The PUM driver is shipped with packages. When the driver is created with packages in Designer, a set of policies and rules are created suitable for synchronizing with PUM. If your requirements for the driver are different from the default policies, you need to modify the default policies to do what you want.
The filters, mappings, and policies of PUM driver control the data flow between Identity Vault and PUM.
The driver filter determines which classes and attributes are synchronized between PUM and the Identity Vault, and in which direction synchronization takes place.
Table 1-1 and Table 1-2 show the Privileged Account Domain and Credential attributes that are mapped to PUM AccountDomain and Credential objects and attributes.
The mappings listed in the tables are default mappings. You can remap same-type attributes.
Table 1-1 DirXML-PUMAccountDomain Class Attributes
|
Identity Vault Attribute |
PUM Attribute |
Description |
|---|---|---|
|
OU |
name |
Name of the AccountDomain. AccountDomain is a Container object, it contains the Credential objects. |
|
DirXML-pumAccDomType |
DOM_TYPE |
Determines whether the AccountDomain type is SSH or LDAP. |
|
DirXML-pumHost |
DOM_HOST |
DNS Hostname or IP address of the server. |
|
DirXML-pumPort |
DOM_PORT |
Port on which the server is listening. Default value is 22 for SSH and 389/636 for LDAP/LDAPS. |
|
DirXML-pumSSHPublicKey |
DOM_SSH_KEY |
PublicKey of the SSH server. |
|
DirXML-pumAccDomCredential |
DOM_CREDENTIAL |
Default Credential of the AccountDomain. |
|
DirXML-pumAccDomProfile |
DOM_LDAP_PROFILE |
Type of AccountDomain. NOTE:For SSH server, it is Generic UNIX (value=101). For Windows server, options can be either Windows ActiveDirectory (value=1) or NetIQ Directory (value=2). |
|
DirXML-pumAccDomSecure |
DOM_LDAP_SECURE |
Determines whether the LDAP AccountDomain access is over secure or non-secure channel. |
|
DirXML-pumAccDomBaseDN |
DOM_LDAP_BASEDN |
LDAP baseDN of the LDAP type AccountDomain. |
|
DirXML-pumAccDomScope |
DOM_LDAP_SCOPE |
LDAP scope for LDAP AccountDomain. NOTE:Valid values for this attribute are one (value=1) or subtree (value=2). |
Table 1-2 DirXML-PUMCredential Class Attributes
|
Identity Vault Attribute |
PUM Attribute |
Description |
|---|---|---|
|
uniqueID |
name |
Account name or ID. |
|
nspmDistributionPassword |
CRED_PASSWD |
Password of the account. |
|
DirXML-pumSSHPrivateKey |
CRED_SSH_KEY |
SSH privateKey of the SSH account. |
|
DirXML-pumSSHPassPhrase |
CRED_SSH_PASSPHRASE |
SSH passPhrase of the SSH account. |
|
DirXML-pumLDAPUserDN |
CRED_LDAP_USERDN |
UserDN of the LDAP account. |
|
DirXML-pumAccDomName |
CRED_DOMAIN_NAME |
Name of the AccountDomain to which the Credential objects belong. The value of this attribute is set automatically by the driver based on the parent container name, which is the domain to which the Credential belongs. |
|
DirXML-pumAccDomType |
CRED_TYPE |
Determines whether the credential type is SSH or LDAP. The value of this attribute is set automatically by the driver based on the parent container name, which is the domain to which the credential belongs. |
NOTE:DirXML-pumSSHPrivateKey and DirXML-pumSSHPassPhrase attributes are sensitive data. You can encrypt these attributes, to ensure that the values are not visible in the trace during synchronization. For more information about attribute encryption, see “Data Encryption” in the NetIQ eDirectory 8.8 SP8 What’s New Guide.