The security parameters must be configured correctly for the driver to function properly. In most instances, the driver does not start if the parameters are not configured correctly.
To change these parameters in iManager:
Click
, then click to search for the driver set that is associated with the driver.Browse to the driver, then click the upper right corner of the driver icon.
Click
.Review the driver parameters in Table 9-1, and decide if you need to make any changes.
To change these parameters in Designer:
Open a project in the modeler, then right-click the driver line and select
Click
.Review the driver parameters in Table 9-1, and decide if you need to make any changes.
Table 9-1 Security Parameters
Security Parameter |
Description |
---|---|
|
The account the driver uses to access the domain data. The can be specified by using different formats:
|
|
The context used to access domain data. The can be specified by using different formats:
|
|
The password for the account. |
|
The method of authentication to Active Directory. uses Microsoft’s security package to negotiate the logon type. Typically Kerberos or NTLM is selected. uses LDAP style simple bind for logon.If you want to use Password Synchronization, select . |
|
This setting requires Windows server 2003 or Windows 2000 with the most recent support pack, and Internet Explorer 6.0 or later on both servers. This enables signing on a kerberos or NTLM v2 authenticated connection. Select to digitally sign the communication between the driver shim and Active Directory. This does not hide the data from view on the network, but it reduces the chance of security attacks.Signing only works when you use the Negotiate authentication method and the underlying security provider selects NTLM v2 or kerberos for its protocol. Do not use this option with SSL. Select to have communications not signed. |
|
This setting requires Windows server 2003 or Windows 2000 with the most recent support pack, and Internet Explorer 6.0 or later on both servers. This setting enables encryption on a kerberos or NTLM v2 authenticated connection. Sealing only works when you use the Negotiate authentication method and the underlying security provider selects NTLM v2 or Kerberos for its protocols. Select to digitally encrypt communication between the driver shim and the Active Directory database.Sealing only works when you use the Negotiate authentication method and the underlying security provider selects NTLM v2 or kerberos for its protocols. Do not use this option with SSL. Select to not have communication between the driver shim and the Active Directory database signed and sealed. |
|
Select to digitally encrypt communication between the driver shim and the Active Directory database.This option can be used with Negotiate or Simple authentication methods. SSL requires that the Microsoft server running the driver shim imports the domain controller’s server certificate. For more information, see Securing Windows 2000 Server. By default, the parameter is set to . If you set this value to , the SSL pipe is encrypted for the entire conversation. An encrypted pipe is preferred because the driver typically synchronizes sensitive information. However, encryption slows the general performance of your servers. |
|
Select Section 2.4, Creating an Administrative Account. to log on and impersonate the driver authentication account for CDOEXM (Collaboration Data Object for Exchange Management) and Password Set support. The driver performs a local logon. The authentication account must have the proper rights assignment. For more information, seeIf is selected, the driver performs a network logon only. |