E.1 Driver Configuration

In iManager:

  1. Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.

  2. Browse to the driver, then click the upper right corner of the driver icon.

  3. Click Edit Properties > Driver Configuration.

In Designer:

  1. Open a project in the Modeler, then right-click the driver line and click Properties > Driver Configuration.

There are different sections under Driver Configuration. In this document, each section is listed in a table. The table contains a description of the fields, and the default value or an example of the value that should be specified in the field.

E.1.1 Driver Module

The driver module changes the driver from running locally to running remotely or the reverse.

In iManager:

  1. Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.

  2. Browse to the driver, then click the upper right corner of the driver icon.

  3. Click Edit Properties > Driver Configuration > Driver Module.

    See Table E-1 for a list of the driver module options.

In Designer:

  1. Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.

  2. Select the Driver Module tab.

    See Table E-1 for a list of the driver module options.

Table E-1 Driver Module Options

Option

Description

Java

Used to specify the name of the Java class that is instantiated for the shim component of the driver. This class can be located in the classes directory as a class file, or in the lib directory as a .jar file. If this option is selected, the driver is running locally.

Native

Used to specify the name of the .dll file that is instantiated for the application shim component of the driver. If this option is selected, the driver is running locally.

Connect to Remote Loader

Used when the driver is connecting remotely to the connected system.

Remote Loader Client Configuration for Documentation

Includes the Remote Loader client configuration information in the driver documentation that is generated by Designer.

E.1.2 Driver Object Password

In iManager:

  1. Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.

  2. Browse to the driver, then click the upper right corner of the driver icon.

  3. Click Edit Properties > Driver Configuration > Driver Object Password > Set Password.

    See Table E-2 for more information.

In Designer:

  1. Open a project in the Modeler, then right-click the driver line and click Properties > Driver Configuration.

  2. Click Driver Module > Connect to Remote Loader > Driver Object Password > Set Password.

    See Table E-2 for more information.

Table E-2 Driver Object Password

Option

Description

Driver Object Password

Use this option to set a password for the driver object. If you are using the Remote Loader, you must enter a password on this page or the remote driver does not run. This password is used by the Remote Loader to authenticate itself to the remote driver shim.

E.1.3 Authentication

The authentication section stores the information required to authenticate to the connected system.

In iManager:

  1. Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.

  2. Browse to the driver, then click the upper right corner of the driver icon.

  3. Click Edit Properties > Driver Configuration > Authentication.

    See Table E-3 for a list of the driver authentication parameters.

In Designer:

  1. Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.

  2. Click Authentication.

    See Table E-3 for a list of the driver authentication parameters.

Table E-3 Authentication Parameters

Option

Description

Authentication ID

or

User ID

Specify a user application ID. This ID is used to pass Identity Vault subscription information to the application.

Example: Administrator

Authentication Context

or

Connection Information

Specify the IP address or name of the server the application shim should communicate with.

Remote Loader Connection Parameters

or

Host name

Port

KMO

Other parameters

Used only if the driver is connecting to the application through the Remote Loader. The parameter to enter is hostname=xxx.xxx.xxx.xxx port=xxxx kmo=certificatename, when the host name is the IP address of the application server running the Remote Loader server and the port is the port the Remote Loader is listening on. The default port for the Remote Loader is 8090.

The kmo entry is optional. It is only used when there is an SSL connection between the Remote Loader and the Metadirectory engine.

Example: hostname=10.0.0.1 port=8090 kmo=IDMCertificate

Driver Cache Limit (kilobytes)

or

Cache limit (KB)

Specify the maximum event cache file size (in KB). If it is set to zero, the file size is unlimited.

Click Unlimited to set the file size to unlimited in Designer.

Application Password

or

Set Password

Specify the password for the user object listed in the Authentication ID field.

Remote Loader Password

or

Set Password

Used only if the driver is connecting to the application through the Remote Loader. The password is used to control access to the Remote Loader instance. It must be the same password specified during the configuration of the Remote Loader on the connected system.

E.1.4 Startup Option

The Startup Option allows you to set the driver state when the Identity Manager server is started.

In iManager:

  1. Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.

  2. Browse to the driver, then click the upper right corner of the driver icon.

  3. Click Edit Properties > Driver Configuration > Startup Option.

    See Table E-4 for a list of the startup options.

In Designer:

  1. Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.

  2. Click Startup Option.

    See Table E-4 for a list of the startup options.

Table E-4 Startup Options

Option

Description

Auto start

The driver starts every time the Identity Manager server is started.

Manual

The driver does not start when the Identity Manager server is started. The driver must be started through Designer or iManager.

Disabled

The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start.

Do not automatically synchronize the driver

This option only applies if the driver is deployed and was previously disabled. If this is not selected, the driver re-synchronizes the next time it is started.

E.1.5 Driver Parameters

In iManager:

  1. Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.

  2. Browse to the driver, then click the upper right corner of the driver icon.

  3. Click Edit Properties > Driver Configuration > Driver Parameters.

    See Table E-5 for a list of the driver parameters.

In Designer:

  1. Open a project in the modeler, then right-click the driver line and select Properties > Driver Configuration.

  2. Click Driver Parameters.

    See Table E-5 for a list of the driver parameters.

Table E-5 Driver Parameters

Parameter

Description

Driver Settings > Authentication Options

 

Show authentication options

The options are show or hide. It enables you to see and change the authentication options for the driver.

Authentication Method

The method of authentication to Active Directory. Negotiate uses Microsoft’s security package to negotiate the logon type. Typically Kerberos or NTLM is selected. Simple uses LDAP style simple bind for logon.

If you want to use Password Synchronization, select Negotiate.

Digitally sign communications

Select Yes to digitally sign communication between the driver shim and Active Directory. This does not hide the data from view on the network, but it reduces the change of security attacks.

Signing only works when you use the Negotiate authentication method and the underlying security provider selects NTLM2 or Kerberos for its protocol.

Do not use this option with SSL.

Select No to have communications not signed.

Digitally sign and seal communications

Select Yes to digitally encrypt communication between the driver shim and the Active Directory database.

Sealing only works when you the Negotiate authentication method and the underlying security provider selects NTLM2 or Kerberos for its protocols.

Do not use this options with SSL.

Select No to not have communication between the driver shim and the Active Directory database signed and sealed.

Use SSL for encryption

Select Yes to digitally encrypt communication between the driver shim and the Active Directory database.

This option can be used with the Negotiate or Simple authentication methods. SSL requires that the Microsoft server running the driver shim imports the domain controller’s server certificate imported. For more information, see Securing Windows 200 Server.

Logon and impersonate

Select Yes to logon and impersonate the driver authentication account for CDOEXM (Collaboration Data Object for Exchange Management) and Password Set support. The driver performs a local logon. The authentication account must have the proper rights assignment. For more information, see Section 2.4, Creating an Administrative Account.

If No is selected, the driver performs a network logon only.

Driver Settings > Exchange Options

 

Show Microsoft Exchange options

Select show to display the Microsoft Exchange options. These parameters control whether the driver shim uses the Microsoft CDOEXM Exchange management APIs and whether to interpret changes in the homeMDB attribute as a Move or a Delete of the mailbox.

Select hide if you are not synchronizing Exchange accounts.

Use CDOEXM for Exchange (yes/no)

Select Yes to enable the driver shim to intercept changes to the Active Directory homeMDB attribute and calls into the CDOEXM subsystem. The value selected here is stored in the driver shim configuration.

Select No if you are not synchronizing Exchange accounts.

Allow CDOEXM Exchange mailbox move (yes/no)

Select Yes to enable the driver shim to intercept modifications to the Active Directory homeMDB attribute and calls into the CDOEXM subsystem to move the mailboxes to the new message data store.

Select No if you do not want mailboxes moved when the Active Directory account is moved.

Allow CDOEXM Exchange mailbox delete (yes/no)

Select Yes to enable the driver shim to intercept removals of the Active Directory homeMDB attribute and calls into the CDOEXM subsystem to delete the mailbox.

Select No if you don’t want to delete the mailbox account when the Active Directory account is deleted.

Driver Settings > Access Options

 

Show access options

Select show to display the domain controller access options. These parameters control the scope of the Active Directory queries along with several Publisher polling and timeout parameters.

Select hide to hide the domain controller access options.

Driver Polling Interval

Specify the number of minutes to delay before querying the Active Directory data base for changes. A larger number reduces the load on the Active Directory database, but it also reduces the responsiveness of the driver.

The default value is 1 minute.

Publisher heartbeat interval

Allows the driver to send a periodic status message on the Publisher channel when there has been no Publisher channel traffic for the given number of seconds.

The default value is 0 seconds, which means this is not enabled.

Password Sync Timeout (minutes)

Specify the number of minutes for the driver to attempt to synchronize a given password. The driver does not try to synchronize the password after this interval has been exceeded.

It is recommended that this value be set to at least three times the value of the polling interval. For example, if the Driver Polling Interval is set to 10 minutes, set the Password Sync Timeout to 30 minutes.

If this value is set to 0, then password synchronization is disabled for this driver.

The default value is 5 minutes.

Search domain scope

The driver shim reads information from other domains when objects in those domains are referenced. If the account you use for authentication has no rights in the other domain, the reads might fail. Select Yes to enable this option if you get access errors during regular operations.

By default, it is set to No.