Novell Documentation: Nsure Identity Manager Drivers

Default Driver Configuration

DirXML fundamentals are explained in the Novell Nsure Identity Manager 2 Administration Guide. This section discusses implementations, additions, or exceptions specific to this driver.

Data Flow

Publisher and Subscriber Channels

The driver supports Publisher and Subscriber channels:

The Publisher reads information from the LDAP directory change log and submits that information to eDirectory via the DirXML engine.
By default, the Publisher checks the log every 20 seconds, processing up to a 1000 entries at a time, starting with the first unprocessed entry.
The Subscriber watches for additions and modifications to eDirectory objects and issues LDAP commands that will make changes to the LDAP directory.

Filters

DirXML uses filters to control which objects and attributes are shared. The default filter configurations for the LDAP driver allow objects and attributes to be shared, as illustrated in the following figure:

図 1
LDAP Driver Filters

Policies

Policies are used to control data synchronization between the driver and eDirectory. The LDAP driver comes with two preconfiguration options to set up policies.

The Flat option implements a flat structure for users in both directories.
With this configuration, when user objects are created in one directory, they are placed in the root of the container you specified during driver setup for the other directory (the container name does not have to be the same in both eDirectory and the LDAP directory). When existing objects are updated, their context is preserved.
The Mirror option matches the hierarchical structure in the directories.
With this configuration, when new user objects are created in one directory, they are placed in the matching hierarchical level of the mirror container in the other directory. When existing objects are updated, their context is preserved.

Except for the Placement policy and the fact that the Flat configuration doesn't synchronize Organizational Unit objects, the policies set up for these options is identical.

Default policies are detailed in the following table. These policies and the individual rules they contain can be customized through Novell iManager as explained in Customizing the LDAP Driver.

Policy	Description
Mapping	Maps the eDirectory User object and selected properties to an LDAP inetOrgPerson. Maps the eDirectory Organizational Unit to an LDAP organizationalUnit. By default, more than a dozen standard properties are mapped. Additionally, the driver will read the LDAP schema the first time you open the Schema Mapping policy in Novell iManager, allowing you to easily map additional properties if necessary.
Publisher Create	Specifies that in order for a User to be created in eDirectory, the cn, sn, and mail attributes must be defined. In order for an Organization Unit to be created, the ou attribute must be defined.
Publisher Placement	With the Simple placement option, new user objects created in the LDAP directory are placed in the container in eDirectory that you specify when importing the driver configuration. The user object is named with the value of cn. With the Mirror placement option, new user objects created in the LDAP directory are placed in the eDirectory container that mirrors the object's LDAP container.
Matching	Specifies that a user object in eDirectory is the same object as an inetOrgPerson in the LDAP directory when the e-mail attributes match.
Subscriber Create	Specifies that in order for a User to be created in the LDAP directory, the CN, Surname, and Internet Email Address attributes must be defined. In order for an Organization Unit to be created, the OU attribute must be defined.
Subscriber Placement	If you choose Flat placement option during the import of the driver configuration, new user objects created in eDirectory are placed in the Users\Active container in the LDAP. If you choose Mirrored placement during the import of the driver configuration, new user objects created in the eDirectory are placed in the LDAP directory container that mirrors the object's eDirectory container.