Sun logo      Previous      Contents      Index      Next     

Sun ONE Meta-Directory 5.1.1 Administration Guide

Chapter 3
Connectors and Connector Rules

Meta-Directory uses a connector to transfer data to and from an external database. The connector takes the external data and creates a sub-tree in the Directory Server, which displays the data in LDAP. This sub-tree is called a Connector View.

There are two types of connectors: direct and indirect. The Connector View for an LDAP directory or an Oracle SQL database uses a direct connector; it communicates directly with the Join Engine. The Connector View for other sources of data uses an indirect connector, which translates data into LDAP so that the Join Engine can work with it. Indirect connectors use indirect connector rules, in the same way as the Join Engine, to manage the transfer of entries between an external data source and the Connector View.

This chapter contains the following sections:

About Direct Connectors

A Directory Server (Sun ONE Directory Server 5.1/5.2, iPlanet Directory Server 5.x, and Netscape Directory Server 4.16) and an Oracle 8.1.5, 8.1.7, and 9.2.0 database server have direct connectors. Support for each of this is provided through an appropriate plug-in with the Join Engine.

An Oracle database accessible by SQL is considered to have direct connectors. To read and write an entry stored in a SQL database, the Join Engine uses the Database connector to provide direct, two-way SQL access. (Because the Database Connector is a Join Engine plug-in as opposed to software outside the Join Engine, it is considered a direct connector.)

About Indirect Connectors

Indirect connectors transfer the entries stored in external data sources that use protocol not directly accessible by the Join Engine.

Meta-Directory consists of the following indirect connectors:

About Indirect Connector Rules

When an indirect connector is synchronizing entries from the external data source to the Connector View, it directs the process and transforms the data using rules similar to those used during the join process. The indirect connector rules include "Configuring Attribute Flow Rules," "Configuring Attribute Flow Rules," and "Creating Filter Rules." These rules, which are used by the connectors, are different from the Attribute Flow, Default Attribute, and Filter rules used by the Join Engine. Indirect connector rules are defined at the connector node and specifically applied to the connector instance.

Note

Indirect connector rules can be applied anytime. However, the connector instance should be restarted, once changes to the configuration is completed, to flow the data again using the new rules.

Attribute Flow Rules

Attribute flow rules are created to specify the external data source attributes that are mapped to Connector View attributes and vice versa. (The assignment of an attribute in one source to a particular attribute in another source is called mapping.) When you create the attribute flow rules, you also specify the source that owns the entry; by default, is the external data source.

Default Attribute Value Rules

If no value exists for a particular attribute in an entry, either because the attribute is not part of the entry or the attribute exists with no value, the connector applies pre-configured attribute rules to create appropriate default values. You can change these default attribute rules as required.

Filter Rules

An indirect connector uses filter rules to selectively exclude entries from the synchronization process.

Configuring Attribute Flow Rules

Attribute flow rules specify the attributes in the external data source which are mapped to the LDAP attributes in the Connector View. When applying these rules, two concepts you must know: Granularity refers to the complexity of the application of the rules, that is, whether the entry flows completely or is divided into its base attributes which then flows separately. Ownership refers to where the entry originates (in the external data source or Connector View), that is, source the entry originates from is considered the owner of the entry.

About Granularity and Ownership

If you do not configure your indirect connector rules, the indirect connector uses default attribute flow rules and the process is considered to have entry-level granularity. Entry-level granularity has the following characteristics:

If an attribute flow rule is applied, the flow is considered to have attribute-level granularity. Attribute-level granularity has the following characteristics:

For both Entry-Level granularity and Attribute-Level granularity, renaming a non-owned entry would result in:

These concepts explain certain flow behaviors and should be reviewed when configuring and applying attribute flow rules for the indirect connectors.

    To configure an attribute flow rule (to achieve attribute-level granularity)
  1. Select the connector to configure from the Meta-Directory console navigation tree.
    Figure displays the options of the ’Attribute Flow’ tab.
  2. Select the Attribute Flow tab, and then click New.

    3. The ‘New Flow Configuration Name’ dialog box displays. Click Reset to delete all new configurations and return to the last saved state.

  3. Type a name for the new attribute flow configuration, and then click OK.

    4. The name is displayed in the Configurations list box.

  4. From the Mapping Type list box, select ‘Mappings for Connector View Owned Objects’ or ‘Mappings for Locally Owned Objects’.
    • Select ‘Mappings for Connector View Owned Objects’ if entries are created in the Connector View.

      - Or -

    • Select ‘Mapping for Locally Owned Objects’ if entries are created in the external data source.

      • Note

      When creating attribute flow rules, all attributes must be mapped in both directions: ‘From Connector View’ and ‘To Connector View’. Mappings are configured this way for both locally owned objects and Connector View owned objects to propagate all changes.

  5. Click Insert. The ‘Insert Attribute Mappings’ dialog box displays.

    6. This displays a list of all attributes configured as external attributes for the specific connector. (For information on adding external attributes, see "To add external attributes for connectors".)

    Alternately, click Insert Defaults to display a list of the default mappings, in which the external data source attributes match the Connector View attributes. These default mappings are the same as those selected at the connector node in the General configuration window.
    Figure displays the default values of the Insert Attribute Mappings.

    1. The mapping type, selected in Step 4, can be changed from in this dialog box.
    2. Specify the flow direction, either mappings of attributes from external data source to the Connector View or from the Connector View to the external data source.
    3. Specify either All Attributes or All Language Tagged Attributes from the Connector View Objectclass drop-down list.

      4. If you specify All Language Tagged Attributes as the Connector View objectclass, choose a supported language subtype. Select the ‘Add Phonetic Type’ option to indicate if the attribute value is a phonetic representation. For more information, see "To compose language-tagged attribute conditions".

    4. Select an external attribute and the Connector View attribute to map it to.

      5. If an external attribute for which there is a matching Connector View attribute selected, then the Connector View attribute is automatically selected. However, any Connector View attribute can be selected for any external attribute.

      Tip

      Type the first letter of the external attribute or Connector View attribute, to locate the attribute. For example, to find uid, type u to find the attribute.

    5. Click Insert. The mapping for the configuration is displayed.
    6. Select additional combination. Click Insert after each combination is selected. Click Close when completed.
  6. Click Save to complete.
    To modify a configuration
  1. Select the configuration to modify from the Attribute Flow tab.
  2. Do one of the following:
    • To add a mapping, see Step 5.

      • - Or -

    • To remove a mapping, select the mapping to remove, and then click Remove.

      • Note

      You can add or remove mappings, but you cannot edit them.

  3. Click Save to complete.

Configuring Default Attribute Value Rules

If no attribute values exist, the connector applies default attribute value rules to ensure that specified attributes contain a value. If an attribute does not exist in the external data source or Connector View or if the attribute does exist but has a NULL value, a default attribute value rule is used to allow the transfer of data. Default attribute value rules do not affect the connectors’ behavior.

    To configure default attribute values
  1. Select the Configuration tab. From the navigation tree, select the indirect connector to specify its default attribute values.
  2. Select the Default Values tab, and then click New.
    Figure displays the options in the ’<br />Default Values’ tab.
  3. Specify a name for the default attribute configuration in the Name field.
  4. Select either Connector View or External Directory from the Attribute Destination list box.
  5. Click Add, and then click the Attribute field to display a list box.
  6. Either select an attribute from the list or type an attribute.

    7. For information on creating attributes for this list, see "To add external attributes for connectors".

  7. Double-click the Default Value field, and then type a value.
  8. Click Save to complete.
  9. Perform Step 4 through Step 8 to set up additional default attributes for the selected configuration.

Creating Filter Rules

Indirect connectors use filter rules to exclude data from the synchronization process. Filters can be configured to exclude entire sub-trees while individual entries from the sub-trees can be included again using entry filters.

Note

DNs used in Filter Rules should be the DN from the Connector View’s entry regardless of the ownership of the entry.

    To create a new filter rule
  1. Select the Configuration tab. From the navigation tree, select the indirect connector.
    Figure displays the options available in the ’Filters’ tab.
  2. Select the Filter tab, and then click New. The ‘Filter Name’ dialog box is displayed.
  3. Enter a name and click OK.

    4. Figure 3-1  Connector View Tree Structure with Entries

  4. To specify the direction of entry flow, select ‘To Connector View’ or ‘From Connector View’ from the list box.
  5. From the list box, select one of these:
    • ‘All Subtrees Except’ to include all subtrees with an exception (exclude specific entries of the subtree you select). For example, include ou=madison subtree but exclude cn=x1, cn=x2 (see Figure 3-1). Click ‘Add Subtree’. This displays the ‘Sub-tree DN’ dialog box. Goto Step 6.

      • - Or -

    • ‘No Subtrees Except’ to exclude all subtrees with an exception (include specific entries of the subtree that you select). For example, exclude ou=parc subtree but include cn=y1, cn=y2 entries (see Figure 3-1). Click ‘Add Subtree’. This displays the ‘Sub-tree DN’ dialog box. Goto Step 6.
  6. Select the subtree and click OK. The subtree is displayed in the list box. Perform Step 5 for other subtrees.
  7. Once complete, do one or more of the following to exclude or include entries of the subtrees you selected (in Step 5).
    1. To include specific entries of an excluded subtree, see Step 5, (for example, ou=sparc, cn=y1, cn=y2), do this:
      • Select the subtree, for example, ou=nicp. Select ‘Exceptions to Above Rule’ option and, then click ‘Add DN’. From the ‘Entry RDN’ dialog box, select the entry to include and click OK. Repeat this step for other entries.
    2. To exclude specific entries of an included subtree, see Step 5, (for example, ou=madison, cn=x1, cn=x2), do this:
      • Select the subtree, for example, ou=sprac Select ‘Exceptions to Above Rule’ option and, then click ‘Add DN’. From the ‘Entry RDN’ dialog box, select the entry to exclude and click OK. Repeat this step for other entries.

        • Note

        With this filter, entries in all subtrees that are not specifically included are excluded, however the associated entry-level filters are set.

  8. Click Save to confirm changes.
    To remove an RDN for an entry
  1. Select the RDN to remove.
  2. Click Remove to confirm.
    To remove a subtree DN
  1. Select the DN to remove.
  2. Click Remove to confirm.

    3. Note

    This also removes all RDNs associated with this DN.

    To delete a filter rule
  1. Select the filter to delete from the Filter Name list box.
  2. Click Delete to confirm. The filter and its associated DNs and RDNs is deleted.


Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.