Global configuration values (GCVs) allow you to specify settings for the Identity Manager features such as password synchronization and driver heartbeat, as well as settings that are specific to the function of an individual driver configuration. Some GCVs are provided with the drivers, but you can also add your own.
IMPORTANT:Password Synchronization settings are GCVs, but it’s best to edit them in the graphical interface provided on the Server Variables page for the driver, instead of the GCV page. The Server Variables page that shows Password Synchronization settings is accessible as a tab like other driver parameters, or by clicking
, searching for the driver, and clicking the driver name. The page contains online help for each Password Synchronization setting.In iManager:
Click
, then click to search for the driver set that is associated with the driver.Browse to the driver, then click the upper right corner of the driver icon.
Click
.In Designer:
Open a project in the Modeler, then right-click the driver line and select
The SIF driver has different categories of global configuration values.
Section B.2.1, Global Configuration Values > Driver Configuration
Section B.2.2, Global Configuration Values > Student Configuration
Section B.2.3, Global Configuration Values > Staff and Employee Configuration
Section B.2.4, Global Configuration Values > Zone Configuration
Section B.2.5, Global Configuration Values > Student Placement
Section B.2.6, Global Configuration Values > SIF Provider Configuration
Section B.2.7, Global Configuration Values > Password Configuration
The driver configuration GCVs control how the driver synchronizes information.
Table B-6 Global Configuration Values > Driver Configuration
GCV |
Description |
---|---|
|
The container below which User IDs must be unique. When creating a new User object, the driver searches the Identity Vault to verify that the new User ID is not already in use. This container and all subcontainers are searched. Choose the district container or a container that is high enough in the tree that user IDs are unique for all students and staff. For example, for the environment shown in Figure 2-6, you would specify the District container. This search container is used for all zones. If you select Yes in the field, only users in this container and its subcontainers are sent to SIF. |
|
This option lets you decide whether you want the driver to manage accounts that you already have created in the Identity Vault, before using this driver. The SIF Driver can match students and staff in the Student Information System (SIS) with preexisting Identity Vault users only if the Identity Vault user attribute DirXML-sifSISID contains the student’s or staff’s ID number. Select if one of the following is true:
Otherwise, select .If is specified, the command can be used to add or update all SIF users into the Identity Vault.If is specified, the command is ignored to prevent duplicate users from being created in the Identity Vault.This field does not apply to users added to the Identity Vault by this driver. Identity Manager can always match these Identity Vault users with Student Information System users, and these Identity Vault users are always kept current with changes from the Student Information System. For more information on how to make this decision, see Section 5.4, Synchronizing the Identity Vault the First Time. |
|
Select if you want changes made to users in the Identity Vault to be sent to SIF. You might want to do this for the following reasons:
Otherwise, select . |
|
Select if you want new users in the Identity Vault to be sent to SIF. You might want to do this if your Student Information System is not SIF-enabled and you want the Novell SIF Driver to inform SIF of new students and staff.If you select Yes you should also set “Send user updates to SIF” to Yes. Otherwise, select . |
|
Send an e-mail notification when an Identity Vault account’s User ID is renamed or when a new user is created with a non-standard User ID. User IDs must be unique. When the driver receives information for a new student from the Student Information System, it follows the format for creating the User ID that you chose in the User ID Format. Before creating the User object, the driver searches for a duplicate ID starting with the container you specified in the Search container DN. If the driver finds the user ID already exists, the driver creates a unique ID by appending a digit to it. For example, if Dawn Smith had the User ID of DSmith, and a new user named David Smith were added, the driver places him in the appropriate container and gives David the User ID: DSmith1. Also, when an Identity Vault user account is renamed by the driver, an e-mail notification can be sent. Select if you want e-mail notifications sent. You must have a local SMTP server. Otherwise, select .If you select , you are presented with the following four additional prompts:
|
|
Select the Student Information Management System you are using. This information is used to accommodate unique features about each SIS. Select if the SIS you are using is not listed.Select if you want to manage student accounts in the Identity Vault. Otherwise select . |
The student configuration GCVs control how the student objects are created and synchronized.
Table B-7 Global Configuration Values > Student Configuration
GCVs |
Description |
---|---|
|
Select if you want to manage student accounts in the Identity Vault. Otherwise, select |
|
Configure the Student user ID format. The format is composed of five parts. The five parts are concatenated to produce the user ID. See the description and example in Section 2.4, Specifying the Pattern for User IDs. |
|
Select Student user ID format). Otherwise, select if you want student user accounts in the Identity Vault renamed when any of the attributes change that are used to build the User CN (the attributes you select inSee in the Driver Configuration options above. |
|
Select the criteria used to place students in the Identity Vault tree. |
|
Select a password format for students. |
|
If you selected in the field above, specify the password you want to be assigned to new student users. Otherwise, leave this field blank. |
The staff and employee GCVs control how these objects are created and synchronized.
Table B-8 Global Configuration Values > Staff and Employee Configuration
GCVs |
Description |
---|---|
|
Select if you want to manage staff and employee accounts in the Identity Vault. Otherwise, select .Typically StaffPersonal objects are maintained by the SIS, and EmployeePersonal objects are maintained by the HR system. When you select there are additional options. These options are documented below. |
|
|
|
Configure the . The format is composed of five parts. The five parts are concatenated to produce the user ID.See the description and example in Section 2.4, Specifying the Pattern for User IDs. |
|
Select Staff user ID format). Otherwise, select . See in the Driver Configuration options above. if you want staff user accounts in the Identity Vault renamed when any of the attributes change that are used to build the User CN (the attributes you specify in |
|
Select a password format for staff. |
|
If you select in the field above, specify the password you want to be assigned to new staff users. Otherwise, leave this field blank. |
The Zone GCVs control how information is synchronized to and from the Zone.
Table B-9 Global Configuration Values > Zone Configuration
GCVs |
Description |
---|---|
|
Configuration information for each SIF Zone the driver connects to. Select to use the zone. Select if you do not need the zone.The driver can connect up to ten Zones. You can use as many or as few Zones as needed for your environment. The order of the Zones is not important. through contain the same fields. You specify the information for each Zone. |
|
Select if the driver is to connect to this Zone. Select if the driver is to ignore these parameters. The connection to a configured Zone is disabled, for example, when testing an individual Zone or when a Zone is offline. |
|
The URL of the SIF Zone Integration Server (ZIS) this driver connects to. The URL can be obtained from the ZIS administrator. It is case sensitive. The protocol is HTTP (Hypertext Transfer Protocol) or HTTPS (Secure Hypertext Transfer Protocol). If you have DNS, you can use the hostname. Otherwise, use the IP address. Example URLs are http://www.myzis.com/Zone1 https://1.2.3.4:123/Zone2 When HTTPS is specified, the CA certificate for the ZIS must be placed in the java-home \jre\lib\security\jssecacerts keystore file. For more information on how to set this up after importing the driver, see Section 6.2, Setting Up Security. |
|
The DN of the Incomplete container. If the grade or school for a student is not provided by the Student Information System, the user is created in the Incomplete container with login disabled. No template is used when creating the user. If you have users objects appear in the incomplete container, review the objects to find out what information is missing. Delete the objects from the Incomplete container, then adding the missing information to the users in the SIF system. Browse and select the Incomplete container you created for this Zone. This is the Incomplete container that you created during planning, in Identifying “Incomplete” Containers. |
|
A student’s login is disabled when he or she withdraws from school. If you want the student moved when the login is disabled, browse and select the Disabled container you created for this Zone. If you do not want the user moved, leave this field blank. |
|
If you are managing SIF staff users, browse and select the container where you want staff users to be placed for this Zone. Leave this field blank if you are not managing staff users. |
|
If you are managing SIF staff users, browse and select the eDirectory Template object you want to be used when creating staff users. Leave this field blank if you are not managing staff users or if you are not using a template. |
The student placement GCVs control where the students are placed in the Identity Vault.
Table B-10 Global Configuration Values > Student Placement
GCVs |
Descriptions |
---|---|
|
Use this field to separate school configurations. Use this section to configure the placement of students in the same school. It places students in an eDirectory container based on their school code, graduation year, or grade level. You need to know the values your Student Information System (SIS) uses for schools, graduation years, and grades. Complete as many Student group placement entries as you need to in order to place all students. Use to use the fields. Use if you do not need all ten options.through contain the same fields. Use the additional field to define information specific for each school you administer. |
|
The value of this field is based on your criteria. If you specified or enter the school code for this group of students exactly as it is specified in the Student Information System. Contact the administrator to find out the school code. This code might be alpha, numeric, or a combination.If you specified all. It must be all lowercase. or in , type |
|
This section lets you configure the placement of a group of students in the Identity Vault. Students are placed in an eDirectory container based on their school code, graduation year, or grade level. You need to know the values your Student Infomration System (SIS) uses for schools, graduation years and grades. Complete as many entries as you need to place all students.through contain the same fields. Use the additional fields to place additional groups of users. To use a fields set the option to . If you do not need all six fields, set any fields not in use toIf you need more than six for this school, use additional with the same school code. |
|
Fill in this field based on your choice in the , in the STUDENT CONFIGURATION section.If you specified in , specify the grade level code exactly as it is specified in the SIS.If you specified Student Placement Is by, specify the graduation year exactly as it is specified in the SIS. or inIf you specified Student Placement Is by, type all. It must be all lowercase. in |
|
Browse and select the eDirectory container where you want this group of students to be placed. |
|
Browse and select the eDirectory template you want to be used when creating users for this group of students. Leave this field blank if you are not using a template. |
Configure this section only when this driver is the SIF provider for student and staff information, as described in Section 1.4.3, Sending Data from the Identity Vault to SIF. You might want to do this if your Student Information System is not SIF-enabled, and you want the driver to be the SIF provider of student and staff information. Being the provider means this driver responds to SIF queries for information about students and staff.
Table B-11 Global Configuration Values > SIF Provider Configuration
GCVs |
Description |
---|---|
|
Select if you want this driver to be the SIF provider for student and staff information. If you select Yes, other settings are displayed.You might want to do this if your Student Information System is not SIF-enabled and you want the Novell SIF Driver to be the SIF provider of student and staff information. Being the provider means this driver responds to SIF queries for information about students and staff. See Sending Data from the Identity Vault to SIF. If you select , you must also set to and to , and configure one or more sets of School Information.Otherwise, select . |
|
This field is used to separate school configurations. This prompt and its sub-prompts are only used if you set to .This information is used so the SIF Driver can provide the SIF SchoolInfo objects. You need to know the value your Student Information System uses for each school. Complete as many School Information entries as you need to define all schools. |
|
Specify the school code exactly as it is specified in the Student Information System. |
|
Specify the school name as it is specified in the Student Information System. |
|
Specify the Zone number (1-10) this school belongs to. |
For
Table B-12. The others are GCVs regarding Password Synchronization that are common to all drivers. They should be edited using iManager in
>
, not here. Some of them have dependencies on each other that are represented only in the iManager interface. They are explained in
Password Synchronization across Connected Systems
in the
Novell Identity Manager 3.5.1 Administration Guide
.
Table B-12 Global Configuration Values > Password Configuration