Installing the Driver

You install the driver as part of the Novell Nsure Identity Manager 2 installation program. For installation instructions, refer to the Novell Nsure Identity Manager 2 Administration Guide.

This section explains how to import the driver configuration for the DirXML Driver for GroupWise. Importing the driver configuration also creates the driver object. After you have imported the configuration, you can use iManager to configure and manage the driver.

In this section, you will find information for:


Importing the Driver Configuration

The Create Driver Wizard helps you import the basic driver configuration file for GroupWise. This file creates and configures the objects and policies needed to make the driver work properly. The following instructions explain how to create the driver and import the driver's configuration.

  1. In Novell iManager, click DirXML Utilities > Create Driver.

  2. Select a driver set.

    If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.

  3. Select Import a Driver Configuration from the Server, then select GroupWise.xml.

    The driver configuration files are installed on the Web server when you install Identity Manager. During the import, you will be prompted for the driver's parameters and other information. Depending on the configuration options you select, you will be prompted for some combination of the following information:

    • Driver name
    • Whether or not to use Role-based Entitlements
    • The DN of the default GroupWise post office
    • The version of the GroupWise Domain database
    • The server OS of the driver and the server OS of the GroupWise domain
    • Whether or not to run the driver locally or remotely
    • The name or address of the server containing the GroupWise primary domain
    • The path to the directory containing the GroupWise primary domain database
    • The username the driver uses to authenticate to the remote server containing the GroupWise domain database
    • The password for the username
    • The eDirectory context of the username
    • What action you want the GroupWise driver to take when an eDirectory user is created with a GroupWise account entitlement
    • What action you want the GroupWise driver to take when an eDirectory user is disabled with a GroupWise account entitlement
    • The host name or IP address and port number where the Remote Loader Service runs
    • The Driver Object password used by the Remote Loader Service
    • The Remote Loader password

  4. After entering the import parameters, click OK to import the driver.

    When the import is finished, you can define security equivalences and exclude administrative roles from replication.

    The driver object must be granted sufficient eDirectory rights to any object it reads or writes. You can do this by granting Security Equivalence to the driver object. The driver must have Read/Write access to users, post offices, resources, and distribution lists, and Create, Read, and Write rights to the post office container. Normally, the driver should be given security equal to Admin.

  5. Review the driver objects in the Summary page, then click Finish.

Keep in mind that installing the driver software lets you get the driver up and running, but it does not install the product license. Without the license and activation, the driver will not run after 90 days. For more information, refer to "Activating Novell Identity Manager Products".


Viewing Driver Parameters

During the driver import process, you entered the driver configuration values. Use the following procedure to view or modify these values.

  1. In iManager, click DirXML Management > Overview.

  2. Browse to the driver set where the GroupWise driver exists.

  3. Click the driver status icon, then click Edit Properties.

  4. Click the Driver Configuration tab, then modify any of the parameters.


Modifying Global Configuration Values

Global configuration values (GCVs) are new settings that are similar to driver parameters. Global configuration values can be specified for a driver set as well as an individual driver. If a driver does not have a GCV, the driver inherits the value for that GCV from the driver set.GCVs allow you to specify settings for new Identity Manager features such as password synchronization and driver heartbeat, as well as settings that are specific to the GroupWise driver. For more information, refer to "Using Global Configuration Values" in the Novell Nsure Identity Manager 2 Administration Guide.

  1. In iManager, click DirXML Management > Overview.

  2. Browse to the driver set where the GroupWise driver exists.

  3. Click the driver status icon, then click Edit Properties.

  4. Click the Global Config Values tab, then modify any of the following GCVs.

GCV Name Description

GroupWise Domain Database Version

The version of the GroupWise domain database to which this driver should connect.

Synchronize Groups

Select True if you want this driver to synchronize eDirectory groups to GroupWise distribution lists. Otherwise, select False.

Create Nicknames

Select True to specify that the driver creates GroupWise nicknames when GroupWise accounts are renamed or moved to another post office. Otherwise, select False.

Reassign Resource Ownership

Select True to specify that this driver should reassign ownership of resources when GroupWise accounts are disabled or expired. Otherwise, select False.

If you select True, the resources are assigned to the default User ID you specify in the next parameter. This setting does not apply when a GroupWise account is deleted because the resources must be reassigned. The default is False.

Default Resource Owner User ID

Specify the prefix of the default user who will become the new owner of resources that are reassigned. The default is IS_admin.

You must specify this name even when the Reassign Resource Ownership option is False. When a GroupWise Account is deleted, its resources are assigned to this account. If the default User ID does not have a GroupWise account in the post office of the deleted account, an account is created.

IMPORTANT:  The driver does not start if a default user prefix is not specified.

Create Accounts During Migration

Select True or False to specify that this driver should create new GroupWise accounts for users without a current account during a migration from eDirectory.

Migration causes Identity Manager to examine every object specified. When an object does not have a driver association, the Create policy is applied. If the object meets the Create rule criteria, the object is passed to the driver as an Add event. Otherwise, when you specify True, the driver creates a GroupWise account. When False is specified, the add event is ignored and the driver issues a warning that this option is set to False. The default value is False.

Action on eDirectory User Delete

When a user is deleted in eDirectory, specify the action you want the driver to take on an associated GroupWise account. Choose from Delete the GroupWise Account, Disable the GroupWise Account, Expire the GroupWise Account, or Disable and Expire the GroupWise Account.

Action on eDirectory User Expire/Unexpire

When a user login in eDirectory is expired/unexpired, specify the action you want the driver to take on an associated GroupWise account. Choose from Expire/Unexpire the GroupWise Account, Disable/Enable the GroupWise Account, or Disable/Enable and Expire/Unexpire the GroupWise Account.

Action on eDirectory User Disable/Enable

When a user login in eDirectory is disabled/enabled, specify the action you want the driver to take on an associated GroupWise account. Choose from Expire/Unexpire the GroupWise Account, Disable/Enable the GroupWise Account, or Disable/Enable and Expire/Unexpire the GroupWise Account.

Remove GW Account from All Distribution Lists on Expire

Select True if you want the driver to remove the GroupWise account from all distribution lists when the account is expired. Otherwise, select False.

Remove GW Account from All Distribution Lists on Disable

Select True if you want the driver to remove the GroupWise account from all distribution lists when the account is disabled. Otherwise, select False.

Publisher Heartbeat Interval

Specify the Publisher channel heartbeat interval in minutes. Enter 0 to disable the heartbeat.

Set the Initial/Default GroupWise Password on Account Creation

If True, the GroupWise initial/default password is set when an account is created. The initial password value is specified in the Create Policy. If False, the initial password is not set.

GroupWise has two passwords, the initial password and regular password. In GroupWise, the initial password is stored in clear text and can be seen by an administrator. The regular password is encrypted and can not be viewed. When set, the regular password is used by GroupWise instead of the initial/default password. When a GroupWise user changes his or her password, it is stored as the regular password. In the interest of security, the initial password is never set to a password sent from eDirectory (nspmDistributionPassword attribute).

Synchronize the eDirectory Password to the GroupWise Regular Password

If True, allows passwords to flow from eDirectory to GroupWise. If False, the regular password is not set. GroupWise has two passwords, the initial password and the regular password.

In GroupWise, the initial password is stored in clear text and can be seen by an administrator. The regular password is encrypted and cannot be viewed. When set, the regular password is used by GroupWise instead of the initial/default password. When a GroupWise user changes his or her password, it is stored as the regular password. In the interest of security, the initial password is never set to a password sent from eDirectory (nspmDistributionPassword attribute).

Connected System or Driver Name

The name of the connected system, application, or DirXML driver. This value is used by the e-mail notification templates.


Upgrading from the 2.1 Version of the Driver

Use the steps in this section to upgrade from the DirXML Driver 2.1 for GroupWise. You might want to export your existing driver configuration before upgrading. (Your existing driver configurations are converted to the Identity Manager 2 format when you modify policies.)

To upgrade from version 2.1:

  1. In Novell iManager, click eDirectory Administration > Modify Object.

  2. Specify the driver object's name, then click OK.

  3. Scroll down to the Startup Option section, click Manual, then click OK.

  4. Shut down eDirectory or the Remote Loader.

  5. Run the Identity Manager 2 installation program and select the GroupWise driver.

    You install the driver over the existing 2.1 driver files. This step updates all necessary driver files. Depending on where your iManager server resides, you might need to copy the driver configuration to that server (if it is a remote server.)

  6. When the installation completes, reboot the computer where the driver exists. Also restart eDirectory or the Remote Loader.

  7. You should delete GWADJ1.DLL from any DirXML-related directories. If the file exists in any other directory in the search path, you might encounter problems. Do not delete this file from the ConsoleOne® directory.

    You should also delete gwenv1a.DLL and xgbas10a.DLL from the Novell\NDS directory after installing the update. Do not remove these files from the \Winnt\system32 directory if they exist there.

  8. Migrate from eDirectory if the driver set or driver name changed.


Activating the Driver

Activation must be completed within 90 days of installation or the driver will not run.

For activation information, refer to "Activating Novell Identity Manager Products" in the Novell Nsure Identity Manager 2 Administration Guide.

NOTE:  If you are upgrading from the 2.1 version of the driver, you do not need to reactivate the driver.