The provisioning policies can be implemented and customized to meet the needs of your environment. The following example explains how to implement the polices for the scenario presented in Figure 2-1.
In the Finance scenario, SecureLogin provisioning occurs after a password is successfully set in SAP. Most of the necessary parameters are statically configured and available to all policies through the repository and application objects. However, there are non-static data parameters (sapUsername, password, DirXML-ADContext, and workforceID) that are available only after the SAP User Management driver <add> or <modify-password> commands complete and the <output> status document is returned from the SAP User Management driver shim. The <ouput> document no longer contains any of the Subscriber channel operation attributes and the user context of the command is lost, thus preventing queries on the object. It is therefore necessary to do the following:
Make sure the SAP User driver’s Subscriber Create policy enforces the presence of the non-static data parameters.
Cache the non-static parameters required for the provisioning operation prior to issuing the Subscriber command to the SAP User driver shim.
Retrieve cached data for use in SecureLogin provisioning after the command completes successfully.
NOTE:Sample policies are available in XML format on the Identity Manager 3.0 Support Pack 1 media. The filenames are SampleInputTransform.xml, SampleSubCommandTransform.xml, and SampleSubEventTransform.xml. The files are found in the following directories, depending upon the platform:
linux\setup\utilities\cred_prov
nt\dirxml\utilities\cred_prov
nw\dirxml\utilities\cred_prov
The files are installed to the Identity Manager server, if Credential Provisioning Sample Policies is selected during the installation of the utilities. The sample policies are installed to the following locations, depending upon the platform:
Windows: C:\Novell\NDS\DirXMLUtilities (default; the user can change it during install)
NetWare®: SYS:\System\DirXmlUtilities
Linux (eDir 8.7): /usr/lib/dirxml/rules/credprov
Linux (eDir 8.8.1): /opt/novell/eDirectory/lib/dirxml/rules/credprov (default; the user can change it during install)
The sample policies provide a starting point to develop a policy that works for your environment.