A.2 Global Configuration Values

Global configuration values (GCVs) are values that can be used by the driver to control functionality. GCVs are defined on the driver or on the driver set. Driver set GCVs can be used by all drivers in the driver set. Driver GCVs can be used only by the driver on which they are defined.

The LDAP driver includes many GCVs. You can also add your own if you discover you need additional ones as you implement policies in the driver.

To access the driver’s GCVs in iManager:

  1. Click to display the Identity Manager Administration page.

  2. Open the driver set that contains the driver whose properties you want to edit.

    1. In the Administration list, click Identity Manager Overview.

    2. If the driver set is not listed on the Driver Sets tab, use the Search In field to search for and display the driver set.

    3. Click the driver set to open the Driver Set Overview page.

  3. Locate the driver icon, click the upper right corner of the driver icon to display the Actions menu, then click Edit Properties.

    or

    To add a GCV to the driver set, click Driver Set, then click Edit Driver Set properties.

To access the driver’s GCVs in Designer:

  1. Open a project in the Modeler.

  2. Right-click the driver icon or line, then select Properties > Global Configuration Values.

    or

    To add a GCV to the driver set, right-clickthe driver set icon , then click Properties > GCVs.

The global configuration values are organized as follows:

Table A-6 Driver Parameters

Option

Description

Connected System or Driver Name

Contains the name of the connected system, application, or Identity Manager driver. This value is used by e-mail notification templates to identify the source of the notification messages.

Connected system LDAP base-dn

Specify the LDAP distinguished name (DN) of the container where the polling searches should begin (for example, ou=people,o=company).

Table A-7 Entitlements

Option

Description

Show entitlements configuration

Select show to display the global configuration values for entitlements. Select hide to not have the global configuration values displayed.

The driver can use entitlements to manage user accounts and group memberships in the connected LDAP directory. When using entitlements, the driver works in conjunction with entitlement agents such as the Identity Manager User Application or Role-Based Entitlements to control the conditions under provisioning occurs. See Entitlements for more information.

Use Entitlements to Control LDAP Accounts

Select True to enable the driver to manage LDAP accounts based on the driver’s defined entitlements.

Select False to disable management of LDAP accounts based on the entitlements.

Action if user does not have entitlement

Select the action that you want to occur in the LDAP directory if a user in the Identity Vault does not have the LDAP account entitlement. Select Do nothing to not affect the LDAP directory, or select Delete user to remove the user’s LDAP account.

Table A-8 Password Management

Option

Description

Show password management policy

Select show to display the global configuration values for password management. Select hide to not have the password management global configuration values displayed.

In Designer, you must click the icon next to an option to edit it. This displays the Password Synchronization Options dialog box that has a better view of the relationship between the different GCVs.

In iManager, you should edit the Password Management Options on the Server Variables tab rather than under the GCVs. The Server Variables page has a better view of the relationship between the different GCVs.

For more information about how to use the Password Management GCVs, see Configuring Password Flow in the Identity Manager 4.0 Password Management Guide.

Application accepts passwords from Identity Manager

If True, allows passwords to flow from the Identity Manager data store to the connected system.

Identity Manager accepts passwords from application

If True, allows passwords to flow from the connected system to Identity Manager.

Publish passwords to NDS password

Use the password from the connected system to set the non-reversible NDS password in eDirectory.

Publish passwords to Distribution Password

Use the password from the connected system to set the NMAS Distribution Password used for Identity Manager password synchronization.

Require password policy validation before publishing passwords

If True, applies NMAS password policies during publish password operations. The password is not written to the data store if it does not comply.

Reset user’s external system password to the Identity Manager password on failure

If True, on a publish Distribution Password failure, attempts to reset the password in the connected system by using the Distribution Password from the Identity Manager data store.

Notify the user of password synchronization failure via e-mail

If True, notify the user by e-mail of any password synchronization failures.

Table A-9 Account Tracking

Option

Description

Show Account Tracking Configuration

Select show to display the global configuration values for account tracking through Novell Sentinel. Select hide to not have the global configuration values displayed.

The account tracking GCVs enable Sentinel to track Active Directory* accounts based on unique identifiers that you define. You must have both Sentinel 6.1 and the Identity Manager Driver for Sentinel 6.1 installed in order to track account information.

For information about Sentinel, see the Sentinel 6.1 Documentation Web site.

The Identity Manager Driver for Sentinel 6.1 is included with the Novell Compliance Management Platform. For information, see the Identity and Security Management product Web site.