Manualshelf

Installation guide

ManualsBrandsQ-See ManualsComputer equipmentRemote Client Software V 4.0.1
21222324252627282930
28 Identity Manager 4.0.1 Framework Installation Guide
For example, if you want a driver to synchronize all user objects, the simplest way is to use one
instance of the driver on a server that holds a master or read/write replica of all your users.
However, many environments don’t have a single server that contains a replica of all the users.
Instead, the complete set of users is spread across multiple servers. In this case, you have three
choices:
Aggregate users onto a single server. You can create a single server that holds all users by
adding replicas to an existing server. Filtered replicas can be used to reduce the size of the
eDirectory database if desired, as long as the necessary user objects and attributes are part
of the filtered replica.
Use multiple instances of the driver on multiple servers, with scope filtering. If you
don’t want to aggregate users onto a single server, you need to determine which set of
servers holds all the users, and set up one instance of the Identity Manager driver on each of
those servers.
To prevent separate instances of a driver from trying to synchronize the same users, you
need to use scope filtering to define which users each instance of the driver should
synchronize. Scope filtering means that you add rules to each driver to limit the scope of the
driver’s management to specific containers. See “Using Scope Filtering to Manage Users on
Different Servers” on page 28.
Use multiple instances of the driver on multiple servers, without scope filtering. If you
want to have multiple instances of a driver running on different servers without using
filtered replicas, you need to define policies on the different driver instances that enable the
driver to process different sets of objects within the same Identity Vault.
The Template objects you want the driver to use when creating users, if you choose to use
templates.
Identity Manager drivers do not require you to specify eDirectory Template objects for creating
users. However, if you specify that a driver should use a template when creating users in
eDirectory, the Template object must be replicated on the server where the driver is running.
Any containers you want the Identity Manager driver to use for managing users.
For example, if you have created a container named Inactive Users to hold user accounts that
have been disabled, you must have a master or read/write replica (preferably a master replica) of
that container on the server where the driver is running.
Any other objects that the driver needs to refer to (for example, work order objects for the Avaya
PBX driver).
If the other objects are only to be read by the driver, not changed, the replica for those objects on
the server can be a read-only replica.
3.3.3 Using Scope Filtering to Manage Users on Different Servers
Scope filtering means adding rules to each driver to limit the scope of the driver’s actions to specific
containers. The following are two situations in which you would need to use scope filtering:
You want the driver to synchronize only users that are in a particular container.
By default, an Identity Manager driver synchronizes objects in all the containers that are
replicated on the server where it is running. To narrow that scope, you must create scope
filtering rules.
You want an Identity Manager driver to synchronize all users, but you don’t want all users to be
replicated on the same server.