Examine the log file at /var/nds/schema.log.

Ensure that you specify the correct parameters (host name, Admin FDN in dotted format, and password).

Ensure that you have network connectivity to the Metadirectory server.

Ensure that eDirectory™ is running LDAP with SSL enabled. For details about configuring eDirectory, see the Novell eDirectory Administration Guide.

Ensure that the connected system has network connectivity to the Metadirectory server.

Examine the status log and DSTRACE output.

The driver must be specified as a Remote Loader driver. You can set this option in the iManager Driver Edit Properties window.

You must activate both Identity Manager and the driver within 90 days. The Driver Set Overview page in iManager shows when Identity Manager requires activation. The Driver Overview page shows when the driver requires activation.

For details about activating Novell Identity Manager Products, see the Identity Manager 3.6.1 Installation Guide on the Identity Manager 3.6.1 Documentation Web site .

Ensure that the driver load library is APF-authorized.

You can use the DISPLAY PROG,APF operator command to display your APF-authorized libraries.

Ensure that the LDXSERV and SAFQUERY commands are listed as authorized TSO commands in your active IKJTSOxx member.

You can use the DISPLAY IKJTSO,AUTHCMD operator command to display authorized TSO commands.

Examine the trace file.

Ensure that the connected system’s operating system and security system versions are supported. For a list of supported operating systems, see Connected System Requirements.

Apply all maintenance for your operating system and security system.

Ensure that the Remote Loader and Driver object passwords that you specified while setting up the driver on the Metadirectory server match the passwords stored with the driver shim.

To update these passwords on the connected system, use the SETPWDS REXX exec. The passwords are stored under /opt/novell/tsdrv/keys in encrypted files dpwdlf40 (Driver object password) and lpwdlf40 (Remote Loader password).

To update these passwords on the Metadirectory server, use iManager to update the driver configuration. For details, see Section 5.1.2, Driver Configuration Page.

Ensure that the correct host name and port number of the connected system are specified in the Driver Configuration Remote Loader connection parameters. You can change the port number (default 8090) in the driver shim configuration file.

Ensure that the user ID that the driver shim started task uses has been set up properly. For details, see Preparing User IDs for the Started Tasks.

Ensure that only one system in a complex that shares the security system database is running the driver shim started task.

Examine the status log, DSTRACE output, trace file, and REXX exec output file.

To be provisioned, users and groups must be in the appropriate base container. You can view and change the base containers in iManager on the Global Configuration Values page of the Driver Edit Properties window. For more details, see Section 5.1.3, Global Configuration Values Page.

To provision identities from the Identity Vault to the connected system, the driver Data Flow property must be set to Bidirectional or Identity Vault to Application. To change this value, re-import the driver rules file over your existing driver.

The user that the driver is security equivalent to must have rights to read information from the base container. For details about the rights required, see Table 2-2, Base Container Rights Required by the Driver Security-Equivalent User.

Examine the status log, DSTRACE output, and trace file.

Examine the User Base Container and Group Base Container GCV values. For more details, see Section 5.1.3, Global Configuration Values Page.

To provision identities from the connected system to the Identity Vault, the driver Data Flow property must be set to Bidirectional or Application to Identity Vault. To change this value, re-import the driver rules file over your existing driver.

The user that the driver is security equivalent to must have rights to update the base container. For details about the rights required, see Table 2-2, Base Container Rights Required by the Driver Security-Equivalent User.

Ensure that the security system exit has been installed, that LLA has been refreshed, and that the exit has been activated. For details, see Section 3.6.8, Installing the Driver Security System Exit IDMTSSIX.

Examine the status log, DSTRACE output, and REXX exec output file.

Several password management properties are available in iManager on the Global Configuration Values page of the Driver Edit Properties window. Ensure that the connected system accepts passwords from the Identity Vault. To determine the right settings for your environment, view the help for the options, or see the Novell Identity Manager 3.6.1 Administration Guide on the Identity Manager 3.6.1 Documentation Web site.

Ensure that the user’s container has an assigned Universal Password policy and that the Synchronize Distribution Password When Setting Universal Password option is set for this policy.

Examine the status log, DSTRACE output, and the trace file.

Several password management properties are available in iManager on the Global Configuration Values page of the Driver Edit Properties window. Ensure that at least one of the following options is set:

To determine the right settings for your environment, view the help for the options, or see the Novell Identity Manager 3.6.1 Administration Guide on the Identity Manager 3.6.1 Documentation Web site.

If the Require Password Policy Validation before Publishing Passwords GCV is set, the user’s password must satisfy the password rules in the password policy assigned to the user container.

Ensure that the change log started task is running on all systems that share the security system database.

Ensure that the security system exit has been installed, that LLA has been refreshed, and that the exit has been activated. For details, see Section 3.6.8, Installing the Driver Security System Exit IDMTSSIX.

Examine the status log, DSTRACE output, trace file, and REXX exec output file.

Examine the driver Data Flow setting to verify the authoritative source for identities.

Identity Vault and connected system identities must be associated before events are synchronized. To view an identity’s associations, use Modify User/Group in iManager and click the Identity Manager tab. You can migrate identities to establish associations. For details, see Section 5.4, Migrating Identities.

Identity Vault move events can remove the identity from the base container monitored by the driver to a container that is not monitored by the driver. This makes the move appear to be a delete.

Moving a user or group is not supported by Top Secret.

Examine the change log started task messages.

Ensure that the change log started task is running on all systems that share the security system database.

Ensure that the user ID that the change log started task uses has been set up properly. For details, see Preparing User IDs for the Started Tasks.

Ensure that you initialized the change log data set during installation. For details about initializing the change log data set, see Section 3.6.5, Allocating and Initializing the Change Log Data Set.

You can use the LDXSERV TSO command to display information about the change log data set. Enter the following TSO command:

LDXSERV STATUS

To use the LDXSERV command, you must include the driver load library in your STEPLIB concatenation.