Welcome to the Identity Manager Wiki!!
As already mentioned on the wiki main page, please feel free to join in. You can read anything in here without logging in, but if you feel like commenting on something, or starting a new topic, you'll need to use a Novell Login account (which you'll be prompted to create if you don't already have one). If you are unfamiliar with using Wiki's in general, please visit Novell Wiki or the grandaddy wiki info site www.wiki.org for some background info.
Because people frequently ask questions about Identity Manager.
RSA Driver for Novell Identity Manager
As a partner of Novell we have developed a new IDM connector (certified against DirXML 1.1a, IDM2, and IDM3) that will automate RSA/ACE SecurID provisioning and de-provisioning tasks. Here is a synopsis of the features:
- Provision accounts into the ACE/RSA server based on eDirectory events (new hire/etc.)
- Automatically assign and activate an available token for the user
- Improve security by instantly disabling assigned tokens for accounts that have been disabled in eDirectory
- Leverages supported RSA BulkAdmin and ACE Server APIs for integrating with RSA/ACE
- Full logging and email alert notifications for exceptional or prohibited behavior
- The driver runs on all RSA supported ACE server platforms (i.e. UNIX, Windows, etc.)
- Many additional features and administrative benefits included
- Simple installation
Request additional information email email@example.com
IDM201ir3 patch is a little inefficient
This patch asks you to create a policy on the Command Transform which does the following:
If there is a modify of a user attribute, it will go and read the nspmDP of the source object, if it exists.
This policy was written to help out the 'expired password on password reset' problem.
What the code does in fact is reset the password in the destination system each and every time the object changes, regardless of whether the change is the password or not. To make this more efficient, it should only read the source object's nspmDP only if the nspmDP is PART OF THE OPERATION, not only if it EXISTS or not.
I have taken this up with Novell who agree, however they have not updated the code in subsequent patch releases (IDM201ir4).
The policy has been fixed and moved to TID10098129