B.3 Configuration Tasks

B.3.1 Setting the Default Naming Context for Your ADAM (AD LDS) Instance

  1. Start the ADSI Edit application by selecting Start > All Programs > Administrative tools> ADAM ADSI Edit.

  2. In the tree view, select the root item called ADAM ADSI Edit.

  3. Under the Action menu, select Connect to.

  4. In the Connection name field, type Configuration.

  5. Select Well-known naming context. Make sure the value in the drop-down list is set to Configuration.

  6. Set the other authentication credentials as appropriate, then click OK.

  7. In the tree view, expand the Configuration item and those items underneath it until you can select the following entry:

    CN=NTDS Settings,CN=ServerName$InstanceName,CN=Servers,
CN=Default-First-Site-Name, CN=Sites,CN=Configuration,CN={GUID}

    Keep in mind that in the above DN, you should replace ServerName, InstanceName, and GUID with those values actually used in your ADAM (AD LDS) instance.

  8. Under the Action menu, select Properties.

  9. Select the msDS-DefaultNamingContext attribute, then click Edit.

  10. Specify the same value you used in Step 8 in Section B.2.3, Installing ADAM/AD LDS.

  11. Click OK twice.

  12. Restart your ADAM (AD LDS) instance so the new default naming context takes effect.

B.3.2 Creating a User in ADAM (AD LDS) with Sufficient Rights

For the driver to work properly, it is best to create a user object specifically for the driver to use. This user should only have the rights to do the work that is required. For more information, see Section 2.4, Creating an Administrative Account.

B.3.3 Creating the ADAM (AD LDS) Driver

You can create the ADAM (AD LDS) driver through Designer or iManager.

Creating the ADAM (AD LDS) Driver in Designer

  1. Open a project in Designer. In the Modeler, right-click the driver set and select New > Driver.

  2. From the drop-down list, select ADAM, then click Run.

  3. Configure the driver by filling in the fields. Specify information for your environment. For information on the settings, see Table B-1.

  4. After specifying parameters, click Finish to import the driver.

  5. After the driver is imported, customize and test the driver.

  6. After the driver is fully tested, deploy the driver into the Identity Vault. See Deploying a Driver to an Identity Vault in the Designer 3.5 for Identity Manager 3.6 Administration Guide.

Creating the ADAM (AD LDS) Driver in iManager

  1. In iManager, select Identity Manager Utilities > Import Configuration.

  2. Select a driver set, then click Next.

    Selecting a Driver Set

    If you place this driver in a new driver set, you must specify a driver set name, context, and associated server.

  3. Import a configuration into the driver set by selecting a configuration from the server (.XML file):

    • All configurations

    • Identity Manager 3.0 configurations

    • Identity Manager 3.5 configurations

    • Identity Manager 3.6 configurations

    • Configurations not associated with an Identity Manager version

  4. Select the ADAM driver, then click Next.

    ADAM Driver

  5. Configure the driver by filling in the configuration parameters, then click Next. For information on the settings, see Table B-1.

  6. Define security equivalences, using a user object that has the rights that the driver needs to have on the server, then click OK.

    Use the user created in Section B.3.2, Creating a User in ADAM (AD LDS) with Sufficient Rights.

  7. Identify all objects that represent administrative roles and exclude them from synchronization, then click OK.

    Exclude the security-equivalence object (for example, DriversUser) that you specified in Step 6. If you delete the security-equivalence object, you have removed the rights from the driver, and the driver can’t make changes to Identity Manager.

  8. Click Finish.

NOTE:The parameters are presented on multiple screens. Some parameters are only displayed if the answer to a previous prompt requires more information to properly configure the policy.

Table B-1 Configuration Parameters for the ADAM (AD LDS) Driver

Parameter

Description

Driver name

Specify the name of the driver object.

Connected System or Driver Name

Specify the name of the connected system, application or Identity Manager driver. This value is used by the e-mail notification templates to identify the source of notification messages.

Domain DNS Name

Specify the DNS name of the ADAM (AD LDS) instance managed by this driver.

ADAM User Container

Specify the container where the objects reside in ADAM (AD LDS).

Driver is Local/Remote

Configure the driver for use with the Remote Loader service by selecting Remote, or select Local to configure the driver for local use.

Authentication ID

Specify the name of the user object created in Section B.3.2, Creating a User in ADAM (AD LDS) with Sufficient Rights. The name needs to be specified as a full LDAP DN.

Example, CN=IDM,CN=Users,DC=domain,DC=com

Authentication Password

Specify the password of the user object with sufficient rights.

Authentication Context

Specify the DNS name or IP address of the ADAM (AD LDS) instance server.
1" rowspan="1">

Specify the DNS name or IP address of the ADAM (AD LDS) instance server.