The LDAP driver supports these standard driver features:
You can install the LDAP driver locally or remotely.
An installation on the same computer where an Identity Vault and the Identity Manager engine are installed is referred to as a local configuration. The following figure illustrates a local configuration:
Figure 1-2 A Local Configuration
If platform or policy constraints make a local configuration difficult, you can install the LDAP driver on the server hosting the target LDAP server. This installation is referred to as a remote configuration and requires the use of the Remote Loader service.
Although a remote configuration is possible, it provides little additional flexibility because of the following:
The driver can run on any Identity Vault platform.
The driver communicates with the LDAP server on any platform across the wire via the LDAP protocol.
See Implementation Checklist
in the NetIQ Identity Manager Setup Guide for Linux or Implementation Checklist
in the NetIQ Identity Manager Setup Guide for Windows for information about the supported platforms for the Identity Manager server and Remote Loader.
The LDAP driver supports password synchronization on the Subscriber channel, meaning that you can send passwords from the Identity Vault to any connected LDAP directory.
Password synchronization on the Publisher channel (LDAP directory to Identity Vault) is supported only with Sun Java System Directory Server Enterprise Edition version 6.3.x. For more information about installing the Identity Manager plug-ins for synchronizing passwords on the Subscriber channel, see Installing the Identity Manager Plug-Ins for Password Synchronization with Sun Java System Directory.