Sun Identity Manager 8.1 Resources Reference

Usage Notes

This section provides information related to using the NetWare NDS resource adapter, which is organized into the following sections:

Miscellaneous

Pass-Through Authentication Notes

Before Identity Manager 8.0, implementing pass-through authentication required that you edit a registry key and create a separate resource adapter dedicated to performing pass-through authentication. This adapter communicated with the NetWare resource through its own gateway.

As of Identity Manager 8.0, pass-through authentication to a NetWare resource can be performed with a single resource and gateway. If you implemented pass-through authentication in a version prior to 8.0 and want to use a single resource and gateway, perform the following procedure.

ProcedureImplementing Pass-Through Authentication (Versions Prior to 8.0)

  1. Delete the pass-through authentication resource from your NDS login module group.

  2. If you want to delete the pass-through authentication resource from Identity Manager, first delete or modify the common resources attribute of the System Configuration object.


    <Attribute name=’common resources’>
       <Object>
          <Attribute name=’NDS Group’>
             <List>
                <String>NDS_Resource_Host</String>
                <String>NDS_Passthrough_Host</String>
             </List>
          </Attribute>
       </Object>
    </Attribute>

    If your NDS group contains only the NDS resource and pass-through authentication host, then delete the entire Attribute element. Otherwise, delete the string that defines the pass-through authentication host.

  3. Delete the pass-through authentication resource from the Resources page.

  4. If the gateway is no longer needed on the pass-through authentication host, you may disable the gateway service and remove the application.

Gateway Timeouts

The NetWare adapters allow you to use the RA_HANGTIMEOUT resource attribute to specify a timeout value, in seconds. This attribute controls how long before a request to the gateway times out and is considered hung.

You must manually add this attribute to the Resource object as follows:

<ResourceAttribute name=’Hang Timeout’ displayName=’com.waveset.adapter.
    RAMessages:RESATTR_HANGTIMEOUT’ type=’int’ 
    description=’com.waveset.adapter.RAMessages:
    RESATTR_HANGTIMEOUT_HELP’ value=’NewValue’>
 </ResourceAttribute>

The default value for this attribute is 0, indicating that Identity Manager will not check for a hung connection.

Managing NDS Users in GroupWise

When integration with GroupWise is enabled, the NDS adapter can manage the GroupWise attributes of NDS users. The NDS adapter supports adding and removing NDS users from a GroupWise Post Office. It also retrieves or modifies other GroupWise account attribute, including AccountID, GatewayAccess, and DistributionLists.

Enabling GroupWise Integration

To activate the integration with GroupWise, you must define a value in the GroupWise Domain DN resource attribute. This value specifies the DN of the GroupWise domain which will managed. An example value for this attribute is

CN=gw_dom.ou=GroupWise.o=MyCorp

The NDS Tree resource attribute defines the NDS tree under which the GroupWise domain is expected to reside is. That is, the GroupWise domain must be in the same tree as the NDS users managed by the adapter.

Managing a NDS User’s GroupWise Post Office

The account attribute GW_PostOffice represents the GroupWise Post Office.

To add an NDS user into a GroupWise Post Office, set the GW_PostOffice account attribute to the name of an existing Post Office that is associated with the GroupWise domain.

To move an NDS user to a different GroupWise Post Office, set the GW_PostOffice account attribute to the name of the new Post Office that is associated with the GroupWise domain.

To remove an NDS user from its Post Office, set the GW_PostOffice account attribute to the same value as the GroupWise Delete Pattern resource attribute. The default value for GroupWise Delete Pattern resource attribute is *TRASH*.

SecretStore and the Identity Manager System Configuration Object

By default, you cannot use the NetWare NDS with SecretStore adapter to manage resource objects. To enable this functionality, you must edit the System Configuration Object.

Under the lines that read:

<!-- form mappings -->
   <Attribute name=’form’>
      <Object>

add the following:

<!-- NetWare NDS with SecretStore -->
<Attribute name=’NetWare NDS with SecretStore Create Group Form’
value=’NetWare NDS Create Group Form’/>
<Attribute name=’NetWare NDS with SecretStore Update Group Form’
value=’NetWare NDS Update Group Form’/>
<Attribute name=’NetWare NDS with SecretStore Create Organization Form’
value=’NetWare NDS Create Organization Form’/>
<Attribute name=’NetWare NDS with SecretStore Update Organization Form’
value=’NetWare NDS Update Organization Form’/>
<Attribute name=’NetWare NDS with SecretStore Create Organizational Unit Form’ 
   value=’NetWare NDS Create Organizational Unit Form’/>
<Attribute name=’NetWare NDS with SecretStore Update Organizational Unit Form’
   value=’NetWare NDS Update Organizational Unit Form’/>
<Attribute name=’NetWare NDS with SecretStore Create User Form’
value=’NetWare NDS Create User Form’/>
<Attribute name=’NetWare NDS with SecretStore Update User Form’
value=’NetWare NDS Update User Form’/>