2.3 Installing the Driver

You install the driver as part of the Novell Identity Manager installation program. As part of installing the driver, you will complete the following tasks:

2.3.1 Importing the Driver Configuration

The Create Driver Wizard helps you import the basic driver configuration file. This file creates and configures the objects and policies needed to make the driver work properly.

The following instructions explain how to create the driver and import the driver’s configuration.

  1. In Novell iManager, click Identity Manager Utilities > Create Driver.

  2. Select a driver set.

    If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.

  3. Select Import a Driver Configuration from the Server, then select SAPUser.xml.

    The driver configuration files are installed on the Web server when you install Identity Manager. During the import, you are prompted for the driver’s parameters and other information. Refer to Configuration Information for more information.

  4. Specify the driver’s parameters (refer to Section 2.3.2, Configuration Information for details), then click OK to import the driver.

    When the import is finished, you can define security equivalences and exclude administrative roles from replication.

    The driver object must be granted sufficient eDirectory rights to any object it reads or writes. You can do this by granting Security Equivalence to the driver object. The driver must have Read/Write access to users, post offices, resources, and distribution lists, and Create, Read, and Write rights to the post office container. Normally, the driver should be given security equal to Admin.

  5. Review the driver objects in the Summary page, then click Finish.

2.3.2 Configuration Information

As you import the driver configuration file, you will be prompted for the following information, depending on the configuration selections you made.

Parameter Name

Parameter Description

Driver name

The actual name you want to use for the driver.

SAP Application Server

The host name or IP address for connecting to the appropriate SAP application server. This is referred to as the “Application Server” in the SAP logon properties.

SAP System Number

The SAP system number of the SAP application server. This is referred to as the “System Number” in the SAP logon properties. The default value is 00.

SAP Client Number

The client number to be used on the SAP application server. This is referred to as the “Client” in the SAP logon screen.

SAP Session Language Code

The language code this driver will use for the SAP session. This is referred to as the “Language” in the SAP logon screen.

SAP User ID

The ID of the user this driver will use for the SAP system logon. This is referred to as the “User” in the SAP logon screen.

SAP User Password

The User password this driver will use for the SAP system logon. This is referred to as the “Password” in the SAP logon screen.

Publisher Channel Enabled

Select whether or not you want to enable the driver’s Publisher channel.

User Object Container (Conditional)

The name of the eDirectory Organizational Unit object where Users from the SAP system will be placed. This is only used if the Publisher channel is enabled.

Publisher Channel Port Type (Conditional)

Set to TRFC if the driver will instantiate a JCO Server to receive data distribution broadcasts from the SAP ALE system. Set to FILE if the driver will consume text file IDocs distributed by the SAP ALE system. This is only used if the Publisher channel is enabled.

Publisher IDoc File Directory (Conditional)

The file system location where the SAP User IDoc files are placed by the SAP ALE system (FILE port configuration) or by the driver (TRFC configuration.) This setting is only used if the Publisher channel is enabled.

SAP Gateway ID (Conditional)

If the Publisher channel port type is TRFC, this parameter specifies the gateway that distributes User data to the driver. This setting is only used if the Publisher channel port type is TRFC.

The default form of this parameter is sapgw<SAP System Number>. The default value is sapgw00.

TRFC Program ID (Conditional)

If the Publisher channel port type is TRFC, this parameter identifies the JCO server program in the driver for the SAP gateway. This setting is only used if the Publisher channel port type is TRFC.

The program ID is a case-sensitive text identifier.

Install Driver as Remote/Local

Configure the driver for use with the Remote Loader service by selecting the Remote option, or select Local to configure the driver for local use. If Local is selected, you can skip the remaining parameters.

Remote Host Name and Port (Conditional)

Specify the host name or IP address and port number for where the Remote Loader service has been installed and is running for this driver. The default port is 8090.

This setting is only used if you are using the Remote Loader to run the driver.

Driver Password (Conditional)

The driver object password is used by the Remote Loader to authenticate itself to the Identity Manager server. It must be the same password that is specified as the driver object password on the Remote Loader.

This setting is only used if you are using the Remote Loader to run the driver.

Remote Password (Conditional)

The Remote Loader password is used to control access to the Remote Loader instance. It must be the same password that is specified as the Remote Loader password on the Identity Manager Remote Loader.

This setting is only used if you are using the Remote Loader to run the driver.

The following additional driver parameters are set to default values during the import process, but they can be modified in iManager (by clicking the Driver Configuration tab on the driver object.)

Parameter name

Parameter Description

Character Set Encoding

The code for the character set to translate IDoc byte-string data into Unicode* strings. An empty value causes the driver to use the host JVM* default.

Publish all Communication Table Values

Set this to Publish Primary if only the primary value of Communicate tables should be synchronized.

or

Set this to Publish All if all values should be synchronized.

Publish Company Address Data

By default, an SAP User record does not include Company Address information. That data is kept in a related table. Use this parameter to specify if you want the driver to retrieve the data from the appropriate company record. Regardless of the option you specify, Company Address information cannot be updated in SAP.

Set this to Include Company Address to populate User Company Address information for the Publisher and Subscriber channel queries.

or

Set this to Ignore Company Address if you do not want this functionality.

Require User to Change Set Passwords

The Subscriber channel can be configured to handle a User password set operation in two methods.

Select Change Required if passwords must be changed immediately at the user’s next login.

or

Select No Change Required if you do not want this functionality.

Communication Table Comments

The communication table comment is a text comment the driver adds to all Communication table entries added by the Subscriber channel. This is a useful method for determining where an entry originated from when viewing values via the SAP GUI. Leaving this field blank provides no comment to the table entries.

Poll Interval (seconds)

Specifies how often the Publisher channel polls for unprocessed IDocs. The default value is 10 seconds.

Future-dated Event Handling Option

The behavior of this option is based on the values of the User record’s Logon Data “Valid From” date (LOGONDATA:GLTGV) when IDocs are processed by the Publisher channel. This field does not need to be in the Publisher filter for this processing to occur.

There are four possible values for this parameter: 0 - Indicates that all attributes are processed by the driver when the IDoc is available. No future-dated processing is performed. 1 - Indicates that only attributes that have a current or past time stamp are processed by the driver when the IDoc is available. Future-dated infotype attributes are cached in a .futr file to be processed at a future date. 2 - Indicates that the driver blends options 1 and 2. All attributes are processed, with a time stamp, at the time the IDoc is available. All future-dated infotype attributes are cached in a .futr file to be processed at a future date. 3 - Indicates that the driver processes all events at the time the IDoc is made available. All future-dated infotype attributes are cached in a .futr file to be processed again on the next calendar day. This continues until the attributes are sent for a final time on the future date.

Generate TRFC Trace Files

If a TRFC port is configured for use by the Publisher channel, this option allows the driver to turn on the SAP JCO tracing capability. Enter Disable if you do not desire this functionality, or enter Enable to activate it. Trace files are generated in either the Identity Manager or Remote Loader root directory and are identified by a .trc extension. The default value is Disabled.

2.3.3 Extending the Schema

If you want to use the default configuration, you need to extend the eDirectory schema. This provides greater abilities to administrate the User Management functions of SAP R/3 and Enterprise R/3 systems. We recommend applying a set of schema extensions to the eDirectory tree that will synchronize with the SAP system.

During SAP’s development of their own LDAP-based User Administration utilities, a standard set of schema extensions was developed for use with Novell eDirectory. These extensions are contained in the R3-Novell-Ldif-Schema-extension.ldif file. This file is designed to be applied to eDirectory by using the Novell Import Conversion Export (ICE) utility.

In addition to the ldif-format schema extension file, the schema extensions are also available in the sapuser.sch file (the eDirectory standard).

NOTE:Starting with version 1.0.5 of the driver, the sapUsername attribute is no longer a required attribute of the sapAddOnUM auxiliary class in the sapuser.sch file. Because the R3-Novell-Ldif-Schema-extension.ldif file was created by SAP, this attribute remains a required attribute in that file. It is recommended that sapuser.sch should be used for all new deployments requiring schema extension.

IMPORTANT:If you are upgrading an existing driver deployment, the sapuserupgrade.sch or sapuserupgrade.ldif files contain only the updated schema for new functionality provided with driver version 1.0.5 and later.

If you want to extend the schema using the LDIF file, the following instructions help you use the ICE utility. For additional information, refer to the Import Conversion Export utility documentation.

  1. Open the NDS Import/Export Wizard.

  2. Select Import LDIF File, then click Next.

  3. Browse to R3-Novell-Ldif-Schema-extension.ldif, then click Next.

  4. Fill in the appropriate LDAP connection information for the Novell LDAP service, then click Next.

  5. Click Finish to begin the extension process.

2.3.4 Activating the Driver

Activation must be completed within 90 days of installation or the driver will not run.

For activation information, refer to Activating Identity Manager Products in the Novell Identity Manager Installation Guide.