GitHubContribute in GitHub: Open doc issue|Edit online

Configuring the plug-in properties

Attach the plug-in to a flow in Federated Directory Server and specify values for the plug-in configuration properties.

Before you begin

Complete steps 1 - 8 in Roadmap for setting up the plug-in.

Procedure

  1. In the Federated Directory Server console, on the Flows page, click the name of the flow and click Edit.

  2. On the Source tab, click Flow Hooks.

  3. Select Enabled to enable the feature for attaching AssemblyLines to flows.

  4. Expand User add/mod/delete and select Enabled to indicate that this specific flow hook must call the AssemblyLine after each user is added, modified, or deleted.

  5. Click Browse beside AssemblyLine.

  6. In the browse menu, expand FDS_ISAM_Plugin, select ProvisionISAM, and click OK.

  7. Specify the following properties to configure the plug-in: isam.api.properties.filepath
    Specify the path to the IBM Security Access Manager API properties file.

    The default value is LDAPSync/ISAM_API.properties.

    isam.domain
    Specify the IBM Security Access Manager domain that is to be integrated.

    This domain name must be the same as the domain used to create the IBM Security Access Manager API properties file.

    The default value is Default.

    isam.map.principalName
    Specify the mapping instruction for the principalName of the IBM Security Access Manager entry that corresponds to the current Person being synchronized.

    You can use one of the following special values:

    • targetRDN specifies the target Person RDN.
    • sourceRDN specifies the source Person RDN.

    Otherwise, the value of this property must be the name of an attribute that is in the entry that is read from the source endpoint.

    The default value is targetRDN.

    Note: The setup for this solution requires that Federated Directory Server and IBM Security Access Manager share the same IBM Security Directory Server instance. In this scenario, you must specify targetRDN as the value.

    isam.map.secDN
    Specify the mapping instruction for the secDN of the IBM Security Access Manager entry that corresponds to the current Person being synchronized.

    You can use one of the following special values:

    • targetDN specifies the target Person DN.
    • sourceDN specifies the source Person DN.
    • mapFile specifies that the map file handles secDN.

    Otherwise, the value of this property must be the name of an attribute that is available in the entry that is read from the source endpoint.

    The default value is targetRDN.

    Note: The setup for this solution requires that Federated Directory Server and IBM Security Access Manager share the same IBM Security Directory Server instance. In this scenario, you must specify targetRDN as the value.

    isam.mapFile
    Optional property that specifies the path and file name of the map file to be used.

    As the Solution Directory is always the current working directory for IBM® Security Verify Directory Integrator, you can use a relative path such as LDAPSync/FDS_ISAM_Plugin.map.

    The default value is LDAPSync/FDS_ISAM_Plugin.map.