The DirXML Driver for SIF comes with a driver configuration file named SIFAgent.xml.
You use a wizard to create a new Driver object based on this configuration file. When you import the configuration file to create or upgrade a driver object, only a few prompts are presented. Most of the driver configuration is done after you import, on the global configuration values page for the driver.
In the driver configuration, you will need to specify the DN for these objects.
Create a driver, following the instructions in "Creating and Configuring a Driver " in the Novell Nsure Identity Manager 2 Administration Guide.
When importing the SIFAgent configuration, specify the name you want to use for the driver, and whether you want the driver to be running Local or Remote.
For information about running the driver remotely, see "Using the Remote Loader Service" in the Novell Nsure Identity Manager 2 Administration Guide.
After you create the Driver object, configure settings such as the containers to use for students and staff.
In iManager, click DirXML Management > Overview. Search for the driver set.
Browse to and click the driver icon, then in the next page, click the driver icon again.
On the Driver Configuration page that appears, specify the following:
| Field Name | Description |
|---|---|
SIF Agent Name |
The default name is Novell Identity Manager. We recommend that you use the default name. This is the name this driver uses to register with the Zone Integration Server (ZIS). You need to coordinate with the ZIS administrator to make sure that the same name is used when configuring the ZIS, as described in Configuring the ZIS to Recognize the Driver. If you decide to use a name other than Novell Identity Manager, keep in mind that it must be unique within the zone, and it is case sensitive. |
Click the Global Config Values tab, and specify the following settings.
| Field Name | Description |
|---|---|
| DRIVER CONFIGURATION | |
SIF users to manage |
Specify the SIF users you want to manage on the Publisher Channel (from SIF to eDirectory).
|
Manage existing eDirectory users |
This option lets you decide whether you want the driver to manage accounts that you already have created in eDirectory. The driver can synchronize existing students in the student information system with existing eDirectory accounts only if the eDirectory user attribute named DirXML-sifSISID contains the student's ID. Select Yes if you have set the DirXML-sifSISID attribute to the student ID on all existing eDirectory accounts so the driver can manage them. Also select Yes if there are no existing eDirectory accounts and you plan to let the driver create them all using the Migrate into eDirectory command. Select No if you want the driver to ignore existing eDirectory user accounts and manage only new students added to the student information system. If Yes is specified, the Migrate into eDirectory command can be used to add or update all SIF users in eDirectory. If No is specified, the Migrate into eDirectory command is ignored to prevent duplicate users from being created in eDirectory. For more information on the options, the reasons why you might choose them, and how to set them up, see Synchronizing eDirectory the First Time |
Send user updates to SIF |
Select Yes if you want changes made to users in eDirectory to be sent to SIF. You might want to do this for the following reasons:
Otherwise, select No. |
Send new users to SIF |
Select Yes if you want new users in eDirectory to be sent to SIF. You might want to do this if your student information system is not SIF-enabled and you want the Novell SIF Driver to inform SIF of new students and staff. If you select Yes you should also set "Send user updates to SIF" to Yes. Otherwise, select No. |
Be the SIF default provider for students and staff |
Select Yes if you want this driver to be the SIF provider for student and staff information. You might want to do this if your student information system is not SIF-enabled and you want the Novell SIF Driver to be the SIF provider of student and staff information. Being the provider means this driver responds to SIF queries for information about students and staff. See Sending Data from eDirectory to SIF. If you select Yes, you must also set Send User Updates to SIF and Send New Users to SIF to Yes, and configure one or more sets of School Information. Otherwise, select No. |
Search container DN |
The container below which User IDs must be unique. When creating a new User object, the driver searches eDirectory to verify that the new User ID is not already in use. This container and all subcontainers are searched. Choose the district container or a container which is high enough in the tree that user IDs are unique for all students and staff. For example, for the environment shown in } 7, you would specify the District container. This search container is used for all zones. If you specify Yes in the Send New Users to SIF field, only users in this container and its subcontainers are sent to SIF. |
Duplicate user ID handling |
User IDs must be unique. Specify the action you want the driver to take when a User ID is not unique. When the driver receives information for a new student from the student information system, it follows the format for creating a User ID that you chose in User ID Format. Before creating the User object, it searches for duplicates starting with the container you specified in Search container DN. If the driver finds a duplicate already existing, it handles the duplicate ID according to what you specify in this field. If you choose Add a Digit, the driver creates the User object and gives it a unique User ID by appending a digit. It places the User object in the correct container. For example, if user Dawn Smith already had the User ID of DSmith, and a new user named David Smith were added, the driver would give David Smith the User ID DSmith1, and place him in the correct container. If you choose Place in Incomplete Container, the driver does not attempt to place the user in the correct container or use the correct template. Instead, it pre-pends a pound sign (#) and a digit to the User ID and places it in the Incomplete container. This option requires manual intervention by the administrator. You must manually delete the user from the Incomplete container and re-create it with a unique ID in the correct container, using the correct template. |
| STUDENT CONFIGURATION | |
Rename student users when naming attributes change |
Specify Yes if you want student user accounts in eDirectory renamed when any of the attributes change that are used to build the User CN (the attributes you specify in Student user ID format). Otherwise, specify No. |
Student user ID format |
Configure the Student user ID format. The format is composed of 5 parts. The 5 parts are concatenated to produce the user ID. See the description and example in Specifying the Pattern for User IDs. |
Text for user ID |
If you specified Text for any part of the student user ID format, specify the text string here. For the attribute where Text is specified, the attribute length should be set to All. |
Student placement is by |
Select whether students are placed by grade, graduation year, or school:
|
Student password format |
Select a password format for students.
|
Student preset text for password |
If you selected Preset Text in the Student Password Format prompt above, enter the password you want to be assigned to new student users. Otherwise, leave this field blank. |
| STAFF CONFIGURATION | |
Rename staff users when naming attributes change |
Specify Yes if you want staff user accounts in eDirectory renamed when any of the attributes change that are used to build the User CN (the attributes you specify in Staff user ID format). Otherwise, specify No. |
Staff user ID format |
Configure the Staff user ID format. The format is composed of 5 parts. The 5 parts are concatenated to produce the user ID. See the description and example in Specifying the Pattern for User IDs. |
Text for user ID |
If you specified Text for any part of the staff user ID format, specify the text string here. For the attribute where Text is specified, the attribute length should be set to All. |
Staff password format |
Select a password format for staff.
|
Staff preset text for password |
If you selected Preset Text in the Staff Password Format prompt above, enter the password you want to be assigned to new staff users. Otherwise, leave this field blank. |
| ZONES AND STAFF PLACEMENT Configure information for each SIF Zone this driver will connect to. Up to ten Zones can be configured, and the order they are listed in is not important. The Incomplete container DN is required. The Disabled container DN is optional. Staff are placed in an eDirectory container based on the Zone. Enter the staff container DN and staff template DN only if you are processing SIF staff users. |
|
Zone |
This prompt and its sub-prompts are used to configure a Zone this driver connects to. Specify Enable if the driver is to connect to this Zone. Specify Disable if the driver is to ignore these parameters. The connection to a configured Zone can be disabled, for example, when testing an individual Zone or when a Zone is offline. |
- URL |
The URL of the SIF Zone Integration Server (ZIS) this driver connects to. The URL can be obtained from the ZIS administrator. It is case sensitive. The protocol is HTTP (Hypertext Transfer Protocol) or HTTPS (Secure Hypertext Transfer Protocol). If you have DNS you can use the hostname; otherwise, use the IP address. Example URLs are When https is specified, the CA certificate for the ZIS must be placed in the java-home\jre\lib\security\jssecacerts keystore file. For more information on how to set this up after importing the driver, see Setting Up Security. |
- Incomplete Container DN |
(Required) The DN of the Incomplete container. If the grade or school for a student is not provided by the student information system, the user is created in the Incomplete container with login disabled. When the student information system provides the missing information, the user is deleted from this container, and created in the correct container. Browse and select the Incomplete container you created for this Zone. This is the Incomplete container that you created during planning, in Identifying "Incomplete" Containers. |
- Disabled container DN |
(Optional) A student's login is disabled when he or she withdraws from school. If you want the student moved when the login is disabled, browse and select the Disabled container you created for this Zone. If you do not want the user moved, leave this field blank. |
- Staff container DN |
If you are managing SIF staff users, browse and select the container where you want staff users to be placed for this Zone. Leave this field blank if you are not managing staff users. |
- Staff template DN |
If you are managing SIF staff users, browse and select the eDirectory Template object you want to be used when creating staff users. Leave this field blank if you are not managing staff users or you are not using a template. |
| STUDENT PLACEMENT This section lets you configure the placement of a group of students in eDirectory. Students are placed in an eDirectory container based on their school code, graduation year or grade level. You need to know the values your student information system uses for schools, graduation years and grades. Complete as many Student placement entries as you need to place all students. Up to 50 groups of students can be defined. |
|
Student placement |
This field is used to visually separate student group configurations. It is not used for configuration. |
- School code |
Specify the school code for this group of students, exactly as it is specified in the student information system. Contact the administrator to find out the school code. This code might be alpha, numeric, or a combination. |
- Grade code or graduation year |
Fill in this field based on your choice in the Student Placement Is by field, in the STUDENT CONFIGURATION section. If you specified Grade in Student Placement Is By, specify the grade level code exactly as it is specified in the student information system. If you specified Graduation Year in Student Placement Is By, specify the graduation year in the format YYYY. If you specified School Only in Student Placement Is By, type an asterisk (*). |
- Student container DN |
Browse and select the eDirectory container where you want this group of students to be placed. |
- Student template DN |
Browse and select the eDirectory template you want to be used when creating users for this group of students. Leave this field blank if you are not using a template. |
| SUBSCRIBER CHANNEL Configure this section only when this driver is the SIF provider of students and staff users, as described in Sending Data from eDirectory to SIF. Configure each school used in the student information system. |
|
School information |
This field is used to visually separate school configurations. This prompt and its sub-prompts are only used if you set Be the SIF Default Provider for Students and Staff to Yes. This information is used so the SIF Driver can provide the SIF SchoolInfo objects. You need to know the value your student information system uses for each school. Complete as many School Information entries as you need to define all schools. |
- School code |
Specify the school code exactly as it is specified in the student information system. |
- School name |
Specify the school name exactly as it is specified in the student information system. |
- Zone number |
Specify the Zone number (1-10) this school belongs to. |
| PASSWORD CONFIGURATION This section is common to all DirXML Drivers and is for password synchronization. At this time, SIF does not accept passwords. Leave the defaults as they are set. |
|
Follow the instructions in Preparing the ZIS and the Student Information System to configure the ZIS to recognize the driver as a SIF Agent.