Novell Identity Manager is a service that synchronizes data among servers in a set of connected systems by using a robust set of configurable policies. Identity Manager uses the Identity Vault to store shared information, and uses the Metadirectory engine for policy-based management of the information as it changes in the vault or connected system. Identity Manager runs on the server where the Identity Vault and the Metadirectory engine are located.
A connected system is any system that can share data with Identity Manager through a driver. Active Directory is a connected system.
The Identity Vault is a persistent database powered by eDirectory and used by Identity Manager to hold data for synchronization with a connected system. The vault can be viewed narrowly as a private data store for Identity Manager or more broadly as a metadirectory that holds enterprise-wide data. Data in the vault is available to any protocol supported by eDirectory, including NCP (the traditional protocol used by such utilities as ConsoleOne and iManager), LDAP, and DSML.
Because the vault is powered by eDirectory, Identity Manager can be easily integrated into your corporate directory infrastructure by using your existing directory tree as the vault.
The Metadirectory engine is the core server that implements the event management and policies of Identity Manager. The engine runs on the Java* Virtual Machine in eDirectory.
A driver implements a data sharing policy for a connected system. You control the actions of the driver by using iManager to define the filters and the policy. For Active Directory, a driver implements the policy for a single domain.
A driver shim is the component of a driver that converts the XML-based Identity Manager command and event language (XDS) to the protocols and API calls needed to interact with a connected system. The shim is called to execute commands on the connected system after the Output Transformation runs. Commands are usually generated on the Subscriber channel but can be generated by command write-back on the Publisher channel.
The shim also generates events from the connected system for the Input Transformation policy. A driver shim can be implemented either in Java class or as a native Windows DLL file. The shim for Active Directory is ADDriver.dll.
ADDriver.dll is implemented as a native Windows DLL file. AD Driver uses several different Windows APIs to integrate with Active Directory. These APIs typically require some type of login and authentication to succeed. Also, the APIs might require that the login account have certain rights and privileges within Active Directory and on the machine where ADDriver.dll executes.
If you use the Remote Loader, ADDriver.dll executes on the server where the Remote Loader is running. Otherwise, it executes on the server where the Metadirectory engine is running.
A Remote Loader enables a driver shim to execute outside of the Metadirectory engine (perhaps remotely on a different machine). The Remote Loader is typically used when a requirement of the driver shim is not met by the Identity Manager server. For example, if the Metadirectory engine is running on Linux*, the Remote Loader is used to execute the Active Directory driver shim on a Windows server.
The Remote Loader is a service that executes the driver shim and passes information between the shim and the Metadirectory engine. When you use a Remote Loader, you install the driver shim on the server where the Remote Loader is running, not on the server where the Metadirectory engine is running. You can choose to use SSL to encrypt the connection between the Metadirectory engine and the Remote Loader. For more information, see Remote Loader
in the Identity Manager 3.6.1 Installation Guide .
When you use the Remote Loader with the Active Directory driver shim, two network connections exist:
Between the domain controller and the Remote Loader
Between Active Directory and the Active Directory driver shim