3.5 Configuring Driver Sets

A driver set is a container that holds Identity Manager drivers. Only one driver set can be active on a server at a time. As a result, all active drivers must be grouped into the same driver set. To view or change settings, double-click a driver set in the Modeler.

3.5.1 Driver Set General Options

When you create an Identity Vault, a driver set is added to the vault by default.

Figure 3-2 A Driver Set in an Identity Vault

You can add other driver sets by dragging the Driver Set object from the palette to the Modeler.

From the General page, you can specify or change driver set values.

Table 3-5 Driver Set Settings

Field

Description

Name

The name of the Driver Set object. For example, cn=driverset1,o=system.

Create a new partition on this driver set

NetIQ recommends that you select this option. For details, see the NetIQ Identity Manager Setup Guide for Linux and NetIQ Identity Manager Setup Guide for Windows.

Deploy context

The Identity Vault assigns the default DN container value to all driver sets in LDAP format. If you specify a DN container here on the Driver Set object, that setting takes precedence over the Identity Vault setting. For example, o=system.

You can manually enter this value or browse for it.

3.5.2 Driver Set Configuration

You can link in Global Configuration objects to the driver set GCVs. This allows you to reuse Global Configuration objects instead of creating multiple GCVs for the driver set.

To add a Global Configuration object:

  1. Click Add, then browse to and select the Global Configuration object.

  2. Click Apply to save the change.

You can change the order that the Global Configuration objects are listed by selecting the object, then clicking Up or Down.

3.5.3 Driver Set Global Configuration Values

Global configuration values (GCVs) are settings that are similar to driver parameters. Global configuration values can be specified for a driver set as well as an individual driver. If a driver does not have a GCV, the driver inherits the value for that GCV from the driver set.

GCVs allow you to specify settings for Identity Manager features such as password synchronization and driver heartbeat, as well as settings that are specific to the function of an individual driver configuration. Some GCVs are provided with the drivers, but you can also add your own. You can refer to these values in a policy to help you customize your driver configuration.

To view or change the driver set's GCV settings, double-click the driver set. From the Global Configuration Values page, you can add, edit, or remove values, or edit the XML file for the driver set.

3.5.4 Java Environment Parameters

The Java Environment Parameters enable you to configure the Java virtual machine (JVM) on the Identity Manager server associated with the driver set.

Table 3-6 Java Environment Parameters Settings

Field

Description

Classpath Additions

Specifies additional paths for the JVM to search for package (.jar) and class (.class) files. Using this parameter is the same as using the java -classpath command. When you enter multiple class paths, separate them with a semicolon (;) for a Windows JVM and a colon (:) for UNIX/Linux JVMs.

JVM Options

Specifies additional options to use with the JVM. Refer to your JVM documentation for valid options.

Initial Heap Size

Specifies the initial (minimum) heap size available to the JVM. Increasing the initial heap size can improve startup time and performance. Enter a numeric value followed by g, m, or k (case insensitive). If no letter size is specified, the size defaults to bytes. Using this parameter is the same as using the java -Xms command.

Refer to your JVM documentation for information about the default initial heap size for the JVM.

Maximum Heap Size

Specifies the maximum heap size available to the JVM. Enter a numeric value followed by g, m, or k (case insensitive). If no letter size is specified, the size defaults to bytes. Using this parameter is the same as using the java -Xmx command.

Refer to your JVM documentation for information about the default maximum heap size for the JVM.

3.5.5 Driver Set Log Levels

The Driver Set Log Level options enable you to view high-level information. For lower-level information, use the Trace option.

By default, logging is turned off. To track errors, messages, or events, change the default.

  1. Double-click the driver set.

  2. Select Driver Set Log Level.

  3. Select a logging option.

    The log option that you select determines which messages are available in the log.

  4. To configure audit instrumentation, select Log specific events, click the event selector button, select events, then click OK.

    The Update only the last log time option updates the time stamp to indicate the last activity of the driver.

  5. Specify the number of entries in the log.

    The default is 50 entries (lines) in the log. If you want a longer history, increase the number.

  6. Save changes by clicking OK.

The driver set log contains messages from the engine when it tries to start or stop drivers. To view the log, use iManager. Select the Status Log icon above the Identity Vault in the Identity Manager Overview.

3.5.6 Driver Set Named Passwords

The Named Passwords property page allows you to manage (add, edit, delete) named passwords for the selected driver set. When named passwords are defined in the driver set, the passwords are available to all drivers in the driver set.

NOTE:If you create a named password of the same name in both the driver set and a driver in the driver set, the named password settings in the driver take precedence.

You can define named passwords on both drivers and driver sets. For more information about named passwords, see Driver Named Passwords.

3.5.7 Driver Set Packages

The Packages option allows you to manage any packages at the driver set level. A package at the driver set level is applied to all of the drivers that reside in the selected driver set.

The following table lists the options available to manage packages. For more information about packages, see Section 6.0, Managing Packages.

Table 3-7 Managing Packages Options

Options

Descriptions

Add package

Adds a package to the driver set. You must add a package before you can install a package. Click the Add package icon, then select the package to install and click OK.

Create package

The Create package option is only available if the Enable Package Developer Mode is selected in the Identity Vault Configuration page. Only developers create packages for redistribution.

Package

Lists the name and the current state of the package.

Version

Lists the version of the package.

Upgrades

Indicates that there is a newer version of a package imported into the package catalog, but it has not been installed. The package needs to be upgraded.

Operation

Lists the operations that can be performed on a package.

  • Install: The Install option is only available after a package is added to the driver set. Select Install, then click Apply to install the package.

  • Uninstall: The Uninstall option is only available after a package is installed to the driver set. Select Uninstall, then click Apply to uninstall the package.

  • Upgrade: The Upgrade option is only available if there is a newer version of the package available for installation. Select Upgrade, then click OK to upgrade the package.

  • Downgrade: The Downgrade option is only available if you have upgraded a package and the older package is installed in the package catalog. Select Downgrade, then click OK to downgrade the package.

  • Revert Customizations: The Revert Customizations option is only available if you have made changes to the policies that are installed with a package. Select Revert Customization, then click Apply to remove the customization.

3.5.8 Driver Set Server List

After adding one or more servers to the Identity Vault, you can view or change the driver set’s server association.

Select a server in the Available Servers list, then use the arrows to move the server to the Selected Server list. If a server is not in the Available Servers list, you must first add it by editing the Identity Vault properties. See Configuring Identity Vaults.

3.5.9 Driver Set Trace

Although a driver set has nothing to trace, you can add a trace level to a driver set. The Trace setting specifies a trace level used with all drivers associated with the driver set.

With the trace set, DS Trace displays Identity Manager and DirXML events as the engine processes the events. The trace level affects each driver in the driver set. Use the trace level for troubleshooting issues with the drivers when they are deployed. DS Trace displays the output of the specified trace level.

IMPORTANT:You should use the trace level only for testing or for troubleshooting driver issues. Setting a driver trace level on a production driver can cause Identity Manager server to process events slowly.

To set a driver set’s trace characteristics:

  1. In the Outline view or Modeler, right-click the driver set, then select Properties.

  2. In the driver properties, select Trace in the left navigation area.

  3. On the Trace page, specify the trace settings for the driver set, then click OK.

Table 3-8 Driver Set Trace Settings

Field

Description

Trace level

The IDM engine supports the following trace levels:

  • Trace level 0: Displays fatal messages, errors, warnings and successes.

  • Trace levels 1: Displays informational messages in addition to the information from Trace level 0.

  • Trace level 2: Displays contents of XML documents in addition to the information from Trace level 1.

  • Trace level 3: Displays policy information in addition to the information from Trace level 2.

XSL Trace Level

DS Trace displays XSL events. Set this trace level only when troubleshooting XSL style sheets. If you do not want to see XSL information, set the level to 0.

Java Debug Port

Allows developers to attach a Java debugger.

Trace File

When a value is set in this field, all Java information for the driver is written to file. The value for this field is the path for that file.

As long as the file is specified, Java information is written to this file. If you do not need to debug Java, leave this field blank.

Trace File Encoding

The trace file uses the system’s default encoding. You can specify another encoding if desired.

Trace File Size Limit

Sets a limit for the Java trace file. Select Unlimited to allow the file to grow to fill the disk.

The following methods help you capture and save Identity Manager trace information.

Windows

Open the Control Panel, select NDS Services, then click DS Trace.DLM > Start. A window named NDS Server Trace Utility opens.

To set the filters to capture the DirXML trace information:

  1. Click Edit > Options > Clear All.

  2. Click the boxes next to DirXML and DirXML Drivers, then click OK.

To save the information to a file:

  1. Click File > New.

    A dialog box prompts for a filename.

  2. Enter a filename with the extension of .log.

  3. To stop capturing information, click File > Close.

    The file is saved.

UNIX

Use the ndstrace command at the console to display the Identity Manager events. The exit command quits the trace utility.

Table 3-9 ndstrace Commands

Command

Description

Set ndstrace=nodebug

Turns off all trace flags.

Set ndstrace on

Displays trace messages to the console.

Set ndstrace file on

Captures trace message to the ndstrace.log file in the /var/nds directory.

Set ndstrace file off

Stops capturing trace messages to the file.

Set ndstrace=+dxml

Displays the Identity Manager events

Set ndstrace=+dvrs

Displays the Identity Manager driver events.

iMonitor

Use iMonitor to get DS Trace information from a Web browser.

Table 3-10 Platforms and Commands for Web Browsers

Platform

Command

Windows

ndsimon.dlm

Linux/Solaris/AIX/HP-UX

ndsimonitor

  1. Access iMonitor from http://server_ip:8008/nds (the default port).

  2. Click Trace Configuration.

  3. Click Clear All.

  4. Click DirXML and DirXML Drivers.

  5. Click Trace On, then click Trace History.

  6. Click the Current document icon to view the live trace.