Anonymous_User Absent Member.
Absent Member.
362 views

Re: TCP\IP Based DirXML Driver

These are the standard modules. There is something for almost any protocol you would use.
https://www.netiq.com/products/identity-manager/advanced/technical-information/modules.html


On 7/18/2012 1:16 AM, rajeshemailto wrote:
>
> Dear Specialists,
>
> Greetings for the Day!!
>
> As part of RnD, I am looking for TCP\IP based driver to communicate
> with IDVault for authentication events. Or can we use any other driver
> for same purpose?
>
> Regards,
> RK
>
>


Labels (1)
0 Likes
9 Replies
Knowledge Partner
Knowledge Partner

Re: TCP\IP Based DirXML Driver

On 7/20/2012 3:16 AM, rajeshemailto wrote:
>
> Will,
>
> I have seen almost every module & analyzed to match my requirement but
> find no suitable module available. Basically, we have TCP\IP based
> device which will be used over gates for granting permission to entry.
> User shows card on device to open the door and on every request this
> devices communicates with IDM4 to allow or deny entry in the gate.
>
> We need IDM driver which can handle request from multiple gates
> simultaneously to grant\deny access.


So your card system makes live requests? Probably not an IDM issue.

Here you want your gates to query, is this card allowed, at this gate,
which would be the 'result' of work done by IDM. Perhaps you would use
a driver to enforce roles/entitlements assigned to users into your Gate
systems database. Or else just store the info in eDirectory and have
your gate system query eDirectory for the info as needed.



0 Likes
Knowledge Partner
Knowledge Partner

Re: TCP\IP Based DirXML Driver

On Fri, 20 Jul 2012 07:16:01 +0000, rajeshemailto wrote:

> I have seen almost every module & analyzed to match my requirement but
> find no suitable module available. Basically, we have TCP\IP based
> device which will be used over gates for granting permission to entry.
> User shows card on device to open the door and on every request this
> devices communicates with IDM4 to allow or deny entry in the gate.
>
> We need IDM driver which can handle request from multiple gates
> simultaneously to grant\deny access.


I don't think the IDM driver model is going to work for you here. You
probably need to rethink how you are going to build this product.
Ideally, you probably need to write a server app of some sort that your
card access devices will talk to. You could, then, have an IDM driver
that provisions (users? devices?) in to this application.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: TCP\IP Based DirXML Driver

On 7/20/2012 1:16 AM, rajeshemailto wrote:
>
> Will,
>
> I have seen almost every module& analyzed to match my requirement but
> find no suitable module available. Basically, we have TCP\IP based
> device which will be used over gates for granting permission to entry.
> User shows card on device to open the door and on every request this
> devices communicates with IDM4 to allow or deny entry in the gate.
>
> We need IDM driver which can handle request from multiple gates
> simultaneously to grant\deny access.
>
> Regards,
> RK
>
>

You need an authenticator app and IDM is more of a synchronization app. It would be very weird to
use it in this method.
0 Likes
Knowledge Partner
Knowledge Partner

Re: TCP\IP Based DirXML Driver

On 7/20/2012 2:16 PM, Will Schneider wrote:
> On 7/20/2012 1:16 AM, rajeshemailto wrote:
>>
>> Will,
>>
>> I have seen almost every module& analyzed to match my requirement but
>> find no suitable module available. Basically, we have TCP\IP based
>> device which will be used over gates for granting permission to entry.
>> User shows card on device to open the door and on every request this
>> devices communicates with IDM4 to allow or deny entry in the gate.
>>
>> We need IDM driver which can handle request from multiple gates
>> simultaneously to grant\deny access.
>>
>> Regards,
>> RK
>>
>>

> You need an authenticator app and IDM is more of a synchronization app.
> It would be very weird to use it in this method.


You could do something really stupid like use a SOAP driver to act on
the Pub channel and listen for Auth requests, but it would be a really
dumb approach.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: TCP\IP Based DirXML Driver

On 7/20/2012 12:26 PM, Geoffrey Carman wrote:
> On 7/20/2012 2:16 PM, Will Schneider wrote:
>> On 7/20/2012 1:16 AM, rajeshemailto wrote:
>>>
>>> Will,
>>>
>>> I have seen almost every module& analyzed to match my requirement but
>>> find no suitable module available. Basically, we have TCP\IP based
>>> device which will be used over gates for granting permission to entry.
>>> User shows card on device to open the door and on every request this
>>> devices communicates with IDM4 to allow or deny entry in the gate.
>>>
>>> We need IDM driver which can handle request from multiple gates
>>> simultaneously to grant\deny access.
>>>
>>> Regards,
>>> RK
>>>
>>>

>> You need an authenticator app and IDM is more of a synchronization app.
>> It would be very weird to use it in this method.

>
> You could do something really stupid like use a SOAP driver to act on the Pub channel and listen for
> Auth requests, but it would be a really dumb approach.
>

yes lol you could make them a query event that replies 1 or 0 but wow would that be a bizarre use.
There are a lot of better ways to do this.
0 Likes
Knowledge Partner
Knowledge Partner

Re: TCP\IP Based DirXML Driver

On Sat, 21 Jul 2012 04:26:02 +0000, rajeshemailto wrote:

> We have usually have 3 factors of authentications as "Who you are?",
> "What you know?" & "What you have?". Some authentication system supports
> one or 2 or 3 factors of authentication using RFID card,
> userid\password, ratina or finger print access. Now, we have seen many
> times, physical presence is not considered as another factor of
> authentication. So we are building this factor and trying to utilize
> NetIQ as platform to provide that authentication based on "Where you
> are?".


Personally, I'd do this by implementing an NMAS authentication shim for
your RFID card, then by using it as part of multi-factor authentication
in eDirectory with NMAS.

Identity Manager really isn't intended for the use you have in mind.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
Knowledge Partner
Knowledge Partner

Re: TCP\IP Based DirXML Driver

On 24.07.2012 07:36, rajeshemailto wrote:
>
> Oh K!!
>
> David,
>
> How can we implement NMAS authentication shim? Can you please direct me
> for this stuff?


I've never personally done this, but a quick google seems to show that
you could start by looking at the following:

Note that this information is somewhat dated (eDirectory 8.7) I've no
idea if anything has changed regarding developing NMAS with eDirectory 8.8)

http://www.novell.com/developer/ndk/novell_modular_authentication_service.html

http://www.novell.com/coolsolutions/feature/16005.html


Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner
Knowledge Partner

Re: TCP\IP Based DirXML Driver

On 24.07.2012 07:54, Alex McHugh wrote:
> On 24.07.2012 07:36, rajeshemailto wrote:
>>
>> Oh K!!
>>
>> David,
>>
>> How can we implement NMAS authentication shim? Can you please direct me
>> for this stuff?

>
> I've never personally done this, but a quick google seems to show that
> you could start by looking at the following:
>
> Note that this information is somewhat dated (eDirectory 8.7) I've no
> idea if anything has changed regarding developing NMAS with eDirectory 8.8)
>
> http://www.novell.com/developer/ndk/novell_modular_authentication_service.html
>
>
> http://www.novell.com/coolsolutions/feature/16005.html


Also, nmas has it's own forum
netiq.support.edirectory.modular-authentication-services I'd post there
for best response.

Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
jwilleke Trusted Contributor.
Trusted Contributor.

Re: TCP\IP Based DirXML Driver

On 2012-07-21 04:46:01 +0000, rajeshemailto said:

> Yes you are correct. We need more authenticator app as compare to sync
> app. We are just trying to exploit the IDM Drivers capabilities. Our aim
> is to utilize eDir as one source of authentication & authorization
> across enterprise. When we say across enterprise, we really mean as
> access high security document to access coffee machine.


Why IDM.
You say, TCP/IP, but that is a transport protocol, not a data protocl.

Do it all with LDAP calls?

Or implement a Custom Authentication Class in NAM.
NAM gives you a lot of other perks for this sort of thing.

--

Thank You for your help!

-jim
Jim Willeke

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.