Identity Manager

From MicroFocusInternationalWiki
Revision as of 23:11, 12 October 2007 by Bkynaston (Talk | contribs)

Jump to: navigation, search

Welcome to the Identity Manager Wiki!!

As already mentioned on the wiki main page, please feel free to join in. You can read anything in here without logging in, but if you feel like commenting on something, or starting a new topic, you'll need to use a Novell Login account (which you'll be prompted to create if you don't already have one). If you are unfamiliar with using Wiki's in general, please visit Novell Wiki or the grandaddy wiki info site www.wiki.org for some background info.


FAQ

Identity Manager FAQ

Because people frequently ask questions about Identity Manager.


RSA Driver for Novell Identity Manager

As a partner of Novell we have developed a new IDM connector (certified against DirXML 1.1a, IDM2, and IDM3) that will automate RSA/ACE SecurID provisioning and de-provisioning tasks. Features include:

- Provision accounts into the ACE/RSA server based on eDirectory events (new hire/etc.)
- Automatically assign and activate an available token for the user
- Improve security by instantly disabling assigned tokens for accounts that have been disabled in eDirectory
- Manages group memberships in RSA based on group memberships in eDirectory or attribute values
- Leverages supported RSA BulkAdmin and ACE Server APIs for integrating with RSA/ACE
- Full logging and email alert notifications for exceptional or prohibited behavior
- The driver runs on all RSA supported ACE server platforms (i.e. UNIX, Windows, etc.)
- Many additional features and administrative benefits included
- Simple installation

To request additional information email: info@trivir.com

Exchange 2007 Driver for Novell Identity Manager

As a partner of Novell we have developed a new IDM connector (certified against IDM 3.5.x) that will automate the management of mail recipients (mailboxes) and distribution lists. It essentially allows the execution of any PowerShell or MSH script command from within an IDM policy. Features include:

- Add mailbox for new user accounts
- Enable/Disable mail account
- Management of mail account related attributes (i.e. size, constraints, etc.)
- Move mailbox
- Mail-store load-balancing based on randomness, round-robin, or smallest size for optimum anti-affinity
- Distribution List (DL) creation through enabling existing groups or creating pure DL objects - DL membership management - Full logging and email alert notifications for exceptional or prohibited behavior
- The driver runs on Windows Server 2003 32-bit or 64-bit platforms where PowerShell, .NET and the Exchange 2007 management tools reside
- Optional: Exchange SOAP services compatibility if desired over the PowerShell interface - This driver is meant to be used together with the shipping AD driver
- Simple installation

To request additional information email: info@trivir.com

IDM201ir3 patch is a little inefficient

This patch asks you to create a policy on the Command Transform which does the following:

If there is a modify of a user attribute, it will go and read the nspmDP of the source object, if it exists.

This policy was written to help out the 'expired password on password reset' problem.

What the code does in fact is reset the password in the destination system each and every time the object changes, regardless of whether the change is the password or not. To make this more efficient, it should only read the source object's nspmDP only if the nspmDP is PART OF THE OPERATION, not only if it EXISTS or not.

I have taken this up with Novell who agree, however they have not updated the code in subsequent patch releases (IDM201ir4).

Update

The policy has been fixed and moved to TID10098129

Password Notification Service Driver

see http://wiki.novell.com/index.php/Password_Notification_Service_Driver