Configuring event notification

When you enable event notification, the workstation on which the adapter is installed maintains a database of the reconciliation data.

About this task

The adapter updates the database with the changes that are requested by the IBM® Security Identity server and remains synchronized with the server. You can specify an interval for the event notification process to compare the database to the data that currently exists on the managed resource. When the interval elapses, the adapter forwards the differences between the managed resource and the database to IBM Security Identity server and updates the local snapshot database.

Note: This adapter does not support adapter-based event notification.

To enable event notification, ensure that the adapter is deployed on the managed host and is communicating successfully with IBM Security Identity Manager. You must also configure the host name, port number, and login information for the server and SSL authentication.

Procedure

  • To identify the server that uses the DAML protocol and to configure SSL authentication, take the following steps:
    1. Access the Agent Main Configuration menu.
    2. At the Agent Protocol Configuration menu, select Configure Protocol.
    3. Change the USE_SSL property to TRUE.
    4. Install a certificate by using the certTool.
    5. Type the letter of the menu option for the SRV_NODENAME property.
    6. Specify the IP address or server name that identifies the server and press Enter to display the Protocol Properties menu with new settings.
    7. Type the letter of the menu option for the SRV_PORTNUMBER property.
    8. Specify the port number that the adapter uses to connect to the server for event notification.
    9. Press Enter to display the Protocol Properties menu with new settings.

    The example menu describes all the options that are displayed when you enable event notification. If you disable event notification, none of the options are displayed.

  • To set event notification for the IBM Security Identity server, take the following steps:
    1. Access the Agent Main Configuration menu.
    2. At the Agent Main Configuration menu, type C to display the Event Notification menu.
      Event Notification Menu
--------------------------------------------------------------
* Password attributes       : eradapterPassword
* Reconciliation interval   : 1 hour(s)
* Next Reconciliation time  : 57 min(s). 36 sec(s).
* Configured Contexts       : subtest, outtest, tradewinds	
A. Enabled - ADK
B. Time interval between reconciliations.
C. Set Processing cache size. (currently: 50 Mbytes)
D. Start event notification now.
E. Set attributes to be reconciled.
F. Reconciliation process priority.  (current: 1)
G. Add Event Notification Context.
H. Modify Event Notification Context.
I. Remove Event Notification Context.
J. List Event Notification Contexts.
K. Set password attribute names.

X. Done

Select menu option:
    3. At the Agent Main Configuration menu, type the letter of the menu option that you want to change.
      Note:
      • Enable option A for the values of the other options to take effect. Each time that you select this option, the state of the option changes.
      • Press Enter to return to the Agent Event Notification menu without changing the value.
      Table 1. Options for the event notification menu
      Option Configuration task
      A If you select this option, the adapter updates the IBM Security Identity server with changes to the adapter at regular intervals. If Enabled - Adapter is selected, the adapter code processes event notification by monitoring a change log on the managed resource.
      When the option is set to:
      • Disabled, all options except Start event notification now and Set attributes to be reconciled are available. Pressing the A key changes the setting to Enabled - ADK.
      • Enabled - ADK, all options are available. Pressing the A key changes the setting to Disabled or if your adapter supports event notification, changes to Enabled - Adapter.
      • Enabled - Adapter, all options are available except: Time interval between reconciliations, Set processing cache size, Start event notification now, Reconciliation process priority, and Set attributes to be reconciled. Pressing the A key changes the setting to Disabled.

      Type A to toggle between the options.
      B Displays the following prompt:
      Enter new interval ([ww:dd:hh:mm:ss])
      Type a different reconciliation interval. You can type this interval:
      [00:01:00:00:00]

      This value is the interval to wait after the event notification completes before it is run again. The event notification process is resource intense, therefore, this value must not be set to run frequently. This option is not available if you select Enabled - Adapter.
      C Displays the following prompt:
      Enter new cache size[50]:

      Type a different value to change the processing cache size. This option is not available if you select Enabled - Adapter.
      D If you select this option, event notification starts. This option is not available if you select Disabled or Enabled - Adapter.
      E Displays the Event Notification Entry Types menu. This option is not available if you select Disabled or Enabled - Adapter.
      F Displays the following prompt:
      Enter new thread priority [1-10]:

      Type a different thread value to change the event notification process priority.

      Setting the thread priority to a lower value reduces the impact that the event notification process has on the performance of the adapter. A lower value might also cause event notification to take longer.
      G Displays the following prompt:
      Enter new context name:

      Type the new context name and press Enter. The new context is added.
      H Displays a menu that lists the available contexts.
      I Displays the Remove Context menu. This option displays the following prompt:
      Delete context context1? [no]:

      Press Enter to exit without deleting the context or type Yes and press Enter to delete the context.
      J Displays the Event Notification Contexts in the following format:
      Context Name : Context1 
Target DN : erservicename=context1,o=IBM,ou=IBM,dc=com 
--- Attributes for search request --- 
{search attributes listed} ---
      K When you select the Set password attribute names, you can set the names of the attributes that contain passwords. These values are not stored in the state database and changes are not sent as events. This option avoids the risk of sending a delete request for the old password in clear text when IBM Security Identity Manager changes a password. Changes from IBM Security Identity Manager are recorded in the local database for event notification. A subsequent event notification does not retrieve the password. It sends a delete request for the old password in clear text that is listed in the IBM Security Identity Manager logs.
    4. If you changed the value for options B, C, E, or F, press Enter. The other options are automatically changed when you type the corresponding letter of the menu option.

      The Event Notification menu is displayed with your new settings.