Novell Identity Manager 3.6 Integration Module for Linux and UNIX

Overview

The Identity Manager 3.6 Integration Module for Linux and UNIX combines the flexibility of the Fan-Out Driver with the Identity Manager policy options supported by the bidirectional driver. With these choices, you have the full range of capabilities to satisfy your authentication and data provisioning needs.

Features

• User provisioning
  • Event–and poll-based publishing
  • Role–based entitlements and approval workflow
  • Provisioning to hundreds of platforms with a single driver
• Password management
  • Administrative password resets from platform
  • Administrative password resets to platform
  • Enforcement of Universal Password rules on platform login
  • Password failure email notification support
• User self-service
• Point-and-click customization
• iManager plug-In
• Role-based administration
• System-wide auditing and reporting
• Native script handling
  • Event–triggered shell scripts for provisioning
  • Customizable shell scripts to handle all data to be synchronized
• Authentication redirection
• Bidirectional synchronization of data with embedded remote loader technolgy
  • Data publishing from platform to Identity Manager
  • Data subscribing from Identity Manager to platform
  • Password synchronization
  • End user password replication to and from platform
• Customizable schema to integrate all aspects of Linux and UNIX account administration
• No LDAP configuration
• APIs to simplify programmatic directory access

Benefits

• Increased operational efficiency
• Support for compliance with industry regulations
• Reduced administration and helpdesk costs
• Reduced security risks
• Empowered users
• Enhanced performance of your operating systems
• Reduced network computing costs
• Low memory and processor requirements on the Metadirectory server

Identity Manager Driver 3.6 Integration Module for Linux and UNIX includes two provisioning options: bidirectional and Fan-Out. The bidirectional driver enables you to synchronize information to and from Identity Manager and a connected system. The Fan-Out driver enables you to synchronize information from Identity Manager to many different connected systems using a single driver. By unifying the bidirectional and Fan-Out drivers in a single integration module, Novell enables customers to choose the functionality most appropriate for their environment.

Bidirectional Driver

When you deploy the Identity Manager Driver for Linux and UNIX, you are required to select a provisioning option. The bidirectional driver option enables you to integrate the NIS user management system—commonly used in UNIX environments—with Novell eDirectory™. As user information is added, modified or deleted in eDirectory, the bidirectional driver ensures that all changes are reflected in any connected NIS database or management files. Likewise, as NIS database information is added, modified or deleted, the bidirectional driver seamlessly and automatically updates eDirectory.

Identity Manager Driver for Linux and UNIX supports the NIS and NIS+ databases as well as the /etc/passwd and /etc/group files—all methods of managing UNIX users. This driver also runs on the following platforms:

• SUSE Linux versions 8, 9, 10, 10(x86_64), 10.1(x86/x86_64)
• SUSE Linux versions s390x 10.1 (64-bit)
• HP-UX* versions 11.11, 11.23 (32-bit and Itanium)
• BM AIX versions 5.1, 5.2, 5.3
• Red Hat Linux versions 3, 4(x86/x86_64), 5(x86/x86_64)
• Solaris Sparc versions 8, 9 or 10
• Solaris version x86 10

The bidirectional driver greatly simplifies the process of adding new users to your network. It provides support for generating default user and group IDs—as well as home directories—when a new user or group is created in eDirectory and synchronized to the NIS databases. And with some customization, the driver can also generate default passwords for new users. When combined, all of these features allow new users to log in without any intervention from the NIS database administrator.

The bidirectional driver provides complete integration with Identity Manager for full data and password synchronization. This driver provides data customization with Identity Manager policies, using standard security system commands. Each subscribed eDirectory data change event is converted into a security system command. Security system commands are captured and published to Identity Manager for appropriate eDirectory updates.

Fan-Out Driver

The Fan-Out Driver enables you to synchronize information from Identity Manager to many different connected systems using a single driver.

The Fan-Out Driver offers delegated logic and control to your system administrators. You can process any Identity Manager data-change event with a script on the platform. Authentication redirection provides login support for a universal password, accessing a central repository for login and password rules. Full bidirectional password synchronization is also supported.

The Fan-Out Driver is the natural upgrade path from Novell Account Management. The same extensible scripts are supported to manage users and groups on target platforms, and the same Authentication Services API is supported. In future releases, the fan-out driver will provide tighter integration with Identity Manager, while continuing to provide the flexibility to manage all aspects of the user experience using extensible scripts.

The Fan-Out Driver has two components:

• The Core Driver
• Platform Services

The Core Driver provides event fan-out to target platforms running Platform Services. A single Core Driver can support many platforms running Platform Services, regardless of platform operating system.

The Fan-Out Driver runs on any of the platforms supported by the bidirectional driver plus the following:

• Debian Linux version 3.1
• FreeBSD version 5.5
• Tru64 version 5.1

system requirements

• Identity Manager 3.5.1 and higher
• Software required by Identity Manager 3.6
• Any of the supported platforms mentioned above