4.1 Using Designer to Import

You can import the basic driver configuration file for the LDAP driver by using Designer. This basic file creates and configures the objects and policies needed to make the driver work properly.

The following procedure explains one of several ways to import the sample configuration file:

  1. Open a project in Designer.

  2. In the Modeler, right-click the Driver Set object, then select New > Driver.

  3. From the drop-down list, select LDAP, then click Run.

  4. Click Yes in the Perform Prompt Validation window.

  5. Configure the driver by filling in the fields.

    Specify information specific to your environment. See Table 4-1.

  6. After specifying parameters, click OK to import the driver.

  7. Customize and test the driver.

  8. Deploy the driver into the Identity Vault.

    See Deploying and Exporting in the Designer 2.1 for Identity Manager 3.5.1 guide.

Table 4-1 Settings for the LDAP Driver

Field

Description

Driver Name

The object name to be assigned to this driver, or the existing driver for which you want to update the configuration.

Placement Type

With the Simple placement option, new User objects created in the LDAP directory are placed in the container in an Identity Vault that you specify when importing the driver configuration. The user object is named with the value of cn.

With the Mirror placement option, new User objects created in the LDAP directory are placed in the Identity Vault container that mirrors the object's LDAP container.

eDirectory Container

The container in an Identity Vault where new users should be created.

If this container doesn’t exist, you must create it before you start the driver.

For the LDAPMirrorSample.xml configuration, this directory is the starting point for the driver’s Placement policy. Subordinate containers should be named the same as the subordinate containers in the LDAP mirror container.

For the Flat configuration, this container houses all User objects.

LDAP Container

The container in the LDAP directory where new users should be created.

If this container doesn’t exist, you must create it before you start the driver.

For the Flat configuration, this directory is the starting point for the driver’s Placement policy.

For the LDAPSimplePlacementSample.xml configuration, this container houses all User objects.

LDAP Server

The hostname or IP address and port of the LDAP server.

LDAP Authentication DN

Specify the LDAP DN of the administrator account created for the LDAP driver.

LDAP Authentication Password

The password for the LDAP driver administrator account. You confirm the password by re-entering it in the next field.

This is the required password for the authenticated user.

If the LDAP driver uses Directory Manager exclusively, the default authenticated user works well. However, if this user is used for any other purpose, you should probably change the default after you get the driver running. See Creating an LDAP User Object with Authentication Rights.

SSL

Encrypts LDAP protocol communications.

Configure Data Flow

  • Bidirectional: Both LDAP and the Identity Vault are authoritative sources of the data synchronized between them.

  • LDAP to eDirectory: LDAP is the authoritative source.

  • eDirectory to LDAP: The Identity Vault is the authoritative source.

Install Driver as Remote/Local

Configure the driver for use with the Remote Loader service by selecting Remote, or select Local to configure the driver for local use.

Remote Host Name and Port

Specify the host name or IP address and port number where the Remote Loader Service has been installed and is running for this driver. The default port is 8090.

Driver Password

The Remote Loader uses the Driver object password to authenticate itself to the Metadirectory server. The Driver object password must be the same password that is specified as the Driver object password on the Identity Manager Remote Loader.

Remote Password

This password is used only in the Remote Loader configuration. It allows the Remote Loader to authenticate to the Metadirectory engine.

The Remote Loader password is used to control access to the Remote Loader instance. The Remote Loader password must be the same password that is specified as the Remote Loader password on the Identity Manager Remote Loader.

Password Failure Notification User

Sends an e-mail notification to a specified user when a password fails.

Enable Entitlements

Choose Yes or No. Because this is a design decision, you should understand entitlements before choosing to use it.

For information about entitlements, see Creating and Using Entitlements in the Novell Identity Manager 3.5.1 Administration Guide.