Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java(TM) System Directory Proxy Server 5.2 2005Q1 Administration Guide 

Chapter 10
Creating and Managing Action Objects

Directory Proxy Server supports event-driven actions, that is, you can configure Directory Proxy Server to execute specified actions when specific events occur. This chapter explains how to create and manage action objects using the Directory Proxy Server Configuration Editor Console.

The chapter has the following sections:

Overview of Actions

An action refers to a task that Directory Proxy Server can execute. You use an action object to specify the action Directory Proxy Server should take if the rules or conditions defined by an event object evaluates to TRUE. Event objects are used to specify conditions which are evaluated by Directory Proxy Server at predetermined states. For details about events, see Creating and Managing Event Objects."

Currently, Directory Proxy Server can execute one action called ChangeGroup. This action enables you to configure Directory Proxy Server to change a client from one access group to another based on the evaluation of a rule. For details about groups, see Creating and Managing Groups."

The change-group feature is especially useful if your LDAP directory contains information about mobile users, for example, users who connect to the directory from different IP addresses or physical locations. You can setup Directory Proxy Server in such a way that a mobile user would connect to Directory Proxy Server with a dynamic IP address and drop into a "default" access group. The "default" access group would have a rule based on the OnBindSuccess event, that evaluates to TRUE only if the bind credentials provided by the mobile user are authenticated. This rule would also have the ChangeGroup action configured to change the mobile user's access group from "default" to the access group the mobile user is usually assigned to when accessing Directory Proxy Server with a static IP address.

Creating Action Objects

You can create objects for actions that need to be executed when certain events occur. The instructions below explain how to create an action object for changing groups.

To Create an Action Object to Change a Client From One Group To Another
  1. Access the Directory Proxy Server Configuration Editor Console as described in Accessing the Directory Proxy Server Consoles.
  2. In the navigation tree, expand the Actions node, and then, select Change Group.

    3. The right pane shows the list of existing action objects.
    Directory Proxy Server Change Group Actions window.

  3. Click New.

    4. The Create Change Group Action window appears.
    Directory Proxy Server Create Change Group Actions window.

  4. In the Name field, type a name for the object. The name must be a unique alphanumeric string.
  5. In the Action tab, select the action to be performed when the event occurs (that is, when the event evaluates to TRUE).

    6. Change to... Displays a list of groups to which a client can change. For a change to occur, the client must match a DN expression associated with each group. To edit the DN expression associated with a particular group or "no change" entry, click the "If client DN matches" column in the table. The list is evaluated from top to bottom until a DN expression is matched. Therefore, it is important that the most general DN expression is at the bottom of the list so that all expressions will be evaluated.

    Regular expressions must be normalized, that is, there should be no spaces in between RDN components and the equal to (=) sign, and all attribute names and values must be capitalized.

    You can use the following book as a reference on regular expressions: Mastering Regular Expressions, by Friedl and Oram, published by O'Reilly, ISBN: 1565922573.

    Add. Displays a menu for adding a group to which a client connection could potentially change. Group change entries can be of the following types: "Group change entry," or "No change entry."

    Group change entry. Displays a dialog for selecting a network group to which a client will change depending on whether or not the associated DN expression evaluates to TRUE.

    No change entry. Adds a row to the table indicating that NO change should occur if the associated DN expression evaluates to TRUE. This is useful in providing a "short circuit" of the evaluation of the change group list.

    Edit. Displays a dialog for editing the currently-selected entry in the table.

    Remove. Removes the currently-selected entry in the table.

  6. Click Save to create the action object.

    7. The Directory Proxy Server configuration is modified, and you're prompted to restart the servers that rely on this configuration. Don't restart the servers yet. You can do this after you've completed all the configuration changes.

  7. Repeat Step 3 through Step 6 to create any additional objects.
  8. Restart the servers as described in Restarting Directory Proxy Server.

Modifying Action Objects

To Modify an Action Object
  1. Access the Directory Proxy Server Configuration Editor Console as described in Accessing the Directory Proxy Server Consoles.
  2. In the navigation tree, select Actions.

    3. The right pane shows the list of existing action objects.
    Directory Proxy Server Actions window.

  3. In the list, select the action object you want to modify and click Edit.
  4. Make the required modifications.
  5. Click Save to save your changes.

    6. The Directory Proxy Server configuration is modified, and you are prompted to restart the servers that rely on this configuration. Don't restart the servers yet. You can do this after you've completed all the configuration changes.

  6. Repeat Step 3 through Step 5 to modify any additional objects.
  7. Restart the servers as described in Restarting Directory Proxy Server.

Deleting Action Objects

You can delete any unwanted action objects from the Directory Proxy Server configuration. Before deleting an action object, make sure that it is not used in the configuration of any event objects.

To Delete an Action Object
  1. Access the Directory Proxy Server Configuration Editor Console as described in Accessing the Directory Proxy Server Consoles.
  2. In the navigation tree, select Actions.

    3. The right pane shows the list of existing action objects.
    Directory Proxy Server Change Group Actions window.

  3. In the list, select the action you want to delete and click Delete.
  4. Confirm your action.

    5. The name of the object you deleted is now removed from the list. The Directory Proxy Server configuration is modified, and you are prompted to restart the servers that rely on this configuration. Don't restart the servers yet. You can do this after you've completed all the configuration changes.

  5. Repeat Step 3 and Step 4 to delete any additional objects.
  6. Restart the servers as described in Restarting Directory Proxy Server.


Previous      Contents      Index      Next     

Part No: 817-7615-10.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.