5.2 Configuring Driver Object Properties
Typically, the driver’s properties are automatically configured when you import the driver configuration file and run the Certificate Wizard.
To configure properties manually:
-
In iManager, click > .
-
Locate the driver set that contains the eDirectory™ driver, then click the driver’s icon.
-
From the page, click the eDirectory Driver object, which displays the driver configurations.
-
Locate the section, then select .
-
In the Name edit box, type the following eDirectory Driver Java class name:
com.novell.nds.dirxml.driver.nds.DriverShimImpl
-
Set parameters.
5.2.1 Authentication Parameters
Figure 5-1 Authentication Parameters
Provide information that allows the source server to communicate with the destination server.
Authentication ID
If you want the source server and destination server to exchange secure information (for example, passwords), run the NDS2NDS eDirectory Certificates Wizard. This wizard creates Key Material Objects (KMOs) and places the correct KMO name in the Authentication ID field.
The KMOs are Secure Socket Layer (SSL) certificates:
Figure 5-2 SSL Certificates
Authentication Context
In the Authentication Context field, enter the host name or IP address of the destination server as well as the decimal port number (for example, 187.168.1.1:8196).
You can specify a separate port for Subscriber and Publisher channels by specifying a second port number following a second colon. If a second port number is specified, the Publisher channel uses the second port number rather than using the same port number as the Subscriber channel (for example, 255.255.255.255:2000:2001).
If your server has multiple IP addresses, you can specify the IP address you want the Publisher channel to use. This requires specifying the remote IP address, the Subscriber channel port, the local IP address, and the Publisher channel port. For example. 137.65.134.81:2000:137.65.134.83:2000 specifies that the Subscriber channel will communicate with the remote tree on 137.65.134.81, port 2000, and that the Publisher channel will listen on address 137:65.134.83, port 2000.
NOTE:If you see “java.net.ConnectException: Connection Refused,” no port connection is available on the remote side. This error might be caused by one of the following:
-
The driver on the remote side is not running.
-
The driver is running but is configured to use a different port.
Remote Loader Connection Parameters
The Remote Loader option isn’t needed (and isn’t used) for the Identity Manager Driver for eDirectory.
Driver Cache Limit
Don’t modify this field unless Novell Support asks you to do so.
Enter the application password
The application password on the eDirectory driver must match the Driver Object password of the driver in the other tree.
Scenario—Application Passwords: Server1 is in TreeA. Server 1 is running Identity Manager and the eDirectory driver. Server2 is in TreeB. Server2 is also running Identity Manager and the eDirectory driver.To Server1, the application is the eDirectory driver running on Server2. To Server2, the application is the eDirectory driver running on Server1. The application password on Server1 is the same as the Driver Object password on Server2.
A Best Practice tip is to set Driver Object password on the eDirectory driver and the application password in the corresponding driver in a similar relationship to the Driver Object password and the Remote Loader password when using a Remote Loader.
Remove existing password
pertains to the application password. This option is rarely used. However, you might accidentally enter the application password when the driver in the other tree does not have a Driver Object password set. Or you might point the driver to a different driver in the other tree, a driver that doesn't have a Driver Object password set.
After a password is set it cannot be removed, only changed. If you set the Driver Object password in TreeA, you would thereafter need an application password on the driver in TreeB.