Learn Novell IDM

Posted on 2006-05-08
Last Modified: 2008-02-01
Hello there is a great opp for me at my company to take over the management of IDM I did post something a couple of months ago, but since then I went in to the windows group, this position is now coming to be available. I have never worked with IDM, and really want to take this job on. I am a CAN, CNE, MCP,MCSE, and CCNA so I know that side of it, but not a programmer. I am planning on building a server getting a windows 2003 server running and active directory installed, and a netware 6.5 server and also a client or two. What do I do from there. Thanks you so much
Question by:zenworksb
    LVL 34

    Expert Comment

    First, go get some extra socks - Identity Manager will blow the ones you're wearing off.

    OK, so you set up a NetWare (or OES) server, and a Windoze box. Now set up an Identity Manager server and break out the Driver Designer (or whatever they're calling it now). Try creating a driver to watch for the creation of a User in eDirectory and have it populate the user into AD. Try using the "Text/CSV" driver to take a file dropped into a specific directory and turn it into a user account in eDirectory. Stand up an OES-Linux server or even just a straight SLES server and use the appropriate driver to populate the Linux /etc/password file from eDirectory.

    Identity Manager is an incredibly powerful tool. Those 3 things just scratch the surface. Its possible to centralize management of a wide heterogeneous platform environment. Using its web-based interface and workflow, you can even turn initial account generation (for example, for new employees) over to HR. You can push routine security changes (e.g. giving User X access to Printer Y or Directory Z) down the the "owner" of that resource, or the person's supervisor. Give the Information Security Officer the ability to disable any specific account on any platform connected to Identity Manager. Have users reset their own password if they forget it, using a mix of pre-defined and user-defined challenge questions.

    Literally, there's no enuf room here to describe everything. Like any other complex environment, start simple, learn the basics, and build on the lessons along the way.
    LVL 19

    Accepted Solution

    Totally agree. Novell IDM is very very cool. Using iManager to configure it was always fairly slow and clumsy but the IDM designer is a godsend. You can graphically design where your data flows, simulate scenarios, then with the click of button it will deploy your design to all the servers and instantly slash your workload in half. Time spent on design and preparation is time well spent when it comes to IDM. Things like NMAS capable clients (4.90SP2+), and putting universal password policies in place are things that can be done well in advance which don't affect the way anything works, but mean you're already to go when you finish your design and testing.

    One big thing to keep in mind when designing dataflow is authoritive sources. If say you end up with bi-directional sync between eDir and AD, make sure things like password policies are the same in each directory or you might find (as I did) that AD goes round resetting everyone's passwords as they don't comply to its policies! Imaging an eDir server and your AD DC and hooking them up offline would certainly be a good plan. There are +DXML and +DVRS flags that can be set for dstrace to watch exactly what's going on.

    IDM has been the single most exciting aspect of my work for a couple of years now and I'm glad I spent the time learning to work with it. The programming side should only be an issue if you want to hook up a system that's a bit off the wall; drivers for all common directories and databases are provided, and they're easy to customise in Designer/iManager using basic rulesets.

    Oh, and make sure you install the license before the 90 days are up and it all shuts down. It's never quite right if you leave it after the deadline passes.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
    Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now