Chapter 2
Working with Views

In joining data, Meta-Directory lets you view information in two ways, in Connector Views and in Meta Views. A Connector View displays data from an external data source. A Meta View displays the integrated data from a number of Connector Views.

This chapter contains the following sections:

Working with Connector Views
Working with Meta View
Working with Participating Views
Refreshing the Views

---

Working with Connector Views

A Connector View is an LDAP representation of data that resides in an external source. Connector views provide LDAP-ready information to the Join Engine, which uses this information to build the Meta View. In order for data from the Connector View to become part of the Meta View, the Connector View must be enabled as a Participating View, in effect, allowing Connector View data to flow. Only Connector Views added to the Participating Views list will synchronize entries to and from the Meta View. (Data can flow in both directions between the Meta View and the participating Connector View.)

Note	To prevent duplicate user IDs from occurring, one Connector View should not be nested as a subtree of another Connector View. Each Connector View should be a flat tree with no subentries.

    To add a Connector View instance

Select Connector Views from the Meta-Directory Console navigation tree, and right-click.
Select New View.

The ‘New Instance Creation’ dialog box displays.



Enter appropriate values in the fields as described in the following table:

Table 2-1  Description of the options and the tasks to perform for each option

Field	Do This
View Name	Enter a name for the Connector View. The default is CV#, where # is an integer.
View ID	Enter no more than five characters to represent a unique ID for the connector. The default is CV#, where # is an integer.
View Base DN	Enter the base DN under which the view’s information will be stored. The default is o=CV#, where # is an integer. (If you are creating a Connector View instance for the Universal connector, do not create the location under the root for all products, o=NetscapeRoot.)
Data Server URL	Select (or enter) a Directory Server or Oracle database URL where the data will be stored.
Data Server Bind DN	Enter a DN with which the Join Engine will authenticate to the Directory Server.
Data Server Bind Password	Enter the password associated with the bind DN.

Once complete, click OK. The ‘Load Schema’ dialog box displays.
Click Yes to load the schema.

If the base entry of your schema does not exist, the ‘Subschema Subentry’ dialog box displays:



This dialog box displays because Meta-Directory has proprietary attributes that are not contained in the Directory Server. Accept the default location of cn=schema, or provide another subentry, to store these attributes and click OK.

Note	While loading the schema to a Directory Server instance which does not contain the Meta-Directory configuration information, “cannot delete” error messages might result from the ldapmodify utility trying to delete an entry that does not exist. These messages are not serious. For more information, see Appendix B, "Troubleshooting Meta-Directory."

The ‘Instance Creation Succeeded’ message is displayed once the instance is created.

    To remove a Connector View instance

From the Meta-Directory console, select the instance from the navigation tree to remove, and right-click.
Click Delete View. The instance is deleted.

    To enter description for a connector

From the Meta-Directory console (navigation tree), select the Connector View to add a description.
Enter descriptive text in the Description field.
Once complete, click Save.

---

Working with Meta View

The Meta View is a unified view of entries from one or more Connector Views; it represents the result of the join process. After the Join Engine processes the information received from a Connector View, it transfers the information to the Meta View. (Like the Connector View, the Meta View is a sub-tree on a Directory Server.) From the Meta View, you can view linked entries as well as modify them and send the changes back to the original entries via the Connector Views.

When you create an instance of the Join Engine, the Meta View is created at the same time. You can see the Meta View icon in the Meta-Directory console navigation tree under the Join Engine instance you created. It is an empty Meta View until it is joined with at least one Connector View. Meta-Directory supports only one Meta View per Join Engine instance.

For information on creating instances of the Join Engine and creating a Meta View, see "Creating the Join Engine Instance" of Chapter 1, "Configuring the Join Engine."

    To enter descriptive information for a Meta View

Select Meta View from the Meta-Directory console navigation tree.
Enter descriptive text in the Description field.
Once complete, click Save.

Creating New Data in the Meta View

New data can be added to the database using the Meta View. Once the Join Engine is installed and a Meta View is created, new entries, groups and organizations can be integrated with existing data.

Note	New data should only be added using the Meta View or external data source. Do not add new entries using the Connector View; information about the external data source or Meta View will exist in the Connector View.

    To create an entry in the Meta View

Select the Contents of the Meta View.
Choose Object > New > User. The ‘Create New User’ dialog box displays.
Enter appropriate values in the fields as described in the following table:

Table 2-2  Description of the options and the tasks to perform for each option

Field	Do This
First Name	Specify the common name of the entrant.
Last Name	Specify the surname of the entrant.
Common Name	The given name of the entrant is generated automatically as the names are entered above.
User ID	A default user ID is generated as the first and last names are entered. Make sure that the User ID is alphanumeric and does not contain any of the following characters:- ~ ! @ # $ % ^ & * ( ) _ + | \ : " , . < > / ?
E-Mail	Specify the entrant’s e-mail address.
Phone	Specify the entrant’s telephone number.
Fax	Specify the entrant’s fax number.

Optional: Select a language and provide language-specific user information.
Optional: If using the NT Domain connector, enable NT User Attributes and provide the necessary information.
Optional: If using the Posix operating system, enable Posix User Attributes and provide the necessary information.
Once complete, click OK.

The user name is displayed in the Contents of the Meta View in the Meta-Directory console.

    To create a group in the Meta View

Select the Contents of the Meta View.
Choose Object > New > Group. The ‘Create New Group’ dialog box displays.
Enter appropriate values in the fields as described in the following table:

Table 2-3  Description of the options and the tasks to perform for each option

Group Name	Specify the name of the group.
Description	Specify a description of the group.

Select the entries to become members of this group.
Optional: Select a language and provide language-specific user information.
Once complete, click OK.

The new group name is displayed in the Contents of the Meta View in the Meta-Directory console.

    To create an organization in the Meta View

Select the Contents of the Meta View.
Choose Object > New > Organization. The ‘Create New Organization’ dialog box displays.
Enter appropriate values in the fields as described in the following table:

Table 2-4  Description of the options and the tasks to perform for each option

Field	Do This
Name	Specify the name of the organization.
Description	Specify a description of the organization.
Phone	Specify the telephone number of the organization.
Fax	Specify the fax number of the organization.
Alias	Specify an alias for the organization.
Address	Specify the address of the organization.

Optional: Select a language and provide language-specific user information.
Once complete, click OK.

The new organization name is displayed in the Contents of the Meta View in the Meta-Directory console.

    To modify an entry in the Meta View

Click the Contents of the Active Directory Meta View.
Double-click the Active Directory user to modify. The ‘Edit Entry’ dialog box displays.
Modify the values as required, and then click OK.

---

Working with Participating Views

In order for a Connector View to be accessed by the Meta View it must be added as a Participating View and configured to participate in the join process. Once a Connector View becomes a Participating View and is enabled, data can flow bi-directionally between that view and the Meta View.

Once a Participating View is added, it is configured by applying join process rules to it. Each participating Connector View is configured separately. Enabling the Participating View is the final step in allowing the Connector View to participate in the join process.

    To add a Participating View

From the Meta-Directory console (navigation tree), right-click the Participating Views object.
Click Add Participating View. The ‘Select View’ dialog box displays.
Select the Connector View or the specific views to synchronize to the Meta View.
Once complete, click OK. Selected views are added to the navigation tree:

    To remove a Participating View

Select the view to remove, and right-click.
Click Delete View. The view is deleted.

Configuring a Participating View

Before enabling a Participating View, you must configure it so that data flow between the Connector View and the Meta View can be managed. Join process rules are applied to the Participating View which the Join Engine will then apply to the Connector View entries. In addition, you can specify capability settings, refresh schedules and group filters for each Participating View.

    To configure a Participating View

Select the participating Connector View to configure, and then select the Configuration tab

.
Select the appropriate combinations of rules from the list boxes, and click Save.
Select rule sets for Attribute Flow, Join Rules, DN Mapping Rules, and Filters. The choices are derived from the rules that you set up in "Creating the Join Engine Instance" of Chapter 1, "Configuring the Join Engine."

When choosing join process rules for a Participating View, Attribute Flow rules and DN Mapping rules contain a selection called Atomic. Atomic refers to Meta-Directory default rules that flow, map, and join LDAP attributes that are clearly the same. For example, when the Join Engine applies an atomic attribute flow rule, all attributes in the source entry will flow to destination entry i.e. the entry of the source replaces the entry at destination. When the Join Engine applies an atomic DN mapping rule, the RDN of the source entry is added to the base DN of the destination view to form a full DN. For instance, an RDN of user1 in a Connector View located in cn=user1,ou=cv1,o=madisonparc.com would remain the same when applied atomically to the Meta View ascn=user1,o=mv.

For Entry Default Ownership, select Connector or Meta View from these list boxes:
The selection made in To Connector specifies the view that owns the entries replicated from the Meta View to the Connector View.
The selection made in To Meta View specifies the view that owns the entries replicated from the Connector View to the Meta View.

When an entry is owned by either the Meta View or the Connector View, it can only be deleted through that view. By default, an entry is owned by the view from which it originates; the default ownership can be changed with this option.

Note	Ownership here is not the same as granularity and ownership discussed in Chapter 3, "Connectors and Connector Rules." The values discussed here refer to ownership of entries shared between the Connector View and the Meta View. Chapter 7 refers to ownership of entries shared between the data source and a Connector View.

For Entry Default Membership, select Member of CV or Not A Member of CV from these list boxes:
The selection made in To Connector specifies whether new entries will or will not be members of the Connector View as the data flows from the Meta View to the Connector View.
The selection made in To Meta View specifies whether new entries will or will not be members of the Connector View as the data flows from the Connector View to the Meta View.

Membership identifies an entry within a Connector View that is native to the data source represented by the Connector View. Rules can then be configured and applied based on the attributes that are already present in the data source.

Select the Capabilities tab. This helps you set the behavior for the data flow between the Meta View and Connector View:

Table 2-5  Description of the options and the tasks to perform for each option

Field	Do This
Attributes Flow to Connector View	Additions and changes to attributes in a Meta View entry are sent to the Connector View if there are suitable attribute flow rules.
Attributes Flow to Meta View	Additions and changes to attributes in a Connector View entry are sent to the Meta View if there are suitable attribute flow rules.
Entries Flow to Connector View	Entries added to a Meta View are sent to the Connector View if there are suitable DN mapping and attribute flow rules.
Entries Flow to Meta View	Entries added to a Connector View are sent to the Meta View if there are suitable DN mapping and attribute flow rules.
Delete Entry from Connector View	Deletes the entry in Connector View if either: The corresponding Meta View (or different Connector View) entry has been deleted, or The Connector View you are configuring does not own the entity.
Re-Add Entry to Connector View	Re-adds a deleted Connector View entry if either: An agent other than the Join Engine has deleted the Connector View entry, or The Connector View you are configuring does not own the entity.

Select the Schedule tab.



In the Schedule tab, you can configure a refresh schedule for the participating Connector View. (If no schedule is configured, the view will only be refreshed manually.)

Click New to add a new schedule entry.

The scheduler can operate as many times as once every second; therefore, the finest granularity occurs every second.

Change the default values in the list boxes and field entries at the bottom of the window to schedule the desired task.

Alternatively, you can provide settings in a tabular format by clicking Advanced. The ‘Advanced Schedule Options’ dialog box displays.

Numerals can be used in the Advanced Schedule Options fields:

Table 2-6  Description of the options and the tasks to perform for each option

Field	Value	Example
Second Specifier	Accepts data in x/y format. x represents the ‘second’ at which schedule should start. x is interpreted as ‘start x seconds past minute’. y represents the repeat frequency of schedule in seconds. ’*’ is allowed as a valid value for either x or y. ’*’ in x is interpreted as ‘start at 0 seconds past minute’. ’*’ in y is interpreted as repeat every second. Value of x should be between 0 and 59. y can have any numeric value.	2/15 means start 2 seconds past the minute and run every 15 seconds. */15 means start 0 seconds past the minute and run every 15 seconds. 2/* means start 2 seconds past the minute and run every second.
Minute Specifier	Accepts data in x/y format. x represents the’ minute’ at which schedule should start. x is interpreted as ‘start x minutes past the hour. y represents the repeat frequency of schedule in minutes. ‘*’ is allowed as a valid value for either x or y. ‘*’ in x is interpreted as ‘start at 0 minutes past the hour. ‘*’ in y is interpreted as repeat every minute. Value of x should be between 0 and 59. y can have any numeric value. Frequency of the schedule should be specified either in second specifier or minute specifier. If frequency is entered in both seconds and minute specifier, seconds frequency takes precedence over minutes frequency and minutes frequency is ignored.	2/15 means start 2 minutes past the hour and run every 15 minutes. */15 means start 0 minute past the hour and run every 15 minutes. 2/* means start 2 minutes past the hour and run every minute.
Hour Specifier	Accepts data in a regular expression format. Valid numeric values that can be entered are 0 to 23. Valid data formats are x x-y x-y/z a-b, x-y x,y,z Interpretation of data in various formats: x: Is interpreted as run at x hour. ‘*’ in x is interpreted as 0-23. x-y: Is interpreted as begin at x hours and end at y hours. ‘*’ is not a valid value in a range. If x > y in hour range then the effective range is considered as x-23:59. that is, start at x hour and run till 23 hour 59 minutes. x-y/z: Is interpreted as begin at x hours and end at y hours at z step. This means valid hours to run are x, x+z, x+(2*z), x+(3*z).... till x+(n*z) < y. a-b, x-y: Is interpreted as multiple ranges. Multiple hour ranges can be specified in the hour specifier. Ranges specified should be in ascending order. x,y,z: Is interpreted as run at x, y, and z hours. Any of the above combinations can be used in hour specifier.	Sample: 9-4 is interpreted as 19-23:59 Sample: 10-16/2 is interpreted as run at 10, 12, 14 hours. Sample: 8-10, 12-18, 20-22 is a valid schedule. 8-10, 2-3, 12-18 is invalid as the ranges are not in ascending order. Sample: 2,10-12,16-22/3 is a valid value in hour specifier.
Day Specifier	Accepts data in a regular expression format. Valid numeric values that can be entered are 1 to 31. Valid data formats are x x-y x-y/z a-b, x-y x,y,z Interpretation of data in various formats: x: Is interpreted as run on x day. ’*’ in x is interpreted as 1-31. x-y: Is interpreted as run between x and y days. ‘*’ is not a valid value in a range. x should be less than y in the range. x-y/z: Is interpreted as begin on x day and end on y day every z days. This means valid days to run are x, x+z, x+(2*z), x+(3*z).... till x+(n*z) < y. a-b, x-y: Is interpreted as multiple ranges. Multiple day ranges can be specified in the day specifier. Ranges specified should be in ascending order. x,y,z: Is interpreted as run on x,y and z days. Any of the above combinations can be used in day specifier.	10-16/2 means run on 10th, 12th, 14th, 16th day of the month. Sample: 8-10, 12-18, 20-22 is a valid schedule. 8-10, 2-3, 12-18 is invalid as the ranges are not in ascending order. Sample: 2,10-12,16-22/3 is a valid value in day specifier.
Month Specifier	Accepts data in a regular expression format. Valid numeric values that can be entered are 1 to 12. Valid data formats are x x-y x-y/z a-b, x-y x,y,z Interpretation of data in various formats: x: Is interpreted as run in x month. ’*’ in x is interpreted as 1-12. x-y: Is interpreted as run between x and y months. ‘*’ is not a valid value in a range. x should be less than y in the range. x-y/z: Is interpreted as begin in x month and end in y month every z months. This means valid months to run are x, x+z, x+(2*z), x+(3*z).... till x+(n*z) < y. a-b, x-y: Is interpreted as multiple ranges. Multiple month ranges can be specified in the month specifier. Ranges specified should be in ascending order. x,y,z: Is interpreted as run in x,y and z months. Any of the above combinations can be used in day specifier.	Sample: 1-8/2 means run in 1,3,5,7 months. (Run in Jan, Mar, May, Jul) Sample: 1-2,6-9 is a valid schedule. 6-9, 1-2 is invalid as the ranges are not in ascending order.
Day of the Week Specifier	Accepts data in a regular expression format. Valid numeric values that can be entered are 0 to 6. 0 stands for sunday. 6 stands for saturday. Valid data formats are: x x-y x-y/z a-b, x-y x, y, z Interpretation of data in various formats: x: Is interpreted as run on x weekday. ’*’ in x is interpreted as 0-6. x-y: Is interpreted as run between x and y weekdays. ’*’ is not a valid value in a range. x should be less than y in the range. x-y/z: Is interpreted as begin on x weekday and end on y weekday every z days. This means valid weekdays to run are x, x+z, x+(2*z), x+(3*z).... till x+(n*z) < y. a-b, x-y: Is interpreted as multiple ranges. Multiple weekday ranges can be specified in the day of week specifier. Ranges specified should be in ascending order. x, y, z: Is interpreted as run on x,y and z weekdays. Any of the above combinations can be used in weekday specifier.	Sample: 0-5/2 means run on 0,2,4 weekdays. (Run on sunday, tuesday, thursday) Sample: 0-2,4-6 is a valid schedule. 4-6, 1-2 is invalid as the ranges are not in ascending order.

Sample data in different fields and their interpretation:

Example 1:

second specifier:12/30
minute specifier:5/15
hour specifier : 7-9
day specifier: *
month specifier:*
day of week specifier:0-6

Schedule starts at 5 minutes 12 seconds past 7 and runs every 30 seconds. Schedule ends at 9. This schedule runs every day. As both seconds and minute frequency were specified minute frequency was ignored.

Example 2:

second specifier:*
minute specifier:*/45
hour specifier :7-10
day specifier:*
month specifier:*
day of week specifier:0-6

Schedule starts at 0 minutes past 7 and runs every 45 minutes till 10 every day. Schedule runs at 7:00, 7:45, 8:30, 9:15

Example 3:

second specifier:*
minute specifier:*/30
hour specifier :7-9, 15-17
day specifier:*
month specifier:*
day of week specifier:0

Schedule runs at 7:00, 7:30, 8:00, 8:30,15:00,15:30,16:00,16:30 every sunday.

Example 4:

second specifier: *
minute specifier:10/15
hour specifier :22-3
day specifier:*
month specifier:*
day of week specifier:0-6

Schedule runs at 22:10, 22:25,22:40,22:55,23:10,23:25,23:40,23:55 every day. 22-3 in hour range was rounded off to 22-23:59 as x > y in the hour range.

Click Update.

Your specifications appear in the Current Schedule. For instance, if you wanted to refresh only the Meta View beginning at 30 minutes past the hour, every 60 minutes between 2 and 6 on Sunday, the Current Schedule would appear as shown:



Select the Group Filters tab.

The Group Filters tab enables you to create one or more filters for LDAP data sources. You can use the group filters to refresh entries of a Connector View only. The format of the filter is (attribute=value). Note that the parentheses are part of the syntax.

When you refresh groups, the Join Engine refreshes only the entries that match the group filter or filters you have specified. For information about refreshing groups, see "Join Engine Operations".

Click Save when you finished configuring the participating Connector View.

The connector instance must be restarted to activate it’s configuration. For procedures on how to stop and re-start the connector, see Chapter 12, "Starting and Stopping Components."

Note	If large number of Participating Views are configured for a Join Engine, it is recommended to have non-overlapping refresh schedules for each Connector View.

Enabling a Participating View

In order to flow data, a Participating View must be enabled. Enabling is what allows data to flow. Before enabling it, a Connector View must be added and configured as a Participating View.

    To enable a Participating View

Click the Status tab from above the navigation tree window in Meta-Directory console.Select the Join Engine from the navigation tree and click the Operations tab.

For more information on Join Engine and Connector View operations, see "Operations" of Chapter 13, "Monitoring Meta-Directory Components."

Select a Participating View listed in the View list box that is disabled.

The View list box has two columns: View and Status. (The size of the View column can be reduced by dragging the column divider to the left; this should make the Status column visible. Both columns can be increased in size by enlarging the console window.) All added Participating Views are listed in these columns along with their status: Enabled or Disabled.

Select Enable from the Operation drop-down list.
Click Start.

The status of the view changes from Disabled to Enabled allowing data to flow to the Meta View. Any error in the Connector View’s configuration will automatically disable the Participating View.

Select Refresh from the Operation List Window, then select either Meta View or Connector View from the Traverse menu list.

Once the Participating View is enabled, you should refresh it to update the data.

Click Start.

Checking Entry Links

There are several reasons why an entry in a Connector View might not link up to an entry in the Meta View. One reason is that the Join Engine found more than one entry to link to. Another possible reason is that the external data contains errors. Because of these possibilities, you should check, as a standard procedure, for errors and omissions by doing one or both of the following:

Review the Directory Server error log for reports of failures. This can be done by using a Perl script or using the command grep -i fail *.log in the log directory.
As discussed in Chapter 14, "Administration Tools," use the Query Tool to check for entries which were not linked.

If you find errors, you can use join commands in the Fix-It Tool to fix the problems as described in Chapter 14, "Administration Tools."

---

Refreshing the Views

To incorporate new or modified data or to bypass regularly scheduled refresh synchronizations for immediate updates, you use the Refresh option of the specific Meta-Directory component. In addition, to flow entries that preexist in a Connector View, you must refresh the Connector View’s enabled Participating View.

Refreshing Meta Views

When the Meta Views are refreshed, the join rules are applied again to every entry in the targeted view and the data is reconstructed. The other rules are then applied accordingly:

If the entry is found, the attribute flow rule is applied.
If the entry is not found, the DN mapping rule is applied.
If the entry exists, the attribute flow rule is applied.
If the entry does not exist, an entry is created.

Note	If you change any of the rules, you must refresh the Join Engine to make sure the data flows according to the new rules.

    To refresh the Meta View

Select the Status tab and the Join Engine in the Meta-Directory console’s navigation tree.
Select the Operations tab. All Participating Views are listed in the View field.
Select the Participating View whose data needs to be refreshed.
Choose Refresh, Refresh Unlinked, or Refresh Groups from the Operation list box.
If Refresh is selected, the entire view is scanned for new entries and changes to existing entries.
If Refresh Unlinked is selected, the view is scanned for only entries that are not currently linked.
If Refresh Groups is selected, the entire view is scanned after the application of the Group Filter. (The group filter is an LDAP filter used to select certain entries prior to refresh. Information on configuring group filters can be found on "Select the Group Filters tab.".)
Select Meta View or Connector View from the Traverse menu.

Selecting Meta View will re-apply join rules to all entries in the Meta View and, similarly, selecting Connector View will re-apply join rules to all entries in the Connector View.

Click Submit Request to start the operation.

Refreshing the External Data or Connector View

New or modified data flowing to the external directory or Connector View of a specific connector can be refreshed.

    To refresh External Data or the Connector View

Select the Status tab. Select the connector to refresh from the navigation tree.
Select the Operations tab.

The Participating View of a connector is listed in the View field.

Select the Participating View.
Choose Refresh from the Operation list box.
Select External Directory or Connector View from the Updates to the list box.

Selecting External Directory will refresh the external data source with new data or data modifications made in the Meta View and transferred to the Connector View. Selecting Connector View will refresh the Connector View with new data or data modifications made in the external data source.

Click Start to begin the process. The ‘Modify Task Status’ dialog box displays.
Select the refresh operation type, and then click OK.

If you are updating the external directory, you will be asked to choose the from the following options:

Re-propagate all existing entries in the Connector View to the External Directory immediately.
Propagate all existing entries in the Connector View that meet the filter criteria to the External Directory immediately.
Select the filter desired. Only those configured for the ‘NoSubtreesExcept’ option are displayed when Select Filter... is chosen, not filters configured for the ‘AllSubtreesExcept’ option.
Perform the above two operations in sequence.

If you are updating the Connector View, the only option is to delete from the Connector View all existing entries that originate in the external data source.

If you are refreshing the external directory, the ‘Modify Task Status’ dialog box displays.

You must select a filter for the second and third options. Only filters configured for the ‘NoSubtreesExcept’ option are displayed when you click Select Filter, not filters configured for the ‘AllSubtreesExcept’ option.

Note	The Refresh option from the View menu does not refresh Meta-Directory, Join Engine, or the connector. It, and the Refresh command seen when a component name in the navigation tree is right-clicked, are commands that refresh the data displayed in the console navigation tree only.

Previous      Contents      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.