The security parameters must be configured correctly for the driver to function properly. In most instances, the driver does not start if the parameters are not configured correctly.
To change these parameters in iManager:
Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.
Browse to the driver, then click the upper right corner of the driver icon.
Click Edit Properties > Driver Configuration > Driver Parameters.
Review the driver parameters in Table 9-1, and decide if you need to make any changes.
To change these parameters in Designer:
Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.
Click Driver Parameters.
Review the driver parameters in Table 9-1, and decide if you need to make any changes.
Table 9-1 Security Parameters
Security Parameter |
Description |
---|---|
Authentication ID |
The account the driver uses to access the domain data. The Authentication ID can be specified by using different formats:
|
Authentication context |
The context used to access domain data. The Authentication context can be specified by using different formats:
|
Application password |
The password for the Authentication ID account. |
Authentication Method |
The method of authentication to Active Directory. Negotiate uses Microsoft’s security package to negotiate the logon type. Typically Kerberos or NTLM is selected. Simple uses LDAP style simple bind for logon. If you want to use Password Synchronization, select Negotiate. |
Digitally sign communications |
This setting enables signing on a Kerberos or NTLM v2 authenticated connection between the driver shim and the Active Directory database. Signing ensures that a malicious computer is not intercepting data. This does not hide the data from view on the network, but it reduces the chance of security attacks. Signing only works when you use the Negotiate authentication method and the underlying security provider selects NTLM v2 or Kerberos for its protocol. Select Yes to digitally sign the communication between the driver shim and Active Directory. Do not use this option with SSL. Select No if you do not want to sign communication between the driver shim and the Active Directory database. |
Digitally sign and seal communications |
This setting enables encryption on a Kerberos or NTLM v2 authenticated connection between the driver shim and the Active Directory database. Sealing encrypts the data so that it cannot be viewed by a network monitor. Sealing only works when you use the Negotiate authentication method and the underlying security provider selects NTLM v2 or Kerberos for its protocols. Select Yes to digitally encrypt communication between the driver shim and the Active Directory database. Do not use this option with SSL. Select No if you do not want to sign and seal communication between the driver shim and the Active Directory database. |
Use SSL for encryption |
Select Yes to digitally encrypt communication between the driver shim and the Active Directory database. This option can be used with Negotiate or Simple authentication methods. SSL requires that the Microsoft server running the driver shim imports the domain controller’s server certificate. For more information, see By default, the parameter is set to No. If you set this value to Yes, the SSL pipe is encrypted for the entire conversation. An encrypted pipe is preferred because the driver typically synchronizes sensitive information. However, encryption slows the general performance of your servers. |
Logon and impersonate |
Select Yes to log on and impersonate the driver authentication account for CDOEXM (Collaboration Data Object for Exchange Management) and Password Set support. The driver performs a local logon. The authentication account must have the proper rights assignment. For more information, see Creating an Administrative Account. If No is selected, the driver performs a network logon only. |