A.1 Driver Configuration

In iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit:

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, then click the upper right corner of the driver icon to display the Actions menu.

  4. Click Edit Properties to display the driver’s properties page.

    By default, the Driver Configuration page is displayed.

In Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select click Properties > Driver Configuration.

The Driver Configuration options are divided into the following sections:

A.1.1 Driver Module

The driver module changes the driver from running locally to running remotely or the reverse.

Table A-1 Driver Module

Option

Description

Java

Used to specify the name of the Java class that is instantiated for the shim component of the driver. This class can be located in the classes directory as a class file, or in the lib directory as a .jar file. If this option is selected, the driver is running locally.

The Java class name is:

com.novell.nds.dirxml.driver.soap.SOAPDriver

Native

This option is not used with the SOAP driver.

Connect to Remote Loader

Used when the driver is connecting remotely to the connected system. Designer includes two suboptions:

  • Driver Object Password: Specifies a password for the Driver object. If you are using the Remote Loader, you must enter a password on this page. Otherwise, the remote driver does not run. The Remote Loader uses this password to authenticate itself to the remote driver shim.

  • Remote Loader Client Configuration for Documentation: Includes information on the Remote Loader client configuration when Designer generates documentation for the driver.

A.1.2 Driver Object Password (iManager Only)

Table A-2 Driver Object Password

Option

Description

Driver Object Password

Use this option to set a password for the driver object. If you are using the Remote Loader, you must enter a password on this page or the remote driver does not run. This password is used by the Remote Loader to authenticate itself to the remote driver shim.

A.1.3 Authentication

The authentication section stores the information required to authenticate to the connected system.

Table A-3 Authentication

Option

Description

Authentication ID

or

User ID

This option is not used with the SOAP driver. The SOAP driver requires separate authentication settings for both the Publisher channel and the Subscriber channel.

Authentication Context

or

Connection Information

This option is not used with the SOAP driver.

Remote Loader Connection Parameters

or

Host name

Port

KMO

Other parameters

Used only if the driver is connecting to the application through the remote loader. The parameter to enter is hostname=xxx.xxx.xxx.xxx port=xxxx kmo=certificatename, when the host name is the IP address of the application server running the Remote Loader server and the port is the port the remote loader is listening on. The default port for the Remote Loader is 8090.

The kmo entry is optional. It is only used when there is an SSL connection between the Remote Loader and the Metadirectory engine.

Example: hostname=10.0.0.1 port=8090 kmo=IDMCertificate

Driver Cache Limit (kilobytes)

or

Cache limit (KB)

Specify the maximum event cache file size (in KB). If it is set to zero, the file size is unlimited.

Click Unlimited to set the file size to unlimited in Designer.

Application Password

or

Set Password

This option is not used with the SOAP driver.

Remote Loader Password

or

Set Password

Used only if the driver is connecting to the application through the Remote Loader. The password is used to control access to the Remote Loader instance. It must be the same password specified during the configuration of the Remote Loader on the connected system.

A.1.4 Startup Option

The Startup Option section allows you to set the driver state when the Identity Manager server is started.

Table A-4 Startup Option

Option

Description

Auto start

The driver starts every time the Identity Manager server is started.

Manual

The driver does not start when the Identity Manager server is started. The driver must be started through Designer or iManager.

Disabled

The driver has a cache file that stores all of the events. When the driver is set to Disabled, this file is deleted and no new events are stored in the file until the driver state is changed to Manual or Auto Start.

Do not automatically synchronize the driver

This option only applies if the driver is deployed and was previously disabled. If this is not selected, the driver re-synchronizes the next time it is started.

A.1.5 Driver Parameters

The Driver Parameters section lets you configure the driver-specific parameters. When you change driver parameters, you tune driver behavior to align with your network environment.

The parameters are presented by category:

Table A-5 Driver Settings

Option

Description

<nds>, <input>, <output> Element Handling

Specify Remove/add elements if you want the driver shim to remove and add the required XML elements <nds>, <input>, and <output>.

The required elements are removed from XML documents sent to the application and are added to XML documents received from the application before presenting the document to the Metadirectory engine. Otherwise, specify Pass elements through to turn off this element handling.

Custom Java Extensions

Select Show if you have developed custom Java classes to extend the driver shim’s functionality. Otherwise, select Hide.

For more information, see Section B.0, Using Java Extensions.

Document Handling

Select Implemented if you have developed a custom Java class to process data as XML documents.

Byte array handling

Select Implemented if you have developed a custom Java class to process data as a byte array.

Subscriber Transport Layer Replacement

Select Implemented if you have developed a custom Java class to replace the default HTTP transport layer for the Subscriber channel.

Publisher Transport Layer Replacement

Select Implemented if you have developed a custom Java class to replace the default HTTP transport layer for the Publisher channel.

Schema

Select Implemented if you have developed a custom Java class to provide the application schema to the driver.

Table A-6 Subscriber Settings

Option

Description

URL of the Remote DSML Server

or

URL of the Remote SPML Provisioning Service Point

Specify the URL of the remote server and the port number that the server listens on.

The URL should begin with http:// unless you have configured SSL settings, in which case it should begin with https:// and use a DNS hostname rather than an IP address.

(Conditional) Authentication ID

If the remote server requires an authentication ID, specify the ID in the field. Otherwise, leave the field empty.

Authentication Password

Specify the authentication password for the remote server if you specified an Authentication ID above. Otherwise, leave the field empty.

If you need to clear the password, select Remove existing password, then click Apply.

Truststore File

Specify the name and path of the keystore file containing the trusted certificates used when the remote server is configured to provide server authentication. For example: c:\security\truststore. Leave this field empty when server authentication is not used.

Set mutual authentication parameters

Specify Show to set mutual authentication information. Specify Hide to not use mutual authentication.

Proxy Host and Port

Specify the host address and the host port when a proxy host and port are used. For example: 192.10.1.3:18180.

Or, if a proxy host and port are not used, leave this field empty.

Handle HTTP session cookies

Some HTTP applications set cookies and expect them to be present on future requests. Select Handle Cookies if you want the driver to keep track of session cookies.

Cookies are only kept until the driver is stopped.

Process empty subscriber documents

Indicates whether or not the Subscriber channel should send the empty documents to the target application. Documents could be empty if the policy or the style sheets strip the XML without vetoing the command.

Customize HTTP Request Header Fields

Select Show to enable customized header fields or select Hide to disable the feature. Each of the following fields is conditional, depending on if you select User or Ignore.

  • Authorization: If you select Use, specify the key and value in the appropriate fields. This header is automatically used if you enter an authentication ID and password in the Subscriber Settings.

  • Context Type: If you select Use, specify the key and value in the appropriate fields.

  • SOAPAction: If you select Use, specify the key and value in the appropriate fields.

  • Optional Request Header: If you select Use, specify the key and value in the appropriate fields. You can specify up to three optional request headers.

Table A-7 Publisher Settings

Option

Description

Listening IP address and port

Specify the IP address of the server where the SOAP driver is installed and the port number that this driver listens on.

If you imported a sample configuration file, this field contains the IP address and port that you specified in the wizard.

Authentication ID

Specify the Authentication ID of the remote server to validate incoming requests. If the remote server does not send an Authentication ID, leave this field empty.

If you imported a sample configuration file, this field contains the IP address and port that you specified in the wizard.

Authentication Password

Specify the authentication password of the remote server to validate incoming requests if you entered an Authentication ID above. Otherwise, leave these fields empty.

If you need to clear the password, select Remove existing password, then click Apply.

KMO name

Specify the KMO name to be used in eDirectory.

When the server is configured to accept HTTPS connections, this name becomes the KMO name in eDirectory. The KMO name is the name before the “-” (dash) in the RDN.

Leave this field empty when a keystore file (see Keystore file below) is used or when HTTPS connections are not used.

Keystore file

Specify the keystore name and path to the keystore file. This file is used when the server is configured to accept HTTPS connections.

Leave this field empty when a KMO name is used (see KMO name above) or when HTTPS connections are not used.

Keystore password

Specify the keystore file password used with the keystore file specified above when this server is configured to accept HTTPS connections.

Leave this field empty when a KMO name is used or when HTTPS connections are not used.

Server key alias

Specify a Server key alias when this server is configured to accept HTTPS connections.

Leave this field empty when a KMO name is used or when HTTPS connections are not used.

Server key password

When this server is configured to accept HTTPS connections, this is the key alias password (not the keystore password). Leave this field empty when a KMO name is used or when HTTPS connections are not used.

Require mutual authentication

When using SSL, it is common to do only server authentication. However, if you want to force both client and server to present certificates during the handshake process, you should require mutual authentication.

Heartbeat Interval in Seconds

Specify the heartbeat interval in seconds.

Leave this field empty to turn off the heartbeat.

NOTE:A SOAP client calling the web service in the publisher channel must specify a URL ending with a slash. For example, http://1.1.1.1:9095/. Without a context path (the slash), the driver does not process the request received.