15.3 Deploying a Driver Set to an Identity Vault

Suppose that you finish a new driver set that you want to deploy into a test tree, or suppose that you have imported a driver set, made modifications, and now you want to deploy the driver set back into its working tree. Use the following procedure to deploy an Identity Manager Driver Set object (and all contained Identity Manager drivers) into an existing Identity Manager system in an eDirectory tree:

  1. Right-click the Driver Set icon in the Modeler view, then click Live > Deploy.

    You can also deploy the Driver Set from the Outline view by right-clicking the Driver Set object, then selecting Live > Deploy.

    The Identity Vault Credentials window displays if Designer can’t authenticate to the eDirectory tree specified in the Identity Vault, or if you do not have the Deployment DN designated in the Properties tab of the Identity Vault where you are deploying.

  2. Use the Compare feature to see differences between the objects you are deploying and those that already reside in an eDirectory tree.

    See Using the Compare Feature When Deploying.

  3. In the Deployment Summary window, click Deploy.

  4. Click OK to close the Information window.

  5. (Conditional.) If you see other informational messages, decide what action to take.

    You might also see a message in the Deployment Results window stating that the deployment was unsuccessful. Click the error messages in the Operation Results portion of the window to see the error descriptions and possible reasons in the Details portion.

  6. (Conditional) If this is a new deployment, the Deploy - New Driver Settings window displays. Define security equivalences on the driver set and identify all objects that represent Administrative roles and exclude them from being replicated.

    In both instances, NetIQ recommends that you select the Admin object, and any other objects that qualify in your network environment.

  7. Click OK.

15.3.1 eDir-to-eDir Deployments and SSL/TLS

By default, always deploy both sides of an eDirectory-to-eDirectory connection when you have SSL and TLS enabled. If SSL/TLS are enabled, Designer creates the certificates in the eDirectory tree when you deploy the drivers. SSL and TLS are not enabled or configured by default.

To check your present SSL settings, click Window > Preferences, then click NetIQ > Identity Manager > Configuration and click the eDir-to-eDir SSL/TLS tab. After configuration, the Deploy feature uses the SSL preference settings under Certificate overwrite policy.

If you changed the default NCP port (524) used for eDirectory-to-eDirectory connection, perform the following actions:

  1. Restart the server for the change to take effect.

  2. Specify the new port number in the ncpPort attribute in the Identity Vault properties page in Designer.

  3. Create the eDirectory-to-eDirectory certificate in Designer.