In addition to eDirectory 8.8.8 Patch 3, you can install eDirectory 9.0.2 or later as an Identity Vault and as a connected system with Identity Manager 4.6. Before using eDirectory 9.0.2 or later as an Identity Vault, NetIQ recommends that you review the following sections:
Review the following table to understand which features of eDirectory 9.0.1 or later can be enabled with Identity Manager. None of these restrictions apply when eDirectory 9.0.1 or later is used as a connected system.
|
Feature |
Can be enabled (Yes/No) |
Description |
|---|---|---|
|
TLS 1.2 |
Yes |
Can enable all TCP communication using TLS 1.2 protocol. |
|
Suite B Configuration |
Yes |
Can configure stronger ciphers for SSL communication as specified by Suite B. |
|
AES 256-bit SDI Key |
Yes |
No impact on Identity Manager |
|
LDAP and HTTP Services |
Yes |
The Identity Manager services continue to use the RSA certificate. |
|
Authentication |
Yes |
No impact on Identity Manager |
|
NPKI (NetIQ Certificate Server) |
Yes |
No impact on Identity Manager |
|
NICI in FIPS Mode |
No |
NICI is disabled in FIPS mode by default. If you enable it, the Identity Manager engine does not start and reports an error. For information about changing the NICI configuration to a non-FIPS mode, see Changing the NICI Configuration to a Non-FIPS Mode in eDirectory. |
|
Container Readiness |
Yes |
No impact on Identity Manager |
|
Enhanced Nested Groups |
Yes |
Not supported by Identity Manager engine and drivers |
|
Proxied Authorization Control |
Yes |
No impact on Identity Manager |
|
Monitoring |
Yes |
No support extended for monitoring Identity Manager components |
|
Enhanced Data Replication |
Yes |
No impact on Identity Manager |
|
Improved Data Synchronization |
Yes |
No impact on Identity Manager |
|
Optimized Janitor Thread of Inherited ACL Calculation |
Yes |
No impact on Identity Manager |
For detailed information about the new features of eDirectory 9.0.1 and 9.0.2, see the appropriate Release Notes at eDirectory Documentation site.
Identity Manager 4.6 does not support eDirectory 9.0.1 or later with NICI enabled in FIPS mode. For Identity Manager to work properly, you must disable the FIPS mode for NICI in the NICI configuration in one of the following ways:
Linux: Navigate to /etc/opt/novell/nici64.cfg and change RestrictionLevel to 0.
Windows: Navigate to the HKLM\SOFTWARE\Novell\Windows registry and change this setting to 0 in the nici_x64 key. Make this change in the nici_x64 key on each server in the tree.