12.4 Disabling License Associations

The Identity Manager Association Disabling Tool (IDMADT) lets you disable associations on objects that you don’t want serviced by Identity Manager. IDMADT leverages License Auditing Tool output files to identify a list of objects from these log files and changes the association state for those objects to ASSOCIATION_DISABLED. This signals Identity Manager to stop synchronizing information for these objects. Once this is done, the License Auditing Tool no longer counts these objects as active.

This section includes the following topics:

12.4.1 Installing IDMADT

IDMADT is a java application compatible with Java v1.4.2 or later. To install IDMADT, simply copy the following files to a directory of your choice.

ObjDisabler.jar: IDMADT Java classes

Ldap.jar: LDAP java classes

Forms_rt.jar: User Interface java classes

Idmadt.bat: Windows Batch file to execute IDMADT

Idmadt: Linux script file to execute IDMADT

12.4.2 Using IDMADT

To use IDMADT:Launch IDMADT by

  1. Launch IDMADT.

    Execute either the Windows batch file (Idmadt.bat), or the Linux script file (Idmadt), as determined by the operating system you are using.

  2. Provide the required parameters.

    IDMADT requires the following parameters:

    LDAP Server Nname or IP Address: Specifies the LDAP server to which IDMADT connects to audit the tree.

    LDAP Port: Specifies the port that IDMADT uses to locate LDAP services. Make sure you specify a valid SSL port for the specified LDAP server. Port 636 is the default SSL port.

    User ID: Specifies the User ID IDMADT uses to connect to the specified LDAP server. The specified User ID must have access to all objects in the tree. While it is legal to select <anonymous> for this value, it will likely not have sufficient rights.

    Specify the User ID in LDAP comma delimited, typeful format. For example: cn=admin,ou=IST,o=MyCompany.

    User Password: Specifies a valid password for the specified User ID.

    Input File: Specifies the name of the License Auditing Tool file that contains the list of objects to process. The two relevant files are <treename>-logindisabled.log and <treename>-inactiveusers.log.Click Open to browse for the desired file.

    You must run IDMADT once for each file you want to process.

    Use SSL and Trust eDir Server: Since IDMADT modifies objects, check to turn on SSL authentication with a trust relationship.

  3. Click Start.

    IDMADT displays information about the LDAP server in the System Information section of the IDMADT user interface, and progress of the current operation in the log pane at the bottom of the IDMADT user interface.

    Click Abort to halt the current operation.