Previous     Contents     Index     Next     
iPlanet Meta-Directory Configuration and Administration Guide



Chapter 7   Connectors and Connector Rules


In order to transfer data to and from an external database, Meta-Directory uses a connector. The connector takes the external data and creates a sub-tree on a Directory Server which displays the data in LDAP. This sub-tree is called a connector view.

There are two types of connectors: direct and indirect. The connector view for an LDAP directory or a SQL database uses a direct connector; in other words, it communicates directly with the join engine. The connector view for other sources of data uses an indirect connector, which translates data into LDAP so that the join engine can work with it. Indirect connectors use indirect connector rules, in much the same way as the join engine, to manage the transfer of entries between an external data source and the connector view. This chapter contains the following sections:



Direct Connectors

A directory accessible by LDAP (such as the directory provided by iPlanet Directory Server) and a database accessible by SQL (such as an Oracle database) are considered to have direct connectors. Because the join engine understands LDAP, it can directly read or write any entry stored on an LDAP-based directory. On the other hand, in order to read and write to an entry stored within a SQL database, the join engine uses the Database connector to provide direct, two-way SQL access. (Because the Database Connector is a join engine plug-in as opposed to software outside the join engine, it is considered a direct connector.)



Indirect Connectors


Indirect connectors transport entries stored in external data sources that use protocol not directly accessible by the join engine. Meta-Directory supports the following indirect connectors:


The Universal Connector and Universal Text Parser

The Universal connector (also known as the Universal Text Connector or UTC) is an indirect connector that enables the transfer of data between data sources and a connector view. The Universal Text Parser (UTP) is a set of text file parsers and generators that are used with the UTC to make certain text files [currently Comma-Separated Values (CSV) files, LDAP Data Interchange Format (LDIF) files and Name-Value Pair (NVP) files] compatible with the connector view.


The Windows NT Domain Connector

The Windows NT Domain connector is a Universal connector with NT-specific Perl scripts and binaries that provides two-way synchronization of user and group data between a Windows NT SAM database and its connector view.


Active Directory Connector

The Active Directory connector is a Universal connector with Active Directory-specific Perl scripts and binaries that provides two-way synchronization of user and group data between an Active Directory database and its connector view.



Indirect Connector Rules


When an indirect connector is synchronizing entries from the external data source to the connector view, it directs the process and transforms the data using rules similar to those used during the join process. The indirect connector rules include Attribute Flow Rules, Default Attribute Value Rules and Filter Rules. (The Attribute Flow, Default Attribute and Filter rules used by the connectors are different from, and should not be confused with, the Attribute Flow, Default Attribute and Filter rules used by the join engine.) Indirect connector rules are defined at the connector node and applied to the connector instance specifically.


Note Indirect connector rules can be applied at anytime but the connector instance should be restarted after changes in the configuration are made in order to re-flow data using the new rules.



Attribute Flow Rules

Attribute flow rules are established to specify which external data source attributes are mapped to which connector view attributes and vice versa. (The assignment of an attribute in one source to a particular attribute in another source is called mapping.) When you establish attribute flow rules, you also specify which source owns the entry which, by default, is the external data source.


Default Attribute Value Rules

If no values exist for a particular attribute in an entry, either because the attribute isn't part of the entry or the attribute exists with no value, the connector applies pre-configured attribute rules for creating appropriate default values. You can change these default attribute rules as needed.


Filter Rules

An indirect connector uses filtering rules to selectively exclude entries from the synchronization process.



Attribute Flow Rules


Attribute flow rules specify which attributes in the external data source will be mapped to which LDAP attributes in the connector view. In the definition and application of these rules there are two concepts that, although not specifically referred to in the GUI, are important to remember. Granularity refers to the complexity of the application of the rules, i.e.: whether the entry flows as a whole piece or whether the entry is divided into its base attributes which then flow separately. Ownership refers to where the entry originates (in the external data source or in the connector view), i.e.: whichever source the entry originates from is considered the owner of the entry.


Granularity and Ownership

If you don't configure your own indirect connector rules, the indirect connector uses default attribute flow rules and the process is considered to have entry-level granularity. Entry-level granularity is characterized by all of the following:

  • Entries can be added in, and therefore flow from, either the data source or the meta view and the entry's ownership is based on this

  • Only the owner of an entry can modify or delete that entry

  • Entries flow back and forth as complete entries with no specific attribute mapping or filtering allowed.

If, on the other hand, an attribute flow rule is written and applied, the flow is considered to have attribute-level granularity. Attribute-level granularity is characterized as follows:

  • Entries can be added in, and therefore flow from, either the data source or the meta view and the entry's ownership is based on this

  • Only the owner of an entry can delete that entry

  • Because specific attributes flow independently of complete entries, modifications can be made from either the data source or the meta view

These concepts explain certain flow behaviors and should be kept in mind when configuring and applying attribute flow rules for the indirect connectors.


To Configure an Attribute Flow Rule

To achieve attribute-level granularity, an attribute flow rule is written and applied, as described in the following procedure.

  1. Select the connector you want to configure from the Meta-Directory console navigation tree and click The Attribute Flow tab.



  2. Click New.

    The New Flow Configuration Name dialog box appears. Reset can be clicked at any time to delete all new configurations and return to the last saved state.

  3. Type a name for the new attribute flow configuration and click OK.

    The name appears in the Configurations list box.

  4. In the Mapping Type drop-down list, select Mappings for Connector View Owned Objects, or Mappings for Locally Owned Objects.

    Mappings for Connector View Owned Objects is selected for entries created within the connector view and Mappings for Locally Owned Objects is selected for entries created within the external data source.


    Note When creating attribute flow rules, all attributes must be mapped in both directions: "From Connector View" and "To Connector View". Mappings are configured this way for both locally owned objects and connector view owned objects in order to propagate all changes.


  5. Click Insert.

    The Insert Attribute Mappings dialog box appears. This displays a list of all attributes configured as external attributes for the specific connector. (Adding external attributes is described in "To add external attributes for connectors" on page 148.)

    Alternately, you can click Insert Defaults and Meta-Directory populates the list box at the bottom of the window with default mappings, in which the external data source attributes match the connector view attributes. These default mappings are the same as those chosen at the connector node in the General configuration window.



    1. The mapping type, selected in Step 4, can be changed from within this dialog box.

    2. Specify the flow direction, either mappings of attributes from external data source to the connector view or from the connector view to the external data source.

    3. Specify either All Attributes or All Language Tagged Attributes from the Connector View Objectclass drop-down list.

      If you specify All Language Tagged Attributes as the connector view objectclass, choose a supported language subtype. Check Add Phonetic Type box to indicate if the attribute value is a phonetic representation. For more information on these fields, see "To Compose Language Tagged Attribute Conditions" of Chapter 7 "Connectors and Connector Rules."

    4. Select an external attribute and the connector view attribute you wish to map it to.

      If you select an external attribute for which there is a matching connector view attribute, the connector view attribute is automatically selected. However, any connector view attribute can be selected for any given external attribute. You can also use a keyword search by typing the first letter of the external attribute or connector view attribute you want to find. For instance, if you wanted to find uid, you would only have to type u.

    5. Click Insert.

      The mapping for your configuration appears at the bottom of the Attribute Flow window.

    6. Select additional pairs, clicking Insert after each pair is selected. Click Close when finished.

  6. Click Save in the Attribute Flow tab to save the attribute flow rules.


To Change a Configuration

  1. In the Attribute Flow tab, select the configuration you want to change.

  2. Either add or remove a mapping.

    You can add or remove mappings, but you cannot edit them.

    • To add a mapping, see Step 5 above.

    • To remove a mapping, select the mapping you want to remove and click Remove.

  3. Click Save when you are finished changing the configuration.



Default Attribute Value Rules

In the absence of any attribute values, a connector applies default attribute value rules to ensure that specified attributes contain a value. If an attribute does not exist in the external data source or connector view or if the attribute does exist but has a NULL value, a default attribute value rule is called upon to allow the transfer of data. Default attribute value rules don't affect the connectors' behavior.


To Configure Default Attribute Values

  1. In the navigation tree of the Configuration tab, select the indirect connector whose default attribute values you want to specify.

  2. Select the Default Values tab.



  3. Click New.

  4. In the Name field, specify a name for the default attribute configuration you are creating.

    The name appears in the Configurations list box.

  5. Select either Connector View or External Directory from the Attribute Destination drop-down list.

  6. Click Add.

    Blank fields appear below the Attribute and Default Value fields.

  7. Click within the blank Attribute field.

    A drop-down list appears.

  8. Either select an attribute from the list or type in an attribute.

    To create attributes for this list, follow the procedure headed "To add external attributes for connectors" on page 148.

  9. Double-click within the blank Default Value field and type in a value.

  10. Repeat steps 4 - 9 to set up additional default attributes for the selected configuration.

  11. Click Save when you are finished.



Filter Rules

The indirect connector uses filter rules to exclude source data from the synchronization process. Filters can be configured to exclude entire sub-trees while individual entries from the sub-trees can be re-included using entry filters.


Note DNs used in Filter Rules should be the DN from the connector view's entry regardless of the ownership of the entry.



To Add a New Filter

  1. In the navigation tree of the Configuration tab, select the indirect connector and click the Filters tab.



  2. Click New.

    The Filter Name dialog box appears.

  3. Enter a name and click OK.

    The new name appears in the Filter Name list box.

  4. Select either To Connector View or From Connector View.

  5. Provide a list of subtrees to exclude or include by selecting All Subtrees Except or No Subtrees Except, then click Add.

    The Sub-tree DN dialog box appears.

  6. Specify the full DN of a connector view sub-tree to exclude or include, then click OK.

    The subtree appears in the list box. Repeat steps 5 - 6 for additional sub-trees.

  7. Provide a list of entries to exclude or include by selecting a sub-tree, then selecting All Entries Except or No Entries Except. Click Add.

    The Entry RDN dialog box appears.

    • To filter entries back in from the excluded sub-trees using All Entries Except:

      1. Specify a connector view RDN entry to include, then click OK.

        The entry appears in the list box. The entry must be a child entry of the sub-tree specified.

      2. Repeat this procedure to include additional entries.

    • To specify singular excluded entries using No Entries Except:

      1. Specify a connector view RDN entry to exclude, then click OK.

        The entry appears in the list box. Again, the entry must be a child entry of the sub-tree specified.

      2. Repeat this procedure to exclude additional entries.

    • To filter entries back out from included sub-trees using All Entries Except:

      1. Specify a connector view RDN entry to exclude, then click OK.

        The entry appears in the list box. Again, the entry must be a child entry of the sub-tree specified.

      2. Repeat this procedure to exclude additional entries.

    • To specify singular included entries using No Entries Except:

      1. Specify a connector view RDN entry to include, then click OK.

        The entry appears in the list box. Again, the entry must be a child entry of the sub-tree specified.

      2. Repeat this procedure to exclude additional entries.


        Note With this filter, entries in all subtrees that are not specifically included are excluded, no matter how the associated entry-level filters are set.


  8. Click Save when finished.


To Remove an RDN for an Entry

  1. Select the RDN you want to remove.

  2. Click Remove next to the Entry RDN list box.


To Remove a Subtree DN

  1. Select the DN you want to remove.

  2. Click Remove next to the Subtree DN list box.


    Note This action also removes all RDNs associated with this DN.



To Delete a Filter

  1. Select the filter you want to delete from the Filter Name list box.

  2. Click Delete.

    The filter and its associated DNs and RDNs disappear from the window.


Previous     Contents     Index     Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated April 08, 2002