window displays if Designer can’t authenticate to the eDirectory tree specified in the Identity Vault, or if you do not have the Deployment DN designated in the Properties tab of the Identity Vault you are deploying to.

  2. Use the Compare feature to see differences between the objects you are deploying and those that already reside in an eDirectory tree. See Section 20.7, Using the Compare Feature When Deploying.

  3. In the Deployment Summary window, click Deploy.

  4. Click OK to close the Information window.

    Closing the Deployment Results window

  5. (Conditional.) If you see other informational messages, decide what action to take.

    You might also see a message in the Deployment Results window stating that the deployment was unsuccessful. Click on the error messages in the Operation Results portion of the window to see the error descriptions and possible reasons in the Details portion.

  6. (Conditional) If this is a new deployment, the Deploy - New Driver Settings window displays. Define security equivalences on the driver set and identify all objects that represent Administrative roles and exclude them from being replicated.

    Setting security equivalences and excluding administrative roles

    In both instances, Novell recommends that you select the Admin object, and any other objects that qualify in your network environment.

20.3.1 eDir-to-eDir Deployments and SSL/TLS

By default, always deploy both sides of an eDirectory-to-eDirectory connection when you have SSL and TLS enabled. If SSL/TLS are enabled, Designer creates the certificates in the eDirectory tree when you deploy the drivers. SSL and TLS are not enabled nor configured by default.

To check your present SSL settings, select Window > Preferences > Designer for IDM > Configuration > eDir-to-eDir SSL/TLS. Once configured, the Deploy feature adheres to the SSL preference settings under Certificate Overwrite Policy.