- Q. Is IDM compatible with Oracle® Java Development Kit (JDK) 11?
- Q. Can IDM be used with OpenJDK™?
- Q. How do I integrate IDM, AM and DS?
- Q. Do I need to change the default symmetric encryption key for production (Pre-IDM 6.5)?
- Q. Does IDM support encryption keys with 256-bit AES encryption?
- Q. How do I configure IDM for case insensitive searching?
- Q. Can IDM be configured to use multiple OpenICF Connector servers and failover with Active Directory® Domain Controllers?
- Q. Can you configure IDM reconciliation to continue implicit synchronization even when failure occurs?
- Q. How do I configure IDM to handle large data sets for reconciliation?
A. Yes, OpenJDK is supported in IDM. See Release Notes › Before You Install (Java Requirements) for details of versions.
A. You should refer to Platform Setup Guide for further information.
A. No, you do not. IDM generates a symmetric key and a private key the first time the server is started. See How do I change the symmetric key in IDM 5.x and 6? for further information.
However, you should change the default keystore password as detailed in Integrator's Guide › To Change the Default Keystore Password.
A. Yes, IDM does support keys with 256-bit AES encryption and as of Java 9, so does Java. With earlier versions of Java, you must install the Oracle Java JCE unlimited strength jars if you want to use keys with 256-bit AES encryption. See Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files Download for further information and links to download the jars.
A. IDM is case-sensitive, but this can cause issues where valid entries are not found due to their case. This issue also affects queries done using queryFilter as the case-sensitivity of queryFilter depends on the repository's collation. You can resolve this by configuring the repository for case sensitivity as detailed in Synchronization Guide › Reconcile With Case-Insensitive Data Stores.
Q. Can IDM be configured to use multiple OpenICF Connector servers and failover with Active Directory Domain Controllers?
A. No, IDM can only use one OpenICF Connector server at a time. For failover purposes, you should have two or more Active Directory Domain Controllers (DC) with the OpenICF Connector server installed and if one becomes unavailable, your system administrator should change the target IP to another available DC.
Q. Can you configure IDM reconciliation to continue implicit synchronization even when failure occurs?
A. No, IDM performs implicit synchronization on an all or nothing basis according to the failure compensation configuration. There is no way to have implicit synchronization occur on specific objects within a mapping but not others.
A. IDM supports reconciliation paging, which breaks down extremely large data sets into chunks. See Synchronization Guide › Tuning Reconciliation Performance for further information on this and other approaches to improve reconciliation performance.
See How do I identify reconciliation performance issues in IDM (All versions)? for further information on troubleshooting reconciliation performance.