1.2 Support for Standard Driver Features

The LDAP driver supports these standard driver features:

1.2.1 Local and Remote Platforms

You can install the LDAP driver locally or remotely.

An installation on the same computer where an Identity Vault and the Metadirectory engine are installed is referred to as a local configuration. The following figure illustrates a local configuration:

Figure 1-2 A Local Configuration

If platform or policy constraints make a local configuration difficult, you can install the LDAP driver on the server hosting the target LDAP server. This installation is referred to as a remote configuration and requires the use of the Remote Loader service.

Although a remote configuration is possible, it provides little additional flexibility because of the following:

  • The driver can run on any Identity Vault platform.

  • The driver communicates with the LDAP server on any platform across the wire via the LDAP protocol.

See System Requirements in the Identity Manager 4.0 Framework Installation Guide for information about the supported platforms for the Metadirectory server and Remote Loader.

1.2.2 Entitlements

The provided sample configuration for the LDAP driver supports Account and Group Membership entitlements. For more information about entitlements, see the Identity Manager 4.0 Entitlements Guide.

1.2.3 Password Synchronization

The LDAP driver supports password synchronization on the Subscriber channel, meaning that you can send passwords from the Identity Vault to any connected LDAP directory.

Password synchronization on the Publisher channel (LDAP directory to Identity Vault) is supported with Sun Java System Directory version 5.2 and Sun Java System Directory Server Enterprise Edition version 6.3.x. See Section 2.2, Installing the Identity Manager Plug-Ins for Password Synchronization with Sun Java System Directory.