Novell Doc: Identity Manager Driver 3.5.1 for SAP HR Guide

2.6 Importing the Driver Configuration

The Create Driver Wizard helps you import the basic driver configuration file for SAP HR. This file creates and configures the objects and policies needed to make the driver work properly. The driver can be created and imported through Designer or iManager.

2.6.1 Importing the Driver Configuration File in Designer

There are many different ways of importing the driver configuration file. This procedure only documents one way.

Open a project in Designer. In the Modeler, right-click the driver set and select New > Driver.
From the drop-down list, select SAP HR, then click Run.
Configure the driver by filling in the fields. Specify information for your environment. For information on the settings, see Section 2.6.3, Configuration Parameters for more information.
After specifying parameters, click Finish to import the driver.
After the driver is imported, customize and test the driver.
After the driver is fully tested, deploy the driver into the Identity Vault. See Deploying a Driver to an Identity Vault in the Designer 2.1 for Identity Manager 3.5.1.

2.6.2 Importing the Driver Configuration File in iManager

The following instructions explain how to create the driver and import the driver’s configuration.

In Novell iManager, click Identity Manager Utilities > Import Configurations.
Select a driver set, then click Next.

If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.
Select how you want the driver configurations sorted:
- All configurations
- Identity Manager 3.5 configurations
- Identity Manager 3.0 configurations
- Configurations not associated with an IDM version
Select SAP HR, then click Next.
Configure the driver by filling in the configuration parameters, then click Next. For information on the settings, see Section 2.6.3, Configuration Parameters.
Define security equivalences using a user object that has the rights that the driver needs to have on the server, then click OK.

The tendency is to use the Admin user object for this task. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
Identify all objects that represent administrative roles and exclude them from replication, then click OK.

Exclude the security-equivalence object (for example, DriversUser) that you specified in Step 6. If you delete the security-equivalence object, you have removed the rights from the driver, and the driver can’t make changes to Identity Manager.
Review the driver objects in the Summary screen, and then click Finish.

2.6.3 Configuration Parameters

Parameter Name	Parameter Description
Driver name	The actual name you want to use for the driver.
Organizational Object Container	The name of the Organization Unit object under which published SAP Organizational (O) objects are placed. You can modify this via the driver’s Global Configuration Values (GCVs.)
Position Object Container	The name of the Organizational Unit object under which published SAP Position (S) objects are placed. You can modify this via the driver’s Global Configuration Values (GCVs.)
Job Object Container	The name of the Organizational Unit object under which published SAP Job (C) objects are placed. You can modify this via the driver’s Global Configuration Values (GCVs.)
Active Users Container	The name of the Organizational Unit object where Active users are placed. You can modify this via the driver’s Global Configuration Values (GCVs.)
Inactive Users Container	The name of the Organizational Unit object where Inactive users are placed. You can modify this via the driver’s Global Configuration Values (GCVs.)
Active Employees Group	The name of the Group object to which Active Employee users are added. To learn more about determining Employee status, refer to “Using the Relationship Query” on page 48. You can modify this via the driver’s Global Configuration Values (GCVs.)
Active Managers Group	The name of the Group object to which Active Manager users are added. To learn more about determining Employee status, refer to “Using the Relationship Query” on page 48. You can modify this via the driver’s Global Configuration Values (GCVs.)
SAP Client Number	The client number to be used on the SAP application server. This is referred to as the Client in the SAP R/3 logon screen.
SAP Language Code	The language this driver uses for the SAP session. This is referred to as the Language in the SAP R/3 logon screen.
Metadata File Directory	The file system location in which the SAP Metadata definition file resides. By default, this is in the SAPUtils subdirectory of the driver’s installation directory. IMPORTANT:This must be on the same system where the driver shim runs.
IDoc File Directory	The file system location in which the SAP HR IDoc files are placed by the SAP ALE system. IMPORTANT:This must be accessible to the driver shim process.
Password Failure Notification User	Password synchronization policies are configured to send e-mail notifications to the associated user when password updates fail. You have the option of sending a copy of the notification e-mail to another user, such as a security administrator. If you want to send a copy, you can specify or browse for the DN of that user. Otherwise, leave this field black.
Publisher Channel Only	Select whether you want the driver to use the Publisher channel only or if you want it to use both the Publisher and Subscriber channels.
Enable or Disable Publisher Connection to the SAP Application Server	Select Enable if you want the Publisher channel to read data from the SAP server in addition to IDoc data. Select Disable to use IDoc data only.
SAP Application Server	The host name or IP address for connecting to the appropriate SAP application server. This is referred to as the Application Server in the SAP logon properties.
SAP System Number	The SAP system number on the SAP application server. This is referred to as the System Number in the SAP logon properties.
SAP User ID	The ID of the user this driver uses for the SAP system logon. This is referred to as the User in the SAP R/3 logon screen.
SAP User Password	The User password this driver uses for the SAP system logon. This is referred to as the Password in the SAP R/3 logon screen.
Install Driver as Remote/Local	Configure the driver for use with the Remote Loader service by selecting the Remote option, or select Local to configure the driver for local use. If Local is selected, you can skip the remaining parameters.
Remote Host Name and Port	Specify the host Name or IP address and port number for where the Remote Loader service has been installed and is running for this driver. The default port is 8090.
Driver Password	The driver object password is used by the Remote Loader to authenticate itself to the Identity Manager server. It must be the same password that is specified as the driver object password on the Identity Manager Remote Loader.
Remote Password	The Remote Loader password is used to control access to the Remote Loader instance. It must be the same password that is specified as the Remote Loader password on the Identity Manager Remote Loader.

The additional driver parameters are set to default values during the import process, but they can be modified in iManager (by clicking the Driver Configuration tab on the driver object.)

Parameter Name	Parameter Description
Character Set Encoding	The character set encoding used to parse data from IDocs. If not specified, the driver uses the platform default encoding. If you incorrectly specify a character set, the driver initialization fails (default: blank)
Master HR IDoc	The name of the IDoc type that is generated by the SAP ALE system to publish SAP HR database Master data modification. If not specified, the driver determines the revision of the SAP HR system and default to the standard IDoc type for that revision of SAP (default: HRMD_A05) This field is optional, unless you select the Publisher channel Only option.
Object Type Code	A list parameter that allows an administrator to specify which HR object types are synchronized (default: P, S, O, and C.)
(Optional) Address Subtype Code	A list of configuration parameters that allows an administrator to specify which subtype of data the SAP Private Address infotype the driver synchronizes (default: 1 and US01)
(Optional) Communication Subtype Code	A list configuration parameter that allows an administrator to specify which subtype data of the SAP Communication infotype the driver synchronizes (default: CELL, MAIL, PAGR.)
Poll Interval (seconds)	Specifies how often the driver polls for unprocessed IDocs (default: 5 seconds.)
Future-dated Event Handling Option	The processing of this option is determined by the Begin and End validity dates of the desired IDoc infotypes. There are four possible values for this parameter. The driver default is to Publish on Future Date. Publish Immediately - Indicates that all attributes will be processed by the driver when the IDoc is available. A time stamp is set for each attribute that represents the validity period. Publish on a Future Date - Indicates that only attributes that have a current or past time stamp will be processed by the driver when the IDoc is available. Future-dated infotype attributes are cached in a .futr file to be processed at a future date. Publish Immediately and on Future Date - Indicates that the driver will blend options 1 and 2. All attributes will be processed, with a time stamp, at the time the IDoc is available. All future-dated infotype attributes are also cached in a.futr file to be processed at a future date. Publish Immediately and Daily through Future Date - Indicates that the driver will process all events at the time the IDoc is made available. All future-dated infotype attributes are cached in a .futr file to be processed again on the next calendar day. This continues until the attributes are sent for a final time on the future date.
Future-dated Event Validity Checking Option	Specify whether or not the driver attempts to filter out stale data in future-dated IDocs (by verifying the begin and end validity dates of the data.)
Publish History Items	Specifies if data values that are no longer valid are published by the driver (default: Do Not Publish History Data.)
Communication Change Mode	This Subscriber channel parameter specifies how the driver handles requests to change, remove, or add Communication (Infotype 0105) record instances on employees. There are three modes of operation available. For more information on the functionality of the various modes of operation, see Section D.0, Subscriber Change Modes and Validity Date Modes. Options include: Delimit mode Delete mode Change mode (default driver mode)
Communication Validity Date Mode	This Subscriber channel parameter specifies how Beginning and Ending validity dates are set on newly created Communication record instances on employees. There are two modes of operation available. For more information on the functionality of the various modes of operation, see Section D.0, Subscriber Change Modes and Validity Date Modes.
Internal Data Change Mode	This Subscriber channel parameter specifies how the driver handles requests to change, remove, or add Internal Control Data (Infotype 0032) record instances on employees. There are three modes of operation available. For more information on the functionality of the various modes of operation, see Section D.0, Subscriber Change Modes and Validity Date Modes. Options include: Delimit mode Delete mode Change mode (default driver mode)
Internal Data Validity Date Mode	This Subscriber channel parameter specifies how Beginning and Ending validity dates are set on newly created Internal Control Data record instances on employees. There are two modes of operation available. For more information on the functionality of the various modes of operation, see Section D.0, Subscriber Change Modes and Validity Date Modes. Options include: Default mode Current Date Mode (default driver mode)