Installing the Driver

You install the driver as part of the Novell Nsure Identity Manager 2 installation program. For installation instructions, refer to the Novell Nsure Identity Manager 2 Administration Guide.

This section explains how to import the driver configuration for the DirXML Driver for User Management of SAP Software. After you have imported the configuration, you can use iManager to configure and manage the driver.

In this section, you will find information for:


Configuration Information

As you import the driver configuration file, you will be prompted for the following information.

Parameter Name Parameter Description

Driver name

The actual name you want to use for the driver.

User Object Container

The name of the eDirectory Organizational Unit object where Users from the SAP system will be placed.

SAP Application Server

The host name or IP address for connecting to the appropriate SAP application server. This is referred to as the application server in the SAP logon properties.

SAP User ID

The ID of the user this driver will use for the SAP system logon. This is referred to as the user in the SAP logon screen.

SAP User Password

The User password this driver will use for the SAP system logon. This is referred to as the password in the SAP logon screen.

Publisher Channel Port Type

Set to TRFC if the driver will instantiate a JCO Server to receive data distribution broadcasts from the SAP ALE system. Set to FILE if the driver will consume text file IDocs distributed by the SAP ALE system. Any other value will disable the Publisher channel functionality.

SAP System Number

The SAP system number on the SAP application server. This is referred to as the system number in the SAP logon properties.

SAP Client Number

The client number to be used on the SAP application server. This is referred to as the client in the SAP logon screen.

SAP Session Language Code

The language this driver will use for the SAP session. This is referred to as the language in the SAP logon screen.

Character Set Encoding

The code for the character set to translate IDoc byte-string data into Unicode* strings. An empty value causes the driver to use the host JVM default.

Publish all Communication Table Values

Set to 0 if only the primary value of Communication tables should be synchronized. Set to 1 if all values should be synchronized.

Publish Company Address Data

By default, an SAP User record does not include Company Address information. That data is kept in a related table. Use this parameter to specify if you want the driver to retrieve the data from the appropriate company record. Regardless of the option you specify, Company Address information cannot be updated in SAP.

Set to 1 to populate User Company Address information for the Publisher channel and for Subscriber channel queries.

Set to 0 if you do not desire this functionality.

Require User to Change Set Passwords

The Subscriber channel can be configured to handle a User password set operation in two methods. Enter 1 if set passwords must be changed immediately by Users at their next login, or enter 0 if this functionality is not desired.

Communication Table Comments

The communication table comment is a text comment the driver adds to all Communication table entries. This is a useful method for determining where an entry originated from when viewing values via the SAP GUI. Leaving this field blank provides no comments to the table entries.

SAP Gateway ID

If the Publisher channel port type is TRFC, this parameter specifies the gateway that distributes User data to the driver. If you are not using TRFC, this parameter is ignored.

TRFC Program ID

If the Publisher channel port type is TRFC, this parameter identifies the JCO server program in the driver for the SAP gateway. If you are not using TRFC, this parameter is ignored.

Publisher IDoc File Directory

The file system location where the SAP User IDoc files are placed by the SAP ALE system (FILE port configuration) or by the driver (TRFC configuration.)

Configure Data Flow

Dataflow can be configured to one of the following options:

  • Bidirectional: SAP HR and eDirectory are both authoritative sources of the data synchronized between them.
  • SAP-to-eDirectory: SAP is the authoritative source.
  • eDirectory-to-SAP: eDirectory is the authoritative source.

Install Driver as Remote/Local

Configure the driver for use with the Remote Loader service by selecting the Remote option, or select Local to configure the driver for local use. If Local is selected, you can skip the remaining parameters.

Remote Host Name and Port

Specify the host name or IP address and port number for where the Remote Loader service has been installed and is running for this driver. The default port is 8090.

Driver Password

The driver object password is used by the Remote Loader to authenticate itself to the DirXML server. It must be the same password that is specified as the driver object password on the DirXML Remote Loader.

Remote Password

The Remote Loader password is used to control access to the Remote Loader instance. It must be the same password that is specified as the Remote Loader password on the DirXML Remote Loader.

The additional driver parameters are set to default values during the import process, but they can be modified in iManager (by clicking the Driver Configuration tab on the driver object.)

Parameter name Parameter Description

Poll Interval (seconds)

Specifies how often the driver will poll for unprocessed IDocs.

Future-dated Event Handling Option

There are four possible values for this parameter:

0 - Indicates that all attributes will be processed by the driver when the IDoc is available. A timestamp is set for each attribute that represents the validity period.

1 - Indicates that only attributes that have a current or past timestamp will be processed by the driver when the IDoc is available. Future-dated infotype attributes are cached in a ".futr" file to be processed at a future date.

2 - Indicates that the driver will blend options 1 and 2. All attributes will be processed, with a timestamp, at the time the IDoc is available. All future-dated infotype attributes will also be cached in a ".futr" file to be processed at a future date.

3 - Indicates that the driver will process all events at the time the IDoc is made available. All future-dated infotype attributes will be cached in a ".futr." file to be processed again on the next calendar day. This will continue until the attributes are sent for a final time on the future date.


Importing the Driver Configuration

The Create Driver Wizard helps you import the basic driver configuration file. This file creates and configures the objects and policies needed to make the driver work properly.

The following instructions explain how to create the driver and import the driver's configuration.

  1. In Novell iManager, click DirXML Utilities > Create Driver.

  2. Select a driver set.

    If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.

  3. Select Import a Driver Configuration from the Server, then select SAPUser.xml.

    The driver configuration files are installed on the Web server when you install DirXML. During the import, you will be prompted for the driver's parameters and other information. Refer to Configuration Information for more information.

  4. Specify the driver's parameters, then click OK to import the driver.

    When the import is finished, you can define security equivalences and exclude administrative roles from replication.

    The driver object must be granted sufficient eDirectory rights to any object it reads or writes. You can do this by granting Security Equivalence to the driver object. The driver must have Read/Write access to users, post offices, resources, and distribution lists, and Create, Read, and Write rights to the post office container. Normally, the driver should be given security equal to Admin.

  5. Review the driver objects in the Summary screen, and then click Finish.


Extending the Schema

If you want to use the default configuration, you need to extend the eDirectory schema. This provides greater abilities to administrate the User Management functions of SAP R/3 and Enterprise R/3 systems. We recommend applying a set of schema extensions to the eDirectory tree that will synchronize with the SAP system.

During SAP's development of their own LDAP-based User Administration utilities, a standard set of schema extensions was developed for use with Novell eDirectory. These extensions are contained the R3-Novell-Ldif-Schema-extension.ldif file. This file is designed to be applied to eDirectory by using the Novell Import Conversion Export (ICE) utility.

In addition to the ldif-format schema extension file, the schema extensions are also available in the sapuser.sch file (the eDirectory standard).

If you need to extend the schema manually, the following instructions help you use the ICE utility. For additional information, refer to the Import Conversion Export utility documentation.

  1. Open the NDS Import/Export Wizard.

  2. Select Import LDIF File, then click Next.

  3. Browse to R3-Novell-Ldif-Schema-extension.ldif, then click Next.

  4. Fill in the appropriate LDAP connection information for the Novell LDAP service, then click Next.

  5. Click Finish to begin the extension process.


Activating the Driver

DirXML and DirXML drivers must be activated within 90 days of installation, or they will not run. At any time during the 90 days, or afterward, you can choose to activate DirXML products to a fully licensed state.

To activate your driver, you should:

For more information about completing these tasks, refer to Activating Your DirXML Product.