1.2 Support for Standard Driver Features

The LDAP driver supports these standard driver features:

1.2.1 Local and Remote Platforms

You can install the LDAP driver locally or remotely.

An installation on the same computer where an Identity Vault and the Identity Manager engine are installed is referred to as a local configuration. The following figure illustrates a local configuration:

Figure 1-2 A Local Configuration

If platform or policy constraints make a local configuration difficult, you can install the LDAP driver on the server hosting the target LDAP server. This installation is referred to as a remote configuration and requires the use of the Remote Loader service.

Although a remote configuration is possible, it provides little additional flexibility because of the following:

  • The driver can run on any Identity Vault platform.

  • The driver communicates with the LDAP server on any platform across the wire via the LDAP protocol.

See Implementation Checklist in the NetIQ Identity Manager Setup Guide for Linux or Implementation Checklist in the NetIQ Identity Manager Setup Guide for Windows for information about the supported platforms for the Identity Manager server and Remote Loader.

1.2.2 Password Synchronization

The LDAP driver supports password synchronization on the Subscriber channel, meaning that you can send passwords from the Identity Vault to any connected LDAP directory.

Password synchronization on the Publisher channel (LDAP directory to Identity Vault) is supported only with Sun Java System Directory Server Enterprise Edition version 6.3.x. For more information about installing the Identity Manager plug-ins for synchronizing passwords on the Subscriber channel, see Installing the Identity Manager Plug-Ins for Password Synchronization with Sun Java System Directory.