Defining Resource Object Classes

Object classes are handled differently for LDAP-based resource objects than for other resource objects.

LDAP-Based Resource Objects

LDAP-based resource objects can consist of more than one LDAP object class, where each object class is an extension of its parent object class. However, within LDAP, the complete set of these object classes is viewed and managed as a single object type within LDAP.

To manage this type of resource object within Identity Manager, include the XML element <ObjectClasses> within the <ObjectType> definition. The <ObjectClasses> element allows you to define the set of object classes that is associated with this <ObjectType> as well as the relationship of classes to each other.

Non-LDAP-Based Resource Objects

For non-LDAP-based resource objects, you can use the <ObjectType> to represent information other than the resource object type name.

In the following example, the primary attribute defines the object class to be used when creating and updating an object of this type. In this case, inetorgperson is the object class that is defined as the primary one because it is a subclass of the other listed object classes. The operator attribute specifies whether the list of object classes should be treated as one (logical AND) or treated as unique classes (logical OR) when listing or getting an object of this type. In this case, Identity Manager performs an AND operation on these object classes prior to any list or get requests for this object type.

Example 9–6 Using inetorgperson Object Class

<ObjectClasses primary=’inetorgperson’ operator=’AND’>\n"+
<ObjectClass name=’person’/>\n"+ <ObjectClass name=’organizationalPerson’/>\n"+
<ObjectClass name=’inetorgperson’/>\n"+ </ObjectClasses>\n"+

In the next example, all requests to create and/or update resource objects of this type are done using the groupOfUniqueNames object class. All list and get requests will query for all objects whose object class is either groupOfNames or groupOfUniqueNames.

Example 9–7 Using groupOfUniqueNames Object Class

<ObjectClasses primary=’groupOfUniqueNames’ operator=’OR’>\n"+
<ObjectClass name=’groupOfNames’/>\n"+ <ObjectClass name=’groupOfUniqueNames’/>\n"+
</ObjectClasses>\n"+

In this example, only one object class is defined so all create, get, list, and update operations are performed using object class organizationalUnit.

Example 9–8 Using organizationalUnit Object Class

<ObjectClasses operator=’AND’>\n"+ <ObjectClass name=’organizationalUnit’/>\n"+ </ObjectClasses>\n"+

Because there is only one object class, you can exclude the <ObjectClasses> section. If you exclude the <ObjectClasses> section, the object class defaults to the <ObjectType> name attribute value. However, if you want the object type name to differ from the resource object class name, you must include the <ObjectClasses> section with the single <ObjectClass> entry.