Novell Doc: Identity Manager 4.0 Driver for GroupWise Implementation Guide

A.2 Global Configuration Values

Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.

The GroupWise driver includes many GCVs. You can also add your own if you discover you need additional ones as you implement policies in the driver.

To access the driver’s GCVs in iManager:

Click to display the Identity Manager Administration page.
Open the driver set that contains the driver whose properties you want to edit.
1. In the Administration list, click Identity Manager Overview.
2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.
3. Click the driver set to open the Driver Set Overview page.
Locate the driver icon, click the upper right corner of the driver icon to display the Actions menu, then click Edit Properties.

or

To add a GCV to the driver set, click Driver Set, then click Edit Driver Set properties.

To access the driver’s GCVs in Designer:

Open a project in the Modeler.
Right-click the driver icon or line, then select Properties > Global Configuration Values.

or

To add a GCV to the driver set, right-clickthe driver set icon , then click Properties > GCVs.

The global configuration values are organized as follows:

Table A-8 Driver Configuration

GCV Name	Description
GroupWise Domain Database Version	The version of the GroupWise domain database to which this driver should connect. GroupWise 8 GroupWise 7 GroupWise 6.5
Default Sync Source: eDir Container/Subtree	Specify the eDirectory container in which object changes are detected and synchronized. Synchronization occurs for objects subordinate to the specified source location. Object events occurring outside of the specified subtree are vetoed by the driver. Specify the entire eDirectory tree [root] with a backslash if you want all containers within the tree to be monitored for synchronization.
Default Sync Destination: GroupWise PostOffice	Specify the GroupWise post office in which newly added eDirectory objects are created. Use the browse button to select the GroupWise post office or specify the GroupWise post office name as an eDirectory distinguished name (DN) in slash format. For example: GW\GWSystem\PO1.
Enforce Admin Lockout Setting	Enforces the Minimum Snap-in Release Version and Minimum Snap-in Release Date set in the Admin Lockout Settings tab of System Preferences in ConsoleOne. If the domain to which the driver connects has overridden these settings, the domain settings are used. This means that the GroupWise driver must be running with GroupWise support files equal to or later than these settings. Normally, it is set to True. You might need to set it to False, if the GroupWise support pack is installed and ConsoleOne is configured to lock out previous versions. True enforces this lockout setting. False disables this lockout setting.
Synchronize Groups	Allows the driver to synchronize eDirectory groups to GroupWise distribution lists. True enables the synchronization. False disables the synchronization.
Cleanup Group Membership	Available only if Synchronize Groups is set to True. Removes the user from the Group Membership attribute when the user is removed from the GroupWise Distribution lists.
Synchronize GroupWise Distribution Lists	Allows the driver to synchronize eDirectory GroupWise Distribution List objects with distribution lists in GroupWise. True enables the synchronization. False disables the synchronization.
Synchronize GroupWise External Entity Objects	Allows the driver to synchronize eDirectory GroupWise External Entity objects with external users in GroupWise. True enables the synchronization. False disables the synchronization.
Sync GroupWise External Entities to this Domain	Available only if Synchronize GroupWise Distribution Lists is set to True. Specify a non-GroupWise domain name that exists within the GroupWise system. This domain must host at least one external post office, defined in Sync GroupWise External Entities to this External Post Office.
Sync GroupWise External Entities to this External Post Office	Available only if Synchronize GroupWise Distribution Lists is set to True. Specify an external post office name that exists within the GroupWise system. This post office must be subordinate to the GroupWise domain defined in Sync GroupWise External Entities to this Domain.
Synchronize eDir OrgUnit to GroupWise External Post Office	Allows the driver to synchronize eDirectory organizational units to GroupWise external post offices. True enables the synchronization. False disables the synchronization.
Create External Post Offices in the Non-GroupWise Domain	Available only if Synchronize eDir OrgUnit to GroupWise External Post Office is set to True. Specify a non-GroupWise domain name that exists within the GroupWise system. This domain hosts the external post offices created by the GroupWise driver when synchronizing eDirectory organizational units to GroupWise post offices.
Create Nicknames	Allows the driver to create GroupWise nicknames when GroupWise accounts are renamed or moved to another post office. True creates nicknames when the accounts are renamed or moved. False does not create nicknames when the accounts are renamed or moved. NOTE:This option should not be used with GroupWise 6.5.0 or earlier.
Reassign Resource Ownership	The driver reassigns ownership of resources when GroupWise accounts are disabled or expired. True assigns the resources to the default User ID you specify in the next parameter. This setting does not apply when a GroupWise account is deleted because the resources must be reassigned. False is the default.
Default Resource Owner User ID	Specify the prefix of the default user to become the new owner of resources that are reassigned. The default is IS_admin. You must specify this name even when the Reassign Resource Ownership option is False. When a GroupWise account is deleted, its resources are assigned to this account. If the default User ID does not have a GroupWise account in the post office of the deleted account, an account is created. IMPORTANT:The driver does not start if a default user prefix is not specified.
Create Accounts During Migration	Allows the driver to create new GroupWise accounts for users without a current account during a migration from eDirectory. True allows the accounts to be created. False does not create the accounts. Migration causes Identity Manager to examine every object specified. When an object does not have a driver association, the Create policy is applied. If the object meets the Create rule criteria, the object is passed to the driver as an Add event. When you specify True, the driver creates a GroupWise account. When False is specified, the Add event is ignored and the driver issues a warning that this option is set to False. The default value is False. Migration sets the driver association on all users with GroupWise accounts. See Section 3.4, Associating Identity Vault Users and GroupWise Users for more information.
Action on eDirectory User Delete	Specify the action you want the driver to take on an associated GroupWise account when a user is deleted in eDirectory: Delete the GroupWise Account Disable the GroupWise Account Expire the GroupWise Account Disable and Expire the GroupWise Account
Action on eDirectory User Expire/Unexpire	Specify the action you want the driver to take on an associated GroupWise account when its user login in eDirectory is expired or unexpired: Expire/Unexpire the GroupWise Account Disable/Enable the GroupWise Account Disable/Enable and Expire/Unexpire the GroupWise Account
Action on eDirectory User Disable/Enable	Specify the action you want the driver to take on an associated GroupWise account when its user login in eDirectory is disabled or enabled: Expire/Unexpire the GroupWise Account Disable/Enable the GroupWise Account Disable/Enable and Expire/Unexpire the GroupWise Account
Remove GW Account from All Distribution Lists on Expire	Set this option to True, if you want the driver to remove the GroupWise account from all distribution lists when the next event is processed, otherwise select False.
Remove GW Account from All Distribution Lists on Disable	Set this option to True if you want the driver to remove the GroupWise account from all distribution lists when the next event is processed; otherwise, select False.
Action on eDirectory GroupWise External Entity Delete	When a GroupWise External Entity is deleted in eDirectory, specify the action you want the driver to take on the associated GroupWise account. The options are: Delete the GroupWise Account Disable the GroupWise Account Expire the GroupWise Account Disable and Expire the GroupWise Account
Action on eDirectory GroupWise External Entity Expire/Unexpire	When a GroupWise External Entity login in eDirectory is expired/unexpired, specify the action you want the driver to take on the associated GroupWise account: Expire/Unexpire the GroupWise Account Disable/Enable the GroupWise Account Disable/Enable and Expire/Unexpire the GroupWise Account
Action on eDirectory GroupWise External Entity Disable/Enable	When a GroupWise external entity login in eDirectory is disabled/enabled, specify the action you want the driver to take on the associated GroupWise account: Expire/Unexpire the GroupWise Account Disable/Enable the GroupWise Account Disable/Enable and Expire/Unexpire the GroupWise Account
Remove GroupWise External Entity from all Distribution lists on expire	Select True if you want the driver to remove the GroupWise external entity from all distribution lists when the GroupWise account is expired; otherwise, select False.
Remove GroupWise External Entity from all Distribution Lists on disable	Select True if you want the driver to remove the GroupWise external entity from all distribution lists when the GroupWise account is disabled; otherwise, select False.
Publisher Heartbeat Interval	Specify the Publisher channel heartbeat interval in minutes. Enter 0 to disable the heartbeat.

Table A-9 Entitlements

GCV Name	Description
Action On GroupWise Account Entitlement Add	When a user is created in eDirectory with a GroupWise account entitlement, select the action you want to occur on the associated GroupWise account: Disable the GroupWise Account Enable the GroupWise Account
Action On GroupWise Account Entitlement Remove	When a user’s GroupWise account entitlement is removed in eDirectory, specify the action you want the driver to take on an associated GroupWise account: Disable the GroupWise account Delete the GroupWise account Expire the GroupWise account Disable and expire the GroupWise account

Table A-10 Password Synchronization

Option	Description
Set the initial/default GroupWise password on account creation	If True, the GroupWise initial/default password is set when an account is created. The initial password value is specified in the Create Policy. If False, the initial password is not set. GroupWise has two passwords, the initial password and the regular password. The initial password is stored in clear text and can be seen by an admin. The regular password is encrypted and cannot be viewed. When it is set, the regular password is used by GroupWise instead of the initial password. When a GroupWise user changes his or her password, it is stored as the regular password. For security, the initial password is never set to a password sent from eDirectory.
Synchronize the eDirectory password to the GroupWise regular password	If True, allows passwords to flow from eDirectory to GroupWise. If False, the regular password is not set. GroupWise has two passwords, the initial password and regular password. The initial password is stored in clear text and can be seen by an admin. The regular password is encrypted and cannot be viewed. When it is set, the regular password is used by GroupWise instead of the initial/default password. When a GroupWise user changes his or her password, it is stored as the regular password. For security, the initial password is never set to a password sent from eDirectory.

Option

Description

Set the initial/default GroupWise password on account creation

If True, the GroupWise initial/default password is set when an account is created. The initial password value is specified in the Create Policy. If False, the initial password is not set.

GroupWise has two passwords, the initial password and the regular password. The initial password is stored in clear text and can be seen by an admin. The regular password is encrypted and cannot be viewed. When it is set, the regular password is used by GroupWise instead of the initial password. When a GroupWise user changes his or her password, it is stored as the regular password. For security, the initial password is never set to a password sent from eDirectory.

Synchronize the eDirectory password to the GroupWise regular password

If True, allows passwords to flow from eDirectory to GroupWise. If False, the regular password is not set.

GroupWise has two passwords, the initial password and regular password. The initial password is stored in clear text and can be seen by an admin. The regular password is encrypted and cannot be viewed. When it is set, the regular password is used by GroupWise instead of the initial/default password. When a GroupWise user changes his or her password, it is stored as the regular password. For security, the initial password is never set to a password sent from eDirectory.