The following section contains information about the new driver features, as well as new features provided in DirXML 2.0.
The driver shim works the same way, but new policies have been added to the sample driver configuration to support Password Synchronization 2.0.
You can set or modify the LDAP password using a password from DirXML, and you can check the LDAP password to see if it matches the DirXML password.
You could also use a style sheet to manufacture a password to be sent back to DirXML, such as a password based on the user's last name. However, LDAP does not support providing the user's actual LDAP password to DirXML.
See the description of the different scenarios for Password Synchronization in "Implementing Password Synchronization" in the Novell Nsure Identity Manager 2 Administration Guide.
Because the LDAP protocol does not provide the ability to disable an account, only the ability to delete an account, use caution when revoking access to LDAP accounts using Entitlement Policies.
: If disabling accounts is desired, check your LDAP application; some applications might provide the ability to disable even though it's not in the LDAP protocol. If so, you might be able to add a disable option by customizing the policies in the driver configuration and updating the interpretive variables in the driver manifest.
For information about Role-Based Entitlements, see "Using Role-Based Entitlements" in the Novell Nsure Identity Manager 2 Administration Guide.
DirXML 2.0 includes the following new features. For more information, refer to the Nsure Identity Manager 2 Administration Guide.
The new password management framework includes the following benefits:
For the most common tasks, you can now use the new Policy Builder interface to create policies for your driver without writing XSLT code. The Policy Builder helps you set up policies using the new DirXML Script.
For many drivers, Role-Based Entitlements is an option in the sample driver configuration that you can choose when importing the driver.
Role-Based Entitlements let you grant entitlements on connected systems to a group of Novell(R) eDirectoryTM users. Using Entitlement Policies, you can streamline management of business policies and reduce the need to configure your DirXML drivers.
Novell NsureTM Audit is a centralized, cross-platform auditing service. It collects event data from multiple applications across multiple platforms and writes the data to a single, non-repudiable data store. Nsure Audit is also capable of creating filtered data stores. Based on criteria you define, Nsure Audit captures specific types of events and writes those events to secondary data stores.
Global configuration values (GCVs) are new settings that are similar to driver parameters. Global configuration values can be specified for a driver set as well as an individual driver. If a driver does not have a value for a particular GCV, the driver inherits the value for that GCV from the driver set.
GCVs allow you to specify settings for new DirXML features such as Password Synchronization, as well as settings that are specific to the function of an individual driver configuration. Some GCVs are provided with the drivers, but you can also add your own. You can refer to these values in a policy to help you customize your driver configuration.
The DirXML engine now accepts driver heartbeat documents from drivers, and drivers can be configured to send them.