Novell Documentation: Nsure Identity Manager Drivers

Installing the Driver

You install the driver as part of the Novell Nsure Identity Manager 2 installation program. For installation instructions, refer to the Novell Nsure Identity Manager 2 Administration Guide.

This section explains how to import the driver configuration for the DirXML Driver for GroupWise. Importing the driver configuration also creates the driver object. After you have imported the configuration, you can use iManager to configure and manage the driver.

In this section, you will find information for:

Configuration Information

As you import the driver configuration file, you will be prompted for the following information.

Parameter name	Parameter Description
Driver name	The actual name you want to use for the driver.
GroupWise Domain Database Version	The version of the GroupWise domain database to which this driver should connect.
Primary Domain Server	The host name or IP address for the server that contains the GroupWise primary domain database (wpdomain.dp) to which the driver connects. The format is [hostname], [hostname.com], or [###.###.###.###] when GroupWise is on a remote system, or [blank] when the GroupWise domain database is on the same physical system as the driver. When this driver is installed on NetWare, it can access a GroupWise domain database only on the local NetWare file system.
Primary Domain Path	The path to the directory containing the GroupWise primary domain database (wpdomain.db) to which this driver should connect. When this driver is installed on NetWare, the format is: [volume:\Novell\GroupWise\Domain] - The database is on the local or remote NetWare server (there is a colon after the volume) When this driver is installed on Windows, the format options are: [volume\Novell\GroupWise\Domain] - The database is on a remote NetWare system (there is no colon after the volume) [c:\Novell\GroupWise\Domain] - The database is on the local Windows system [c$\Novell\GroupWise\Domain] - The database is on a remote Windows system
Username	The username this driver uses to authenticate to the remote system that contains the GroupWise database. It must be the name of a user account on the remote system. When this driver is installed on Windows, the same username and password must also be configured on that Windows system. Leave this field blank when the GroupWise database is on the same physical system as this driver.
Password	The password for the username entered above. If the username field is blank, you should not enter a password.
eDirectory User Context	When the GroupWise domain database is on a remote NetWare server, use the eDirectory context of the Username specified above. The context is specified as [\TREE\Novell\admims], [ou=admins.o=Novell], or [admins.Novell]. Otherwise, leave this field blank.
Default Post Office	The DN of the default GroupWise post office for creating accounts. The format is either in slash notation [Novell\GroupWise\PO], dot notation [PO.GroupWise.Novell], or you can browse to the post office.
Synchronize Groups	Select Yes if you want this driver to synchronize eDirectory groups to GroupWise distribution lists. Otherwise, select No.
Create Nicknames	Select Yes to specify that the driver creates GroupWise nicknames when GroupWise accounts are renamed or moved to another post office. Otherwise, select No. When a GroupWise account is renamed or moved to another post office, you need to decide if the driver should create a nickname using the old account name. Rename and Move events change the e-mail address of the account. When Yes is specified, e-mails sent to the old E-mail address will be delivered to this account. The GroupWise 6 SP1 agents are required for nicknames to be created. The default is No.
Reassign Resource Ownership	Select Yes to specify that this driver should reassign ownership of resources when GroupWise accounts are disabled or expired. Otherwise, select No. If you choose Yes, the resources are assigned to the default User ID you specify in the next parameter. This setting does not apply when a GroupWise account is deleted because the resources must be reassigned. The default is No.
Default Resource User ID	Specify the prefix of the default user who will become the new owner of resources that are reassigned. The default is IS_admin. You should always specify this name even when the Reassign Resource Ownership option is No. When a GroupWise Account is deleted, its resources are assigned to this account. If the default User ID does not have a GroupWise account in the post office of the deleted account, an account is created. 重要: The driver will not start if a default user prefix is not specified.
Create Accounts During Migration	Select Yes or No to specify that this driver should create new GroupWise accounts for users without a current account during a migration from eDirectory. Migration causes DirXML to examine every object specified. When an object does not have a driver association, the Create policy is applied. If the object meets the Create rule criteria, the object is passed to the driver as an Add event. If a corresponding GroupWise account already exists, the association key is set. Otherwise, when you specify Yes, the driver creates a GroupWise account. When No is specified, the add event is ignored and the driver issues a warning that this option is set to No. The default is No.
Configure Data Flow	Data flow can be configured at this time for the driver. Select the data flow that you desire. Bidirectional means that both GW and eDirectory are authoritative sources of the data synchronized between them. GW to eDirectory means that GroupWise is the authoritative source. eDirectory to GW means that eDirectory is the authoritative source.
Enable Entitlements	Select Yes if you are also using the Entitlements Service driver and want this driver to use Role-Based Entitlements. Otherwise, select No.
Action On eDirectory User Delete	When a user is deleted in eDirectory, specify the action you want the driver to take on an associated GroupWise account. Choose from Delete the GroupWise Account, Disable the GroupWise Account, Expire the GroupWise Account, or Disable and Expire the GroupWise Account.
Action On eDirectory User Expire/Unexpire	When a user login in eDirectory is expired/unexpired, specify the action you want the driver to take on an associated GroupWise account. Choose from Expire/Unexpire the GroupWise Account, Disable/Enable the GroupWise Account, or Disable/Enable and Expire/Unexpire the GroupWise Account.
Action On eDirectory User Disable/Enable	When a user login in eDirectory is disabled/enabled, specify the action you want the driver to take on an associated GroupWise account. Choose from Expire/Unexpire the GroupWise Account, Disable/Enable the GroupWise Account, or Disable/Enable and Expire/Unexpire the GroupWise Account.
Remove GW account from all Distribution Lists on expire	Select Yes if you want the driver to remove the GroupWise account from all distribution lists when the account is expired. Otherwise, select No.
Remove GW account from all Distribution Lists on disable	Select Yes if you want the driver to remove the GroupWise account from all distribution lists when the account is disabled. Otherwise, select No.

Importing the Driver Configuration

The Create Driver Wizard helps you import the basic driver configuration file for GroupWise. This file creates and configures the objects and policies needed to make the driver work properly. The following instructions explain how to create the driver and import the driver's configuration.The driver code is now installed and ready for configuration.

In Novell iManager, click DirXML Utilities > Create Driver.
Select a driver set.

If you place this driver in a new driver set, you must specify a driver set name, context, andassociated server.
Select Import a Driver Configuration from the Server, then select GroupWise.xml.

The driver configuration files are installed on the Web server when you install DirXML. During the import, you will be prompted for the driver's parameters and other information. Refer to Configuration Information for more information.
Enter the driver's parameters, then click OK to import the driver.

When the import is finished, you can define security equivalences and exclude administrative roles from replication.

The driver object must be granted sufficient eDirectory rights to any object it reads or writes. You can do this by granting Security Equivalence to the driver object. The driver must have Read/Write access to users, post offices, resources, and distribution lists, and Create, Read, and Write rights to the post office container. Normally, the driver should be given security equal to Admin.
Review the driver objects in the Summary screen and click Finish.

Keep in mind that installing the driver software lets you get the driver up and running, but it does not install the product license. Without the license and activation, the driver will not run after 90 days. For more information, refer to Activating the Driver.

Upgrading from the 2.0 Version of the Driver

Use the steps in this section to upgrade the DirXML Driver 2.0 for GroupWise. You might want to export your existing driver configuration before upgrading. (Your existing driver configurations will be converted to the Identity Manager 2 format when you modify policies.)

To upgrade to version 2.1:

注: You should delete GWADJ1.DLL from any DirXML-related directories. If the file exists in any other directory in the search path, you might encounter problems. Do not delete this file from the ConsoleOne directory.

In Novell iManager, click eDirectory Administration > Modify Object.
Specify the driver object's name, then click OK.
Scroll down to the Startup Option section, click Manual, then click OK.
Shut down eDirectory or the Remote Loader.
Run the Identity Manager 2 installation program and select the GroupWise driver.

You install the driver over the existing 2.0 driver files. This step will update all necessary driver files.
When the installation completes, reboot the computer where the driver exists. Also restart eDirectory or the Remote Loader.

Activating the Driver

DirXML and DirXML drivers must be activated within 90 days of installation, or they will not run. At any time during the 90 days, or afterward, you can choose to activate DirXML products to a fully licensed state.

To activate your driver, you should:

Purchase DirXML licenses
Generate a Product Activation Request
Submit the Product Activation Request
Install the Product Activation Credential received from Novell

For more information about completing these tasks, refer to Activating Your DirXML Product.