The following table explains the parameters you must provide during initial driver configuration:
| Field | Description |
|---|---|
Driver Name |
The eDirectoryTM object name to be assigned to this driver. Because each Active Directory domain requires a separate driver, you should include the domain name in your driver name. |
Authentication Method |
The method to authenticate with Active Directory. Negotiate is the preferred method. Select Negotiate to use the Microsoft security package to negotiate authentication. To use Negotiate, the server hosting the driver must be a member of the domain. If you plan to use password synchronization and are running on a member server, you need SSL. Select Simple to use an LDAP simple bind. If you select Simple, SSL is recommended. Simple bind doesn't support password synchronization or Exchange provisioning. |
Authentication ID |
An Active Directory account with administrative privileges to be used by Identity Manager. The name form used depends on the selected authentication mechanism. For Negotiate, provide the name form required by your Active Directory authentication mechanism. For example:
For Simple, provide an LDAP ID. For example:
|
Authentication Password |
Enter the password for the user account specified in Authentication ID. |
Authentication Server |
The name of the Active Directory domain controller to use for synchronization. For example, for the Negotiate authentication method, use the DNS name mycontroller.domain.com. For the Simple authentication method, you can use the IP address of your server (for example, 10.10.128.23 or the DNS name). If no value is specified, localhost is used. NOTE: This value is stored in the Authentication Context attribute. To change this value after the initial configuration, modify this attribute as explained in Security Parameters. |
Domain Name (in LDAP format) |
The Active Directory domain managed by this driver. The driver requires LDAP formatted domain names |
Domain DNS Name (DNS format) |
The DNS name of the Active Directory domain managed by this driver. The driver requires DNS formatted domain names |
Driver Polling Interval |
eDirectory sends changes to Active Directory as they happen. However, changes to Active Directory are sent to eDirectory only as often as the configured polling interval. The default is 1 minute. IMPORTANT: The polling interval affects system performance. A low polling interval results in frequent searches and fast updates of data. A high polling interval results in periodic bursts of traffic. Although a low polling interval has a greater overall cost, the cost is spread more evenly over time. If you set the interval to 0 (zero), you get a ten-second poll rate. |
Password Sync Timeout |
The number of minutes the driver attempts to synchronize a password. Set the value large enough to handle whatever temporary backlog of passwords exists. If you are doing bulk changes, set the timeout large enough to handle all the changes. The rule of thumb is to allow one second per password. For example, to synchronize 18,000 passwords, allow 300 minutes (18,000 passwords divided by 60 seconds). A setting of -1 is indefinite. Although this setting can handle bulk changes, it can cause problems. For example, a password might never be able to synchronized because the account wasn't associated. Such a password would therefore remain in the system forever. A number of similar situations could result in a large inventory of unsynchronized passwords held by the system. You must set the password sync timeout to at least three times the polling interval. |
Base container in eDirectory |
Specify the base container in eDirectory in dot format. New users are placed in this container by default. For example, users.myorg If the container doesn't exist, you must create it before you start the driver. |
Base container in Active Directory |
Specify the base container in Active Directory, in LDAP format. New users are placed in this container by default. For example, CN=Users,DC=MyDomain,DC=com If the target container doesn't exist, you must create it before you start the driver. If you are creating or using a container other than Users in Active Directory, the container is an OU, not a CN. |
Configure Data Flow |
Bidirectional means that both Active Directory and eDirectory are authoritative sources of the data synchronized between them. AD to eDirectory means that AD is the authoritative source. eDirectory to AD means that eDirectory is the authoritative source. This selection is used to determine how the default policies and filters are created. |
Publisher Placement |
Choose Mirrored to place objects hierarchically within the base container. Choose Flat to place objects strictly within the base container. This selection is used to build the default Publisher channel placement rules. |
Subscriber Placement |
Choose Mirrored to place objects hierarchically within the base container. Choose Flat to place objects strictly within the base container. This selection is used to build the default Subscriber channel placement rules. |
Password Failure Notification User |
If a password update fails, you can send an e-mail notification to a specified user. Browse to and select the user. |
Support Exchange 2000/2003 |
To include additional polices to support Exchange 2000/2003, select Yes. |
Default Exchange MDB (Exchange Only) |
The default Exchange Message Database (MDB). This setting displays only if you set Support Exchange 2000/2003 to Yes. |
Enable Entitlements |
Enable this if you are also using the Entitlements Service driver and want this driver to use Role-Based Entitlements.
|
Action - Add Account Entitlement (Entitlements Only) |
Action taken when a User account is added by Entitlements. This setting displays only if you set Enable Entitlements to Yes. |
Action - Remove Account Entitlement (Entitlements Only) |
Action taken when a User account is removed by Entitlements. This setting displays only if you set Enable Entitlements to Yes. |
Driver is Local/Remote |
Configure the driver for use with the Remote Loader service by selecting Remote, or select Local to configure the driver for local use. |
Remote Host Name and Port |
The host name or IP address and port number where the Remote Loader Service has been installed and is running for this driver. The default port is 8090. This setting displays only if you set Driver is Local/Remote to Remote. |
Driver Password |
The Remote Loader uses the Driver Object Password to authenticate itself to the Identity Manager server. The password must be the same password that is specified as the Driver object password on the Remote Loader. This setting displays only if you set Driver is Local/Remote to Remote. |
Remote Password |
The Remote Loader password is used to control access to the Remote Loader instance. The password must be the same password that is specified as the Remote Loader password on the Remote Loader. This setting displays only if you set Driver is Local/Remote to Remote. |