9.5 Configuring Driver Sets

A driver set is a container that holds Identity Manager drivers. Only one driver set can be active on a server at a time. As a result, all active drivers must be grouped into the same driver set. To view or change settings, double-click a driver set in the Modeler.

9.5.1 Driver Set General Options

When you create an Identity Vault, a driver set is added to the vault by default.

Figure 9-4 A Driver Set in an Identity Vault

You can add other driver sets by dragging the Driver Set object from the palette to the Modeler.

From the General page, you can specify or change driver set values.

Figure 9-5 Driver Set Properties

Table 9-3 Driver Set Settings

Field

Description

Name

The name of the Driver Set object (for example, DriverSet1.)

Create a new partition on this driver set

We recommend that you select this option. For details, see Planning the Technical Details of your Identity Manager Implementation

Deploy context

The Identity Vault assigns the default DN container value to all driver sets. If you specify a DN container here on the Driver Set object, that setting takes precedence over the Identity Vault setting.

You can manually enter this value or browse for it.

9.5.2 Driver Set Global Configuration Values

Global configuration values (GCVs) are settings that are similar to driver parameters. Global configuration values can be specified for a driver set as well as an individual driver. If a driver does not have a GCV, the driver inherits the value for that GCV from the driver set.

GCVs allow you to specify settings for Identity Manager features such as password synchronization and driver heartbeat, as well as settings that are specific to the function of an individual driver configuration. Some GCVs are provided with the drivers, but you can also add your own. You can refer to these values in a policy to help you customize your driver configuration.

To view or change the driver set's GCV settings, double-click the driver set. From the Global Configuration Values page, you can add, edit, or remove values, or edit the XML file for the driver set.

9.5.3 Driver Set Log Levels

The Driver Set Log Level options enable you to view high-level information. For lower-level information, use Driver Set Trace.

Figure 9-6 Driver Set Options for Logging

By default, logging is turned off. To track errors, messages, or events, change the default.

  1. Double-click the driver set.

  2. Select Driver Set Log Level.

  3. Select a logging option.

    The log option that you select determines which messages are available in the log.

    To configure audit instrumentation, select Log specific events, click the event selector button, select events, then click OK.

    The Update only the last log time option updates the time stamp to indicate the last activity of the driver.

  4. Specify the number of entries in the log.

    The default is 50 entries (lines) in the log. If you want a longer history, increase the number.

  5. Save changes by clicking OK.

The driver set log contains messages from the engine when it tries to start or stop drivers. To view the log, use iManager. Select the Status Log icon above the Identity Vault in the Identity Manager Overview.

9.5.4 Driver Set Server List

After adding one or more servers to the Identity Vault, you can view or change the driver set’s server association.

Figure 9-7 Server List

Select a server in the Available Servers list, then use the arrows to move the server to the Selected Server list. If a server is not in the Available Server list, you must first add it by editing the Identity Vault properties. See Section 9.3, Configuring Identity Vaults.

9.5.5 Driver Set Trace

Although a driver set has nothing to trace, you can add a trace level to your driver. The Trace setting specifies the trace level for all drivers in the driver set that use the driver set trace settings.

With the trace level set, DSTRACE displays the Identity Manager (DirXML®) events as the engine processes the events. The trace level affects each driver in the driver set. Use the trace level for troubleshooting issues with the drivers when they are deployed. DSTRACE displays the output of the specified trace level.

Table 9-4 Driver Set Trace Settings

Setting

Description

Driver trace level

As the driver trace level increases, the amount of information displayed in DSTRACE increases.

Trace level 1 shows errors, but not the cause of the errors. If you want to see password synchronization information, set the trace level to 5.

XSL trace level

DSTRACE displays XSL events. Set this trace level only when troubleshooting XSL style sheets. If you do not want to see XSL information, set the level to 0.

Java debug port

Allows developers to attach a Java debugger.

Java trace file

When a value is set in this field, all Java information for the driver is written to file. The value for this field is the path for that file.

As long as the file is specified, Java information is written to this file. If you do not need to debug Java, leave this field blank.

Trace file size limit

Sets a limit for the Java trace file. If you set the file size to Unlimited, the file grows in size until no space is available on the disk.

NOTE:The trace file is created in multiple files. Identity Manager automatically divides the maximum file size by ten and creates ten separate files. The combined size of these files equals the maximum trace file size.

The following methods help you capture and save Identity Manager trace information.

NetWare

Use dstrace.nlm to display trace messages on the system console or trace messages to a file ( sys:\system\dstrace.log). Dstrace.nlm displays the trace messages to a screen labeled DSTrace Console.

Use the following commands at the server console:

DSTRACE SCREEN ON: Allows trace messages to appear on the DSTRACE Console.

DSTRACE FILE ON: Captures trace messages sent to the DSTRACE Console to the dstrace.log file.

DSTRACE FILE OFF: Stops capture trace messages to the log file.

DSTRACE -ALL: Turns off all Trace flags.

DSTRACE +DXML DSTRACE +DVRS: Displays the Identity Manager (DirXML) events.

DSTRACE +TAGS DSTRACE +TIME: Displays the message tags and times tamps.

Windows

Open the Control Panel, select NDS Services, then click DSTRACE.DLM > Start. A window named NDS Server Trace Utility opens.

To set the filters to capture the DirXML trace information:

  1. Click Edit > Options > Clear All.

  2. Click the boxes next to DirXML and DirXML Drivers, then click OK.

To save the information to a file:

  1. Click File > New.

    A dialog box prompts for a filename.

  2. Enter a filename with the extension of . log.

  3. To stop capturing information, click File > Close.

    The file is saved.

UNIX

Use the ndstrace command at the console to display the Identity Manager events. The exit command quits the trace utility.

Table 9-5 ndstrace Commands

Command

Description

Set ndstrace=nodebug

Turns off all trace flags.

Set ndstrace on

Displays trace messages to the console.

Set ndstrace file on

Captures trace message to the ndstrace.log file in the /var/nds directory.

Set ndstrace file off

Stops capturing trace messages to the file.

Set ndstrace=+dxml

Displays the Identity Manager events

Set ndstrace=+dvrs

Displays the Identity Manager driver events.

iMonitor

Use iMonitor to get DSTRACE information from a Web browser.

Table 9-6 Platforms and Commands for Web Browsers

Platform

Command

NetWare®

ndsimon.nlm

Windows

ndsimon.dlm

Linux/Solaris/AIX/HP-UX

ndsimonitor

  1. Access iMonitor from http://server_ip:8008/nds (the default port).

  2. Click Trace Configuration.

  3. Click Clear All.

  4. Click DirXML and DirXML Drivers.

  5. Click Trace On, then click Trace History.

  6. Click the Current document icon to view the live trace.