Identity Manager

From MicroFocusInternationalWiki
Revision as of 18:46, 4 April 2006 by Bkynaston (Talk | contribs) (RSA Driver for Novell Identity Manager)

Jump to: navigation, search

Welcome to the Identity Manager Wiki!!

As already mentioned on the wiki main page, please feel free to join in. You can read anything in here without logging in, but if you feel like commenting on something, or starting a new topic, you'll need to use a Novell Login account (which you'll be prompted to create if you don't already have one). If you are unfamiliar with using Wiki's in general, please visit Novell Wiki or the grandaddy wiki info site for some background info.


Identity Manager FAQ

Because people frequently ask questions about Identity Manager.

RSA Driver for Novell Identity Manager

As a partner of Novell we have developed a new IDM connector (certified against DirXML 1.1a, IDM2, and IDM3) that will automate RSA/ACE SecurID provisioning and de-provisioning tasks. Features include:

- Provision accounts into the ACE/RSA server based on eDirectory events (new hire/etc.)
- Automatically assign and activate an available token for the user
- Improve security by instantly disabling assigned tokens for accounts that have been disabled in eDirectory
- Manages group memberships in RSA based on group memberships in eDirectory or attribute values - Leverages supported RSA BulkAdmin and ACE Server APIs for integrating with RSA/ACE
- Full logging and email alert notifications for exceptional or prohibited behavior
- The driver runs on all RSA supported ACE server platforms (i.e. UNIX, Windows, etc.)
- Many additional features and administrative benefits included
- Simple installation

To request additional information email:

IDM201ir3 patch is a little inefficient

This patch asks you to create a policy on the Command Transform which does the following:

If there is a modify of a user attribute, it will go and read the nspmDP of the source object, if it exists.

This policy was written to help out the 'expired password on password reset' problem.

What the code does in fact is reset the password in the destination system each and every time the object changes, regardless of whether the change is the password or not. To make this more efficient, it should only read the source object's nspmDP only if the nspmDP is PART OF THE OPERATION, not only if it EXISTS or not.

I have taken this up with Novell who agree, however they have not updated the code in subsequent patch releases (IDM201ir4).


The policy has been fixed and moved to TID10098129