Novell Doc: Identity Manager 3.6.1 Driver for Sentinel 6.1 and the Identity Vault Collector Implementation Guide - Using iManager to Create and Configure the Driver

4.2 Using iManager to Create and Configure the Driver

The following sections provide steps for using iManager to create and configure a new Sentinel driver. For information about using Designer to accomplish these tasks, see Section 4.1, Using Designer to Create and Configure the Driver.

4.2.1 Using iManager to Import the Driver Configuration File

Importing the Sentinel driver configuration file creates the driver in the Identity Vault and adds the policies needed to make the driver work properly.

Verify that the iManager update is installed. For more information, see Installing the Updated iManager Plug-Ins for Identity Manager.
In iManager, click to display the Identity Manager Administration page.
In the Administration list, click Utilities > Import Configuration to launch the Import Configuration Wizard.

Use the following information to complete the wizard and create the driver.

Prompt	Description
Where do you want to place the imported configuration?	You can add the driver to an existing driver set, or you can create a new driver set and add the driver to the new set. If you choose to create a new driver set, you are prompted to specify the name, context, and server for the driver set.
Import a configuration into this driver set	Use the default option, Import a configuration from the server (.XML file). In the Show field, select Identity Manager 3.6 configurations. In the Configurations field, select the Sentinel-IDM3_6_0-V3.xml file.
Driver name	Specify a name that is unique within the driver set.
Broker Type	Select the type of broker you are using. The broker type is determined by the version of Sentinel you are using. Sentinel: Sentinel/Sonic MQ Sentinel RD: Sentinel RD/ActiveMQ
Broker URL	Specify the IP address of the Sentinel broker. The following are examples for the different versions of Sentinel. The ports listed are the default ports for the brokers. Sentinel: tcp://brokeripaddress:10012 Sentinel RD: ssl://brokeripaddress:61616
Broker Username	Specify the username used to authenticate to this broker. If you are connecting to a Sentinel system, use a random username. If you are connecting to a Sentinel RD system, you must use the username and password contained in the ../config/activemqusers.properties file. The user name is collectormanager
Broker Password	Specify the password of the user used to authenticate to the broker. If you are connecting to a Sentinel RD system, the password is located in the ../config/activemqusers.properties file.
Driver is Local/Remote	Select Local if this driver will run on the Metadirectory server without using the Remote Loader. Select Remote if you want the driver to use the Remote Loader, either locally on the Metadirectory server or remotely on another server.
Remote Host Name and Port	This applies only if the driver is running remotely. Specify the hostname or IP address of the server where the driver’s Remote Loader is running.
Driver Password	This applies only if the driver is running remotely. Specify the driver object password that is defined in the Remote Loader. The Remote Loader requires this password to authenticate to the Metadirectory server.
Remote Password	This applies only if the driver is running remotely. Specify the Remote Loader’s password (as defined on the Remote Loader). The Metadirectory engine (or Remote Loader shim) requires this password to authenticate to the Remote Loader.
Define Security Equivalences	The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.
Exclude Administrative Roles	You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.

When you finish providing the information required by the wizard, a Summary page similar to the following is displayed.

At this point, the driver is created from the basic configuration file. To ensure that the driver works the way you want it to for your environment, you must review and modify (if necessary) the driver’s default configuration settings.

To modify the default configuration settings, click the linked driver name, then continue with the next section, Using iManager to Configure the Driver Settings.

or

To skip the configuration settings at this time, click Finish. When you are ready to configure the settings, continue with the next section, Using iManager to Configure the Driver Settings.

WARNING:Do not click Cancel on the Summary page. This removes the driver from the Identity Vault and results in the loss of your work.

4.2.2 Using iManager to Configure the Driver Settings

The information specified during the creation of the driver is the minimum information required to import the driver. However, the base configuration might not meet your needs.

You might need to change whether the driver is running locally or remotely.
You might need to change which broker the driver connects to.

The driver configuration settings are explained in Section A.0, Driver Properties.

To configure the settings:

Make sure the Modify Object page for the Sentinel driver is displayed in iManager. If it is not:
1. In iManager, click to display the Identity Manager Administration page.
2. Click Identity Manager Overview.
3. Browse to and select the driver set object that contains the new Sentinel driver.
4. Click the driver set name to access the Driver Set Overview page.
5. Click the upper right corner of the driver, then click Edit properties.
  
  This displays the properties page of the driver.
Review the settings for the driver parameters, global configuration values, or engine control values. The configuration settings are explained in Section A.0, Driver Properties.
After modifying the settings, click OK to save the settings and close the Modify Object page.

4.2.3 Using iManager to Start the Driver

After the driver is created, you must start the driver. Identity Manager is an event-driven system, so after the driver is started, it waits for events for events to occur.

There is additional configuration that must be completed before you start the Sentinel driver.

(Conditional) The connection factories must be created for Sentinel6.1. Sentinel RD automatically creates the connection factories.
(Conditional) The SonicMQ message queues must be created, if you are using Sentinel 6.1. Sentinel RD automatically creates the message queue for ActiveMQ.
The Identity Vault Collector must be installed, configured, and started.

See Section 6.0, Creating Connections to the JMS Message Bus for Sentinel 6.1 for instructions on how to create the connections factories and message queues. For the Identity Vault installation instructions, see Section 7.0, Installing and Configuring the Identity Vault Collector.

IMPORTANT:The Identity Vault collector must be started before the driver is started. When the collector starts, the JNDI destinations are created. The driver looks for the JNDI destinations when it starts and if they do not exist, the driver cannot start. To start the collector, see Section 7.5, Starting the Collector.

To start the driver after the additional configuration is completed and the Identity Vault Collector is created:

In iManager, click to display the Identity Manager Administration page.
Click Identity Manager Overview.
Browse to and select the driver object that contains the Sentinel driver you want to start.
Click the driver set name to access the Driver Set Overview page.
Click the upper right corner of the Sentinel driver, then click Start driver.

For information about management tasks with the driver, see Section 10.0, Managing the Driver.