A.2 Global Configuration Values

Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.

The eDirectory driver includes several GCVs that are created from information supplied during importing the driver configuration file (see Section 3.0, Creating a New Driver) and one that is not.

The driver also includes the GCVs that are used with password synchronization. In Designer, you must click the icon next to a password synchronization GCV to edit it. This displays the Password Synchronization Options dialog box that has a better view of the relationship between the different settings. In iManager, you should edit the password synchronization settings on the Server Variables tab rather than under the GCVs. The Server Variables page has a better view of the relationship between the different GCVs.

You can add your own GCVs if you discover you need additional ones as you implement policies in the driver.

To access the driver’s GCVs in iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit.

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, click the upper right corner of the driver icon to display the Actions menu, then click Edit Properties.

    or

    To add a GCV to the driver set, click Driver Set, then click Edit Driver Set properties.

To access the driver’s GCVs in Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select Properties > Global Configuration Values.

    or

    To add a GCV to the driver set, right-clickthe driver set icon , then click Properties > GCVs.

Table A-6 Global Configuration Values > Password Configuration

Option

Description

Application accepts passwords from Identity Manager

If True, allows passwords to flow from the Identity Manager data store to the connected system.

Identity Manager accepts passwords from application

If True, allows passwords to flow from the connected system to Identity Manager.

Publish passwords to NDS password

Use the password from the connected system to set the non-reversible NDS® password in eDirectory.

Publish passwords to Distribution Password

Use the password from the connected system to set the NMAS™ Distribution Password used for Identity Manager password synchronization.

Require password policy validation before publishing passwords

If True, applies NMAS password policies during publish password operations. The password is not written to the data store if it does not comply.

Reset user’s external system password to the Identity Manager password on failure

If True, on a publish Distribution Password failure, attempt to reset the password in the connected system by using the Distribution Password from the Identity Manager data store.

Notify the user of password synchronization failure via e-mail

If True, notify the user by e-mail of any password synchronization failures.

Connected System or Driver Name

The name of the connected system, application, or Identity Manager driver. This value is used by the e-mail notification templates.

eDirectory Publisher Placement type

Select one of the following options:

  • Mirrored: Synchronizes objects hierarchically between the local and remote trees.

    If you choose this option, use the same option for configuring both eDirectory trees you are synchronizing.

    This option in the driver configuration synchronizes User, Group, Organization, Country, and Organizational Unit objects. It also mirrors the structure of a subtree in the other tree.

  • Flat: Synchronizes all Users and Groups into specific containers.

    This option synchronizes User and Group objects and places all users in one container and all groups in another container.

    This option is typically used in conjunction with the Department option (or a similar configuration) in the other tree.

    This option doesn’t create the containers that hold the users and groups. You must create those manually.

  • Department: Synchronize Users and Groups by department (OU).

    This option synchronizes User and Group objects and places all users and groups in a container based on the Department field in your management console.

    This configuration is typically used in conjunction with the Flat option (or a similar configuration) in the other tree.

    This option doesn’t create the containers for each department. You must create those manually. They must be the same as the container specified during import.

Remote Tree Base Container

Specify the source container for the objects in the destination eDirectory tree.