For the bidirectional eDirectory driver to work, you must install the change-log module on the remote eDirectory server. The change-log enables the driver to recognize changes that require publication from the remote eDirectory to the Identity Vault. The change-log module is supported on the following eDirectory versions:
9.0
8.8.8
8.8.7
NOTE:
If the driver is running on an engine prior to Identity Manager 4.5.4, the driver will connect to Suite B enabled LDAP service on the connected eDirectory only if you enable Always Accept Server Certificate under the driver settings. For more information see, Driver Settings.
When you configure eDirectory modules in a Suite B mode, they include support for ECDSA certificates and enforce the use of TLS 1.2 and Suite B ciphers as specified in RFC 6460. For more information on configuring eDirectory in Suite B modes, see NetIQ eDirectory Administration Guide.
When you upgrade to driver version 4.0.2 or later, ensure that there are no encrypted attribute events in the change cache.
The change-log module is provided on the Identity Manager media for 64-bit platforms. Copy the change-log module from the /products/IDM/Dirxml-Changelog directory of your installation folder and install it on the connected eDirectory server.
The following sections provide instructions to install the change-log module on Linux and Windows platforms:
Before installing or upgrading to change-log or driver version 402 or later, you need to manually extend the connected remote eDirectory schema to introduce a new attribute DirXMLServerKeys. You must perform an eDirectory heath check to ensure that the tree is ready to accept the new schema.
To extend the clschema.sch schema file, use the ice utility.
For example:
ice -S SCH -f clschema.sch -D LDAP -s <remote eDirectory server> -d <Admin DN> -w <password>
IMPORTANT:On SUSE Linux Enterprise Server (SLES) 12.x and RedHat Enterprise Linux (RHEL) 7.x platforms, Identity Manager supports change-log module version 4.0.2 or later.
Download the latest bidirectional eDirectory patch, unzip the folder, navigate to the directory containing the remote eDirectory schema file (clschema.sch), and extend the schema. For more information on extending the remote eDirectory schema, see Extending the Remote eDirectory Schema.
Stop eDirectory.
Navigate to the directory containing the change-log RPM.
To install the change-log RPM, run the following command:
rpm -ivh<rpm name>.rpm
Example: rpm -ivh ./novell-DXMLChlgx.rpm
To upgrade the change-log RPM, run the following command:
rpm -Uvh --noscripts ./novell-DXMLChlgx.rpm
Start eDirectory.
Download the latest bidirectional eDirectory patch, unzip the folder, navigate to the directory containing the remote eDirectory schema file (clschema.sch), and extend the schema. For more information on extending the remote eDirectory schema, see Extending the Remote eDirectory Schema.
Shutdown the eDirectory service.
Navigate to the 64-bit folder containing the following DLLs and copy them to the eDirectory installation location. The default install location is C:\Novell\NDS.
dirxmllib.dll
dxevent.dll
xclldap.dll
Start the eDirectory service.