Walking through the Office 365 IDM driver - Part 14


In part one of this series I walked through some of the configuration, Packages, and GCVs used in the Office 365 IDM driver.

In part two of this series I walked through more of the GCVs and looked at some possible values for the License entitlements.

In part three of this series I looked at the Filter and Schema Map and some more entitlement issues.

In part four of this series I looked at the configuration settings and then on to actual policies, getting through the Subscriber Event Transform policy set.

In part five of this series I worked through the Subscriber Match and Create policy sets.

In part six of this series I started in on the Subscriber Command Transform policy set.

In part seven of this series I continued through the EntitlementsImpl policy in the Command Transform.

In part eight of this series I finished up the Command Transform and started into the Output Transform.

In part nine of this series I finished walking through the Output Transform.

In part ten of this series I started down the Input Transform policy set getting through the first six policy objects.

In part eleven of this series I finished the Input Transform policy set and got through the Publisher Event Transform policy set.

In part twelve of this series I got through the Match, Create, Placement, and almost all of the Command transform policy sets.

In part thirteen of this series I finished the Publisher channel, wrapping up the driver.

And yet, here we are again... At some point this has to end, right? I mean, I cannot keep going forever? Or can I?

It turns out that the way NetIQ is doing packages, is basically an excuse to keep writing these articles forever! Ha ha! Fools, now I have you!

The best part about packages is that they are meant to be designed to be upgradable. This is hugely different than the previous XML file monoliths. Before if you applied the latest XML driver file, it would erase stuff you had changed. With packages, your changes remain, and are in fact flagged, and you can see the list. This is great, since with a new Package, perhaps NetIQ fixed an issue you had noticed, now you can revert your change and use theirs instead? Or perhaps you were clever and made all your changes in policies in your own package and now it is independent of the NetIQ packages, so upgrades are less painful. All these are great changes, and my favorite part of Packages. Alas, all is not perfect, and I could spend many articles explaining the issues. Maybe I should. Hmm, not a bad idea for a new series. Or at least an updated series on Packaging, 2 years after I wrote my last set, with all that I have learned in the past 2 years or so.

Anyway, when I started this series lo so many years ago, I noted the specific packages I was reviewing because I expected that they would get updated as time passed. I honestly did not think it would take so long to get them all out:

NOVLOFFIDCFG Default configuration
NOVOFFAUDENT Audit Entitlements
NOVLOFFIATRK Account tracking for Identity Audit
NOVLOFFIPSWD Password Synchronization
NOVLOFMSINFO Managed System Info
NOVLOFFENT Entitlement support
NOVLOFFIOPTL Optional Packages

I also picked up some package dependencies and got:

Account Tracking Common
Audit Entitlements Common 1.0.0
Data Collection Common 1.0.0
Password Synchronization Common

There were a couple of driver set packages that came in via dependencies as well:
Advanced Java Class		1.0.1
Common Settings 1.0.01

In the intervening year or so, these have all been updated. So lets see what it looks like with the new packages. Designer 4.02 Auto Update 2 or so added the ability to compare packages. So I will compare the version I used against the latest packages, and report back on what has changed. Lets see if anyone at NetIQ read my articles and fixed the issues I noted. The way it works is, open the Outline view, find your Package Catalog. Find the package of interest. Click on the version you want to start with. (Will be on the left in the compare window). Then you can right click and select Compare Package. If you do not get this menu, try turning on Package Developer Mode in one of your trees, or making sure you are at the latest Auto Update for Designer.

Then you get to select from all the versions that Designer locally knows about. These have to be packages that are:

  1. Brought into Designer via "Online Updates" whether NetIQ's site, or someone else's, or by pointing at a local filestore.

  • Packages Imported, just into this project.

That is the difference between doing a Check for Package Updates, getting the updates, and Import Packages. The former case makes the packages available to all projects that this Designer install instance works on. This also means you need Admin privileges on Winders, as UAC will try and stop Designer from writing downloaded files to the install directory. Whereas the latter only makes the package available to current project.

This is an important distinction, since the first case, stores them with the Designer binary files. Whereas the second stores them just in the workspace. Usually the binary files are in C:\Program Files on Winders, which is protected as of Win7 and Win 8.

In one of the 4.02 Auto Updates they also made it that if you reference a package, say by adding a driver, then the needed packages (and only the needed packages) get added to the current project's catalog. This is to save memory, since the entire project is kept in memory in its own copy, for each and every tab you open. Thus minimizing the size of the catalog is a good thing.

This auto import is also used when you do a compare. Just because you only have a single package in your catalog, does not mean you cannot compare. If your package came via Designer Online Updates, then you can chose from all versions the Designer instance knows about. If however, you got your packages as JAR files that you imported into your project, then you would have to import all the versions you want to compare into your catalog.

If you want to distribute packages like the Online Updates approach, what you do is Build a package and get it ready. Once you are ready, Build it with the Release tick box selected. These actions generate the single, simple JAR file that you may be used to. Once you have Build/Released a package, you right click again, and now there is Publish item on the menu.

You need to point this at a directory that holds your other published packages, (maybe mount the web server file system? Maybe manage it local then copy over?) as it adds to the site.xml file your new packages. Thus you get to build your distribution site, and all you need to do is expose it via HTTP to allow people to use it. If you just want to do it locally, in the Preferences window, Designer, Packages, Online Updates, add a new Update Site, with the URL for the HTTP site, or the local filesystem as:


Note the three forward slashes after the file colon.

In our case here, the updated packages that need to be considered are:

  1. NOVLOFFIBASE - Base package

         Was:     Now:

  • NOVLOFFIDCFG - Default configuration

         Was:     Now:

         Intermediate step of will be ignored.

  • NOVLOFFIPSWD - Password Synchronization

         Was:     Now:

  • NOVLOFFENT - Entitlement support

         Was:     Now:

  • NOVLOFFIATRK - Account tracking for Identity Audit

         Was:     Now:

So looks like there are five packages to look at changes made in. This could take awhile!

Might as well start at the top, with the Base package, NOVLOFFIBASE.


First up they updated the Readme which make me very happy. I think they should be doing lots more of this. Add comments in the policies, add comments in the Filter, add comments in the Readme. The more the merrier. Thus I am glad to see this. The new stuff is:

  • 2.2 Changes made for enhancement to support DistributionList group.

So looks like the overall 2.2 package version was all about adding Distribution List support, and that the 2.3 release was a bunch of bug fixes.

This one has 5 differences, one GCV object and four resource objects:


  • NOVLOFFIBASE-DriverNamePrompt


  • NOVLOFFIBASE-InitSettingsPrompt

  • NOVLOFFIBASE-RemoteLoaderPrompts


Lets start with the 'easy' one, a GCV object.

Looks like three changes.

First was just a cosmetic change of adding a Header node, into the GCV. It is not entirely well documented all the various things you can do in the GCV XML, but a node like below can make things look more professional.

<header display-name="My Custom Settings"/>

You have seen examples of this in common drivers, but nice to know you can add it yourself. Of course, be nice if the GUI supported adding it to make life easier, but it does not.

I wrote a series of articles about the various GCV types a few years ago, that can help explain some of the options in the GCV DTD that are available.


How To-Best Practice
Comment List