All eDirectory driver communication is secured through SSL. You can configure your Novell eDirectoryTM system to handle secure Identity Manager data transfers using a wizard in Novell iManager.
The following items can help you understand eDirectory driver security:
A minimum of two KMOs (one KMO per tree) must be created for use with the DirXML Driver for eDirectory. This section explains using a single KMO per tree.
The NDS2NDS Driver Certificate wizard walks you through the process of setting up the KMOs.
Both sides of a channel need a certificate signed by the same Certificate Authority (CA). At least one of the two channels (the Publisher or Subscriber) of the driver on one tree needs a certificate signed by the Certificate Authority of the tree on the other side of the channel.
To use a certificate from one tree in another tree, the Trusted Root certificate from the first tree's Certificate Authority must be exported for use in the second tree.
This section explains using a single KMO per tree.
To configure your eDirectory system to handle secure Identity Manager data transfers:
Launch iManager and authenticate to your first tree.
Click DirXML Management > NDS2NDS Driver Certificate.
At the Welcome page, enter the requested information for the first tree.
Default values are provided using objects in the tree that you authenticated to when you launched iManager. You must enter or confirm the following information:
Click Next.
The wizard uses the information you entered to authenticate to the first tree, verify the driver DN, and verify that the driver is associated with a server.
Enter the requested information for the second tree.
At the Welcome page, enter the requested information for the first tree.
Enter or confirm the following information:
Click Next.
The wizard uses the information you entered to authenticate to the second tree, verify the driver DN, and verify that the driver is associated with a server.
Review the information on the Summary Page, and click Finish.
If KMOs already existed for these trees, the wizard deletes them and then does the following: