Chat now with support
Chat with Support

Identity Manager 8.2.1 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-based systems Synchronizing Unix-based target systems Managing Unix user accounts and employees Managing memberships in Unix groups Login information for Unix user accounts Mapping of Unix objects in One Identity Manager Handling of Unix objects in the Web Portal Basic data for Unix-based target systems Configuration parameters for managing Unix-based target systems Default project template for Unix-based target systems Unix connector settings

Configuration parameters for managing Unix-based target systems

The following configuration parameters are available in One Identity Manager after the module has been installed.

Table 33: Configuration parameters
Configuration parameter Description

TargetSystem | Unix

Preprocessor relevant configuration parameter to control component parts for Unix-based custom target system administration. If the parameter is set, the target system components are available. Changes to this parameter require the database to be recompiled.

If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

TargetSystem | Unix | Accounts

Allows configuration of user account data.

TargetSystem | Unix | Accounts |
InitialRandomPassword

Specifies whether a random password is generated when a new user account is added. The password must contain at least those character sets that are defined in the password policy.

TargetSystem | Unix | Accounts |
InitialRandomPassword | SendTo

Employee to receive an email with the random generated password (manager cost center/department/location/role, employee’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the TargetSystem | Unix | DefaultAddress configuration parameter.

TargetSystem | Unix | Accounts |
InitialRandomPassword | SendTo |
MailTemplateAccountName

Mail template name that is sent to supply users with the login credentials for the user account. The Employee - new user account created mail template is used.

TargetSystem | Unix | Accounts |
InitialRandomPassword | SendTo |
MailTemplatePassword

Mail template name that is sent to supply users with the initial password. The Employee - initial password for new user account mail template is used.

TargetSystem | Unix | Accounts |
MailTemplateDefaultValues

Mail template used to send notifications about whether default IT operating data mapping values are used for automatically creating a user account. The Employee - new user account with default properties created mail template is used.

TargetSystem | Unix | Accounts |
PrivilegedAccount		 Allows configuration of privileged Unix user account settings.

TargetSystem | Unix | Accounts |
PrivilegedAccount |
AccountName_Postfix

Postfix for formatting the login name of privileged user accounts.

TargetSystem | Unix | Accounts |
PrivilegedAccount |
AccountName_Prefix

Prefix for formatting a login name of privileged user accounts.

TargetSystem | Unix | DefaultAddress

Default email address of the recipient for notifications about actions in the target system.

TargetSystem | Unix |
MaxFullsyncDuration

Maximum runtime of a synchronization in minutes. No recalculation of group memberships by the DBQueue Processor can take place during this time. If the maximum runtime is exceeded, group membership are recalculated.

TargetSystem | Unix |
PersonAutoDefault

Mode for automatic employee assignment for user accounts added to the database outside synchronization.

TargetSystem | Unix |
PersonAutoDisabledAccounts

Specifies whether employees are automatically assigned to disabled user accounts. User accounts are not given an account definition.

TargetSystem | Unix |
PersonAutoFullSync

Mode for automatic employee assignment for user accounts that are added to or updated in the database by synchronization.

TargetSystem | Unix |
PersonExcludeList

List of all user accounts that must not be automatically assigned to employees. Names are listed in a pipe (|) delimited list that is handled as a regular search pattern.

Example:

ADMINISTRATOR|GUEST|KRBTGT|TSINTERNETUSER|IUSR_.*|IWAM_.*|SUPPORT_.*|.* | $

Default project template for Unix-based target systems

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

The project template uses mappings for the following schema types.

Table 34: Mapping Unix schema types to tables in the One Identity Manager schema
Schema type in Unix-based target system Table in the One Identity Manager Schema
Group UNXGroup
Host UNXHost
LoginShell UNXLoginShell
User UNXAccount

Unix connector settings

The following settings are configured for the system connection with the Unix connector.

Table 35: Unix connector settings

Setting

Description

Server or IP

Server name or IP address of the host.

Variable: CP_Host

Host name

Name of the host.

Variable: Hostname

Port

Communications port for establishing the SSH connection. The default communications port is the TCP port 22.

Variable: CP_Port

User account

When the authentication method is Password. User account for SSH login in the host.

Variable: CP_SSHUser

Password

When the authentication method is Password. Password for SSH login on the host.

Variable: CP_SSHPassword

Private key

When the authentication method is Private key. Private key for logging in to the host.

Variable: CP_PrivateKey

Passphrase

When the authentication method is Private key. Passphrase for logging in to the host.

Variable: CP_PrivateKeyPassphrase

Change to administrative context

Method to use to gain administrative permissions. Permitted values are:

  • Default: If the user already possesses administrative permissions, select the Default method.

  • Sudo: If the current user logged in on the host can run administrative tasks as an administrative user, select the Sudo method. Enter the alternative user, such as root.

  • Su: If administrative tasks should be run using a different user, select the su method. Enter the user's login credentials. The default user is root.

Variable: CP_EvaluationMethod

User name

User name if the Sudo or Su methods are used.

Variable: CP_EvaluationUser

Default: root

Password

Password for the user if the Su method is used.

Variable: CP_EvaluationPassword

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating