Post-Installation Tasks

This section provides information on the following:

• Importing the Driver Configuration File
• Configuring the Exchange Server
• Installing a Remote Exchange Driver
• Configuring the Driver Filter
• Starting the Driver
• Migrating and Resynchronizing Data
• Activating the Driver

Importing the Driver Configuration File

The sample Exchange 5.5 driver configuration creates and configures the objects needed to make the driver work properly.

For example, consider the following scenario:

You create a driver set and driver object in the lab. After configuring the driver, you save the configuration. To save time and keep the same settings that worked well in the lab, you import the driver's configuration file from the lab environment into your production environment.

1. In iManager, select DirXML Utilities > Import Drivers.

2. Select whether to place the configuration file in a new or existing driver set.

   Select In an Existing Driver Set for the following situations:

   • The driver should be logically grouped with the other drivers in the tree.
   • The server can handle the additional traffic that would the new driver would generate.
   • You want to update or customize an existing driver.

     For example, you can point the driver to a different container but keep all the rules that you have set up.

3. In the Import Drivers dialog box, check the Exchange 5_5 driver, then click Next.

   
   

4. Scroll to the following parameters and provide required information. Refer to the descriptions provided in the interface.

   • Driver name
   • Domain name
   • IP address of the Exchange server
   • Authoritative Bind

     See Using Authoritative Bind.

   • Exchange Server Name
   • Exchange Site Organization
   • Exchange Site
   • Polling Frequency
   • Authoritative User
   • User Password
   • eDir Users Container
   • eDir Groups Container
   • Configure Data Flow
     

   • Enable Entitlements

     Using Role-Based Entitlements is a design decision. Don't select this option unless you have reviewed "Using Role-Based Entitlements" in the Novell Nsure Identity Manager 2 Administration Guide.

     If you select this option, also provide information for Action - Remove Mailbox Entitlement.

   • Action - Remove Mailbox Entitlement
   • Install Driver as Remote/Local
   • Remote Host Name and Port
   • Driver Password
   • Remote Password

5. Define security equivalences.

   The tendency is to assign Admin. However, you might want to create a DriversUser (for example) and assign security equivalence to that user.

6. Identify all objects that represent Administrative Roles and exclude them from replication.

   Exclude the security-equivalence object (for example, DriversUser) that you specified in Step 5. If you delete the security-equivalence object, you have removed the rights from the driver. Therefore, the driver can't make changes to eDirectory.

7. (Conditional) If you are re-creating or updating a driver, select Update Everything about That Driver, then click Next.

8. In the Summary screen, review options, then click Finish.

   If you need to make changes, click Back.

After importing, configure the Driver Set object and the Driver object for your setup, then start or restart the driver.

Configuring the Exchange Server

This section contains information on configuring the Exchange server for use with the DirXML Driver for Exchange. You should already be familiar with Exchange administration and deployment.

Before you proceed, you must have the following information about your setup:

• The name of the Exchange Server that the driver will be synchronizing with.
• The name of the Exchange site you want to administer.
• The IP address or hostname of the Exchange server.
• The name of the Exchange service account and its password.

If the Exchange server is running on the same computer as eDirectory, unload the LDAP server or reconfigure it to run on a different port.

To unload LDAP:

1. In the Control Panel, double-click Novell eDirectory.

2. Scroll to and select ldap.dlm, then click Stop.

   
   

To reconfigure LDAP to run on a different port:

1. In Novell iManager, select eDirectory Administration > Modify Object.

   
   

2. Navigate to and select the LDAP Server object, then click OK twice.

   
   

   The second time that you click OK, you save the selected object.

   
   

3. In the General page, select Connections, then scroll to the Ports section.

   
   

4. Change Enable Non-Encrypted Port to a value other than 389, then click OK.

Installing a Remote Exchange Driver

The driver doesn't need to run on the same machine as the Exchange Server. However, when running remotely, the driver can run only on an NT server or member server that belongs to the same domain as the Exchange server domain. This restriction is a Microsoft-imposed NT credential restriction.

The NT server where you install the driver needs to have three Microsoft .dll files installed before the driver can run: libxds.dll, exchmem.dll, and expsrv.dll. The files are installed by the Exchange Administrator program. You can install Exchange Administrator from the Microsoft Exchange Server CD.

A remote driver doesn't create NT accounts when a new Exchange mailbox is created. This is also because of restrictions imposed by the Microsoft DAPI API that the driver uses.

For instructions on installing the Remote Loader, see "Installation" in the Novell Nsure Identity Manager 2 Administration Guide.

Configuring the Driver Filter

You should modify the filter on the Publisher and Subscriber channels to include object classes and attributes that you want Identity Manager to process.

1. In iManager, click DirXML Management > Overview.

2. Locate the driver set that contains the Exchange driver, then click the driver's icon to display the DirXML Driver Overview page.

3. Click the driver filter icon.

   
   

4. (Optional) Add classes that you want Identity Manager to process.

   The Exchange driver supports the Distribution List, Remote, and Mailbox classes.

5. Enable synchronization.

   As the following figure illustrates with red Xs, when you add a class, the Publisher and Subscriber channels aren't enabled.

   
   

   To enable a channel, click the channel icon, then click Synchronize.

   
   

6. Save changes by clicking OK.

Mail-nickname is the Alias attribute on the General page in the Exchange Administrator. It is the Exchange attribute name that the driver supports but does not map to any existing eDirectory attributes. Based on your organization's needs, you can map this Exchange attribute to existing or new eDirectory attributes (after extending the schema) by modifying the Schema Mapping policy. Make sure that the syntax for any maps you add is valid. You can also handle this in a style sheet.

Starting the Driver

1. In iManager, click DirXML Management > Overview.

2. Browse to and select the driver set where the driver exists.

3. In the driver that you want to start, click the icon for the drop-down list.

   
   

4. Select Start Driver.

After the driver starts, you can open DSTrace to see driver processing details.

Synchronization takes place on an object-by-object basis as changes are made to individual objects. If you want to have an immediate synchronization, you must initiate that process as explained in Migrating and Resynchronizing Data.

Migrating and Resynchronizing Data

Identity Manager synchronizes data as it changes. If you want to synchronize all data immediately, you can choose from the following options:

• Migrate Data from eDirectory: Allows you to select containers or objects you want to migrate from eDirectory to an application. When you migrate an object, the DirXML engine applies all of the Matching, Placement, and Create policies, as well as the Subscriber filter, to the object.

• Migrate Data into eDirectory: Allows you to define the criteria the DirXML engine uses to migrate objects from an application into Novell eDirectory. When you migrate an object, the DirXML engine applies all of the Matching, Placement, and Create policies, as well as the Publisher filter, to the object. Objects are migrated into eDirectory using the order you specify in the Class list.

• Synchronize: The DirXML engine looks in the Subscriber class filter and processes all objects for those classes. Associated objects are merged. Unassociated objects are' processed as Add events.

To use one of the options explained above:

1. In iManager, select DirXML Management > Overview.

2. Locate the driver set containing the Exchange driver, then double-click the driver icon.

3. Click the appropriate migration button.

   
   

Activating the Driver

Activate the driver within 90 days of installation. Otherwise, the driver will stop working.

For information on activation, refer to "Activating Novell Identity Manager Products" in the Novell Nsure Identity Manager 2 Administration Guide.