The Identity Manager Driver for SIF comes with a driver configuration file named SIFAgent.xml.
You use a wizard to create a new Driver object based on this configuration file. When you import the configuration file to create or upgrade a driver object, only a few prompts are presented. Most of the driver configuration is done after you import, on the global configuration values page for the driver.
In the driver configuration, you need to specify the DN for these objects.
Create a driver, following the instructions in "Creating and Configuring a Driver " in the Novell Nsure Identity Manager 2 Administration Guide.
When importing the SIFAgent.xml driver configuration, specify the following.
| Field Name | Description |
|---|---|
Driver name |
Specify the name you want to use for the driver object in eDirectory. |
SIF Agent name |
Specify the name this driver uses to register as a SIF Agent with the Zone Integration Server (ZIS). The driver must have a Zone-unique, case-sensitive name. We recommend that you use the default name, Novell Identity Manager. You need to coordinate with the ZIS administrator to make sure that the same name is used when configuring the ZIS, as described in Configuring the ZIS to Recognize the Driver. |
SIF Specification version |
Specify the SIF Specification version you want this driver to use, either SIF Specification 1.1, or SIF Specification 1.5r1. |
Manage preexisting eDirectory users |
The SIF Driver can match students and staff in the Student Information System (SIS) with preexisting eDirectory users only if the eDirectory user attribute DirXML-sifSISID contains the student's or staff's ID number. Specify Yes if one of the following is true:
Otherwise, specify No. If Yes is specified, the Migrate into eDirectory command can be used to add or update all SIF users into eDirectory. If No is specified, the Migrate into eDirectory command is ignored to prevent duplicate users from being created in eDirectory. This field does not apply to users added to eDirectory by this driver. Identity Manager can always match these eDirectory users with student information system users, and these eDirectory users are always kept current with changes from the student information system. For more information on how to make this decision, see Synchronizing eDirectory the First Time. |
Driver is Local/Remote |
Specify whether to run the driver locally or using Remote Loader. If you specify Remote, after you click Next another page presents a few more items for you to specify regarding Remote Loader configuration. For information about running the driver remotely, see "Setting Up Remote Loaders" in the Novell Nsure Identity Manager 2 Administration Guide. |
After you create the Driver object, configure settings such as the containers to use for students and staff.
Click the Global Config Values tab, and specify the following settings. Some of them you specified when creating the driver object, so for those items you can simply review the settings to make sure they are correct.
| Field Name | Description |
|---|---|
| Global Config Values | |
Search container DN |
The container below which User IDs must be unique. When creating a new User object, the driver searches eDirectory to verify that the new User ID is not already in use. This container and all subcontainers are searched. Choose the district container or a container that is high enough in the tree that user IDs are unique for all students and staff. For example, for the environment shown in Figure 7, you would specify the District container. This search container is used for all zones. If you specify Yes in the Send New Users to SIF field, only users in this container and its subcontainers are sent to SIF. |
Manage preexisting eDirectory users |
This option lets you decide whether you want the driver to manage accounts that you already have created in eDirectory, before using this driver. The SIF Driver can match students and staff in the Student Information System (SIS) with preexisting eDirectory users only if the eDirectory user attribute DirXML-sifSISID contains the student's or staff's ID number. Specify Yes if one of the following is true:
Otherwise, specify No. If Yes is specified, the Migrate into eDirectory command can be used to add or update all SIF users into eDirectory. If No is specified, the Migrate into eDirectory command is ignored to prevent duplicate users from being created in eDirectory. This field does not apply to users added to eDirectory by this driver. Identity Manager can always match these eDirectory users with student information system users, and these eDirectory users are always kept current with changes from the student information system. For more information on how to make this decision, see Synchronizing eDirectory the First Time. |
Send user updates to SIF |
Select Yes if you want changes made to users in eDirectory to be sent to SIF. You might want to do this for the following reasons:
Otherwise, select No. |
Send new users to SIF |
Select Yes if you want new users in eDirectory to be sent to SIF. You might want to do this if your student information system is not SIF-enabled and you want the Novell SIF Driver to inform SIF of new students and staff. If you select Yes you should also set "Send user updates to SIF" to Yes. Otherwise, select No. |
Send email notification |
Send an e-mail notification when an eDirectory account's User ID is renamed or when a new user is created with a non-standard User ID. User IDs must be unique. When the driver receives information for a new student from the student information system, it follows the format for creating the User ID that you chose in the User ID Format. Before creating the User object, the driver searches for a duplicate ID starting with the container you specified in the Search container DN. If the driver finds the user ID already exists, the driver creates a unique ID by appending a digit to it. For example, if Dawn Smith had the User ID of DSmith, and a new user named David Smith were added, the driver place him in the appropriate container and would give David the User ID: DSmith1. Also, when an eDirectory user account is renamed by the driver, an email notification can be sent. Select Yes if you want e-mail notifications sent. You must have a local SMTP server. Otherwise, select No. If you select Yes, you will be presented with the following four additional prompts:
|
Specify the Student Information System you are using |
Specify the Student Information Management System you are using. This information is used to accommodate unique features about each SIS. Specify "Other" if the SIS you are using is not listed. Specify Yes if you want to manage student accounts in eDirectory, otherwise specify No. |
| Student Configuration | |
Student user ID format |
Configure the Student user ID format. The format is composed of five parts. The five parts are concatenated to produce the user ID. See the description and example in Specifying the Pattern for User IDs. |
Rename student users when naming attributes change |
Specify Yes if you want student user accounts in eDirectory renamed when any of the attributes change that are used to build the User CN (the attributes you specify in Student user ID format). Otherwise, specify No. See "Send e-mail notifications" in the Driver Configuration prompts above. |
Student placement is by |
Select the criteria used to place students in the eDirectory tree.
|
Student password format |
Select a password format for students.
|
Student preset text for password |
If you selected Preset Text in the Student Password Format prompt above, specify the password you want to be assigned to new student users. Otherwise, leave this field blank. |
| Staff and Employee Configuration | |
Manage Staff and Employee Accounts |
Specify Yes if you want to manage staff and employee accounts in eDirectory. Otherwise, specify No. Typically StaffPersonal objects are maintained by the SIS and EmployeePersonal objects are maintained by the HR system. Specify "StaffPersonal" if you want to provision SIS data into eDirectory. |
Staff user ID format |
Configure the Staff user ID format. The format is composed of five parts. The five parts are concatenated to produce the user ID. See the description and example in Specifying the Pattern for User IDs. |
Rename staff users when naming attributes change |
Specify Yes if you want staff user accounts in eDirectory renamed when any of the attributes change that are used to build the User CN (the attributes you specify in Staff user ID format). Otherwise, specify No. See "Send e-mail notification" in the Driver Configuration prompts above. |
Staff password format |
Select a password format for staff.
|
Staff preset text for password |
If you selected Preset Text in the Staff Password Format prompt above, specify the password you want to be assigned to new staff users. Otherwise, leave this field blank. |
| Zone Configuration Configure information for each SIF Zone this driver will connect to. Up to ten Zones can be configured, and the order they are listed in is not important. |
|
Connection to Zone |
Specify Enabled if the driver is to connect to this Zone. Specify Disabled if the driver is to ignore these parameters. The connection to a configured Zone can be disabled, for example, when testing an individual Zone or when a Zone is offline. |
Zone URL |
The URL of the SIF Zone Integration Server (ZIS) this driver connects to. The URL can be obtained from the ZIS administrator. It is case sensitive. The protocol is HTTP (Hypertext Transfer Protocol) or HTTPS (Secure Hypertext Transfer Protocol). If you have DNS you can use the hostname; otherwise, use the IP address. Example URLs are When https is specified, the CA certificate for the ZIS must be placed in the java-home\jre\lib\security\jssecacerts keystore file. For more information on how to set this up after importing the driver, see Setting Up Security. |
Incomplete Container DN |
The DN of the Incomplete container. If the grade or school for a student is not provided by the student information system, the user is created in the Incomplete container with login disabled. No template is used when creating the user. When the student information system provides the missing information, the user is deleted from this container, and created in the correct container. Browse and select the Incomplete container you created for this Zone. This is the Incomplete container that you created during planning, in Identifying "Incomplete" Containers. |
Disabled container DN |
A student's login is disabled when he or she withdraws from school. If you want the student moved when the login is disabled, browse and select the Disabled container you created for this Zone. If you do not want the user moved, leave this field blank. |
Staff container DN |
If you are managing SIF staff users, browse and select the container where you want staff users to be placed for this Zone. Leave this field blank if you are not managing staff users. |
Staff template DN |
If you are managing SIF staff users, browse and select the eDirectory Template object you want to be used when creating staff users. Leave this field blank if you are not managing staff users or you are not using a template. |
| Student Placement This section lets you configure the placement of a group of students in eDirectory. Students are placed in an eDirectory container based on their school code, graduation year, or grade level. You need to know the values your student information system uses for schools, graduation years and grades. Complete as many Student placement entries as you need to place all students. Up to 10 schools and 6 groups of students per school can be defined. If you need more than 6 student groups in a school, you can specify the same school in more than one School Code. |
|
School 1 |
Use this field to separate school configurations. Use this section to configure the placement of students in the same school. Students are placed in an eDirectory container based on their school code, graduation year, or grade level. You need to know the values your Student Information System (SIS) uses for schools, graduation years, and grades. Complete as many Student group placement entries as you need to in order to place all students. If you need additional Student Group Placements for this school, use additional Student Group Placements with the same school code. |
School Code |
Specify the school code for this group of students, exactly as it is specified in the student information system. Contact the administrator to find out the school code. This code might be alpha, numeric, or a combination. If you specified Group Only or Graduation Year Only in student placement, type an asterisk. |
Grade code or graduation year |
Fill in this field based on your choice in the Student Placement Is by field, in the STUDENT CONFIGURATION section. If you specified Grade in Student Placement Is by, specify the grade level code exactly as it is specified in the student information system. If you specified Graduation Year in Student Placement Is by, specify the graduation year in the format YYYY. If you specified School Only in Student Placement Is by, type an asterisk (*). |
Student container DN |
Browse and select the eDirectory container where you want this group of students to be placed. |
Student template DN |
Browse and select the eDirectory template you want to be used when creating users for this group of students. Leave this field blank if you are not using a template. |
| SIF Provider Configuration Configure this section only when this driver is the SIF provider for student and staff information, as described in Sending Data from eDirectory to SIF. You might want to do this if your student information system is not SIF-enabled, and you want the driver to be the SIF provider of student and staff information. Being the provider means this driver responds to SIF queries for information about students and staff. |
|
Be the SIF default provider for students and staff |
Select Yes if you want this driver to be the SIF provider for student and staff information. If you select Yes, other settings are displayed. You might want to do this if your student information system is not SIF-enabled and you want the Novell SIF Driver to be the SIF provider of student and staff information. Being the provider means this driver responds to SIF queries for information about students and staff. See Sending Data from eDirectory to SIF. If you select Yes, you must also set Send User Updates to SIF to Yes and Send New Users to SIF to Yes, and configure one or more sets of School Information. Otherwise, select No. |
School information |
This field is used to separate school configurations. This prompt and its sub-prompts are only used if you set Be the SIF Default Provider for Students and Staff to Yes. This information is used so the SIF Driver can provide the SIF SchoolInfo objects. You need to know the value your student information system uses for each school. Complete as many School Information entries as you need to define all schools. |
School code |
Specify the school code exactly as it is specified in the student information system. |
School name |
Specify the school name as it is specified in the student information system. |
Zone number |
Specify the Zone number (1-10) this school belongs to. |
| Password Configuration By default, this section has a setting of Hide. It is used only if you want the driver to exchange passwords between eDirectory and the SIF zones. |
|
Password Configuration Parameters |
The only settings you should edit here are the ones listed in this table. The others are GCVs regarding Password Synchronization that are common to all drivers. They should be edited using iManager in Password Management > Password Synchronization, not here. Some of them have dependencies on each other that are represented only in the iManager interface. They are explained in "Password Synchronization across Connected Systems" in the Novell Nsure Identity Manager 2 Administration Guide. |
SIF Driver sends user passwords to the Zone |
If set to True, the SIF driver sends user passwords in eDirectory to the Zone. Passwords are sent as SIF Authorization objects. Other SIF-enabled applications can subscribe to the Zone to receive the passwords. You would set this parameter to True when other SIF-enabled applications want to use the user's network password. When a Distribution Password is set for a new user or when a Distribution Password is changed in eDirectory, the Novell SIF driver will send a SIF Authorization object containing the password to the Zone. |
SIF Driver accepts user passwords from the Zone |
If set to True, the SIF Driver sets user passwords in eDirectory to the passwords received from the Zone. The passwords are received as SIF Authorization objects. The passwords are published to the Zone by other SIF-enabled applications. You would set this parameter to True if you want the network password to be generated by another SIF-enabled application. For example, you have a SIF-enabled application in the Zone that generates a password for each user. When the Novell SIF driver receives the password in a SIF Authorization object, the corresponding user's eDirectory password is set to this value. If this parameter is set to True, we recommend that the Novell SIF driver also be configured to set a password for each new user. There might be a delay between the creation of the user account and when the password is received, and it is best to make sure the account is protected by a password at all times. |
Follow the instructions in Preparing the ZIS and the Student Information System to configure the ZIS to recognize the driver as a SIF Agent.