The Identity Manager Driver for SIF comes with a driver configuration file named SIFAgent.xml.
You use a wizard to create a new Driver object based on this configuration file. When you import the configuration file to create or upgrade a driver object, only a few prompts are presented. Most of the driver configuration is done after you import, on the Global Configuration Values page for the driver.
In the driver configuration, you need to specify the DN for these objects.
Designer allows you to import the basic driver configuration file for SIF. This file creates and configures the objects and policies needed to make the driver work properly. The following instructions explain how to create the driver and import the driver’s configuration.
There are many different ways of importing the driver configuration file. This procedure only documents one way.
Open a project in Designer and in the modeler, right-click on the Driver Set object and select
.From the drop-down list, select
, then click .Click
, in the Perform Prompt Validation window. It has you fill in all of the fields to correctly configure the SIF driver.Configure the driver by filling in the fields. Specify information specific to your environment. For information on the settings, see Table 5-1 for more information.
After specifying parameters, click
to import the driver.After the driver is imported, customize and test the driver.
Once the driver is fully tested, deploy
the driver into the Identity Vault. See Deploying
a Driver to an Identity Vault
in the Designer
for Identity Manager 3: Administration Guide.
The Active Directory preconfiguration file is an example configuration file. You installed this file when you installed the Identity Manager Web components on an iManager server. Think of the preconfiguration file as a template that you import and customize or configure for your environment.
In iManager, select
> .Select a driver set, then click
.If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.
Select the
driver, then click .Configure the driver by filling in the configuration parameters. For information on the settings, see Table 5-1.
Define security equivalences using a user object that has the rights that the driver needs to have on the server
The tendency is to use the Admin user object for this task. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
Identify all objects that represent administrative roles and exclude them from replication.
Exclude the security-equivalence object (for example, DriversUser) that you specified in Step 2. If you delete the security-equivalence object, you have removed the rights from the driver. Therefore, the driver can’t make changes to Identity Manager.
Click Finish.
The following table explains the parameters you must provide during initial driver configuration.
Table 5-1 Configuration Parameters for the SIF Driver
Field Name |
Description |
---|---|
|
Specify the name you want to use for the driver object in the Identity Vault. |
|
Specify the name this driver uses to register as a SIF Agent with the Zone Integration Server (ZIS). The driver must have a Zone-unique, case-sensitive name. We recommend that you use the default name, Novell Identity Manager. You need to coordinate with the ZIS administrator to make sure that the same name is used when configuring the ZIS, as described in Configuring the ZIS to Recognize the Driver. |
|
Specify the SIF Specification version you want this driver to use, either SIF Specification 1.1, or SIF Specification 1.5r1. |
|
The SIF Driver can match students and staff in the Student Information System (SIS) with preexisting Identity Vault users only if the eDirectory user attribute DirXML-sifSISID contains the student’s or staff’s ID number. Specify if one of the following is true:
Otherwise, specify .If Yes is specified, the command can be used to add or update all SIF users into the Identity Vault.If No is specified, the command is ignored to prevent duplicate users from being created in the Identity Vault.This field does not apply to users added to the Identity Vault by this driver. Identity Manager can always match these Identity Vault users with Student Information System users, and these Identity Vault users are always kept current with changes from the Student Information System. For more information on how to make this decision, see Section 5.4, Synchronizing the Identity Vault the First Time. |
|
Specify whether to run the driver locally or using Remote Loader. If you specify , and click Next, another page presents a few more items for you to specify regarding Remote Loader configuration.For information about running the driver remotely, see |
After you create the Driver object, configure settings such as the containers to use for students and staff.
In iManager, click
> . Search for and select the driver set.Browse to and click the driver icon, then in the next page, click the driver icon again.
Click the Section B.0, Global Configuration Values for a detailed list of all of the fields.
tab, then specify the following settings. Some of them were specified when creating the driver object; for those items you can simply review the settings to make sure they are correct. SeeFollow the instructions in Section 5.2, Preparing the ZIS and the Student Information System to configure the ZIS to recognize the driver as a SIF Agent.