In iManager:
Click to display the Identity Manager Administration page.
Open the driver set that contains the driver whose properties you want to edit:
In the
list, click .If the driver set is not listed on the
tab, use the field to search for and display the driver set.Click the driver set to open the Driver Set Overview page.
Locate the driver icon, then click the upper right corner of the driver icon to display the
menu.Click
to display the driver’s properties page.By default, the Driver Configuration page is displayed.
In Designer:
Open a project in the Modeler.
Right-click the driver icon or line, then select click
The Driver Configuration options are divided into the following sections:
The driver module changes the driver from running locally to running remotely or the reverse.
Table A-1 Driver Modules
Table A-2 Driver Object Password
The Authentication section stores the information required to authenticate to the connected system.
Table A-3 Authentication Parameters
The Startup Option section allows you to set the driver state when the Identity Manager server is started.
Table A-4 Startup Options
The Driver Parameters section lets you configure the driver-specific parameters. When you change driver parameters, you tune driver behavior to align with your network environment.
Table A-5 Driver Parameters
Option |
Description |
---|---|
Driver Options > Authentication Options |
|
|
The options are or . It enables you to see and change the authentication options for the driver. |
|
The method of authentication to Active Directory. uses Microsoft’s security package to negotiate the logon type. Typically Kerberos or NTLM is selected. uses LDAP style simple bind for logon.If you want to use Password Synchronization, select . |
|
Select to digitally sign communication between the driver shim and Active Directory. This does not hide the data from view on the network, but it reduces the change of security attacks.Signing only works when you use the authentication method and the underlying security provider selects NTLM2 or Kerberos for its protocol.Do not use this option with SSL. Select to have communications not signed. |
|
Select to digitally encrypt communication between the driver shim and the Active Directory database.Sealing only works when you the authentication method and the underlying security provider selects NTLM2 or Kerberos for its protocols.Do not use this option with SSL. Select to not have communication between the driver shim and the Active Directory database signed and sealed. |
|
Select to digitally encrypt communication between the driver shim and the Active Directory database.This option can be used with the Securing Windows 2000 Server. or authentication methods. SSL requires that the Microsoft server running the driver shim imports the domain controller’s server certificate imported. For more information, see |
|
Select Section 2.4, Creating an Administrative Account. to log on and impersonate the driver authentication account for CDOEXM (Collaboration Data Object for Exchange Management) and Password Set support. The driver performs a local logon. The authentication account must have the proper rights assignment. For more information, seeIf is selected, the driver performs a network logon only. |
Driver Options > Exchange Options |
|
|
Select to display the Microsoft Exchange options. These parameters control whether the driver shim uses the Microsoft CDOEXM Exchange management APIs and whether to interpret changes in the homeMDB attribute as a Move or a Delete of the mailbox.Select if you are not synchronizing Exchange accounts. |
|
Exchange mailboxes can be controlled by calls to the Microsoft Exchange management system instead of regular attribute synchronization. When enabled, the driver intercepts changes to the Active Directory homeMDB attribute and calls into the desired interface for Exchange Management. The option enables the use of the CDOEXM (Collaboration Data Objects for Exchange Management) subsystem. The option requires use of Exchange 2007 or newer and requires installation of the Identity Manager Exchange service. |
|
Select to enable the driver to intercept modifications to the Active Directory homeMDB attribute and call into the selected interface for exchange management to move the mailboxes to the new message data store.Select if you do not want mailboxes moved when the Active Directory account is moved. |
|
Select to enable the driver to intercept removals of the Active Directory homeMDB attribute and call into the selected interface for exchange management to delete the mailbox.Select if you don’t want to delete the mailbox account when the Active Directory account is deleted. |
Driver Settings > Access Options |
|
|
Select to display the domain controller access options. These parameters control the scope of the Active Directory queries along with several Publisher polling and timeout parameters.Select to hide the domain controller access options. |
|
Specify the number of minutes to delay before querying the Active Directory data base for changes. A larger number reduces the load on the Active Directory database, but it also reduces the responsiveness of the driver. The default value is 1 minute. |
|
The Publisher channel usually receives all the values of a multi-valued attribute. Enabling this option reports only the added or deleted values during the poll interval. This requires 2003 Forest functional mode or above. This option is hidden by default. It can be modified by selecting the option in the Driver configuration tab. |
|
Allows the driver to send a periodic status message on the Publisher channel when there has been no Publisher channel traffic for the given number of seconds. The default value is 1 second. |
|
Specify the number of minutes for the driver to attempt to synchronize a given password. The driver does not try to synchronize the password after this interval has been exceeded. The recommended value is at least three times the value of the polling interval. For example, if the is set to 10 minutes, set the to 30 minutes.If this value is set to 0, password synchronization is disabled for this driver. The default value is 5 minutes. |
|
The driver reads information from other domains when objects in those domains are referenced. If the account you use for authentication has no rights in the other domain, the reads might fail. Select to enable this option if you get access errors during regular operations. |