The credential provisioning policies can be implemented and customized to meet the needs of your environment. The following example explains how to implement the polices for the scenario presented in Figure 4-1.
In the Finance scenario, SecretStore provisioning occurs after a password is successfully set in GroupWise. Most of the necessary parameters are statically configured and available to all policies through the repository and application objects. However, there are non-static data parameters (CN, password, and DirXML-ADContext) that are available only after the GroupWise user <add> or <modify-password> commands complete and the <output> document is returned from the GroupWise driver shim. The <output> document no longer contains any of the Subscriber operation attributes and the User context of the command is lost, thus preventing queries on the object. It is therefore necessary to do the following:
Make sure the GroupWise driver’s Subscriber Create policy enforces the presence of the non-static data parameters.
Cache the non-static parameters required for the provisioning operation prior to issuing the Subscriber command to the GroupWise driver shim.
Retrieve cached data for use in SecretStore provisioning after the command completes successfully.
NOTE:Sample policies are available in XML format on the Identity Manager 3.0 Support Pack 1 media. The filenames are SampleInputTransform.xml, SampleSubCommandTransform.xml, and SampleSubEventTransform.xml. The files are found in the following directories:
linux\setup\utilities\cred_prov
nt\dirxml\utilities\cred_prov
nw\dirxml\utilities\cred_prov
The files are installed to the Identity Manager server, if Credential Provisioning Sample Policies is selected during the installation of the utilities. The sample policies are installed to the following locations, depending upon the platform:
Windows: C:\Novell\NDS\DirXMLUtilities (default; the user can change it during install)
NetWare®: SYS:\System\DirXmlUtilities
Linux (eDir 8.7): /usr/lib/dirxml/rules/credprov
Linux (eDir 8.8.1): /opt/novell/eDirectory/lib/dirxml/rules/credprov (default; the user can change it during install)
The sample policies provide a starting point to develop a policy that works for your environment.