Sun Directory Server Enterprise Edition 7.0 Administration Guide

Aggregate Data From the HR LDAP Directory and the Administration LDIF File

The HR department stores information such as employee names, job start data, and job level. The administration department stores additional data such as building codes and office numbers. The client application that handles the HR data requires access to the combined data from both sources. Both data sources have a common attribute, the employeeNumber that exists in each entry.

The following diagram illustrates the requirements of the client application.

Figure 22–4 Aggregation of Data From LDAP Directory and LDIF File

Figure shows a join view of an LDAP directory and an
LDIF file

To fulfill this application requirement, a data view is created for the payroll directory and for the administration LDIF file. These two data views are then joined to provide access to the aggregated data. This common attribute enables Directory Proxy Server to aggregate the data for each user.

For simplicity, the commands used in this section assume the following information:

To obtain the complete syntax of each command, run the command without any options. For example:

$ dpconf create-ldap-data-view
Operands are missing
Usage: dpconf create-ldap-data-view VIEW_NAME POOL_NAME SUFFIX_DN

ProcedureCreate and Enable an LDAP Data View for the Payroll Directory

  1. Create an LDAP data source for the payroll directory.

    $ dpconf create-ldap-data-source payroll-directory payrollHost:2389
  2. Create an LDAP data source pool for the payroll directory.

    $ dpconf create-ldap-data-source-pool payroll-pool
  3. Attach the payroll data source to the data source pool.

    $ dpconf attach-ldap-data-source payroll-pool payroll-directory
  4. Configure the weights of the attached data source.

    $ dpconf set-attached-ldap-data-source-prop -h payrollHost -p 2389 \
    payroll-pool payroll-directory add-weight:2 \
    bind-weight:2 compare-weight:2 delete-weight:2 \
    modify-dn-weight:2 modify-weight:2 search-weight:2
  5. Create an LDAP data view for the payroll directory.

    $ dpconf create-ldap-data-view payroll-view payroll-pool
  6. Enable the LDAP data view so that client requests can be routed to this data view.

    $ dpconf set-ldap-data-view-prop payroll-view is-enabled:true
  7. Restart Directory Proxy Server for the changes to take effect.

    $ dpadm restart /local/myDPS

ProcedureCreate and Enable an LDIF Data View for the Administration Data

  1. Create an LDIF data view for the administration data.

    $ dpconf create-ldif-data-view admin-view example.ldif dc=example,dc=com
  2. Enable the LDIF data view for the administration data.

    $ dpconf set-ldif-data-view-prop admin-view is-enabled:true
  3. Specify that the administrator view contains entries that are used by more than one entry in the payroll view.

    $ dpconf set-ldif-data-view-prop admin-view contains-shared-entries:true

    When this property is set to TRUE, deleting an entry in the payroll data view will not result in the deletion of the shared entry in the administrator data view. Adding an entry to the payroll data view will only add the entry to the secondary data view if it does not already exist.

  4. Restart Directory Proxy Server for the changes to take effect.

    $ dpadm restart /local/myDPS

ProcedureJoin the Payroll Data View and the Administrator Data View

  1. Create a filter join rule on the administrator data view that specifies how the data should be aggregated.

    The following join rule specifies that data should be joined based on the employeeNumber attribute of the user entry.

    $ dpconf set-ldif-data-view-prop admin-view \
  2. Create a join data view that aggregates the two data views.

    For the join data view, the organization uses the suffix DN dc=example,dc=com.

    $ dpconf create-join-data-view example-join-view payroll-view admin-view \