IDM Driver for Frontrange Heat – Simple Step-by-Step

mbluteau

By: mbluteau

March 29, 2011 3:26 pm

Reads: 184

Comments:0

Rating:0

Frontrange Heat is a popular Help Desk solution that contains user profiles and accounts of various types. We will walk you through the process of getting up and running a simple driver that synchronizes profiles from the Profile table down to the Identity Vault (Identity Manager/eDirectory).

While there are also other tables like HEATCAI that contain interesting information, we will not cover these in our example. But once you get an example driver up and running, it is fairly easy to adapt it to your own requirements, and even turn it into a bi-directional driver.

First, because Heat is built on top of MS-SQL 2005 (I am using Heat 9 Demo in my lab), you need to copy the jtds open source JDBC driver on your Identity Manager server (e.g. /opt/novell/eDirectory/lib/dirxml/classes for Linux). You can obtain the jtds driver from: http://sourceforge.net/projects/jtds/files/

N.B. A restart for eDirectory is required, otherwise you will get a ClassNotFound error after copying the jtds file.

Next, you need access to MS-SQL tables and settings for your Heat server. I installed Microsoft SQL Server Management Studio right onto my Heat server, and use Windows login mode while logged in as Administrator locally.

First step, we will create a View for the Profile table.

Click to view.

Figure 1: Create a view for providing access to the Profile table for the driver. Prefix the CustID column with pk_ to flag it as the simulated primary key.

Click to view.

Figure 2: Using a Where condition, you can restrict the CustType in the view to Employee.

Click to view.

Figure 3: Accessing the VIEW_Profile view.

Click to view.

Figure 4: Create a new login in MS-SQL called IDM.

Click to view.

Figure 5: Create a new database user for IDM.

Click to view.

Figure 6: You can explicitly deny access to the table Profile for IDM.

Click to view.

Figure 7: You need to provide read access at a minimum for IDM.

You can test connectivity with a database client.

Click to view.

Figure 9: DbVisualizer connection properties.

Click to view.

Figure 10: Accessing the view using DBVisualizer.

Now let’s create the driver using Designer.

Click to view.

Figure 11: Access a project using Designer. Drap-and-Drop MS SQL driver onto project.

Click to view.

Figure 12: New driver wizard for JDBC driver.

Click to view.

Figure 13: New driver wizard for MS-SQL.

Click to view.

Figure 14: New driver wizard, select MS-SQL version.

Click to view.

Figure 15: Select Direct and JTDS.

Click to view.

Figure 16: Enter IP Address and Port.

Click to view.

Figure 17: Enter user/group OU and select triggerless.

Click to view.

Figure 18: Select Configure.

Click to view.

Figure 19: Modify URL and enter IDM password.

Click to view.

Figure 20: Replace view name.

Click to view.

Figure 21: Edit Schema mapping.

Click to view.

Figure 22: Modify Filter.

Click to view.

Figure 23: Remove Post Polling Statements.

Click to view.

Figure 24: Modify Placement Rule(Publisher).

Click to view.

Figure 25: Modify Create Rule to assign default password(optional).

Now you are ready to fire up your driver. Driver should automatically import users from Profile table.

Click to view.

Figure 26: Users created in Identity Vault(iManager).

Click to view.

Figure 27: Metadata for an imported user.

Now you can take it from there, and add support for other types of objects, and even start to provision new profiles in Heat by modifying the Filters and driver parameters. Or course, you probably want to spend some time understanding how Heat is used by a specific organization. Heat customers probably have some user import scripts or procedures already that you will want to investigate. You can check http://support.frontrange.com/support/HEAT/Import321.htm for an example.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment