Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ

More documents

Recommendations

Info

The Publisher shim of the embedded Remote Loader process submits the changes from the change log to the Metadirectory engine as events. The Metadirectory engine processes these events using customizable policies and posts relevant changes to the Identity Vault. Topics in this section include • Section 1.1.1, “Publisher Channel,” on page 12 • Section 1.1.2, “Subscriber Channel,” on page 13 • Section 1.1.3, “Scriptable Framework,” on page 13 • Section 1.1.4, “Schema File,” on page 13 • Section 1.1.5, “Include/Exclude File,” on page 13 • Section 1.1.6, “Loopback State Files,” on page 13 1.1.1 Publisher Channel The Publisher shim provides identity change information to the Metadirectory engine as XDS event documents. The Metadirectory engine applies policies, takes the appropriate actions, and posts the events to the Identity Vault. Change Log The change log stores identity changes in encrypted form. The polling script uses the change log update command to record identity changes it detects. Events are removed from the change log by the Publisher shim at configurable intervals and submitted to the Metadirectory engine for processing. If communication with the Metadirectory engine is temporarily lost, events remain in the change log until communication becomes available again. Change Log Update Command The change log update command encrypts and writes events to the change log. Any process with rights to update the change log can use the change log update command. The change log update command takes command line arguments and standard input, and stores events in encrypted form in the change log for subsequent publishing. The polling script calls the change log update command to record identity changes. For information about using the change log update command, see the developer guides in Chapter 5, “Customizing the Scripting Driver,” on page 35. Polling Script The polling script periodically scans the local account management system for modifications that have occurred since the last polling interval. If necessary, the polling script updates the change log by calling the change log update command. You can specify the polling interval during installation and by subsequent configuration of the Driver object. Publisher Shim The Publisher shim periodically scans the change log for events. Before scanning the change log, the driver calls the polling script to check the local system for changes that might have been made since the previous poll. When the Publisher shim finds events in the change log, it decrypts, processes, and sends them to the Metadirectory engine in XDS format over a Secure Sockets Layer (SSL) network link. 12 Identity Manager 4.0.1 Driver for Scripting Implementation Guide
1.1.2 Subscriber Channel The Subscriber channel receives XDS command documents from the Metadirectory engine and calls the appropriate script or scripts to handle the command. The provided scripts must be customized to handle connected system events. For more information see Chapter 5, “Customizing the Scripting Driver,” on page 35. 1.1.3 Scriptable Framework The interface between the connected system and the driver shim uses customizable scripts. You must extend the scripts that are provided with the driver to support your connected system. Several utility scripts and helper commands are provided with the driver to facilitate communication with the driver shim and the change log. An extensible connected system schema file allows you to add your own objects and attributes to those already supported by the driver. For more information about the scriptable framework, see Chapter 5, “Customizing the Scripting Driver,” on page 35. 1.1.4 Schema File The configuration of class and attribute definitions for the connected system is specified using the schema file. You can modify and extend this file to include new objects and attributes. For details about configuring the schema file, see Section 5.2, “The Connected System Schema File,” on page 38. 1.1.5 Include/Exclude File The include/exclude file allows local system policy to enforce which objects are included or excluded from provisioning, on both the Publisher channel and the Subscriber channel, independently. For details about using the include/exclude file, see Section 5.3, “The Connected System Include/Exclude File,” on page 40. 1.1.6 Loopback State Files The loopback state files are used to provide automatic loopback detection for external applications that do not have mechanisms to perform loopback detection. This loopback detection prevents subscribed events from being published back to the Identity Vault. 1.2 Configuration Overview This section discusses driver configuration details specific to the Scripting driver. For basic configuration information, see “Managing Identity Manager Drivers” in the Identity Manager Administration Guide. For detailed information about configuring the Scripting driver, see Chapter 4, “Configuring the Scripting Driver,” on page 25. Topics in this section include • Section 1.2.1, “Data Flow,” on page 14 • Section 1.2.2, “Policies,” on page 14 Overview 13
Page 1 and 2: AUTHORIZED DOCUMENTATION Implementa
Page 4 and 5: 4 Identity Manager 4.0.1 Driver for
Page 6 and 7: 5 Customizing the Scripting Driver
Page 8 and 9: C.3.3 Publisher Functions . . . . .
Page 10 and 11: For additional documentation about
Page 14 and 15: 1.2.1 Data Flow Filters and policie
Page 16 and 17: 2.1.2 Supported Operating Systems
Page 18 and 19: Operation [Entry Rights] [All Attri
Page 20 and 21: 8 If you select Perl, you are optio
Page 22 and 23: 3.2.4 Running the Script Service fo
Page 24 and 25: Removing an Instance To remove an i
Page 26 and 27: Table 4-1 Driver Import-Only Parame
Page 28 and 29: Remote Loader Connection Parameters
Page 30 and 31: Property Name Publish Passwords to
Page 32 and 33: Notify the User of Password Synchro
Page 34 and 35: 34 Identity Manager 4.0.1 Driver fo
Page 36 and 37: • What types of identities exist
Page 38 and 39: • Modify-password: An identity’
Page 40 and 41: 5.3 The Connected System Include/Ex
Page 42 and 43: EXCLUDE . . . ENDEXCLUDE You can us
Page 44 and 45: A plus sign (+) indicates that the
Page 46 and 47: Developing a custom driver with She
Page 48 and 49: Table 5-1 Items Name COMMAND ASSOCI
Page 50 and 51: # Removing an association IDMSETVAR
Page 52 and 53: Value Name SEARCH_CLASSES SEARCH_AT
Page 54 and 55: Publisher Script Development Events
Page 56 and 57: Table 5-5 Scripting Driver Paramete
Page 58 and 59: 2. Authenticate by using any userna
Page 60 and 61: For command line tools, you can con
Page 62 and 63:
Name DEST_ENTRY_ID ADD_{attr_name}
Page 64 and 65:
Returning an Event Status On the Su
Page 66 and 67:
Execute the query against the exter
Page 68 and 69:
Polling for Application Events The
Page 70 and 71:
Parameter Name Driver/Channel Descr
Page 72 and 73:
5.6.3 Deployment The Scripting driv
Page 74 and 75:
Application Event Monitoring You al
Page 76 and 77:
Name REMOVE_REF_attr_name OLD_PASSW
Page 78 and 79:
Table 5-14 STATUS Subroutines Subro
Page 80 and 81:
Table 5-16 Query Values Value Name
Page 82 and 83:
#!/usr/bin/python import os from id
Page 84 and 85:
Parameter Name Driver/Channel Descr
Page 86 and 87:
Deploying a Custom Driver To deploy
Page 88 and 89:
IDMExecuteIO’s first parameter is
Page 90 and 91:
Value SRC_DN EVENT_ID SRC_ENTRY_ID
Page 92 and 93:
Table 5-21 Query Values Value Name
Page 94 and 95:
If Results(0) = 0 Then Phone = Resu
Page 96 and 97:
functions can be used to retrieve t
Page 98 and 99:
IDMQueryInit IDMQuerySetAssociation
Page 100 and 101:
Directory Description Required File
Page 102 and 103:
# Create an array with two lines $i
Page 104 and 105:
Value SRC_DN EVENT_ID SRC_ENTRY_ID
Page 106 and 107:
Handling Query Events For Query eve
Page 108 and 109:
Handling a query is similar, except
Page 110 and 111:
The response to the heartbeat is im
Page 112 and 113:
Function idm_getqueryinstanceparent
Page 114 and 115:
Deploying a Custom Driver To deploy
Page 116 and 117:
116 Identity Manager 4.0.1 Driver f
Page 118 and 119:
Operating System Windows Command/Ta
Page 120 and 121:
Page 122 and 123:
Ensure that the security certificat
Page 124 and 125:
Page 126 and 127:
Table A-1 Message Priorities Messag
Page 128 and 129:
A.2.1 Driver Shim Installation Fail
Page 130 and 131:
• To provision identities from th
Page 132 and 133:
Page 134 and 135:
Possible Cause: Action: The stateme
Page 136 and 137:
LWS0002I All services are now activ
Page 138 and 139:
Action: Action: Action: Action: Ver
Page 140 and 141:
OAP004E HTTP Error: cause. Explanat
Page 142 and 143:
Possible Cause: Possible Cause: Pos
Page 144 and 145:
IDMTRACE Message Appends the specif
Page 146 and 147:
This is a heartbeat message HEARTBE
Page 148 and 149:
idmsetvar($Name, $Value) Sets a sin
Page 150 and 151:
status(Level, Message) Sends a stat
Page 152 and 153:
C.4 Microsoft VBScript (IDMLib.vbs)
Page 154 and 155:
Function IDMGetSubscriberParam(Para
Page 156 and 157:
Sub IDMQueryInit Initializes a quer
Page 158 and 159:
The Publisher calls Heartbeat.ps1 p
Page 160 and 161:
function idm_writevalue($name, $val
Page 162 and 163:
function idm_querysetreadparent($re
Page 164 and 165:
Page 166 and 167:
5 Click Apply. 6 Restart the driver
Page 168 and 169:
[-r] [-y old-association] [-z new-a
Page 170 and 171:
some new value ^d D.4 Files an
Page 172 and 173:
Page 174:
show all

Identity Manager 4.0.1 Driver for Scripting Implementation ... - NetIQ

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?