Novell Documentation: Nsure Identity Manager Drivers

New Features

The following section contains information about the new driver features, as well as new features provided in DirXML 2.0.

Driver Features

Instead of two sample configurations, a single sample configuration is provided that includes the option to choose between Flat placement and Mirror placement in hierarchal structures.
An optional driver parameter has been added to let you specify preferred object classes. See Preferred Object Classes.
Support for Password Synchronization 2.0 has been added.
The driver shim works the same way, but new policies have been added to the sample driver configuration to support Password Synchronization 2.0.

You can set or modify the LDAP password using a password from DirXML, and you can check the LDAP password to see if it matches the DirXML password.

You could also use a style sheet to manufacture a password to be sent back to DirXML, such as a password based on the user's last name. However, LDAP does not support providing the user's actual LDAP password to DirXML.

See the description of the different scenarios for Password Synchronization in "Implementing Password Synchronization" in the Novell Nsure Identity Manager 2 Administration Guide.
Role-Based Entitlements features are supported as an option in the sample driver configuration.
Because the LDAP protocol does not provide the ability to disable an account, only the ability to delete an account, use caution when revoking access to LDAP accounts using Entitlement Policies.

注: If disabling accounts is desired, check your LDAP application; some applications might provide the ability to disable even though it's not in the LDAP protocol. If so, you might be able to add a disable option by customizing the policies in the driver configuration and updating the interpretive variables in the driver manifest.

For information about Role-Based Entitlements, see "Using Role-Based Entitlements" in the Novell Nsure Identity Manager 2 Administration Guide.
Driver heartbeat is supported. See "Driver Heartbeat" inthe Novell Nsure Identity Manager 2 Administration Guide.

DirXML 2.0 Features

DirXML 2.0 includes the following new features. For more information, refer to the Nsure Identity Manager 2 Administration Guide.

Password Management

The new password management framework includes the following benefits:

New Password Policies let you create rules for passwords and assign them to users, containers, or the whole eDirectory tree. You can enable Universal Password, which lets you enforce detailed criteria for passwords and allows for special characters.
Password Synchronization 2.0 is now cross-platform, and it lets you enforce your Password Policies across connected systems. New notification templates let you automatically send messages to users about their password synchronization status.
Using Password Policies, you can also provide Forgotten Password Self-Service and Reset Password Self-Service to your users. These new features can help you reduce help desk calls. Notification templates are also included for automatically sending forgotten password and password hint messages to users.

Policy Builder Interface and DirXML Script for Creating Policies

For the most common tasks, you can now use the new Policy Builder interface to create policies for your driver without writing XSLT code. The Policy Builder helps you set up policies using the new DirXML Script.

Role-Based Entitlements

For many drivers, Role-Based Entitlements is an option in the sample driver configuration that you can choose when importing the driver.

Role-Based Entitlements let you grant entitlements on connected systems to a group of Novell^(R) eDirectory^TM users. Using Entitlement Policies, you can streamline management of business policies and reduce the need to configure your DirXML drivers.

Novell Nsure Audit

Novell Nsure^TM Audit is a centralized, cross-platform auditing service. It collects event data from multiple applications across multiple platforms and writes the data to a single, non-repudiable data store. Nsure Audit is also capable of creating filtered data stores. Based on criteria you define, Nsure Audit captures specific types of events and writes those events to secondary data stores.

Global Configuration Values

Global configuration values (GCVs) are new settings that are similar to driver parameters. Global configuration values can be specified for a driver set as well as an individual driver. If a driver does not have a value for a particular GCV, the driver inherits the value for that GCV from the driver set.

GCVs allow you to specify settings for new DirXML features such as Password Synchronization, as well as settings that are specific to the function of an individual driver configuration. Some GCVs are provided with the drivers, but you can also add your own. You can refer to these values in a policy to help you customize your driver configuration.

Driver Heartbeat

The DirXML engine now accepts driver heartbeat documents from drivers, and drivers can be configured to send them.