Concensus Consulting, LLC. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Concensus Consulting, LLC. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Concensus Consulting, LLC. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Concensus Consulting, LLC. reserves the right to make changes to any and all parts of Concensus Consulting software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses.
Copyright © 2014 Concensus Consulting, LLC All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Concensus Consulting, LLC
The Delimited Text Driver from Concensus Technologies can be configured to use delimited text files on the filesystem to synchronize data between the Identity Vault (IDV) and applications. Using this driver you can synchronize data from the Identity Vault to any system that can consume delimited text files. You can also synchronize data from systems that can generate delimited text files into Identity Manager.
The Delimited Text Driver can use the local installation of Identity Manager or the Remote Loader Service. The driver can be installed on either Linux or Windows where Identity Manager Engine or Remote Loader Service resides.
As there is no live data system the driver connects to, the driver is limited in some of the events or commands that it handles. The
No other events are supported on either channel. Specifically, since the driver has no access to the complete dataset owned by the target application, the driver does not support queries on either channel.
Driver Installation
The driver is installed from an iso image that can be obtained from the Concensus Technologies support website: http://support.concensus.com. It is also required that a license be obtained from Concensus Technologies. The driver will not start without a valid license from Concensus.
The driver requires the following files:
File | Description | Target Location |
---|---|---|
delimitedtextdrivershim.jar | Driver shim binary file. | On Linux, place this file in /opt/novell/eDirectory/lib/dirxml/classes On Windows, place this file in \Novell\IdentityManager/NDS/lib |
delimitedtextdriverlicense.jar | Concensus License file | On Linux, place this file in /opt/novell/eDirectory/lib/dirxml/classes On Windows, place this file in \Novell\IdentityManager/NDS/lib |
CT DText Driver.xml | iManager/Designer driver configuration file. | Needs to be available for import in iManager or Novell IDM Designer |
The driver requires a supported version of Novell Identity Manager. Currently Identity Manager 3.6.1 and 4.x are supported. The driver is supported on Windows and Linux where Identity Manager is supported.
A base configuration requires:
Driver license files expire at the end of the contract term. They must be replaced each year as the driver will discontinue working (No events will be lost if the driver stops) at the end of the license term. The new license will be sent to the Technical Contact on the contract. Once that license has been obtained the following steps should be performed:
The expiration date can be seen in the driver trace at level 3 or higher:
Insert the disc of the Delimited Text Driver installation media that you created into the CD-ROM or DVD drive of the computer that is running a compatible version of Identity Manager or Remote Loader.
1. From the CD root folder start the installation by executing the correct program for your workstation’s platform.
The driver license file is sent to the technical contact listed on the software subscription license agreement. The technical contact will receive a zip file for each tree the connector is licensed for (Typically a production and a test tree). The license will expire at the end of your contract term. To install the license use the following steps:
Note: When updating your license you must remove the old jar file from the folder prior to installing the new one. Do not rename the old jar file. It must be removed.
The driver can be imported through Designer or iManager. Concensus prefers Designer (to download visit: https://www.novell.com/coolsolutions/dirxml/designer or off of the IDM product DVD) and will document the steps here.
Driver Name – This is the driver name. It defaults to CT DText Driver
The IDM driver for DText can be customized using Novell iManager or Designer. The pre-configuration file used for import is only a template. With an understanding of Identity Manager policy and xslt you can configure the driver to do what you need to with the inbound data. For examples please review the other Identity Manager driver configuration files and Novell Cool Solutions.
This section will document the items in the pre-configuration file.
The Driver Properties page (Right click on the driver in designer and choose properties from the menu) contains all of the items that the driver needs to startup and connect to Google.
Maximum Time in Seconds Before Flushing Transactions - This parameter specifies the maximum number of seconds before flushing transctions. If the driver has an output file open and has no additional transactions to write to it the driver will close the output file when this number of seconds have passed. Setting this parameter to 0 removes this time-based flush trigger.
This time interval begins once the last file update has been written. It does not apply to the lifetime of the file. The timer is reset each time a new record is written. If the number of seconds specified in this parameter passes after the last write to the file, then the file will be closed. |
Time of Day (local time) to flush transactions - Setting this parameter causes the driver to flush and close the current output file at the specified time of day. Time can be specified at HH:MM in either 24 hour or 12 hour format. Setting this parameter does not preclude the use of the other two file size limiting parameters.
As long as a file is open by the subscriber channel it is not safe for opening with any other program. In order to ensure that a file is not open indefinitely one of the 3 file transaction thresholds must be set. |
The DText Driver can be mapped to any object class supported by eDirectory. By default the driver is configured to synchronize User objects. The default field list is LastName, FirstName, Title, Email, and Description. However, this can be changed as needed.
In order to aid in working with the Driver Filter and Schema Mapping rules the driver will respond to a request to refresh the application schema with the Object Class and Attributes the driver is configured to use.
By default, the driver does not know anything about the source application schema or possible values. Therefore, there is no simple out of the box mapping for src-dn and association. The default driver configuration has sample policies to set these attributes as part of the Input Transformation Policy.
This policy sets the src-dn of an object described in an inbound xds document. The sample policy contains the rule Add SourceName. This policy verifies that it is operating on a User object. If so, the src-dn is set to the value of FirstName and LastName concatenated together.
This policy sets the association value of an object described in an inbound xds document. The sample policy contains the rule Generate Association Value. This policy verifies that it is operating on a User object. If so, the policy sets the association value to the value of LastName and FirstName concatenated together.
Issue | Example and Notes |
User Placement. Do not use a leading "\" to place users or Organization Units. | To place a user in the root container, the dest-dn should only contain the Username. If you are placing a user in the google Sales\Marketing container your dest-dn should look like: <add class-name="User" dest-dn="Sales\Marketing\ ddare"/>
Organization Units use the same format for dest-dn. |
Group Placement: Do not use a placement rule on groups as Google does not support placing groups in organizations. |
|
Unique naming: It is important that Nicknames, Group names and usernames be unique in the Google apps domain. | When developing a matching rule be sure to check for nicknames and usernames to ensure proper matching. Further, naming must be unique across all Google Organization units. It is not legal to have Sales\Marketing\ddare and Engineering\ddare since ddare needs to be unique across the domain. |
Driver Unable To Start |
|
#TOC{ position:fixed; } |