| Driver name |
Default: Active Directory
My example: Active Directory |
What do you want to call this driver? The default is “Active Directory”, but can be changed if necessary. For example, if you have multiple Active Directory implementations and you want to connect them all to eDirectory using Identity Manager, you might rename the driver to match the Active Directory tree. |
| Authentication method |
Default: Negotiate
My Example: Negotiate |
Negotiate: Use Microsoft Kerberos or NTLM for authentication.
Simple: Use LDAP style simple bind. |
| Authentication ID |
(no default)
My example: example2/adminstrator |
Provide Identity Manager with an account that has administrative rights to your Active Directory. If you use the “Negotiate” authentication method, use either an NT login name, or a domain qualified NT login name (Domain/Administrator)
If you opt for the Simple authentication method, provide the full LDAP distinguished name for an administrative user. |
| Authentication password |
No default |
Provide the password for the user specified in the "Authentication ID" field. |
| Authentication context |
No default
My example: w2k3r2-ent-base.example2.com |
Provide the DNS name for the Active Directory domain controller to use for authentication. |
| Domain name (LDAP format) |
No default
My example: DC=example2,DC=com |
Provide the LDAP qualified name of your Active Directory domain. |
| Domain DNS name |
No Default
My example: example.com |
Enter the DNS name for your Active Directory domain. |
| Driver polling interval |
Default: 1 minute
My example: 1 minute |
Enter the number of minutes to delay before querying Active Directory for changes. A small number will increase the load on your Identity Manager and Active Directory servers. |
| Password sync timeout |
Default: 5 minutes
My example: 5 minutes |
Specify the number of minutes that the driver will attempt to sync a password before giving up. |
| Driver location |
Default: Location
My example: Remote |
Where will the driver run? On the Identity Manager system or elsewhere? The Active Directory driver always has to be remote when Identity Manager is installed on Open Enterprise Server. |
| Remote Host Name and Port |
Default port: 8090
My example:
Host: 192.168.0.252
Port: 8090
|
On what IP address is the remote driver being loaded and on what port is the service listening. |
| Driver password |
No default |
Provide a password that the remote loader will use to authenticate to Identity Manager. |
| Remote password |
No default |
What password do you want to use to manage the Remote Loader on the remote machine? |
| Base container in eDirectory |
No default
My example: edir1 (the root) |
Specify the base eDirectory container that Identity Manager will use for synchronization. |
| Publisher placement |
Default: Mirrored
My example: Mirrored |
Choose one of Flat or Mirrored.
Flat: Place Objects only in the container specified.
Mirrored: Use a hierarchical structure to place objects in the base container. |
| Base container in Active Directory |
No default
My example: CN=Users,DC=example2,DC=com |
Provide the full LDAP qualified name to the container in Active Directory that you wish to synchronize. I’m using the default “Users” container than you see in Active Directory Users and Computers. |
| Active Director placement |
Default: Mirrored
My example: Mirrored |
Same as “Publisher Placement”, but for your Active Directory server. |
| Data flow |
|
Options:
Bi-directional: Synchronize account changes in both directions
AD to Vault: Only synchronize from AD to eDirectory.
Vault to AD: Only synchronize eDirectory changes to AD. |
| Password failure notification user |
No default
My example: None |
Send a report to the specified user when a password update fails. |
| Configure entitlements |
No default
My example: None |
Among other tasks, entitlements helps to manage user accounts and group memberships in Active Directory. |
| Exchange policy |
Default: Implement in Policy
My example: None |
Configure the driver to assign synchronized eDirectory user accounts to a specific information store. |
| Group membership policy |
Default: Synchronize
My example: Synchronize |
How should group membership be handled in Active Directory? Choose Synchronize to assign the user to groups based on group membership in the Identity Vault. |
| Name mapping policy selection |
Default: Accept
My example: Accept |
The driver’s default behavior is to map the Identity Vault “Full Name” attribute to the Active Directory object name and map the Active Directory pre-windows 2000 logon name to the Identity Vault user name.
You can choose to accept this behavior, or you can develop your own manual method. |
| User Principal Name (Active Directory Logon Name) Mapping |
Default: None
My example: Follow Identity Vault name |
Choose one of the following:
None: Choose when you do not want to control userPrincipalName or when you want to implement your own policy.
Follow Active Directory e-mail address: Useful for Exchange environments, use AD’s email address attribute.
Follow Identity Vault e-mail address: Useful for GroupWise environments, use the vault’s e-mail address.
Follow Identity Vault name: Generate the value based on the user’s logon name. |