This section discusses implementations, additions, or exceptions specific to this driver. For information on Identity Manager fundamentals, see the Novell Identity Manager 3.0.1 Administration Guide.
This section provides information on channels, filters, and policies, all of which control data flow.
The driver supports Publisher and Subscriber channels:
The Publisher channel reads information from the LDAP directory change log or an LDAP search and submits that information to an Identity Vault via the Metadirectory engine.
By default, the Publisher channel checks the log every 20 seconds, processing up to 1000 entries at a time, starting with the first unprocessed entry.
The Subscriber channel watches for additions and modifications to Identity Vault objects and issues LDAP commands that make changes to the LDAP directory.
Identity Manager uses filters to control which objects and attributes are shared. The default filter configurations for the LDAP driver allow objects and attributes to be shared, as illustrated in the following figure:
Figure 1-1 LDAP Driver Filters
Policies are used to control data synchronization between the driver and an Identity Vault. The LDAP driver comes with two preconfiguration options to set up policies.
The Flat option implements a flat structure for users in both directories.
With this configuration, when user objects are created in one directory, they are placed in the root of the container you specified during driver setup for the other directory. (The container name doesn't need to be the same in both the Identity Vault and the LDAP directory). When existing objects are updated, their context is preserved.
The Mirror option matches the hierarchical structure in the directories.
With this configuration, when new user objects are created in one directory, they are placed in the matching hierarchical level of the mirror container in the other directory. When existing objects are updated, their context is preserved.
Except for the Placement policy and the fact that the Flat configuration doesn't synchronize Organizational Unit objects, the policies set up for these options are identical.
The following table provides information on default policies. These policies and the individual rules they contain can be customized through Novell iManager as explained in Section 4.0, Customizing the LDAP Driver.
Table 1-3 Default Policies