16.3 Deploying a Driver Set to an Identity Vault

Suppose that you finish a new driver set that you want to deploy into a test tree, or suppose that you have imported a driver set, made modifications, and now you want to deploy the driver set back into its working tree. Use the following procedure to deploy an Identity Manager Driver Set object (and all contained Identity Manager drivers) into an existing Identity Manager system in an eDirectory tree:

  1. Right-click the Driver Set icon in the Modeler view, then click Live > Deploy.

    You can also deploy the Driver Set from the Outline view by right-clicking the Driver Set object, then selecting Live > Deploy.

    The Identity Vault Credentials window displays if Designer can’t authenticate to the eDirectory tree specified in the Identity Vault, or if you do not have the Deployment DN designated in the Properties tab of the Identity Vault where you are deploying.

  2. Use the Compare feature to see differences between the objects you are deploying and those that already reside in an eDirectory tree.

    See Section 16.7, Using the Compare Feature When Deploying.

  3. In the Deployment Summary window, click Deploy.

  4. Click OK to close the Information window.

  5. (Conditional.) If you see other informational messages, decide what action to take.

    You might also see a message in the Deployment Results window stating that the deployment was unsuccessful. Click the error messages in the Operation Results portion of the window to see the error descriptions and possible reasons in the Details portion.

  6. (Conditional) If this is a new deployment, the Deploy - New Driver Settings window displays. Define security equivalences on the driver set and identify all objects that represent Administrative roles and exclude them from being replicated.

    Setting security equivalences and excluding administrative roles

    In both instances, Novell recommends that you select the Admin object, and any other objects that qualify in your network environment.

  7. Click OK.

16.3.1 eDir-to-eDir Deployments and SSL/TLS

By default, always deploy both sides of an eDirectory-to-eDirectory connection when you have SSL and TLS enabled. If SSL/TLS are enabled, Designer creates the certificates in the eDirectory tree when you deploy the drivers. SSL and TLS are not enabled or configured by default.

To check your present SSL settings, click Window > Preferences, then click Novell > Identity Manager > Configuration and click the eDir-to-eDir SSL/TLS tab. After configuration, the Deploy feature uses the SSL preference settings under Certificate overwrite policy.