April 27, 2007
This document provides important information related to the M2 release of Novell® Enforcer for Identity Manager 1.0 (or just Enforcer.) It includes the following sections:
Enforcer is an Eclipse-based IDM project/feature that provides a set of tools aimed at ensuring general internal policies are adhered to in the area of Data Quality, which includes Data Analysis, Data Cleansing, Data Reconciliation and Data Monitoring/Reporting. Customers can use Enforcer to analyze, enhance and control all data stores throughout their enterprise.
These three phases, Analyze, Enhance and Control, are particularly important when designing Identity Management solutions. Before implementing an Identity Management solution, designers spend a significant amount of time analyzing the identity data, scrubbing the identity data, and modeling business rules to create identity data replication and synchronization policies that guarantee the data remains in a reliable state. Additionally, once an Identity solution is put into place, customers must verify and reconcile that the these processes are performing as intended to maintain consistent and reliable data.
The goal of Enforcer is to create a set of tools to resolve data quality issues and improve the Identity Manager deployment process. Enforcer will eventually be available as a standalone Eclipse-based application, as well as a set of plug-ins for Novell Designer for Identity Manager.
Industry analysts note that Identity Management projects spend 3 - 8 times more than the cost of the software on design and implementation. Enforcer attacks these project-related costs directly by providing a powerful environment for cleaning and preparing identity data in order to streamline identity infrastructure implementations.
Novell is developing Enforcer using an iterative development model. At the end of each iteration Novell will release a milestone build that encompasses the goals of that milestone. These milestones provide customers with access to the product throughout the development cycle so they can participate in directing development decisions over time.
Review the following system requirements before installing Enforcer 1.0 M2.
Enforcer 1.0 M2 requires Designer for Identity Manager 2.0, which can be installed on one of the following operating system platforms:
Windows 2000 or later
SUSE® Linux Enterprise Desktop, or other Linux distribution that supports KDE or GNOME desktop environments.
Enforcer 1.0 M2 has the same hardware requirements as Designer for Identity Manager 2.0:
Minimum video resolution: 1024x768 (1280x1024 recommended)
Memory: 512 MB
Processor: 1 GHz or higher
Gettext Utilities (Linux installation only)
The following issues exist in the Enforcer 1.0 M2 environment:
Enforcer does not prevent users from modifying anything in a data set. If a user with appropriate rights to the source application modifies a value, for example a GUID or DN, Enforcer does not attempt to determine if the modification will cause a problem when written out to the source application.
Users should use care when modifying data and sending those modifications to the source application due to the risk of causing unintended problems in the source application.
When attempting to push updated data to the source application from Enforcer’s Data Browser (by clicking
), you might get an error indicating there was a problem with the update operation. However, the Data Browser’s modified data indicators in the data table change to indicate that the updates were successful.These indicators are typically incorrect, and the data updates were unsuccessful. Re-import the data from the source application to make sure you know the true state of the data before making any other data modifications.
Problems with the update operation primarily occur when adding a value to a multi-valued attribute.
After using Enforcer to run Pattern Frequency and Unique Values analysis metrics, viewing the results might cause Designer to crash. At this time, this only appears to happen on 64-bit Linux systems.
By default, IDS Trace level is set to 3 in order to track connection problems and errors. This trace level causes performance issues with data browsing. To improving data browsing performance, reduce the trace level to 1. You can modify this setting by clicking the Preference button in the IDS Trace view.
The following Identity Manager drivers have received initial testing with Enforcer 1.0 M2 and appear to function properly:
Active Directory
JDBC
LDAP
PeopleSoft
SAP User
The following Identity Manager drivers are enabled for Enforcer 1.0 M2 but have not been tested:
Novell GroupWise™
Lotus* Notes*
SAP* HR
For information about installing and configuring a Remote Loader for those drivers that require it, see the Novell Identity Manager documentation Web site
The following issues can prevent Enforcer from displaying Data Set content in the Data Browser view:
Enforcer 1.0 M2 does not support SQL reserved words as column names for Data Sets (For example, group or select.) If a column name is an SQL reserved word, no Data Set data displays in the Data Browser view. To avoid this, exclude the column (attribute) with a reserved-word name from the Enforcer Data Set.
By default, Enforcer’s subscriber channel is enabled so that you can perform Data Set queries. However, if a Connection Profile was synchronized from Designer with the subscriber channel disabled, it remains disabled for Enforcer. If your Data Sets do not have any data, confirm that the Connection Profile’s subscriber channel is enabled in Enforcer.
To do this, right-click the desired Connection Profile and select Properties. In the Connection Profile properties, select IDS Configuration > Parameters tab > Subscriber Options tab. Make sure that Disable subscriber? is set to no (default).
The Back button in the Configuration Wizard dialogs is not functional. If you need to make a change to the connection profile on which you are working, either cancel the wizard and start over, or finish configuring the connection profile and make the change in Connection Properties.
When using a JDBC connection, the Enforcer Data Browser does not display the primary key. This causes a blank column in the Data Browser display because the driver does not return this information. For example, if the select statement for table ZZ is:
Select AA, BB, CC, DD from ABUG where AA = ?
The column for AA is empty. The source-dn column contains both the table name and the data for column AA.
A list of bugs currently being addressed by the Enforcer development team is available by using the following Enforcer Bugzilla query.
This product includes software developed by IBM Corp. using the Eclipse platform (all rights reserved) and the Apache Software Foundation. Novell is an Eclipse Foundation Member.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC SQL GROUP, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of the Hypersonic SQL Group.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2007 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
For a list of Novell trademarks, see Novell’s Online Trademark List.