Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.
The GroupWise driver includes many GCVs. You can also add your own if you discover you need additional ones as you implement policies in the driver.
To access the driver’s GCVs in iManager:
Click to display the Identity Manager Administration page.
Open the driver set that contains the driver whose properties you want to edit.
In the
list, click .If the driver set is not listed on the
tab, use the field to search for and display the driver set.Click the driver set to open the Driver Set Overview page.
Locate the driver icon, click the upper right corner of the driver icon to display the
menu, then click .or
To add a GCV to the driver set, click
, then click .To access the driver’s GCVs in Designer:
Open a project in the Modeler.
Right-click the driver icon or line, then select
or
To add a GCV to the driver set, right-clickthe driver set icon , then click
.The global configuration values are organized as follows:
GroupWise Domain Database Version: The version of the GroupWise domain database to which this driver should connect.
Default Sync Destination: GroupWise Post Office Specify the GroupWise post office in which newly added eDirectory objects are created. Use the GW\GWSystem\PO1.
button to select the GroupWise post office or specify the GroupWise post office name as an eDirectory distinguished name (DN) in slash format. For example:Enforce Admin Lockout Setting: Enforces the Minimum Snap-in Release Version and Minimum Snap-in Release Date set in the
tab of System Preferences in ConsoleOne. If the domain to which the driver connects has overridden these settings, the domain settings are used. This means that the GroupWise driver must be running with GroupWise support files equal to or later than these settings.Normally, it is set to
. You might need to set it to , if the GroupWise support pack is installed and ConsoleOne is configured to lock out previous versions. enforces this lockout setting. disables this lockout setting.Synchronize Groups: Allows the driver to synchronize eDirectory groups to GroupWise distribution lists.
enables the synchronization. disables the synchronization.Cleanup Group Membership: Available only if
is set to . Removes the user from the Group Membership attribute when the user is removed from the GroupWise distribution lists.Synchronize GroupWise Distribution Lists: Select
if you want this driver to synchronize eDirectory’s GroupWise Distribution List objects with distribution lists in GroupWise. By default, it is set to .Synchronize GroupWise External Entity Objects: Select
to synchronize eDirectory’s GroupWise External Entity objects with external users in GroupWise. By default, it is set to .GroupWise Calendar Host URL: Specify the calendar publishing host URL. This URL is used by the groupWise external user if the GroupWise domain allows busy search for the external users. This option is available only if
is set to .Sync GroupWise External Entities to this Domain: Available only if
is set to . Specify a non-GroupWise domain name that exists within the GroupWise system. This domain must host at least one external post office, defined in .Sync GroupWise External Entities to this External Post Office: Available only if
is set to . Specify an external post office name that exists within the GroupWise system. This post office must be subordinate to the GroupWise domain defined in .Synchronize eDir OrgUnit To GroupWise External Post Office: Allows the driver to synchronize eDirectory organizational units to GroupWise external post offices.
enables the synchronization. disables the synchronization.Create External Post Offices in the Non-GroupWise Domain: Available only if
is set to . Specify a non-GroupWise domain name that exists within the GroupWise system. This domain hosts the external post offices created by the GroupWise driver when synchronizing eDirectory organizational units to GroupWise post offices.Create Nicknames: Allows the driver to create GroupWise nicknames when GroupWise accounts are renamed or moved to another post office.
creates nicknames when the accounts are renamed or moved. does not create nicknames when the accounts are renamed or moved.Delete All Nicknames: Allows the driver to delete GroupWise nicknames when GroupWise accounts are renamed or moved to another post office.
. does not delete nicknames when the accounts are renamed or moved.If both
and are set to , on renaming of a user, all the old nicknames are deleted and the user is renamed to the new name. The old user name is added as a nickname. For example, a user name is renamed from User3 to User4 and User3 has two nickname records of User1 and User2. The renaming event renames User3 to User4. Only User3 is added to the nickname record.Reassign Resource Ownership: The driver reassigns ownership of resources when GroupWise accounts are disabled or expired.
assigns the resources to the default User ID you specify in the next parameter. This setting does not apply when a GroupWise account is deleted because the resources must be reassigned. is the default.
Default Resource Owner User ID: Specify the prefix of the default user to become the new owner of resources that are reassigned. The default is IS_admin.
You must specify this name even when the
option is . When a GroupWise account is deleted, its resources are assigned to this account. If the default User ID does not have a GroupWise account in the post office of the deleted account, an account is created.IMPORTANT:The driver does not start if a default user prefix is not specified.
Create Accounts During Migration: Allows the driver to create new GroupWise accounts for users without a current account during a migration from eDirectory.
allows the accounts to be created. does not create the accounts.Migration causes Identity Manager to examine every object specified. When an object does not have a driver association, the Create policy is applied. If the object meets the Create rule criteria, the object is passed to the driver as an Add event. When you specify
, the driver creates a GroupWise account. When is specified, the Add event is ignored and the driver issues a warning that this option is set to . The default value is .Migration sets the driver association on all users with GroupWise accounts. See Section 3.3, Associating Identity Vault Users and GroupWise Users for more information.
Action On eDirectory GroupWise External Entity Delete: Select the action you want the driver to take on an associated GroupWise account (mailbox), when a GroupWise external entity is deleted in eDirectory. The options are:
Action On eDirectory GroupWise External Entity Expire/Unexpire: Select the action you want the drive to take on the associated GroupWise account (mailbox), when an expired or unexpired GroupWise external entity logs into eDirectory. The options are:
Action On eDirectory GroupWise External Entity Disable/Enable: Select the action you want the driver to take on the associated GroupWise account (mailbox), when a disabled or enabled GroupWise external entity logs into eDirectory. The options are:
Remove GroupWise External Entity from all Distribution Lists on expire: Select
if you want the driver to remove the GroupWise external entity from all distribution lists when the GroupWise account is expired; otherwise, select .Remove GroupWise External Entity from all Distribution Lists on disable: Select
if you want the driver to remove the GroupWise external entity from all distribution lists when the GroupWise account is disabled; otherwise, select .Publisher Heartbeat interval: Specify the Publisher channel heartbeat interval in minutes. Enter 0 to disable the heartbeat.
There are multiple sections in the
tab. Depending on which packages you installed, different options are enabled and displayed. This section documents all of the options.Use Driver GWAccount Entitlement: Select
to allow the driver to manage GroupWise accounts based on the GroupWise account entitlement. Select to not use the GroupWise account entitlement.If you select
, the following options are not displayed.Account On GroupWise Account Entitlement Add: Select the action you want the driver to take on the associated GroupWise account (mailbox), when a user is created in the Identity Vault with a GroupWise account entitlement. The options are:
Action On GroupWise Account Entitlement Remove: Select the action you want the driver to take on the associated GroupWise account (mailbox), when a user’s GroupWise account entitlement is removed. The options are:
Data collection enables the Identity Report Module to gather information to generate reports. For more information, see the Identity Reporting Module Guide.
Enable data collection: Select
to enable data collection for the driver through the Data Collection Service by the Managed System Gateway driver. If you are not going to run reports on data collected by this driver, select .Allow data collection from user accounts: Select
to allow data collection by the Data Collection Service through the Managed System Gateway driver for the user accounts.The Role Mapping Administrator allows you to map business roles with IT roles. For more information, see the Novell Identity Manager Role Mapping Administrator 4.0.1 User Guide.
Enable role mapping: Select
to make this driver visible to the Role Mapping Administrator.Allow mapping of user accounts: Select
if you want to allow mapping of user accounts in the Role Mapping Administrator. An account is required before a role, profile, or license can be granted through the Role Mapping Administrator.The Roles Based Provisioning Module allows you to map resources to users. For more information, see the User Application: Administration Guide.
Enables resource mapping: Select
to make this driver visible to the Roles Based Provisioning Module.Allow mapping of user accounts: Select
if you want to allow mapping of user accounts in the Roles Based Provisioning Module. An account is required before a role, profile, or license can be granted.Account tracking is part of the Identity Reporting Module. For more information, see the Identity Reporting Module Guide.
Enable account tracking: Set this to
to enable account tracking policies. Set it to if you do not want to execute account tracking policies.Realm: Specify the name of the realm, security domain, or namespace in which the account name is unique.
Object Class: Add the object class to track. Class names must be in the application namespace.
Identifiers: Add the account identifier attributes. Attribute names must be in the application namespace.
Status attribute: Name of the attribute in the application namespace to represent the account status.
Status active value: Value of the status attribute that represents an active state.
Status inactive value: Value of the status attribute that represents an inactive state.
Subscription default status: Select the default status the policies assume when an object is subscribed to the application and the status attribute is not set in the Identity Vault.
Publication default status: Select the default status the policies assume when an object is published to the Identity Vault and the status attribute is not set in the application.
The following GCVs control the follow of passwords between GroupWise and the Identity Vault. For more information about how to use the Password Management GCVs, see Configuring Password Flow
in the Identity Manager 4.0.1 Password Management Guide.
Set the initial/default GroupWise password on account creation: If
, the GroupWise initial/default password is set when an account is created. The initial password value is specified in the Create policy. If , the initial password is not set.GroupWise has two passwords, the initial password and the regular password. The initial password is stored in clear text and can be seen by an admin. The regular password is encrypted and cannot be viewed. When it is set, the regular password is used by GroupWise instead of the initial password. When a GroupWise user changes his or her password, it is stored as the regular password. For security, the initial password is never set to a password sent from eDirectory.
Synchronize the eDirectory password to the GroupWise regular password: If
, allows passwords to flow from eDirectory to GroupWise. If , the regular password is not set.GroupWise has two passwords, the initial password and regular password. The initial password is stored in clear text and can be seen by an admin. The regular password is encrypted and cannot be viewed. When it is set, the regular password is used by GroupWise instead of the initial/default password. When a GroupWise user changes his or her password, it is stored as the regular password. For security, the initial password is never set to a password sent from eDirectory.
These settings help the Identity Reporting Module function to generate reports. For more information, see the Identity Reporting Module Guide.
Name: A descriptive name for this GroupWise system. The name is displayed in the reports.
Description: A brief description of this GroupWise system. The description is displayed in the reports.
Location: The physical location of the GroupWise system. This information is displayed in the reports.
Vendor: Select
as the vendor of this system. The vendor information is displayed in the reports.Version: Version of this GroupWise system. The version is displayed in the reports.
Business Owner: A user object in the Identity Vault that is the business owner of this GroupWise system. This can only be a user object, not a role, group, or container.
Application Owner: A user object in the Identity Vault that is the application owner for this GroupWise system. This can only be a user object, not a role, group, or container.
Classification: The classification for this GroupWise system in your environment. For example, Mission-Critical. This information is displayed in the reports.
Environment: The type of environment the GroupWise system provides. For example, development, test, or production. This information is displayed in the reports.
ID: A unique ID for the GroupWise system. This ID is displayed in the reports.
Type: The type of system the GroupWise system provides in your environment. This information is displayed in the reports.
Authentication IP Address: The IP address used to authenticate to the GroupWise system.
Authentication Port: The port used to authenticate to the GroupWise system.
Authentication ID: The user ID used to authenticate to the GroupWise system.