System Administrator’s Guide

Managing and Configuring Subscriber Profile Communication Services

The following section describes configuration and maintenance attributes and operations for the Extended Web Services Subscriber Profile communication service. It also provides a workflow for the configuration:

Extended Web Services Subscriber Profile/LDAPv3

Extended Web Services Subscriber Profile/LDAPv3

All subscriber profile related operations are handed off to network nodes that accept LDAP queries according to LDAPv3. The decision concerning which node in the LDAP directory should be used to perform the query is decided in runtime based on configuration settings. The data that is handed back to the application that initiated the Subscriber Profile query is filtered using the result filter mechanism in the service provider group and application group SLAs. See description of <resultRestrictions> in section Defining Service Provider Group and Application Group SLAs in Managing Accounts and SLAs

A connection pool is used for connections to the LDAP server. The connection pool is shared among all plug-in instances, and any configuration settings related to this pool or schema updates are broadcast to all plug-in instances in the cluster.

Note:

To make any configuration change take effect, Operation: updateLDAPSettings must be used.

To see a	Refer to
Detailed list of necessary for managing and configuring the plug-in instance	Properties for Extended Web Services Subscriber Profile/LDAPv3
Configuration workflow	Configuration Workflow for Extended Web Services Subscriber Profile/LDAPv3
List of operations and attributes related to management and provisioning	Management for Extended Web Services Subscriber Profile/LDAPv3 Provisioning for Extended Web Services Subscriber Profile/LDAPv3
Reference of management attributes and operations	Reference: Attributes and Operations for Extended Web Services Subscriber Profile/LDAPv3

Properties for Extended Web Services Subscriber Profile/LDAPv3

Property	Description
Managed object in Administration Console	<domain name>OCSG<server name>Communication Services<plug-in instance ID>
MBean	Domain=com.bea.wlcp.wlng Name=wlng_nt InstanceName is same as plug-in instance ID. Type=com.bea.wlcp.wlng.plugin.subscriberprofile.ldap.managedplugin.management.SubscriberProfileMBean
Network protocol plug-in service ID	Plugin_ews_subscriber_profile_ldap
Network protocol plug-in instance ID	The ID is given when the plug-in instance is created, see Managing and Configuring the Plug-in Manager.
Supported Address Scheme	tel id imsi ipv4
North interface	com.bea.wlcp.wlng.ews.plugin.SubscriberProfilePlugin
Service type	SubscriberProfile
Exposes to the service communication layer a Java representation of:	Extended Web Services Subscriber Profile
Interfaces with the network nodes using:	LDAP
Deployment artifacts NT EAR wlng_nt_subscriber_profile_ews.ear	ews_subscriber_profile_service.jar and Plugin_ews_subscriber_profile_ldap.jar
AT EAR: Normal wlng_at_subscriber_profile_ews.ear	ews_subscriber_profile.war and rest_subscriber_profile.war
AT EAR: SOAP Only wlng_at_subscriber_profile_ews_soap.ear	ews_subscriber_profile.war

LDAP Server Schema

A schema is used for constructing queries, see Listing 29-1.

Listing 29-1 LDAP Query schema XSD

<?xml version="1.0" encoding="UTF-8"?>

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">

  <xs:element name="LdapConfig">

    <xs:complexType>

      <xs:sequence>

        <xs:element name="Keys" type="KeySet" minOccurs="1" maxOccurs="unbounded"/>

        <xs:element name="LdapObject" type="LdapObject" minOccurs="1" maxOccurs="unbounded"/>

      </xs:sequence>

    </xs:complexType>

  </xs:element>

  <xs:complexType name="KeyObject">

    <xs:sequence>

      <xs:element name="uriScheme" type="xs:string" minOccurs="1" maxOccurs="1"/>

      <xs:element name="addressKeyName" type="xs:string" minOccurs="1" maxOccurs="1"/>

      <xs:element name="objectKeyName" type="xs:string" minOccurs="0" maxOccurs="1"/>

      <xs:element name="objectKeyValue" type="xs:string" minOccurs="0" maxOccurs="1"/>

    </xs:sequence>

    <xs:attribute name="id" type="xs:string" use="optional"/>

  </xs:complexType>

  <xs:complexType name="KeySet">

    <xs:sequence>

      <xs:element name="Key" type="KeyObject" minOccurs="1" maxOccurs="unbounded"/>

    </xs:sequence>

    <xs:attribute name="id" type="xs:string" use="required"/>

  </xs:complexType>

  <xs:complexType name="LdapObject">

    <xs:sequence>

      <xs:element name="ObjectKeySet" type="xs:string" minOccurs="0" maxOccurs="1"/>

    </xs:sequence>

    <xs:attribute name="id" type="xs:string" use="required"/>

    <xs:attribute name="keyName" type="xs:string" use="required"/>

    <xs:attribute name="keyValue" type="xs:string" use="required"/>

  </xs:complexType>

</xs:schema>

The document consists of the following elements:

LdapObject, holder of a KeySet.
KeySet, defines a collection of KeyObjects. Sets of keys are used since there may be several ways to reach a certain node in the tree. One LDAP plug-in instance can be configured with several KeySets, and can provide the link between the search key in the Extended Web Services Interface and the LDAP tree.
KeyObject, defines an entry point to the LDAP tree, and provides the link between the search key in the Extended Web Services Interface and the LDAP tree.

Table 29-1 LDAP server Schema
Object	Element	Description
LdapObject	ObjectKeySet	Defines the KeySet through which it can be reached. Refers to the id attribute of a defined KeySet.
	id	The identity of the LdapObject. Can be referenced from other LdapObjects via the ParentObjectId field.
	keyName	The name of the key through which the LdapObject can be reached.
	keyValue	The value of the key through which the LdapObject can be reached.
KeyObject	uriScheme	Defines the URI scheme of the address for which this key applies.
	addressKeyName	Defines the key name with which the address value is associated.
	objectKeyName	This element provides the possibility to define the addressing key of a possible tree node above the node which is reached by the address key (i.e. like the domain object in the 3DS directory information tree).
	objectKeyValue	See objectKeyName, this element defines the value of the key.
	id	The identity of the key. Only used for descriptive purposes.
KeySet	Key	All keys in the KeySet
	id	The identity of the KeySet. Used when associating an LdapObject with a KeySet.

Listing 29-2 is an example of how a directory information tree is built up using the above schema.

Listing 29-2 Example of LDAP server schema

<?xml version="1.0" encoding="UTF-8"?>

<LdapConfig xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance

xsi:noNamespaceSchemaLocation='sp_config.xsd'>

  <Keys id="myKeys">

    <Key id="misidnKey">

      <uriScheme>tel</uriScheme>

      <addressKeyName>msisdn</addressKeyName>

      <objectKeyName>domainName</objectKeyName>

      <objectKeyValue>msisdnD</objectKeyValue>

    </Key>

    <Key id="imsiKey">

      <uriScheme>imsi</uriScheme>

      <addressKeyName>imsi</addressKeyName>

      <objectKeyName>domainName</objectKeyName>

      <objectKeyValue>imsiD</objectKeyValue>

    </Key>

    <Key id="subscriberIdKey">

      <uriScheme>id</uriScheme>

      <addressKeyName>id</addressKeyName>

      <objectKeyName>domainName</objectKeyName>

      <objectKeyValue>subsD</objectKeyValue>

    </Key>

    <Key id="ipv4Key">

      <uriScheme>ipv4</uriScheme>

      <addressKeyName>ipv4Addr</addressKeyName>

      <objectKeyName>domainName</objectKeyName>

      <objectKeyValue>ipv4D</objectKeyValue>

    </Key>

  </Keys>

  <LdapObject id="mySchema" keyName="serviceName" keyValue="mySchema">

    <ObjectKeySet>myKeys</ObjectKeySet>

  </LdapObject>

</LdapConfig>

Configuration Workflow for Extended Web Services Subscriber Profile/LDAPv3

Below is an outline for configuring an Extended Web Service Subscriber Profile/LDAPv3 network protocol plug-in instance:

Create one or more instances of the plug-in service: see Managing and Configuring the Plug-in Manager. Use the plug-in service ID as detailed in Properties for Extended Web Services Subscriber Profile/LDAPv3.
Using the Management Console or an MBean browser, select the MBean for the plug-in instance. The MBean display name is the same as the plug-in instance ID given when the plug-in instance was created.
Define the characteristics of the LDAP server to connect to by specifying:

Attribute: AuthPassword

The schema to use, using either:

Attribute: Schema or Operation: updateSchemaURL
See LDAP Server Schema for a description of the schema and Configuration Workflow for Extended Web Services Subscriber Profile/LDAPv3 for a description of the mappings.

Define the connection pool characteristics for the connection:

Set up the routing rules to the plug-in instance: see Configuring the Plug-in Manager. Use the plug-in instance ID and address schemes detailed in Properties for Extended Web Services Subscriber Profile/LDAPv3.
If desired, create and load a node SLA, see:

Defining Global Node and Service Provider Group Node SLAs

Managing Application SLAs

Move on to the provisioning of service provider accounts and application accounts.

Management for Extended Web Services Subscriber Profile/LDAPv3

No specific management operations, except for Operation: updateLDAPSettings which must be used in order to update the LDAP connection pool after changing any of the following attributes:

Provisioning for Extended Web Services Subscriber Profile/LDAPv3

If the results from the LDAP query should be filtered, use the service provider group and application group SLAs. See description of <resultRestrictions> in section Defining Service Provider Group and Application Group SLAs in Managing Accounts and SLAs.

Reference: Attributes and Operations for Extended Web Services Subscriber Profile/LDAPv3

Below is a list of attributes and operations for configuration and maintenance:

Attribute: Host

Scope: Cluster

Unit: n/a

Format: String

Specifies the host name or IP address of the LDAP server to connect to.

Examples:

myldapserver.mycompany.org

192.168.0.14

Attribute: Port

Scope: Cluster

Unit: n/a

Format: int

Specifies the port number of the LDAP server to connect to.

Attribute: BaseDN

Scope: Cluster

Unit: n/a

Format: String

Specifies the base DN (Distinguished name) for the LDAP database in use.

Example:

o=acompany,c=uk

Attribute: AuthDN

Scope: Cluster

Unit: n/a

Format: String

Specifies the authentication user name (distinguished name) for the LDAP server.

Example:

cn=admin,o=acompany,c=uk

Attribute: AuthPassword

Scope: Cluster

Unit: n/a

Format: String

Specifies the password associated with the Attribute: AuthDN.

Attribute: ConnTimeout

Scope: Cluster

Unit: Seconds

Specifies the maximum time to wait for an LDAP connection to be established. If the related timer expires, a retry is performed: see Attribute: RecoverTimerInterval.

Any change to this setting must be followed by Operation: updateLDAPSettings.

Attribute: MinConnections

Scope: Cluster

Unit: n/a

Format: int

Specifies the minimum number of connections to establish using connections from the LDAP connection pool.

Any change to this setting must be followed by Operation: updateLDAPSettings.

Attribute: MaxConnections

Scope: Cluster

Unit: n/a

Format: int

Specifies the maximum number of connections in the LDAP connection pool.

Any change to this setting must be followed by Operation: updateLDAPSettings.

Attribute: Schema

Scope: Cluster

Unit: n/a

Format: String

The LDAP schema to use.

Attribute: LDAPConnectionStatus

Read-only.

Scope: Cluster

Unit: n/a

Format: String enumeration:

Table 29-2 Status of the connection to the LDAP server
Status	Description
active	The connection is active. The plug-in instance accepts requests.
update_pending	The connection is temporarily unavailable due to an update of the configuration settings. The plug-in instance does not accept requests.
deactive	The connection is inactive.The plug-in instance does not accept requests. Reasons for this entering this state includes: Missing or incorrect configuration. LDAP server is unreachable. Internal errors.

Attribute: RecoverTimerInterval

Scope: Cluster

Unit: Seconds

Specifies the time to wait before performing an LDAP connection retry after an LDAP connection error. Should be at least twice the time defined in Attribute: ConnTimeout.

Any change to this setting must be followed by Operation: updateLDAPSettings.

Operation: updateLDAPSettings

Scope: Cluster

Refreshes the LDAP connection pool to use the new configuration.

During the update, the LDAP connection is temporary unavailable and the connection status is update_pending. See Status of the connection to the LDAP server.

Signature:

updateLDAPSettings()

Table 29-3 updateLDAPSettings
updateLDAPSettings
Parameter	Description
-	-

Operation: updateSchemaURL

Scope: Cluster

Updates the schema to use when doing lookups in the LDAP database.

During the update, the LDAP connection is temporary unavailable and the connection status is update_pending. See Status of the connection to the LDAP server.

Signature:

updateSchemaURL(SchemaURL : String)

Table 29-4 updateSchemaURL
updateSchemaURL
Parameter	Description
SchemaURL	URL to the LDAP database schema. Examples: `file:///d:/ldap/schema.xml` (Windows systems) `file://ldap/schema.xml` (UNIX systems)