1.2 Data Flow

This sections explains how the data flows between the NT Domain and the Identity Vault.

1.2.1 Publisher and Subscriber Channels

The driver supports Publisher and Subscriber channels:

  • The Publisher reads events from an NT Domain PDC’s registry and submits that information to the Identity Vault via the Metadirectory engine.
  • The Subscriber watches for additions and modifications to the Identity Vault objects and makes changes to NT Domain that reflect those changes.

1.2.2 Policies

Policies are used to control data synchronization between NT Domain and the Identity Vault. The NT Domain sample driver configuration provides a set of policies, some of which are described in the table below. These policies can be customized through Novell iManager as explained in Section 4.0, Customizing the NT Domain Driver.

Policy

Description

Schema Map

Configured on the driver object.

Maps the following eDirectory User class and properties to NT Domain Username class and attributes:

  • CN, name
  • Description, Comment
  • Full Name, FullName
  • Login Disabled, Disable
  • Password Allow Change, PasswordChange
  • Password Required, PasswordRequired
  • Login Allowed Time Map, LogonHours
  • Login Expiration Time, AcctExpires

Create

Configured on the Publisher channel.

Requires that the Surname attribute must be specified in order for a User object to be created.

NT does not use this attribute, but eDirectory requires it. To satisfy the eDirectory requirement, the Create policy sets a default Surname for all users, Unknown, or you can specify your own when importing the driver configuration.

Matching

Configured on the Publisher and Subscriber channels.

Specifies that a user in the Identity Vault is the same user as a user in NT when the value of CN is the same in both places.

NOTE:Because the NT Domain APIs allow queries for only the user name attribute, this policy should not be changed.

Placement

Configured on the Publisher and Subscriber channels.

Specifies that new users are named by the value of the leafmost part of the source distinguished name and are placed in the containers you defined during driver setup. You should create these containers before you start the driver.