IdM Rockstar
Adam Callen
Search Archives
"One of the top Identity Management Strategists in the market today!"
Welcome to my Identity Management blog with focus on proven implementation stratigies, best practices, product selection, and where I open my expertse to You!
Fortune 100, Higher Education, Government... I've done it all. I'm 7 feet tall, live in NYC, tattooed, and love a challenge! Here's what I've learned...
0
After a few days of feeling like a total moron, I finally got automated two-way provisioning and password synchronization to work with the Novell Identity Manager (3.6). Overall… a pain in the arse.
If there’s anyone else that’s going to try and attempt this, here are some tips that I learned along the way!
- The documentation is a rough outline of what you need to do and is a good way to make you waste an ass-load of time, but is good for referencing.
- The Novell Forums are a gold mine! Use them! No matter what problem I came onto, I was able to find something that helped me out in there. And the people are super quick to help too!
- Cool Solutions are just plain awesome. They’re like tech-notes and HOWTO’s written up by Novell guys, and end-users. There’s tons of tutorials and bug fix solutions in there.
- This Guide really helped out in a lot of ways. Not only does it help to get the stuff working, but it also explains what everything is and how it works along the way. This is a MUST READ!
- Put your Drivers and Driver Sets into trace mode with Level 3 tracing to see the real errors. There’s no output from the app server, and the “Logs” that are part of the drivers don’t help either. DSTRACE FTW!
- When setting up connection with the Remote Loader, you MUST use a cert, and not a AD self-signed cert. You can create one in the iManager and then export it as a Base 64 encoded cert. Send this to the AD DC box and use it for the Remote Loader. Also, you need to edit the host parameters in the driver to “host=10.10.10.1 port=8090 kmo=certname”. You have to add the cert name manually.
One thing that is damn irritating, that I’ll mention here for others, is that the AD Driver that comes with IDM 3.6 (v4) is crap. It’s not that I don’t like it, it’s that it just doesn’t work! Even Novell admits this, yet they still package it with the installer…amazing. You have to download and install the v5 one.
Also, once you setup the Driver you have to go back in and change a couple things that it sets up wrong (like it’s ignoring what you give it during setup):
- Driver Set > Edit Driver Set (update the User Container to the right one)
- Driver > Driver Properties > Identity Manager Tab > Driver Configuration (make sure you fix Authentication Context….I made mine blank cuz I’m using a Remote Loader)
Hope this helps someone else down the road
Cheers!
.: Adam
Back to top