The Create Driver Wizard helps you import a basic driver configuration for Active Directory. This wizard creates and configures the objects needed to make the driver work properly. For details on using this wizard, see "Creating and Configuring a Driver " in the Novell Nsure Identity Manager 2 Administration Guide.
This section contains instructions and configuration parameters specific to the Active Directory driver. Each of these parameters is explained in Configuration Parameters.
In, addition, you might need to do the following:
The following table contains an explanation of the parameters you must provide during initial driver configuration:
| Field | Description |
|---|---|
Driver Name |
This is the eDirectory object name to be assigned to this driver. Because each Active Directory domain requires a separate driver, you should include the domain name in your driver name. |
Authentication Method |
The method to authenticate with Active Directory. Select Negotiate to use the Microsoft security package to negotiate authentication type. Typically Kerberos or NTLM is used. In order to use negotiate, the server hosting the driver must be a member of the domain. Select simple to use an LDAP simple bind. If you select simple, SSL is recommended, and required to perform subscriber password set, check, or modify. |
Authentication ID |
An Active Directory account with administrative privileges to be used by Identity Manager. The name form used depends on the selected authentication mechanism. For simple, provide an LDAP ID, such as:
For negotiate, provide the name form required by your Active Directory authentication mechanism. For example:
|
Password |
Enter the password for the user account specified in Authentication ID. |
Authentication Server |
The name of the Active Directory domain controller to use for synchronization. For example, mycontroller.domain.com for the negotiate authentication method. If you are using simple authentication, this can be the IP address of your server, for example, 10.10.128.23. If no value is specified, localhost is used. : This value is stored in the Authentication Context attribute. To change this value after the initial configuration, modify this attribute as explained in Security Parameters. |
Domain Name (in LDAP format) |
The Active Directory domain managed by this driver. The driver requires LDAP formatted domain names |
Domain DNS Name (DNS format) |
The DNS name of the Active Directory domain managed by this driver. The driver requires DNS formatted domain names |
Driver Polling Interval |
eDirectory sends changes to Active Directory as they happen. However, changes to Active Directory are sent to eDirectory only as often as the configured polling interval. The default is 1 minute. dv: The polling interval affects system performance. |
Password Sync Timeout |
The number of minutes the driver attempts to sync a password. It is recommended that the pass sync timeout should be set to at least three times the polling interval. |
Base container in eDirectory |
Specify the base container in eDirectory in dot format. New users are placed in this container by default. For example, users.myorg If the target container doesn't exist, you must create it before you start the driver. |
Base container in AD |
Specify the base container in Active Directory, in LDAP format. New users are placed in this container by default. For example, CN=Users,DC=MyDomain,DC=com If the target container doesn't exist, you must create it before you start the driver. |
Configure Data Flow |
Bi-directional means that both AD and eDirectory are authoritative sources of the data synchronized between them. AD to eDirectory means that NT is the authoritative source. eDirectory to AD means that eDirectory is the authoritative source. This selection is used to determine how the default policies and filters are created. |
Publisher Placement |
Choose Flat to place objects strictly within the base container. Choose Mirrored to place objects hierarchically within the base container. This selection is used to build the default Publisher channel placement rules. |
Subscriber Placement |
Choose Flat to place objects strictly within the base container. Choose Mirrored to place objects hierarchically within the base container. This selection is used to build the default Subscriber channel placement rules. |
Support Exchange 2000 |
Select Exchange support. |
Default Exchange MDB (Exchange Only) |
The default Exchange Message Database (MDB). |
Enable Entitlements |
Enable this if you are also using the Entitlements Service driver and want this driver to use Role-Based Entitlements. |
Action - Add Account Entitlement (Entitlements Only) |
Action taken when a User account is added by Entitlements. |
Action - Remove Account Entitlement (Entitlements Only) |
Action taken when a User account is removed by Entitlements. |
Install Driver as Remote/Local |
Configure the driver for use with the Remote Loader service by selecting Remote, or select Local to configure the driver for local use. |
Remote Host Name and Port (Remote Only) |
The Host Name or IP Address and Port Number where the Remote Loader Service has been installed and is running for this driver. The Default Port is 8090. |
Driver Password (Remote Only) |
The Driver Object Password is used by the Remote Loader to authenticate itself to the Identity Manager server. It must be the same password that is specified as the Driver Object Password on the Remote Loader. |
Remote Password (Remote Only) |
The Remote Loader password is used to control access to the Remote Loader instance. It must be the same password that is specified as the Remote Loader password on the Remote Loader. |