Maqsood Bhatti - iDENTITY

.. Gotcha.. the everything finally is up and running , now i have following things running in my enviornment. 1. Windows Server 2008 R2 (64-bit) 2. Novell Identity Manager 4.0.1 3. Novell User Application (RBpM) Modules / Jboss/ MySQL Community Edition 5.5 4. Novell User Application (Identity Reporting Module) Module 5. Novell EAS (Event Auditing Serivce) Suse Linux postGreSQL.. I wanted to setup the auto start of Jboss on the Windows Server 2008 R2 as Window Service and I ended up with the following setup: Added %JBOSS_HOME% and %JAVA_HOME% as the System env variables. I had to stick to the JDK 1.6 /JRE x86 versions due to IDM reporting modules. Good start wiht Option2 ( Use the JavaServiceWrapper by Tanuki.) link# http://community.jboss.org/wiki/RunJBossAsAServiceOnWindows and my wrapper.conf =============================== wrapper.java.command=C:/Program Files (x86)/Java/jdk1.6.0_26/jre/bin/java wrapper.java.mainclass=org.tanukisoftware.wrapper.WrapperSimpleApp wrapper.java.cl

Well... lots of Fiming now a days.. To get the head into the FIM request pipeline, I really wanted to see the incoming requests to the service so that i can be comfortable with the FIM in a technical way, Being the FIM2010 Portal service as a "WCF service" helped me to use this such pretty nice tools from Microsoft SDK toolset called "SvcTraceViewer.exe".. to enable the service tracing into FIM2010 portal service resource configuration file on the server, in my case "Microsoft.ResourceManagement.Service.exe.config", i had to hook the WCF tracing this way: <system.diagnostics> <sources> <source name="System.ServiceModel.MessageLogging" switchValue="Verbose,ActivityTracing"> <listeners> <add type="System.Diagnostics.DefaultTraceListener" name="Default"> <filter type="" /> </add> <add name="ServiceModelMessageLoggin

If during sync if you have your custom attributes defined in your FIMMA's "Configured Attribute Flows" and if those attributes HAVE values, you could come across the error on Export run as "failed-creation-via-web-services"! Well.. When you extend the FIM2010 Schema with some of custom attributes binded to the Users resource, don't forget to edit the MPR ( Synchronization: Synchronization account controls users it synchronizes ) first!!!. This is under the "Target Resource/select specific attribute" for MPR(Synchronization: Synchronization account controls users it synchronizes), just add your custom attribute..

Okk... finally I have now installed FIM2010 after doing lots of programming excercises on ILM 2007 software.. my first try was to setup a Novell eDirectory Management Agent in FIM2010... uH... It really didn't work... LDAP traces on the Novell Directory shows that FIM2010 is asking for something here LDAP : New cleartext connection 0x456d5c0 from FIMIDIOT:21575, monitor = 0x684, index = 1 LDAP : DoBind on connection 0x456d5c0 LDAP : Bind name:**********, version:3, authentication:simple LDAP : Sending operation result 0:"":"" to connection 0x456d5c0 LDAP : DoSearch on connection 0x456d5c0 LDAP : Search request: base: "" scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0 filter: "(objectClass=*)" attribute: "vendorVersion" LDAP : Sending search result entry "" to connection 0x456d5c0 LDAP : Sending operation result 0:"":"" to connection 0x456d5c0 LDAP : DoUnbind

Hmm... Microsoft Identity Manager 2010 is out.. but i really wanted to see how the new version is better then its older versions... i have read lots of documentation about FIM2010 and its declarative programming capabilities, MPRs (Management policy rules), workflows, Sets, Group etc, so before touching the fancy parts, i decided to dig into first how the sync-engine or as it previously called MIIS works before doing hands-on with the fancy FIM2010 and the sharepoint based user portal.. Going back to its earlier version and doing hands-on was necessary for me, since FIM2010 documentation always referred the "Classic-rules" as the more powerful then the declarative rules/programming in FIM2010. So i wanted to experience the power into Microsoft IdM before touching the declarative programming(less-power'd) stuff in FIM2010. Having already worked with event-based IdM products such as nOvell identity manager, i was excited to work with the state-based systems such as FIM2010.

I had this task to hide the contents of a very sensitive user attribute from within IDM traces, so i just tried this following and it worked!.. did a tweak transformation on a publisher-input-transofrmation on a delimited text driver. (is-sensitve="true"). (Adds) <do-set-xml-attr expression="add-attr[@attr-name='my_secret_attribute']/value" name="is-sensitive"> <arg-string> <token-text xml:space="preserve">true</token-text> </arg-string> </do-set-xml-attr> thanks to encode the xml to the html tool which allowed me to paste this above small xml code : http://centricle.com/tools/html-entities/

Just came across novell Identity manager 4 chalktalks on youtube .. wonderful... http://www.youtube.com/watch?v=dLKX9bNQdn8 (IDM4) http://www.youtube.com/watch?v=Q3-v3sYoO3A ( Novell Desinger) http://www.youtube.com/watch?v=NSYagjnwEMs&feature=related (Role management) http://www.youtube.com/watch?v=KcUBvbcR16o&feature=related (Analyzer) http://www.youtube.com/watch?v=eOSVTdw7Qbg&feature=related ( Sepration of Duties) http://www.youtube.com/watch?v=WzO_M2oAsGU&feature=related (Reporting) http://www.youtube.com/watch?v=RzbL-6FY6aI&feature=related (Cloud ready idm)