The LDAP driver supports these standard driver features:
You can install the LDAP driver locally or remotely.
An installation on the same computer where an Identity Vault and the Metadirectory engine are installed is referred to as a local configuration. The following figure illustrates a local configuration:
Figure 1-2 A Local Configuration
If platform or policy constraints make a local configuration difficult, you can install the LDAP driver on the server hosting the target LDAP server. This installation is referred to as a remote configuration and requires the use of the Remote Loader service.
Although a remote configuration is possible, it provides little additional flexibility because of the following:
The driver can run on any Identity Vault platform.
The driver communicates with the LDAP server on any platform across the wire via the LDAP protocol.
See System Requirements
in the Identity Manager 4.0 Framework Installation Guide for information about the supported platforms for the Metadirectory server and Remote Loader.
The provided sample configuration for the LDAP driver supports Account and Group Membership entitlements. For more information about entitlements, see the Identity Manager 4.0 Entitlements Guide.
The LDAP driver supports password synchronization on the Subscriber channel, meaning that you can send passwords from the Identity Vault to any connected LDAP directory.
Password synchronization on the Publisher channel (LDAP directory to Identity Vault) is supported with Sun Java System Directory version 5.2 and Sun Java System Directory Server Enterprise Edition version 6.3.Section 2.2, Installing the Identity Manager Plug-Ins for Password Synchronization with Sun Java System Directory.
. See