5.6 Example Credential Provisioning Policies

The credential provisioning policies can be implemented and customized to meet the needs of your environment. The following example explains how to implement the polices for the scenario presented in Figure 4-1.

In the Finance scenario, SecretStore provisioning occurs after a password is successfully set in GroupWise. Most of the necessary parameters are statically configured and available to all policies through the repository and application objects. However, there are non-static data parameters (CN, password, and DirXML-ADContext) that are available only after the GroupWise user <add> or <modify-password> commands complete and the <output> document is returned from the GroupWise driver shim. The <output> document no longer contains any of the Subscriber operation attributes and the User context of the command is lost, thus preventing queries on the object. It is therefore necessary to do the following:

NOTE:Sample policies are available in XML format on the Identity Manager 3.0 Support Pack 1 media. The filenames are SampleInputTransform.xml, SampleSubCommandTransform.xml, and SampleSubEventTransform.xml. The files are found in the following directories:

  • linux\setup\utilities\cred_prov

  • nt\dirxml\utilities\cred_prov

  • nw\dirxml\utilities\cred_prov

The files are installed to the Identity Manager server, if Credential Provisioning Sample Policies is selected during the installation of the utilities. The sample policies are installed to the following locations, depending upon the platform:

  • Windows: C:\Novell\NDS\DirXMLUtilities (default; the user can change it during install)

  • NetWare®: SYS:\System\DirXmlUtilities

  • Linux (eDir 8.7): /usr/lib/dirxml/rules/credprov

  • Linux (eDir 8.8.1): /opt/novell/eDirectory/lib/dirxml/rules/credprov (default; the user can change it during install)

The sample policies provide a starting point to develop a policy that works for your environment.