5.5 Configuring and Synchronizing a New Driver

If you have not used Password Synchronization 1.0 in your environment, and you are creating a driver or replacing an existing configuration with a new Identity Manager configuration, set up Identity Manager Password Synchronization functionality.

  1. Make sure your environment is ready to use Universal Password.

    See Section 5.4, Preparing to Use Identity Manager Password Synchronization and Universal Password.

  2. Create a driver, or replace an existing driver's configuration with the Identity Manager configuration.

    The Identity Manager configurations contain the Identity Manager policies and other items necessary for Identity Manager Password Synchronization. See the individual Identity Manager Driver Guides for information on importing the new sample driver configurations.

  3. Turn on Universal Password for users by creating NMAS password policies with Universal Password enabled.

    See “Creating Password Policies” in the Password Management Administration Guide . If you previously used Universal Password with NetWare 6.5, some extra steps are described in “(NetWare 6.5 Only) Re-Creating Universal Password Assignments” in the Password Management Administration Guide.

    We recommend that you assign password policies as high in the tree as possible.

    The Configuration Options page enables you to select how you want NMAS to keep the different kinds of passwords synchronized.

    For scenarios on using Password Synchronization, and how Identity Manager password policies fit in, see Section 5.8, Implementing Password Synchronization. Also see the online help.

  4. (Active Directory, NIS, or NT Domain only) If you want the connected systems to provide user passwords to Identity Manager, install new Password Synchronization filters and configure them.

    For instructions, see the driver implementation guide for each of these drivers, at Identity Manager Drivers.

  5. For each connected system, make sure that password flow is set the way you want.

    1. In iManager, click Passwords > Password Synchronization, and search for the drivers for connected systems that you want to manage.

    2. View the current settings for password flow.

      This is a graphical interface for the global configuration values (GCVs). Edit them by clicking the name of a driver. You can edit settings for the following:

      • Whether Identity Manager accepts passwords from this system.

      • Which password you want Identity Manager to update: Universal Password directly, or Distribution Password directly.

        Identity Manager controls the entry point, meaning which password Identity Manager updates. NMAS controls the flow of passwords between each different kind of password, based on what you have set in the Configuration Options for a password policy. See the figure in Step 3.

      • Whether the password policy for the user is enforced on password changes coming in to Identity Manager.

      • Whether the password policy for the user is enforced on the connected system by resetting passwords that don't comply.

      • Whether passwords are accepted by this connected system.

      • Whether e-mail notifications are sent when password synchronization fails.

  6. Test password synchronization.

    • Confirm that the Identity Manager password is distributed to the systems you specified.

    • Confirm that the connected systems you specified are publishing passwords to Identity Manager.

    For troubleshooting tips, see Section 5.8, Implementing Password Synchronization.