The following table contains the various Global Configuration Values available for the SIF driver on the Global Config Value page. After the driver is created, review these setting to make sure the proper options are set for your environment.
Table B-1 Global Configuration Values
|
Field Name |
Description |
|---|---|
|
Driver Configuration |
|
|
|
The container below which User IDs must be unique. When creating a new User object, the driver searches the Identity Vault to verify that the new User ID is not already in use. This container and all subcontainers are searched. Choose the district container or a container that is high enough in the tree that user IDs are unique for all students and staff. For example, for the environment shown in Figure 2-6, you would specify the District container. This search container is used for all zones. If you select Yes in the field, only users in this container and its subcontainers are sent to SIF. |
|
|
This option lets you decide whether you want the driver to manage accounts that you already have created in the Identity Vault, before using this driver. The SIF Driver can match students and staff in the Student Information System (SIS) with preexisting Identity Vault users only if the Identity Vault user attribute DirXML-sifSISID contains the student’s or staff’s ID number. Select if one of the following is true:
Otherwise, select . If is specified, the command can be used to add or update all SIF users into the Identity Vault. If is specified, the command is ignored to prevent duplicate users from being created in the Identity Vault. This field does not apply to users added to the Identity Vault by this driver. Identity Manager can always match these Identity Vault users with Student Information System users, and these Identity Vault users are always kept current with changes from the Student Information System. For more information on how to make this decision, see Section 5.4, Synchronizing the Identity Vault the First Time. |
|
|
Select if you want changes made to users in the Identity Vault to be sent to SIF. You might want to do this for the following reasons:
Otherwise, select . |
|
|
Select if you want new users in the Identity Vault to be sent to SIF. You might want to do this if your Student Information System is not SIF-enabled and you want the Novell SIF Driver to inform SIF of new students and staff. If you select Yes you should also set “Send user updates to SIF” to Yes. Otherwise, select . |
|
|
Send an e-mail notification when an Identity Vault account’s User ID is renamed or when a new user is created with a non-standard User ID. User IDs must be unique. When the driver receives information for a new student from the Student Information System, it follows the format for creating the User ID that you chose in the User ID Format. Before creating the User object, the driver searches for a duplicate ID starting with the container you specified in the Search container DN. If the driver finds the user ID already exists, the driver creates a unique ID by appending a digit to it. For example, if Dawn Smith had the User ID of DSmith, and a new user named David Smith were added, the driver place him in the appropriate container and would give David the User ID: DSmith1. Also, when an Identity Vault user account is renamed by the driver, an e-mail notification can be sent. Select Yes if you want e-mail notifications sent. You must have a local SMTP server. Otherwise, select No. If you select , you are presented with the following four additional prompts:
|
|
|
Select the Student Information Management System you are using. This information is used to accommodate unique features about each SIS. Select if the SIS you are using is not listed. Select if you want to manage student accounts in the Identity Vault, otherwise select . |
|
Student Configuration |
|
|
|
Select if you want to manage student accounts in the Identity Vault. Otherwise, select |
|
|
Configure the Student user ID format. The format is composed of five parts. The five parts are concatenated to produce the user ID. See the description and example in Section 2.4, Specifying the Pattern for User IDs. |
|
|
Select if you want student user accounts in the Identity Vault renamed when any of the attributes change that are used to build the User CN (the attributes you select in Student user ID format). Otherwise, select See in the Driver Configuration options above. |
|
|
Select the criteria used to place students in the Identity Vault tree.
|
|
|
Select a password format for students.
|
|
|
If you selected in the field above, specify the password you want to be assigned to new student users. Otherwise, leave this field blank. |
|
Staff and Employee Configuration |
|
|
|
Select if you want to manage staff and employee accounts in the Identity Vault. Otherwise, select . Typically StaffPersonal objects are maintained by the SIS and EmployeePersonal objects are maintained by the HR system. When you select there are additional options. These options are documented below. |
|
|
|
|
|
Configure the . The format is composed of five parts. The five parts are concatenated to produce the user ID. See the description and example in Section 2.4, Specifying the Pattern for User IDs. |
|
|
Select if you want staff user accounts in the Identity Vault renamed when any of the attributes change that are used to build the User CN (the attributes you specify in Staff user ID format). Otherwise, select . See in the Driver Configuration options above. |
|
|
Select a password format for staff.
|
|
Staff preset text for password |
If you select in the field above, specify the password you want to be assigned to new staff users. Otherwise, leave this field blank. |
|
Zone Configuration |
|
|
|
Configuration information for each SIF Zone the driver connects to. Select to use the zone. Select if you do not need the zone. The driver can connect up to ten Zones. You can use as many or as few Zones as needed for your environment. The order of the Zones is not important. through contain the same fields. You specify the information for each Zone. |
|
|
Select if the driver is to connect to this Zone. Select if the driver is to ignore these parameters. The connection to a configured Zone is disabled, for example, when testing an individual Zone or when a Zone is offline. |
|
|
The URL of the SIF Zone Integration Server (ZIS) this driver connects to. The URL can be obtained from the ZIS administrator. It is case sensitive. The protocol is HTTP (Hypertext Transfer Protocol) or HTTPS (Secure Hypertext Transfer Protocol). If you have DNS, you can use the hostname; otherwise, use the IP address. Example URLs are http://www.myzis.com/Zone1 https://1.2.3.4:123/Zone2 When https is specified, the CA certificate for the ZIS must be placed in the java-home\jre\lib\security\jssecacerts keystore file. For more information on how to set this up after importing the driver, see Section 6.2, Setting Up Security. |
|
|
The DN of the Incomplete container. If the grade or school for a student is not provided by the Student Information System, the user is created in the Incomplete container with login disabled. No template is used when creating the user. When the Student Information System provides the missing information, the user is deleted from this container, and created in the correct container. Browse and select the Incomplete container you created for this Zone. This is the Incomplete container that you created during planning, in Identifying “Incomplete” Containers. |
|
|
A student’s login is disabled when he or she withdraws from school. If you want the student moved when the login is disabled, browse and select the Disabled container you created for this Zone. If you do not want the user moved, leave this field blank. |
|
|
If you are managing SIF staff users, browse and select the container where you want staff users to be placed for this Zone. Leave this field blank if you are not managing staff users. |
|
|
If you are managing SIF staff users, browse and select the eDirectory Template object you want to be used when creating staff users. Leave this field blank if you are not managing staff users or if you are not using a template. |
|
Student Placement |
|
|
|
Use this field to separate school configurations. Use this section to configure the placement of students in the same school. It places students in an eDirectory container based on their school code, graduation year, or grade level. You need to know the values your Student Information System (SIS) uses for schools, graduation years, and grades. Complete as many Student group placement entries as you need to in order to place all students. Use to use the fields. Use if you do not need all ten options. through contain the same fields. Use the additional field to define information specific for each school you administer. |
|
|
The value of this field is based on your criteria. If you specified or enter the school code for this group of students exactly as it is specified in the Student Information System. Contact the administrator to find out the school code. This code might be alpha, numeric, or a combination. If you specified or in , type all. It must be all lowercase. |
|
|
This section lets you configure the placement of a group of students in the Identity Vault. Students are placed in an eDirectory container based on their school code, graduation year, or grade level. You need to know the values your Student Infomration System (SIS) uses for schools, graduation years and grades. Complete as many entries as you need to place all students. through contain the same fields. Use the additional fields to place additional groups of users. To use a fields set the option to . If you do not need all six fields, set any fields not in use to If you need more than six for this school, use additional with the same school code. |
|
|
Fill in this field based on your choice in the , in the STUDENT CONFIGURATION section. If you specified in , specify the grade level code exactly as it is specified in the SIS. If you specified or in Student Placement Is by, specify the graduation year exactly as it is specified in the SIS. If you specified in Student Placement Is by, type all. It must be all lowercase. |
|
|
Browse and select the eDirectory container where you want this group of students to be placed. |
|
|
Browse and select the eDirectory template you want to be used when creating users for this group of students. Leave this field blank if you are not using a template. |
|
SIF Provider Configuration Configure this section only when this driver is the SIF provider for student and staff information, as described in Sending Data from the Identity Vault to SIF. You might want to do this if your Student Information System is not SIF-enabled, and you want the driver to be the SIF provider of student and staff information. Being the provider means this driver responds to SIF queries for information about students and staff. |
|
|
|
Select if you want this driver to be the SIF provider for student and staff information. If you select Yes, other settings are displayed. You might want to do this if your Student Information System is not SIF-enabled and you want the Novell SIF Driver to be the SIF provider of student and staff information. Being the provider means this driver responds to SIF queries for information about students and staff. See Sending Data from the Identity Vault to SIF. If you select , you must also set to and to , and configure one or more sets of School Information. Otherwise, select . |
|
|
This field is used to separate school configurations. This prompt and its sub-prompts are only used if you set to . This information is used so the SIF Driver can provide the SIF SchoolInfo objects. You need to know the value your Student Information System uses for each school. Complete as many School Information entries as you need to define all schools. |
|
|
Specify the school code exactly as it is specified in the Student Information System. |
|
|
Specify the school name as it is specified in the Student Information System. |
|
|
Specify the Zone number (1-10) this school belongs to. |
|
Password Configuration By default, this section has a setting of Hide. It is used only if you want the driver to exchange passwords between the Identity Vault and the SIF zones. |
|
|
|
The only settings you should edit here are the ones listed in this table. The others are GCVs regarding Password Synchronization that
are common to all drivers. They should be edited using iManager
in > ,
not here. Some of them have dependencies on each other that are
represented only in the iManager interface. They are explained in |
|
|
If set to , the SIF driver sends user passwords in the Identity Vault to the Zone. Passwords are sent as SIF Authorization objects. Other SIF-enabled applications can subscribe to the Zone to receive the passwords. You would set this parameter to when other SIF-enabled applications want to use the user’s network password. When a Distribution Password is set for a new user or when a Distribution Password is changed in the Identity Vault, the Novell SIF driver sends a SIF Authorization object containing the password to the Zone. |
|
|
If set to , the SIF Driver sets user passwords in the Identity Vault to the passwords received from the Zone. The passwords are received as SIF Authorization objects. The passwords are published to the Zone by other SIF-enabled applications. You would set this parameter to if you want the network password to be generated by another SIF-enabled application. For example, you have a SIF-enabled application in the Zone that generates a password for each user. When the Novell SIF driver receives the password in a SIF Authorization object, the corresponding user’s eDirectory password is set to this value. If this parameter is set to , we recommend that the Novell SIF driver also be configured to set a password for each new user. There might be a delay between the creation of the user account and when the password is received, and it is best to make sure the account is protected by a password at all times. |