Default Driver Configuration
Identity Manager fundamentals are explained in the Novell Nsure Identity Manager 2 Administration Guide. This section discusses implementations, additions, or exceptions specific to this driver.
Data Flow
Publisher and Subscriber Channels
The driver supports Publisher and Subscriber channels:
- The Publisher reads information from the LDAP directory change log or an LDAP search and submits that information to eDirectory via the DirXML engine.
By default, the Publisher checks the log every 20 seconds, processing up to a 1000 entries at a time, starting with the first unprocessed entry.
- The Subscriber watches for additions and modifications to eDirectory objects and issues LDAP commands that make changes to the LDAP directory.
Filters
Identity Manager uses filters to control which objects and attributes are shared. The default filter configurations for the LDAP driver allow objects and attributes to be shared, as illustrated in the following figure:
Figure 1
LDAP Driver Filters
Policies
Policies are used to control data synchronization between the driver and eDirectory. The LDAP driver comes with two preconfiguration options to set up policies.
- The Flat option implements a flat structure for users in both directories.
With this configuration, when user objects are created in one directory, they are placed in the root of the container you specified during driver setup for the other directory. (The container name doesn't need to be the same in both eDirectory and the LDAP directory). When existing objects are updated, their context is preserved.
- The Mirror option matches the hierarchical structure in the directories.
With this configuration, when new user objects are created in one directory, they are placed in the matching hierarchical level of the mirror container in the other directory. When existing objects are updated, their context is preserved.
Except for the Placement policy and the fact that the Flat configuration doesn't synchronize Organizational Unit objects, the policies set up for these options are identical.
The following table provides information on default policies. These policies and the individual rules they contain can be customized through Novell iManager as explained in Customizing the LDAP Driver.
Mapping |
Maps the eDirectory User object and selected properties to an LDAP inetOrgPerson. Maps the eDirectory Organizational Unit to an LDAP organizationalUnit. By default, more than a dozen standard properties are mapped. |
Publisher Create |
Specifies that in order for a User to be created in eDirectory, the cn, sn, and mail attributes must be defined. In order for an Organization Unit to be created, the ou attribute must be defined. |
Publisher Placement |
With the Simple placement option, new User objects created in the LDAP directory are placed in the container in eDirectory that you specify when importing the driver configuration. The User object is named with the value of cn. With the Mirror placement option, new User objects created in the LDAP directory are placed in the eDirectory container that mirrors the object's LDAP container. |
Matching |
Specifies that a user object in eDirectory is the same object as an inetOrgPerson in the LDAP directory when the e-mail attributes match. |
Subscriber Create |
Specifies that in order for a user to be created in the LDAP directory, the CN, Surname, and Internet Email Address attributes must be defined. In order for an Organization Unit to be created, the OU attribute must be defined. |
Subscriber Placement |
If you choose the Flat placement option during the import of the driver configuration, new User objects created in eDirectory are based on the value you specified during import. If you choose Mirrored placement during the import of the driver configuration, new User objects created in eDirectory are placed in the LDAP directory container that mirrors the object's eDirectory container. |