In this section:
In previous releases of DirXML, the policies used in a driver configuration were called Rule objects and Stylesheet objects. In Identity Manager 2, each part of the driver configuration is called a Policy object, and these policies contain individual rules.
For common tasks, you can now use the new Policy Builder interface to create policies for your drivers without having to write XSLT code. The Policy Builder helps you set up twenty-five of the most common rules using the new DirXML Script. For more information, see Creating Policies .
This release contains expanded functionality of Policy Builder with new conditions, actions, and values. Policy Builder now has an integrated clipboard, the ability to import, export, and reference XML policies, and several other new features. Refer to the Policy Builder and Driver Customization Guide.
Identity Manager 2 includes new and enhanced password management features:
For more information, see Managing Passwords by Using Password Policies and Password Synchronization across Connected Systems.
Role-Based Entitlements let you grant entitlements on connected systems to a group of Novell eDirectory users. Using Entitlement Policies, you can streamline management of business policies and reduce the need to configure your DirXML drivers.
Role-Based Entitlements is an alternative way to administer Identity Manager. You might choose to use it if you prefer a centralized model of Identity Manager administration.
An Entitlement Policy is an eDirectory dynamic group object with additional features added for connected systems. When you create an Entitlement Policy, you define the membership for the policy and the entitlements that should be granted to the members of the Entitlement Policy.
Role-Based Entitlements let you grant entitlements on connected systems and rights in eDirectory. Entitlements on connected systems can be any of the following:
Because Role-Based Entitlements functionality is based on Identity Manager, you must have DirXML drivers installed and configured properly in order to be able to administer connected systems. In addition, to avoid possible conflicts between Entitlement Policy assignments and DirXML driver configurations, you should be aware of your business policies and how they are administered through Identity Manager.
With Identity Manager 2, you can now use Novell Nsure Audit for reporting and notification services. Novell Nsure Audit is a centralized, cross-platform auditing service. It collects event data from multiple applications across multiple platforms and writes the data to a single, non-repudiable data store. Nsure Audit is also capable of creating filtered data stores. Based on criteria you define, Nsure Audit captures specific types of events and writes those events to secondary data stores.
Nsure Audit components have been updated to version 1.0.2. This version provides additional event fields to enhance querying and reporting, as well as an expanded data field to hold large XML documents. For more information, see Logging and Reporting Using Nsure Audit.
Reporting and Notification Service (RNS) is deprecated, though the engine continues to process RNS functions if you are currently using RNS. You should plan to move to Nsure Audit, as Nsure Audit expands the functionality provided by RNS, and RNS might no longer be supported in a future release of Identity Manager. For RNS documentation, see the DirXML 1.1a Administration Guide.
Global configuration values (GCVs) are new settings that are similar to driver parameters. Global configuration values can be specified for a driver set as well as an individual driver. If a driver does not have a value for a particular GCV, the driver inherits the value for that GCV from the driver set.
GCVs allow you to specify settings for new features such as Password Synchronization, as well as settings that are specific to the function of an individual driver configuration. Some GCVs are provided with the drivers, but you can also add your own. You can refer to these values in a policy to help you customize your driver configuration.
For more information, see Using Global Configuration Values.
The DirXML engine now accepts driver heartbeat documents from drivers, and drivers can be configured to send them.
For more information, see Adding Driver Heartbeat.
Many of the sample driver configuration use a new feature, flexible prompting, to reduce complexity when importing the configuration. For example, one prompt can be provided in the initial import screen to let you choose whether to use a feature such as Remote Loader or Role-Based Entitlements. If you choose yes, another page of import prompts can be displayed in the wizard to let you provide any additional information for those features.