The security parameters must be configured correctly for the driver to function properly. In most instances, the driver does not start if the parameters are not configured correctly.
To change these parameters in iManager:
Click Identity Manager > Identity Manager Overview, then click Search to search for the driver set that is associated with the driver.
Browse to the driver, then click the upper right corner of the driver icon.
Click Edit Properties > Driver Configuration > Driver Parameters.
Review the driver parameters in Table 10-1, and decide if you need to make any changes.
To change these parameters in Designer:
Open a project in the Modeler, then right-click the driver line and select Properties > Driver Configuration.
Click Driver Parameters.
Review the driver parameters in Table 10-1, and decide if you need to make any changes.
Table 10-1 Security Parameters
|
Security Parameter |
Description |
|---|---|
|
Authentication Method |
The method of authentication to Active Directory. Negotiate uses Microsoft’s security package to negotiate the logon type. Typically Kerberos or NTLM is selected. |
|
Digitally sign communications |
This setting enables signing on a Kerberos or NTLM v2 authenticated connection between the driver shim and the Active Directory database. Signing ensures that a malicious computer is not intercepting data. This does not hide the data from view on the network, but it reduces the chance of security attacks. Signing only works when you use the Negotiate authentication method and the underlying security provider selects NTLM v2 or Kerberos for its protocol. Select Yes to digitally sign the communication between the driver shim and Active Directory. Do not use this option with SSL. Select No if you do not want to sign communication between the driver shim and the Active Directory database. |
|
Digitally sign and seal communications |
This setting enables encryption on a Kerberos or NTLM v2 authenticated connection between the driver shim and the Active Directory database. Sealing encrypts the data so that it cannot be viewed by a network monitor. Sealing only works when you use the Negotiate authentication method and the underlying security provider selects NTLM v2 or Kerberos for its protocols. Select Yes to digitally encrypt communication between the driver shim and the Active Directory database. Do not use this option with SSL. Select No if you do not want to sign and seal communication between the driver shim and the Active Directory database. |
|
Use SSL for LDAP connection between Driver Shim and AD |
Select Yes to digitally encrypt communication between the driver shim and the Multi Domain Active Directory database. SSL requires that the Microsoft server running the driver shim imports the domain controller’s server certificate. For more information, see By default, the parameter is set to No. If you set this value to Yes, the SSL pipe is encrypted for the entire conversation. An encrypted pipe is preferred because the driver typically synchronizes sensitive information. However, encryption slows the general performance of your servers. |
|
Logon and impersonate |
Select Yes to log on and impersonate the driver authentication account for IDMPowerShell service and Password Set support. The driver performs a local logon. The authentication account must have the proper rights assignment. For more information, see Creating an Administrative Account. If No is selected, the driver performs a network logon only. |
|
Encryption Password |
Enter the encryption password for passing the encrypted messages in the Windows Messaging Queue. |