This section provides information related to using the NetWare NDS resource adapter, which is organized into the following sections:
The NetWare NDS adapter in Active Sync mode does not detect account deletions. As a result, you must reconcile to detect these deletions.
The NDS adapters support template values, including user DS and FS rights, Home Directory rights, and Trustees of New Object.
To avoid display problems on the Resources page, set the “Identity Manager User Name Attribute” parameter to cn.
NDS uses periods instead of commas to mark segments of a name. Identity Manager will return an error message if you specify commas.
Home Directory (String) The format of this attribute is
The NameSpaceType is one of:
0 indicates DOS name space
1 indicates Macintosh name space
2 indicates UNIX or NFS name space
3 indicates FTAM name space
4 indicates OS/2, Windows 95, or Windows NT name space
Create Home Directory (Boolean) This attribute acts as a flag to indicate whether the actual directory should be created. The directory is created when this flag is set to true.
If you encounter the following error on the NDS adapter,
NWDSAddSecurityEquiv: 0xFFFFFD9B (-613): ERR_SYNTAX_VIOLATION
You might need to increase the following registry keys in HKEY_LOCAL_MACHINE\Software\Waveset\Lighthouse\Gateway
nds_method_retry_count (The default is 10.)
nds_method_retry_sleep_interval (The default is 1000 milliseconds.)
The NetWare API is not compatible with the searchFilter option of the getResourceObjects FormUtil method.
If the account that connects to the NDS resource is restricted by the NDS loginMaximumSimultaneous attribute, then set the Connection Limit resource parameter to a value less than or equal to the value specified by loginMaximumSimultaneous.
Before Identity Manager 8.0, implementing pass-through authentication required that you edit a registry key and create a separate resource adapter dedicated to performing pass-through authentication. This adapter communicated with the NetWare resource through its own gateway.
As of Identity Manager 8.0, pass-through authentication to a NetWare resource can be performed with a single resource and gateway. If you implemented pass-through authentication in a version prior to 8.0 and want to use a single resource and gateway, perform the following procedure.
Delete the pass-through authentication resource from your NDS login module group.
If you want to delete the pass-through authentication resource from Identity Manager, first delete or modify the common resources attribute of the System Configuration object.
<Attribute name=’common resources’> <Object> <Attribute name=’NDS Group’> <List> <String>NDS_Resource_Host</String> <String>NDS_Passthrough_Host</String> </List> </Attribute> </Object> </Attribute>
If your NDS group contains only the NDS resource and pass-through authentication host, then delete the entire Attribute element. Otherwise, delete the string that defines the pass-through authentication host.
Delete the pass-through authentication resource from the Resources page.
If the gateway is no longer needed on the pass-through authentication host, you may disable the gateway service and remove the application.
The NetWare adapters allow you to use the RA_HANGTIMEOUT resource attribute to specify a timeout value, in seconds. This attribute controls how long before a request to the gateway times out and is considered hung.
You must manually add this attribute to the Resource object as follows:
<ResourceAttribute name=’Hang Timeout’ displayName=’com.waveset.adapter. RAMessages:RESATTR_HANGTIMEOUT’ type=’int’ description=’com.waveset.adapter.RAMessages: RESATTR_HANGTIMEOUT_HELP’ value=’NewValue’> </ResourceAttribute>
The default value for this attribute is 0, indicating that Identity Manager will not check for a hung connection.
When integration with GroupWise is enabled, the NDS adapter can manage the GroupWise attributes of NDS users. The NDS adapter supports adding and removing NDS users from a GroupWise Post Office. It also retrieves or modifies other GroupWise account attribute, including AccountID, GatewayAccess, and DistributionLists.
Enabling GroupWise Integration
To activate the integration with GroupWise, you must define a value in the GroupWise Domain DN resource attribute. This value specifies the DN of the GroupWise domain which will managed. An example value for this attribute is
The NDS Tree resource attribute defines the NDS tree under which the GroupWise domain is expected to reside is. That is, the GroupWise domain must be in the same tree as the NDS users managed by the adapter.
The account attribute GW_PostOffice represents the GroupWise Post Office.
To add an NDS user into a GroupWise Post Office, set the GW_PostOffice account attribute to the name of an existing Post Office that is associated with the GroupWise domain.
To move an NDS user to a different GroupWise Post Office, set the GW_PostOffice account attribute to the name of the new Post Office that is associated with the GroupWise domain.
To remove an NDS user from its Post Office, set the GW_PostOffice account attribute to the same value as the GroupWise Delete Pattern resource attribute. The default value for GroupWise Delete Pattern resource attribute is *TRASH*.
Under the lines that read:
<!-- form mappings --> <Attribute name=’form’> <Object>
add the following:
<!-- NetWare NDS with SecretStore --> <Attribute name=’NetWare NDS with SecretStore Create Group Form’ value=’NetWare NDS Create Group Form’/> <Attribute name=’NetWare NDS with SecretStore Update Group Form’ value=’NetWare NDS Update Group Form’/> <Attribute name=’NetWare NDS with SecretStore Create Organization Form’ value=’NetWare NDS Create Organization Form’/> <Attribute name=’NetWare NDS with SecretStore Update Organization Form’ value=’NetWare NDS Update Organization Form’/> <Attribute name=’NetWare NDS with SecretStore Create Organizational Unit Form’ value=’NetWare NDS Create Organizational Unit Form’/> <Attribute name=’NetWare NDS with SecretStore Update Organizational Unit Form’ value=’NetWare NDS Update Organizational Unit Form’/> <Attribute name=’NetWare NDS with SecretStore Create User Form’ value=’NetWare NDS Create User Form’/> <Attribute name=’NetWare NDS with SecretStore Update User Form’ value=’NetWare NDS Update User Form’/>