1.2 Data Flow

This sections explains how the data flows between the NT Domain and the Identity Vault.

1.2.1 Policies

Policies are used to control data synchronization between NT Domain and the Identity Vault. The NT Domain sample driver configuration provides a set of policies, some of which are described in the table below. These policies can be customized through Novell iManager, as explained in Section 8.0, Customizing the NT Domain Driver.

Policy

Description

Schema Mapping

Configured on the driver object.

Maps the following eDirectory User class and properties to NT Domain Username class and attributes:

  • CN, name
  • Description, Comment
  • Full Name, FullName
  • Login Disabled, Disable
  • Password Allow Change, PasswordChange
  • Password Required, PasswordRequired
  • Login Allowed Time Map, LogonHours
  • Login Expiration Time, AcctExpires

Create

Configured on the Publisher channel.

Requires that the Surname attribute must be specified in order for a User object to be created.

NT does not use this attribute, but eDirectory™ requires it. To satisfy the eDirectory requirement, the Create policy sets a default Surname for all users, Unknown, or you can specify your own when importing the driver configuration.

Matching

Configured on the Publisher and Subscriber channels.

Specifies that a user in the Identity Vault is the same user as a user in NT when the value of CN is the same in both places.

NOTE:Because the NT Domain APIs allow queries for only the user name attribute, this policy should not be changed.

Placement

Configured on the Publisher and Subscriber channels.

Specifies that new users are named by the value of the leafmost part of the source distinguished name and are placed in the containers you defined during driver setup. You should create these containers before you start the driver.