A driver set is a container that holds Identity Manager drivers. Only one driver set can be active on a server at a time. As a result, all active drivers must be grouped into the same driver set. To view or change settings, double-click a driver set in the Modeler.
When you create an Identity Vault, a driver set is added to the vault by default.
Figure 4-2 A Driver Set in an Identity Vault
You can add other driver sets by dragging the Driver Set object from the palette to the Modeler.
From the
page, you can specify or change driver set values.Table 4-5 Driver Set Settings
Field |
Description |
---|---|
|
The name of the Driver Set object (for example, DriverSet1.) |
|
We recommend that you select this option. For details, see |
|
The Identity Vault assigns the default DN container value to all driver sets. If you specify a DN container here on the Driver Set object, that setting takes precedence over the Identity Vault setting. You can manually enter this value or browse for it. |
You can link in Global Configuration objects to the driver set GCVs. This allows you to reuse Global Configuration objects instead of creating multiple GCVs for the driver set.
To add a Global Configuration object:
Click
, then browse to and select the Global Configuration object.Click
to save the change.You can change the order that the Global Configuration objects are listed by selecting the object, then clicking
or .Global configuration values (GCVs) are settings that are similar to driver parameters. Global configuration values can be specified for a driver set as well as an individual driver. If a driver does not have a GCV, the driver inherits the value for that GCV from the driver set.
GCVs allow you to specify settings for Identity Manager features such as password synchronization and driver heartbeat, as well as settings that are specific to the function of an individual driver configuration. Some GCVs are provided with the drivers, but you can also add your own. You can refer to these values in a policy to help you customize your driver configuration.
To view or change the driver set's GCV settings, double-click the driver set. From the Global Configuration Values page, you can add, edit, or remove values, or edit the XML file for the driver set.
The Java Environment Parameters enable you to configure the Java virtual machine (JVM) on the Metadirectory server associated with the driver set.
Table 4-6 Java Environment Parameters Settings
The
options enable you to view high-level information. For lower-level information, use the option.By default, logging is turned off. To track errors, messages, or events, change the default.
Double-click the driver set.
Select
Select a logging option.
The log option that you select determines which messages are available in the log.
To configure audit instrumentation, select
, click the event selector button, select events, then click .The
option updates the time stamp to indicate the last activity of the driver.Specify the number of entries in the log.
The default is 50 entries (lines) in the log. If you want a longer history, increase the number.
Save changes by clicking
.The driver set log contains messages from the engine when it tries to start or stop drivers. To view the log, use iManager. Select the
icon above the Identity Vault in the .The Named Passwords property page allows you to manage (add, edit, delete) named passwords for the selected driver set. When named passwords are defined in the driver set, the passwords are available to all drivers in the driver set.
NOTE:If you create a named password of the same name in both the driver set and a driver in the driver set, the named password settings in the driver take precedence.
You can define named passwords on both drivers and driver sets. For more information about named passwords, see Section 4.7.8, Driver Named Passwords.
The
option allows you to manage any packages at the driver set level. A package at the driver set level is applied to all of the drivers that reside in the selected driver set.The following table lists the options available to manage packages. For more information about packages, see Section 6.0, Managing Packages.
Table 4-7 Managing Packages Options
After adding one or more servers to the Identity Vault, you can view or change the driver set’s server association.
Select a server in the Section 4.3, Configuring Identity Vaults.
list, then use the arrows to move the server to the list. If a server is not in the list, you must first add it by editing the Identity Vault properties. SeeAlthough a driver set has nothing to trace, you can add a trace level to a driver set. The
setting specifies a trace level used with all drivers associated with the driver set.With the trace set, DS Trace displays Identity Manager and DirXML events as the engine processes the events. The trace level affects each driver in the driver set. Use the trace level for troubleshooting issues with the drivers when they are deployed. DS Trace displays the output of the specified trace level.
IMPORTANT:You should use the trace level only for testing or for troubleshooting driver issues. Setting a driver trace level on a production driver can cause Identity Manager server to process events slowly.
To set a driver set’s trace characteristics:
In the Outline view or Modeler, right-click the driver set, then select
.In the driver properties, select
in the left navigation area.On the Trace page, specify the trace settings for the driver set, then click
.Table 4-8 Driver Set Trace Settings
The following methods help you capture and save Identity Manager trace information.
Open the Control Panel, select
, then click > . A window named NDS Server Trace Utility opens.To set the filters to capture the DirXML trace information:
Click
> > .Click the boxes next to
and , then click .To save the information to a file:
Click
> .A dialog box prompts for a filename.
Enter a filename with the extension of .log.
To stop capturing information, click
> .The file is saved.
Use the ndstrace command at the console to display the Identity Manager events. The exit command quits the trace utility.
Table 4-9 ndstrace Commands
Use iMonitor to get DS Trace information from a Web browser.
Table 4-10 Platforms and Commands for Web Browsers
Platform |
Command |
---|---|
Windows |
ndsimon.dlm |
Linux/Solaris/AIX/HP-UX |
ndsimonitor |
Access iMonitor from http://server_ip:8008/nds (the default port).
Click
.Click
.Click
and .Click
, then click .Click the
document icon to view the live trace.