One of NetIQ’s (Novell’s) Identity Manager product major strengths is the tool used to manage the solutions. Designer for Identity Manager.
If you are using IDM and are not familiar with Designer, stop, go get it, and start using it. There is a lot you can do in iManager, but almost all of it can be done better in Designer.
Designer has some amazing features. For example, it can do most everything that iManager can do, such as:
- Manage DirXML Script Policy objects
- Manage Jobs
- Manage Entitlements
- Manage Provisioning stuff. This includes:
- Managing the Directory Abstraction Layer (DAL)
- Managing the Provisioning Request Definitions (PRD)
New with Identity Manager 4 is Packages, which are only really supported in Designer, so if you want to use them to make a new driver, you have to use Designer, as iManager will not let you create a driver from Packages.
You can read more about Packages in this series:
- Let’s talk some more about Packages in Designer 4 – Part 1
- Let’s talk some more about Packages in Designer 4 – Part 2
- Let’s talk some more about Packages in Designer 4 – Part 3
- Let’s talk some more about Packages in Designer 4 – Part 4
- Let’s talk some more about Packages in Designer 4 – Part 5
- Let’s talk some more about Packages in Designer 4 – Part 6
- Let’s talk some more about Packages in Designer 4 – Part 7
- Let’s talk some more about Packages in Designer 4 – Part 8
- Let’s talk some more about Packages in Designer 4 – Part 9
Designer has a couple of great features on top of what iManager provides, like:
Simulator, which allows you to test code offline, and is hugely useful. You can read more about that in this article: Using Simulator in Designer
The eDirectory Browser lets you stay in Designer, and look at objects in your tree. You can read more about this in the article: Using the eDirectory Browser in Designer
There is an XPATH expression builder, that is basically useless as a builder, but great as a validator, built into Designer, and once you understand how to set the context node, it is a great tool. Read the following article for a discussion of the single most important thing to know about XPATH in IDM, which explains all this: Another attempt at explaining the XPATH Context Node
The way changes are pushed from Designer to the tree is both a benefit and a detriment. In iManager all you changes go live, which is nice and more efficient in terms of working. Thus Designers need to push (via a Compare or Deploy) the changes to eDirectory can be tedious at times. I cannot recount the number of times I have made a change, tested and it failed, only to realize I forgot to push the change, or else forgot to restart the driver.
Of course, be careful using Deploy versus using Compare, as described in this article: Designer 3.5 Compare-Deploy Issue
But along the way, you get shown a great display of exactly what has changed, so that you know exactly what you are changing in eDirectory. This also means you can discover what has changed in eDirectory since you last compared to see if anyone has been mucking about in your stuff while you were away.
As you can see there is a ton of great stuff available in Designer and you should really consider using it, if you are not already. For those you already using Designer, I have some tips for getting started with it.
When I get started with a new install of Designer, there are a number of settings I change to configure it the way I like. I have yet to figure out where these settings are stored so I can copy and reuse them. (Which would probably not work when moving between versions as new config options would probably be lost in the process).
I like to minorly customize some of the settings to make it faster and more efficient. So far I have nine changes I make, and I would love to know if you have any personal preferences you change as well, since I am sure people out there know more about Eclipse’isms than I do. For example I know of two really nice Eclipse plugins that help out. One fixes the tab ordering issue, where once you start exceeding the available screen real estate for all the tabs, Eclipse by default uses MRU to display them. Most Recently Used (MRU) is a nice idea, but since I remember the order I left the tabs open in, usually when I have multiple project open, I like to group them together so this MRU reordering actually drives me nuts. I have to remove this when I work on memory or bug issues, but I quite like it. Someone else recently wrote an Eclipse plugin to make it possible to reopen a Package that you do not own, which is helpful (officially when you loose the original Package project that made it, any other use would be an abuse…)
If you have any preferences of plugins, please comment on this article, so we all can share the tips. I will edit and add interesting ones if you would like to keep it all together.
Eclipse is such a big product, used for so many different things (Its the GUI EMACS!) that there are tons of helpful settings just waiting to be tweaked!
I will group these into Eclipse specific settings, as opposed to Designer plugin specific settings.
These settings are really Eclipse related settings, and any Eclipse application might use or benefit from them.
Enable line numbers
This is an Eclipse setting for text views of data to add a column along the left hand side showing line numbers. This is most helpful because some of the errors you get running DirXML Script will often include a line number reference. For example this error shown in Dstrace:
Message: Code(-9083) Error submitting event to subscriber: Code(-9188) Error in vnd.nds.stream://IAM-DEV/SYSTEM/RESOURCES/DriverSet/SAP+User+Management+CMP+JCO3+Designer+3_5/Subscriber/sub-etp-Fanout#XmlData:142: Invalid variable name: 'AQ1CLNT200-ctype'.*
Here the Policy object that the error occurs in is named, as:
Then the attribute the error is stored in XmlData is basically always the same. (Though for PRD’s or User App related things, it could be stored in other attributes like srvPrvProcessXML but probably not in this kind of error).
But the next number, the 142, means on line 142 of that rule. Counting lines stinks, and I have often had policy objects with 4000 or more lines of code, so having the editor show line numbers is a huge help for troubleshooting.
To set it, like all these settings, in Designer, select the Windows menu, and at the bottom select the Preferences item.
General, Editors, Text Editors, and midway down the page, enable Show Line Numbers.
Disable Build workspace automatically
I was told this setting by one of the folks in Novell support passed on by engineering as an attempt to boost performance. I am not entirely clear, but if you are eagle eyed, in the bottom left of the screen in Designer, you might see a Building workspace… with a percentage indicator go by once in a while. If you disable this setting, it stops trying to do it in the background, potentially avoiding some slow downs. I have no idea if this really makes a difference, but since they usually expect it set for troubleshooting, I just leave it disabled.
That is, turn OFF Build Automatically on the Workspace preferences pane.
Designer, Windows, Preferences, General, Workspace, untick Build Automatically
These are settings specific to Novell’s plugins that make up Designer itself.
Show version, author, last changed
In iManager and in Designer, when you make a new rule in a Policy object, using Policy Builder there is a Comments field at the top that I use quite heavily. I try really hard to document what I am doing, but more importantly, why I am doing it, in the Comments section.
Someone pointed out that if you use a Trace token inline in your policy, and disable it, it is functionally a comment token. Once I heard that I started doing that as well.
Regardless, by default, there are actually three more information fields not enabled in the Policy Builder and thus I always turn them on, since I use them heavily.
Show Author, Version, and Last Changed information are the three and I personally think they are quite useful. This lets me sign my handiwork. Alas there is no automated way to click and bump the revision number, so I have to manually manage these. But if I come back a year later and see that I left this as version 17, then I get an instant hint that this is a very tricky rule. I usually write in the comments what I changed in each revision, signed with date stamp and my name so I know when I made the change. This came up recently as I understood in a meeting a requirement that no one else did. But I wrote down the info in the Comments, so I had the date I did it, based on a meeting the day before.
I entered an enhancement request to add a preference to let us select a date format, a version counting method (whole numbers, 1.1, 1.1.1 perhaps), and a name to sign it with, so I could just click increment and let Designer handle that. But alas, this might be considered low priority to product management.
The problem with this default setting is that with it disabled out of the box, people do not use it. I would prefer it be used out of the box.
Designer, Windows, Preferences, Novell, Identity Manager, Policy Builder, enabled three options at the bottom.
SVN polling interval
Version control is a great concept, that allows you to track the changes you made, when, and by whom. However the implementation in Designer has some odd performance and memory issues. The Auto Update 2 for Designer 4.01 has some memory leak fixes, but one of the things you can do to attempt to better performance is drop the polling interval from the default of every minute to every hour. Alas, if you are really using it, you will need to manually poll to see if someone else checked in before you, but it does eliminate these odd pauses in the background.
Designer, Windows, Preferences, Novell, Designer, Version Control, set the polling interval to 3600 seconds.
eDir Cert settings
This is an important one for me, since often clients have certificates generated for the default of two years, and then we get a call every two years to help them renew their certificates. To heck with that! Set your default to ten years, Always overwrite existing certs will help make it easier for you.
Designer, Windows, Preferences, Novell, Identity Manager, set 10 years to validity, Always overwrite certs.
Hide passwords in compares
Passwords when stored in eDirectory can be pushed by the Designer where they were entered. But if you import the project from an Identity Vault, you do not actually get the encrypted value of the password (or at least not the identical one) and therefore every compare you do after that will always show the passwords as different.
Thus I turn them off from the display with this setting. Also on the same tab is Copy Cross driver policy references into exported configuration files which is useful if you use libraries, or share policies across drivers.
Designer, Windows, Preferences, Novell, Identity Manager, Import/Deploy, near the bottom, Filter passwords out of summary and compare dialogs.
set paths for Packages (new to 4)
With the release of Identity Manager 4, Packages became available and there are a couple of Package related preferences that are quite useful to set.
These are more useful if you are building packages than necessarily just using them.
This preference page lets me define where to write the JAR files that is the Package output as I develop, and test new packages for clients.
There are four directories. Build is where the initial build goes. Import is if you want a default to look for packages in the file system. Localization is for adding support for other languages. Publish is where finished packages that perhaps you wish to write straight to a web server to make available to other customers. I am not sure if you use WebDAV or the like to publish there, or if you are expected to have the operating system manage the export to the web server.
Designer, Windows, Preferences, Novell, Package Manager, Location Defaults, and set the Build and Publish directory paths.
Vendor defaults for packages
When I build a package, I want my name, my companies name, and so on stored on the package. It takes a bit of effort to retype this every time, so being able to set it by default for any package I build is great.
Designer, Windows, Preferences, Novell, Package Manager, Vendor Defaults
This is interesting, as Designer ships with two paths, Novell Public, and Novell Beta. But the beta ships disabled. A number of packages have actually wandered through the beta to public path already so it is useful to enable Beta to see what is going on.
Also, if you are getting Packages from somewhere else then you can enter a URL here. As you can see in my screen shot I have Lothar Haeger’s package source added, since he has been rebuilding the Password Notifier driver to use Packages.
Designer, Windows, Preferences, Novell, Package Manager, Online Updates, enable Beta, and add additional URLs.
As you can see there are a few simple settings you can change that can help your day to day usage of Designer.
Please let me know if you can think of any more, since I would love to learn new Designer or Eclipse tricks.