22.5 Deploying Identity Manager Objects

When you see an error message in Designer, the message corresponds to the place where Designer could not complete the task, and indicates the best place to start troubleshooting. This section discusses the common problems you face when deploying Identity Manager objects into an eDirectory tree. To see error messages and possible solutions, see Section 22.11, Error Messages and Solutions.

22.5.1 Deployment Considerations

  • Ensure that the Metadirectory server meets the system requirements necessary to run Identity Manager. See Overview chapter in the Identity Manager 4.0.2 Integrated Installation Guide for requirements.

  • Ensure that the Metadirectory server you are deploying to has Identity Manager installed and holds a real copy of the objects to which you want to synchronize. The server running eDirectory must have a Master Read-Write or a Filtered Read-Write replica.

  • Ensure that the Java software installed on the server is running correctly, because Identity Manager is dependent on Java. If Java is corrupted, you might be able to deploy to a Metadirectory server but not run the Identity Manager drivers.

  • To deploy an Identity Manager-based project or an object in a project, you must have access to the eDirectory tree that is associated with the Identity Vault you are designing. Select the Identity Vault you want to deploy, then look in the Properties view below the Project/Outline view.

    Figure 22-2 The Properties View

    In the Properties view, ensure that the Identity Vault’s Name, Host Address, User DN, Password, Deploy Context’s Distinguished Name (DN), and Metadirectory information is complete and accurate. (You can click the Browse icon to find the Deploy Context’s DN on an existing tree if the other information is accurate and Designer can attach to the eDirectory tree.) You need this information to deploy anything, even a policy, into an existing eDirectory tree running the Metadirectory engine.

  • Use the Deploy feature only after you have thoroughly tested the rules and policies that make up your drivers. To test a policy, use the Policy Simulator (right-click a policy and select Simulate, then click Start to see the simulation results of the policy that is being tested). For policy design, see the Policy Builder Help topics within the Designer utility.

    You can use the Import feature to import a driver, a channel, or a policy. You can then modify the object or objects, run the Policy Simulator to ensure that the object is working correctly, then deploy the object back into the test tree for further analysis. You can also run the Compare feature to see the differences between your modified driver and the driver that is currently running on an Identity Vault server.

  • In the Outline view in the Project Group view, right-click the driver object in question (you can also double-click the driver object). Use the Properties window to make most changes to drivers. Properties are unique to each driver.

    A simple driver problem is specifying the incorrect context (Distinguished DN) for an eDirectory tree. For example, the context of a user object in eDirectory is shown with the slash notation (for example, Blanston\Sales\Users) on the Properties of the Identity Manager driver or when you import the driver. However, different drivers can use formats other than the slash notation. For example, Active Directory and LDAP drivers use comma-delimited format (OU=Users,OU=Sales,O=Blanston). See the driver guides for further details on the drivers you are deploying.

22.5.2 An Example Deployment Error

When you deploy an Identity Vault for the first time, there are several common sources for errors, from incorrectly typing information to not completing the driver set templates.

Figure 22-3 Default Server Container Message

Right-click the Identity Vault in the Modeler view, select Properties > Server List, then click the Edit icon to edit the server information.

Figure 22-4 Correcting a Server Name Problem