Configuring the Driver

In this section:


Adding the NDS Driver

Novell® provides a sample configuration file (LegacyNDS.xml). You can use this file to add the NDS driver to your driver set.

  1. In Novell iManager, select DirXML Utilities > Overview.

  2. Browse to and select the driver set, then click Search.

  3. Click Add Driver, select In an Existing Driver Set, then click Next.

  4. Click Import a Driver Configuration from the Client (.XML File), browse to and select the LegacyNDS.xml file, then click Next.


    The option to import from an .xml file

  5. Name the driver, specify user account information, and provide information about the NDS system.

    The wizard provides help so that you can set these parameters.

  6. Configure data flow.

    The Data Flow setting controls whether the Publisher channel filter and the Subscriber channel filter are synchronized or ignored. The setting determines whether data flows from both NDS and eDirectoryTM or either NDS or eDirectory. The Data Flow settings use policies to control the flow of data.


    Options on the Data Flow parameter
    Data Flow Setting Description

    Bi-directional

    Typically, both the Legacy NDS tree and eDirectory are authoritative sources. The Publisher and Subscriber channels fully synchronize objects and attributes.

    Authoritative

    The NDS tree is the authoritative source. Only the Publisher channel (NDS) synchronizes objects and attributes. The Subscriber filter is empty.

    Subordinate

    eDirectory is the authoritative source. Only the Subscriber channel (eDirectory) synchronizes attributes. The Publisher filter is empty.

    The following figure illustrates filter settings. In this example, all attributes except Initials are set for bidirectional data flow. On the Initials attribute, the Publisher channel synchronizes data. Because the Subscriber channel is set to Ignore, NDS is the authoritative source.


    Attributes displayed in the filter

  7. Select how to place synchronized objects.


    The parameter for placing objects to be synchronized

    • Mirrored: Synchronizes objects hierarchically between the NDS tree and eDirectory.

      This option in the driver configuration synchronizes User, Group, Organization, Country, and Organizational Unit objects. It also mirrors the structure of a subtree in another tree.

      When new User objects are created in one directory, they are placed in the matching hierarchical level of the mirrored container in the other directory.

      The Mirrored option doesn't require a Create rule.

    • Flat: Synchronizes User and Group objects into specific containers.

      Regardless of where synchronization begins or where objects appear in the NDS tree, this option places all users in one container and all groups in another container in eDirectory. A similar process occurs from eDirectory to the NDS tree. The user and group containers are the same in both the NDS tree and eDirectory.

      With this configuration, you must specify a container for User objects (to hold all new User objects) and a separate container for Group objects (to hold all new Group objects). This option doesn't create the containers that hold the users and groups. You must create the containers manually.

      Any changes in a user or group container in one system appear in the user or group container in the other system. The Placement policy places the objects and makes changes appropriately.

      The Create rule for the Flat option requires users to have a given name and a surname, so that users are unique when they appear in the other system.

    • Department: Synchronizes users and groups by department (OU).

      This option synchronizes User and Group objects and places all users and groups in a container based on the Department field in your management console.

      On either side, you define a container where all User objects are placed. You also define a department that the users belong to.

      A department (OU) attribute must already exist in the appropriate base container.

      This option doesn't create the containers for each department. You must create the containers manually. The must be the same as the container specified when you add or import the driver.

      The Create rule for the Department option requires a given name, surname, and OU.

      Scenario: Using Department Containers

      At the DigitalAirlines company, a Department container exists in the NDS tree. The network administrator has created (in the Department container) subdirectories named after departments that people belong to: R&D, Marketing, Corporate Sales, and Human Resources. Upon creating a user, the administrator assigns the user to a department name. Through the NDS driver, the Department attribute is created in the correct container in eDirectory.

  8. Configure the base container, remote base container, Publisher channel, and (optionally) the keystore file and password.

    Parameter Description

    Base Container

    Specifies the container in eDirectory where objects are placed and synchronized.

    • If using with Mirrored: The local base container to mirror with the remote base container.
    • If using with Flat: The container to place users and groups into.
    • If using with Department: The parent of the departmental containers.

    Remote Base Container

    Specifies the base container for synchronization in NDS.

    Enable Publisher Channel

    Enables or disables the Publisher channel of the driver shim.

    Keystore File

    An optional encrypted file. Required for an SSL connection between the NDS driver shim and dsagent.nlm, but not required otherwise. Specifies a file where SSL client passwords are stored.

    Keystore Password

    Unlocks the keystore file.

  9. Click Next, then specify a polling interval.

  10. (Conditional) If you selected the Flat placement, specify a Local Group Container in eDirectory.

    This is the base container for synchronization in eDirectory. Groups are placed here.

  11. Click Next.

  12. Define a security-equivalent user.

    Click Define Security Equivalences, then browse to and add a user.

  13. Click Exclude Administrative Roles, then browse to and add a user who is to be excluded from administrative roles.

  14. Click Next, review settings, then click Finish.


Configuring Driver Startup

  1. In iManager, select DirXML Management > Overview.

  2. Select the driver set containing the driver, then click Search.

  3. Click the driver icon to see the driver overview, then click the driver icon again to display the Modify Object page.

  4. Click Driver Configuration at the top of the page, then select one of the three options listed under Startup Option.

    You can set driver startup to any of the following three options:

    • Automatic: Whenever the DirXML engine starts, the driver starts automatically. After you have configured the driver, you should use this option.

    • Manual: Starts the driver manually. This option is often used during driver modification and testing cycles. The engine buffers the changes to be processed when the driver starts.

    • Disabled: If you use this option, Identity Manager does not cache events. Data changes made in eDirectory during the time a driver is disabled are not synchronized upon driver startup.

  5. Click OK.

For more information, refer to the DirXML (Identity Manager) Administration Guide.