You install the driver as part of the Novell Identity Manager
3.0.1 installation program. For installation instructions, refer
to the Installing
Identity Manager
chapter in the Identity
Manager 3.0.1 Installation Guide.
This section explains how to import the driver configuration for the Identity Manager driver for GroupWise. Importing the driver configuration also creates the driver object. After you have imported the configuration, you can use iManager to configure and manage the driver.
Designer allows you to import the basic driver configuration file for GroupWise. This file creates and configures the objects and policies needed to make the driver work properly. The following instructions explain how to create the driver and import the driver’s configuration.
There are many different ways of importing the driver configuration file in Designer. This procedure documents one way.
Open a project in Designer. In the modeler, right-click the Driver Set object and select
.From the drop-down list, select
, then click .Click
in the Perform Prompt Validation window.Configure the driver by filling in the fields with information specific to your environment.
For information on the settings, see Table 2-2.
After specifying parameters, click
to import the driver.After the driver is imported, customize and test the driver.
After the driver is fully tested, deploy the driver into the Identity Vault.
See Deploying
a Driver to an Identity Vault
in the Designer
for Identity Manager 3: Administration Guide.
The Create Driver Wizard in iManager helps you import the basic driver configuration file for GroupWise. This file creates and configures the objects and policies needed to make the driver work properly. The following instructions explain how to create the driver and import the driver’s configuration.
In Novell iManager, click
> .Select a driver set, then click
.If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.
Select
, and then click .Configure the driver by filling in the fields with information specific to your environment.
For information on the settings, see Table 2-2.
After specifying parameters, click
to import the driver.When the import is finished, you can define security equivalences and exclude administrative roles from replication.
The driver object must be granted sufficient eDirectory rights to any object it reads or writes to. You can do this by granting Security Equivalence to the driver object. The driver must have Read/Write access to users, post offices, resources, and distribution lists, and Create, Read, and Write rights to the post office container. Normally, the driver should be given security equal to Admin.
Identify all objects that represent administrative roles and exclude them from replication.
Exclude the security-equivalence object (for example, DriversUser) that you specified in Step 5. If you delete the security-equivalence object, you have removed the rights from the driver. Therefore, the driver can’t make changes to the Identity Vault.
Review the driver objects in the Summary page, then click
.Keep in mind that installing the driver software lets you
get the driver up and running, but it does not install the product
license. Without the license and activation, the driver will not
run after 90 days. For more information, refer to Activating
Novell Identity Manager Products
in the Identity
Manager 3.0.1 Installation Guide.
The following table explains the parameters you must provide during initial driver configuration.
NOTE:Some parameters are displayed only if the answer to a previous prompt requires more information to properly configure the policy.
Table 2-2 Driver Configuration Parameters
Field |
Description |
---|---|
|
The default value is GroupWise. Specify the name you want for the driver. |
|
There are two options, or .The GroupWise driver uses entitlements to manage user accounts
and distribution list membership in GroupWise. Entitlements work
in conjunction with external services such as the Identity Manager User
Application or Role-Based Entitlements. These external services
control provisioning to GroupWise. See IMPORTANT:After the driver is imported, review Section 2.3.4, Viewing Driver Parameters and Section 2.3.5, Modifying Global Configuration Values for additional configuration options. |
|
The DN for the default GroupWise Post Office for creating Accounts. The post office can be entered in slash or dot notation. Examples: Novell\GroupWise\PO (slash) PO.GroupWise.Novell (dot) |
|
Select the version of GroupWise you have installed. Options: |
|
Select the server OS where the GroupWise driver is installed and the server OS where the GroupWise domain resides. Depending upon the option that is selected, there are additional fields that are presented. See Table 2-3 for information about each option. Options: |
|
Entitlement option only. When a user is created in eDirectory with a GroupWise account entitlement, select the action you want to occur on the associated GroupWise account. |
|
Entitlements option only. When a user’s GroupWise account entitlement is removed in eDirectory, specify the action you want the driver to take on an associated GroupWise account. |
|
Configure the driver for use with the Remote Loader service by selecting , or select to configure the driver for local use. |
|
Remote option only. Specify the host name or IP address and port number where the Remote Loader service is installed. The default port is 8090. |
|
Remote option only. The driver password is used by the Remote Loader service to authenticate it to the Identity Manager server. It must be the same password that is specified as the Driver Object Password on the Identity Manager Remote Loader. |
|
Remote option only. The remote password is used to control access to the Remote Loader instance. It must be the same password that is specified as the Remote Loader password on the Remote Loader service. |
Table 2-3 Optional Fields for Driver and Domain Entry
During the driver import process, you enter the driver configuration values. Use the following procedure to view or modify these values.
In iManager, click
.Browse to the driver set that includes the GroupWise driver exists, then click
.Click the upper right corner of the GroupWise driver icon, then click
.Click the
tab, then modify any of the parameters.Global configuration values (GCVs) are settings that are similar
to driver parameters. Global configuration values are specified
for a driver set as well as an individual driver. If a driver does
not have a GCV, the driver inherits the value for that GCV from
the driver set. GCVs allow you to specify settings for new Identity
Manager features such as password synchronization and driver heartbeat,
as well as settings that are specific to the GroupWise driver. For
more information, refer to Using
Global Configuration Values
in Novell
Identity Manager 3.0.1 Administration Guide.
In iManager, click
.Browse to the driver set that includes the GroupWise driver exists, then click
.Click the upper right corner of the GroupWise driver icon, then click
.Click the Table 2-4.
tab, then modify the GCVs listed inTable 2-4 Global Configuration Values
GCV Name |
Description |
---|---|
|
The version of the GroupWise domain database to which this driver should connect. |
|
Enforces the Minimum Snap-in Release Version and Minimum Snap-in Release Date set in the Admin Lockout Settings tab of System Preferences in ConsoleOne. If the domain to which the driver connects has overridden these settings, they are used. This means the GroupWise driver must be running with GroupWise support files equal to or later than these settings. Normally it is set to . You might need to set it to , if the GroupWise support pack is installed and ConsoleOne is configured to lock out previous versions.enforces this lockout setting. disables this lockout setting. |
|
Allows the driver to synchronize eDirectory groups to GroupWise distribution lists. enables the synchronization. disables the synchronization. |
|
Allows the driver to create GroupWise nicknames when GroupWise accounts are renamed or moved to another post office. NOTE:This option should not be used with GroupWise 6.5.0 or earlier. creates nicknames when the accounts are renamed or moved. does not create nicknames when the accounts are renamed or moved. |
|
The driver reassigns ownership of resources when GroupWise accounts are disabled or expired. assigns the resources to the default User ID you specify in the next parameter. This setting does not apply when a GroupWise account is deleted because the resources must be reassigned. is the default. |
|
Specify the prefix of the default user who will become the new owner of resources that are reassigned. The default is IS_admin. You must specify this name even when the option is . When a GroupWise account is deleted, its resources are assigned to this account. If the default User ID does not have a GroupWise account in the post office of the deleted account, an account is created.IMPORTANT:The driver does not start if a default user prefix is not specified. |
|
Allows the driver to create new GroupWise accounts for users without a current account during a migration from eDirectory. allows the accounts to be created. does not create the accounts. Migration causes Identity Manager to examine every object specified. When an object does not have a driver association, the Create policy is applied. If the object meets the Create rule criteria, the object is passed to the driver as an Add event. When you specify , the driver creates a GroupWise account. When is specified, the Add event is ignored and the driver issues a warning that this option is set to . The default value is .Migration sets the driver association on all users with GroupWise accounts. See Section 2.4.6, Migrating eDirectory Users to GroupWise for more information. |
|
Specify the action you want the driver to take on an associated GroupWise account when a user is deleted in eDirectory, |
|
Specify the action you want the driver to take on an associated GroupWise account when its user login in eDirectory is expired or unexpired. |
|
Specify the action you want the driver to take on an associated GroupWise account when its user login in eDirectory is disabled or enabled. |
|
Set this option to , if you want the driver to remove the GroupWise account from all distribution lists when the next event is processed.
|
|
Set this option to if you want the driver to remove the GroupWise account from all distribution lists when the next event is processed.
|
|
Specify the Publisher channel heartbeat interval in minutes. Enter 0 to disable the heartbeat. |
|
If , the GroupWise initial password is set when an account is created. The initial password value is specified in the Create policy. If , the initial password is not set.GroupWise has two passwords, the initial password and regular password. The initial password is stored in clear text and can be seen by an administrator. The regular password is encrypted and cannot be viewed. When set, the regular password is used by GroupWise instead of the initial password. When a GroupWise user changes his or her password, it is stored as the regular password. For security, the initial password is never set to a password sent from eDirectory (nspmDistributionPassword attribute). |
|
If , allows passwords to flow from eDirectory to GroupWise. If , the regular password is not set.GroupWise has two passwords, the initial password and the regular password. The initial password is stored in clear text and can be seen by an administrator. The regular password is encrypted and cannot be viewed. When set, the regular password is used by GroupWise instead of the initial password. When a GroupWise user changes his or her password, it is stored as the regular password. For security, the initial password is never set to a password sent from eDirectory (nspmDistributionPassword attribute). |
If entitlements are enabled in the driver, there are additional GCVs, shown in Table 2-5.
Table 2-5 Global Configuration Values with Entitlements
Activation must be completed within 90 days of installation or the driver does not run.
For activation information, refer to Activating
Novell Identity Manager Products
in the Identity
Manager 3.0.1 Installation Guide.
NOTE:If you are upgrading from previous versions of the driver, you do not need to reactivate the driver.