9.2 Creating and Configuring a Driver Set

A driver set is a container that holds Identity Manager drivers. Only one driver set can be associated with any server at a time. You can use the Designer tool to create a driver set. If a server is already associated to a driver set and then you assign the server to a new driver set, the server will be removed from the original driver set.

To support password synchronization to the Identity Vault, Identity Manager requires that driver sets have a password policy. You can use the Default Universal Password Policy package in Identity Manager or create a password policy based on your existing organizational requirement. However, the password policy must include the DirMXL-PasswordPolicy object. If the policy object does not exist in the Identity Vault, you can create the object.

9.2.1 Creating Driver Set

Designer for Identity Manager provides many settings to create and configure a driver set. These settings allow you to specify Global Configurations Values, driver set packages, driver set named passwords, log levels, trace levels, and Java Environment Parameters. For more information, see Configuring Driver Sets in the NetIQ Designer for Identity Manager Administration Guide.

9.2.2 Assigning the Default Password Policy to Driver Sets

You must assign the DirMXL-PasswordPolicy object to each driver set in the Identity Vault. The Identity Manager Default Universal Password Policy package includes this policy object. The default policy installs and assigns a universal password policy to control how the Identity Manager engine automatically generates random passwords for drivers.

Alternatively, to use a custom password policy, you must create the password policy object and the policy. For more information, see Creating the Password Policy Object in the Identity Vault and Creating a Custom Password Policy.

  1. Open your project in Designer.

  2. In the Outline pane, expand your project.

  3. Expand Package Catalog > Common to verify whether the Default Universal Password Policy package exists.

  4. (Conditional) If the password policy package is not already listed in Designer, complete the following steps:

    1. Right-click Package Catalog.

    2. Select Import Package.

    3. Select Identity Manager Default Universal Password Policy, and then click OK.

      To ensure that the table displays all available packages, you might need to deselect Show Base Packages Only.

  5. Select each driver set and assign the password policy.

9.2.3 Creating the Password Policy Object in the Identity Vault

If the DirMXL-PasswordPolicy object does not exist in the Identity Vault, you can use Designer or the ldapmodify utility to create the object. For more information about how to do this in Designer, see Configuring Driver Sets in NetIQ Designer for Identity Manager Administration Guide. To use the ldapmodify utility, use the following procedure:

  1. In a text editor, create an LDAP Data Interchange Format (LDIF) file with the following attributes:

    dn: cn=DirXML-PasswordPolicy,cn=Password Policies,cn=Security 
    changetype: add 
    nsimPwdRuleEnforcement: FALSE 
    nspmSpecialAsLastCharacter: TRUE 
    nspmSpecialAsFirstCharacter: TRUE 
    nspmSpecialCharactersAllowed: TRUE 
    nspmNumericAsLastCharacter: TRUE 
    nspmNumericAsFirstCharacter: TRUE 
    nspmNumericCharactersAllowed: TRUE 
    nspmMaximumLength: 64 
    nspmConfigurationOptions: 596 
    passwordUniqueRequired: FALSE 
    passwordMinimumLength: 1 
    passwordAllowChange: TRUE 
    objectClass: nspmPasswordPolicy 
    dn: cn=DirXML-PasswordPolicy,cn=Password Policies,cn=Security 
    changetype: modify 
    add: nsimAssignments 
    nsimAssignments: <driverset LDAP dn>

    NOTE:Copying the content as is might insert some hidden special characters in the file. If you receive a ldif_record() = 17 error message when you add these attributes to the Identity Vault, insert an extra space between the two DNs.

  2. To add the DirMXL-PasswordPolicy object in the Identity Vault, import the attributes from the file by running ldapmodify.exe from the install/utilities directory of the Identity Manager installation kit.

9.2.4 Creating a Custom Password Policy

Rather than using the default password policy in Identity Manager, you can create a new policy based on your organizational requirements. You can assign a password policy to the entire tree structure, a partition root container, a container, or a specific user. To simplify management, NetIQ recommends that you assign password policies as high in the tree as possible. For more information, see Creating Password Policies in the Password Management 3.3.2 Administration Guide.

NOTE:You must also assign the DirXML-PasswordPolicy object to the driver sets. For more information, see Creating the Password Policy Object in the Identity Vault.

9.2.5 Creating the Default Notification Collection Object in the Identity Vault

The Default Notification Collection is an Identity Vault object that contains a set of e-mail notification templates and an SMTP server that is used when sending e-mails generated from the templates. If the Default Notification Collection object does not exist in the Identity Vault, use Designer to create the object.

  1. Open your project in Designer.

  2. In the Outline pane, expand your project.

  3. Right-click the Identity Vault, then click Identity Vault Properties.

  4. Click Packages, then click the Add Packages icon.

  5. Select all the notification templates packages, and then click OK.

  6. Click Apply to install the packages with the Install operation.

  7. Deploy the notification templates to the Identity Vault.