Novell Doc: Identity Manager 3.6 Driver for eDirectory Implementation Guide

A.1 Driver Configuration

In iManager:

Click to display the Identity Manager Administration page.
Open the driver set that contains the driver whose properties you want to edit:
1. In the Administration list, click Identity Manager Overview.
2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.
3. Click the driver set to open the Driver Set Overview page.
Locate the driver icon, then click the upper right corner of the driver icon to display the Actions menu.
Click Edit Properties to display the driver’s properties page.

In Designer:

Open a project in the Modeler, then right-click the driver line and click Properties > Driver Configuration.

The Driver Configuration options are divided into the following sections:

A.1.1 Driver Module

The driver module changes the driver from running locally to running remotely or the reverse.

Table A-1 Driver Module

Option	Description
Java	Used to specify the name of the Java* class that is instantiated for the shim component of the driver. This class can be located in the classes directory as a class file, or in the lib directory as a .jar file. If this option is selected, the driver is running locally. com.novell.nds.dirxml.driver.nds.DriverShimImpl
Native	This option is not used with the eDirectory driver.
Connect to Remote Loader	The Remote Loader is not used with the eDirectory driver. However, Designer includes two suboptions, one (Driver Object Password) of which is required to set up authentication between two eDirectory drivers. If you use a driver object password, you need to select the Connect to Remote Loader option, set the password, click Apply to save the password, then select the Java option again. Driver Object Password: Specifies a password for the eDirectory driver. This password must match the Application password set for the destination eDirectory driver. Remote Loader Client Configuration for Documentation: This option is not used with the eDirectory driver.

Option

Description

Java

Used to specify the name of the Java* class that is instantiated for the shim component of the driver. This class can be located in the classes directory as a class file, or in the lib directory as a .jar file. If this option is selected, the driver is running locally.

com.novell.nds.dirxml.driver.nds.DriverShimImpl

Native

This option is not used with the eDirectory driver.

Connect to Remote Loader

The Remote Loader is not used with the eDirectory driver. However, Designer includes two suboptions, one (Driver Object Password) of which is required to set up authentication between two eDirectory drivers. If you use a driver object password, you need to select the Connect to Remote Loader option, set the password, click Apply to save the password, then select the Java option again.

Driver Object Password: Specifies a password for the eDirectory driver. This password must match the Application password set for the destination eDirectory driver.
Remote Loader Client Configuration for Documentation: This option is not used with the eDirectory driver.

A.1.2 Driver Object Password (iManager Only)

The driver object password is used to enable the eDirectory driver’s Subscriber channel to authenticate to the Publisher channel of the destination eDirectory driver. This authentication, while optional, provides an extra layer of security between the two drivers.

In Designer, this setting is located under the Connect to Remote Loader option.

For additional information about setting up authentication between the two drivers, see Section 5.0, Securing Driver Communication.

Table A-2 Driver Object Password

Option	Description
Driver Object Password	Specifies a password for the eDirectory driver. This password must match the Application password set for the destination eDirectory driver.

A.1.3 Authentication

The Authentication section stores the information required to authenticate to the connected system. For the eDirectory driver, it stores the information required to authenticate to the connected eDirectory driver and tree.

Table A-3 Authentication

Option	Description
Authentication information for server	Displays or specifies the server that the driver is associated with.
Authentication ID	This ID is used by the driver to authenticate to the destination eDirectory driver. The ID is automatically generated and stored in this field when you run the NDS-to-NDS Driver Certificates wizard. For information, see Section 5.0, Securing Driver Communication.
Authentication Context or Connection Information	Specify the host name or IP address of the destination server as well as the decimal port number (for example, 187.168.1.1:8196). You can specify a separate port for Subscriber and Publisher channels by specifying a second port number following a second colon. If a second port number is specified, the Publisher channel uses the second port number rather than using the same port number as the Subscriber channel (for example, 255.255.255.255:2000:2001). If your server has multiple IP addresses, you can specify the IP address you want the Publisher channel to use. This requires specifying the remote IP address, the Subscriber channel port, the local IP address, and the Publisher channel port. For example. 137.65.134.81:2000:137.65.134.83:2000 specifies that the Subscriber channel will communicate with the remote tree on 137.65.134.81, port 2000, and that the Publisher channel will listen on address 137:65.134.83, port 2000. If you see java.net.ConnectException: Connection Refused, no port connection is available on the remote side. This error might be caused by one of the following: The driver on the remote side is not running. The driver is running but is configured to use a different port.
Remote Loader Connection Parameters or Host name Port KMO Other parameters	The eDirectory driver does not support the use of the Remote Loader. These options do not apply.
Driver Cache Limit (kilobytes) or Cache limit (KB)	Specify the maximum event cache file size (in KB). If it is set to zero, the file size is unlimited. Click Unlimited to set the file size to unlimited in Designer.
Application Password or Set Password	The application password, when used in conjuction with the driver object password, enables the eDirectory driver’s Subscriber channel to authenticate to the Publisher channel of the destination eDirectory driver. This authentication, while optional, provides an extra layer of security between the two drivers. This password be the same as the driver object password for the destination eDirectory driver. For more information, see Section 5.0, Securing Driver Communication.
Remote Loader Password or Set Password	The eDirectory driver does not support the use of the Remote Loader. These options do not apply.

A.1.4 Startup Option

The Startup Option section enables you to set the driver state when the Identity Manager server is started.

Table A-4 Startup Option

Option	Description
Auto start	The driver starts every time the Identity Manager server is started.
Manual	The driver does not start when the Identity Manager server is started. The driver must be started through Designer or iManager.
Disabled	The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start.
Do not automatically synchronize the driver	This option applies only if the driver is deployed and was previously disabled. If this is not selected, the driver re-synchronizes the next time it is started.

A.1.5 Driver Parameters

The Driver Parameters section lets you configure the driver-specific parameters. When you change driver parameters, you tune driver behavior to align with your network environment.

By default, there is only one driver parameter. It is the Publisher heartbeat interval under Publisher Options. The other parameters are displayed only if you manually add them as described in Section 8.2, Adding Driver Configuration Parameters.

Table A-5 Driver Parameters

Option	Description
Driver Options
SSL type	Specifies whether to use a Key Material Object (KMO) for SSL or use a Java keystore file. For more information, click the Information icon.
Subscriber Options
Address or host name of remote publisher	Specifies the IP address or DNS name of the server hosting the remote eDirectory driver that the local subscriber connects to.
TCP port of remote publisher	If the remote publisher options specify a TCP port, this must be set to specify and the value from the remote Publisher channel entered into the Port number field. (These two fields must match what is set in the remote Publisher channel's options, which have corresponding fields).
Port number	Specifies the port number that the remote publisher is configured to run on. Displays only if you select specify in the TCP port of remote publisher field.
Advanced options	Displays additional fields when you select show.
Socket local bind	The local bind fields specify which IP address the Subscriber channel’s socket will be bound to. This is generally only useful if the server has more than one IP address and it is important to bind to a particular address because of firewall settings.
Local bind address for subscriber socket	The local bind fields specify which IP address the Subscriber channel's socket will be bound to. This is generally only useful if the server has more than one IP address and it is important to bind to a particular address because of firewall settings.
Receive timeout in minutes	In order to detect a lost TCP/IP connection, the eDir-to-eDir driver periodically sends small packets. This value determines how long after entering a receive-wait condition the Subscriber channel waits until sending a keep-alive packet to determine if the TCP/IP connection has been lost. Generally, do not change this value except under instruction from Novell®. The default value for the Subscriber channel is one minute.
Publisher Options
Publisher heartbeat interval	Specifies how often you want the driver to send a status message along the Publisher channel when there has not been any traffic during the interval time.
Local bind address for publisher socket	Specifies which IP address the Subscriber channel's socket will be bound to. This is generally only useful if the server has more than one IP address and it is important to bind to a particular address because of firewall settings. This setting applies to the local publisher's “server” socket on which the local publisher listens for connections from the remote Subscriber channel.
Receive timeout in minutes	In order to detect a lost TCP/IP connection, the eDirectory driver periodically sends small packets. This value determines how long after entering a receive-wait condition the Publisher channel waits until sending a keep-alive packet to determine if the TCP/IP connection has been lost. Generally, do not change this value except under instruction from Novell. The default value for the Publisher channel is ten minutes.

A.1.6 ECMAScript

Enables you to add ECMAScript resource files. The resources extend the driver’s functionality when Identity Manager starts the driver.