[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 633
  • Last Modified:

Learn Novell IDM

Hello there is a great opp for me at my company to take over the management of IDM I did post something a couple of months ago, but since then I went in to the windows group, this position is now coming to be available. I have never worked with IDM, and really want to take this job on. I am a CAN, CNE, MCP,MCSE, and CCNA so I know that side of it, but not a programmer. I am planning on building a server getting a windows 2003 server running and active directory installed, and a netware 6.5 server and also a client or two. What do I do from there. Thanks you so much
1 Solution
First, go get some extra socks - Identity Manager will blow the ones you're wearing off.

OK, so you set up a NetWare (or OES) server, and a Windoze box. Now set up an Identity Manager server and break out the Driver Designer (or whatever they're calling it now). Try creating a driver to watch for the creation of a User in eDirectory and have it populate the user into AD. Try using the "Text/CSV" driver to take a file dropped into a specific directory and turn it into a user account in eDirectory. Stand up an OES-Linux server or even just a straight SLES server and use the appropriate driver to populate the Linux /etc/password file from eDirectory.

Identity Manager is an incredibly powerful tool. Those 3 things just scratch the surface. Its possible to centralize management of a wide heterogeneous platform environment. Using its web-based interface and workflow, you can even turn initial account generation (for example, for new employees) over to HR. You can push routine security changes (e.g. giving User X access to Printer Y or Directory Z) down the the "owner" of that resource, or the person's supervisor. Give the Information Security Officer the ability to disable any specific account on any platform connected to Identity Manager. Have users reset their own password if they forget it, using a mix of pre-defined and user-defined challenge questions.

Literally, there's no enuf room here to describe everything. Like any other complex environment, start simple, learn the basics, and build on the lessons along the way.
Totally agree. Novell IDM is very very cool. Using iManager to configure it was always fairly slow and clumsy but the IDM designer is a godsend. You can graphically design where your data flows, simulate scenarios, then with the click of button it will deploy your design to all the servers and instantly slash your workload in half. Time spent on design and preparation is time well spent when it comes to IDM. Things like NMAS capable clients (4.90SP2+), and putting universal password policies in place are things that can be done well in advance which don't affect the way anything works, but mean you're already to go when you finish your design and testing.

One big thing to keep in mind when designing dataflow is authoritive sources. If say you end up with bi-directional sync between eDir and AD, make sure things like password policies are the same in each directory or you might find (as I did) that AD goes round resetting everyone's passwords as they don't comply to its policies! Imaging an eDir server and your AD DC and hooking them up offline would certainly be a good plan. There are +DXML and +DVRS flags that can be set for dstrace to watch exactly what's going on.

IDM has been the single most exciting aspect of my work for a couple of years now and I'm glad I spent the time learning to work with it. The programming side should only be an issue if you want to hook up a system that's a bit off the wall; drivers for all common directories and databases are provided, and they're easy to customise in Designer/iManager using basic rulesets.

Oh, and make sure you install the license before the 90 days are up and it all shuts down. It's never quite right if you leave it after the deadline passes.


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now