|Oracle® Fusion Middleware Application Developer's Guide for Oracle Identity Management
11g Release 1 (11.1.1)
Part Number E10186-05
|PDF · Mobi · ePub|
Directory Services Mark-up Language (DSML) is deprecated in Oracle Fusion Middleware 11g Release 1 (11.1.1) and might not be supported in future releases.
This appendix contains the following sections:
Directory services form a core part of distributed computing. XML is becoming the standard markup language for Internet applications. As directory services are brought to the Internet, there is a pressing and urgent need to express the directory information as XML data. This caters to the growing breed of applications that are not LDAP-aware yet require information exchange with a LDAP directory server.
Directory Services Mark-up Language (DSML) defines the XML representation of LDAP information and operations. The LDAP Data Interchange Format (LDIF) is used to convey directory information, or a set of changes to be applied to directory entries. The former is called Attribute Value Record and the latter is called Change Record.
Using DSML with Oracle Internet Directory and Internet applications makes it easier to flexibly integrate data from disparate sources. Also, DSML enables applications that do not use LDAP to communicate with LDAP-based applications, easily operating on data generated by an Oracle Internet Directory client tool or accessing the directory through a firewall.
DSML is based on XML, which is optimized for delivery over the Web. Structured data in XML is uniform and independent of application or vendors, thus making possible numerous new flat file type synchronization connectors. After it is in XML format, the directory data can be made available in the middle tier and have more meaningful searches performed on it.
A DSML version 1 document describes either directory entries, a directory schema or both. Each directory entry has a unique name called a distinguished name (DN). A directory entry has several property-value pairs called directory attributes. Every directory entry is a member of several object classes. An entry's object classes constrain the directory attributes the entry can take. Such constraints are described in a directory schema, which may be included in the same DSML document or may be in a separate document.
The following subsections briefly explain the top-level structure of DSML and how to represent the directory and schema entries.
The top-level document element of DSML is of the type
dsml, which may have child elements of the following types:
The child element directory-entries may in turn have child elements of the type entry. Similarly the child element directory-schema may in turn have child elements of the types class and attribute-type.
At the top level, the structure of a DSML document looks like this:
<!- a document with directory & schema entries --> <dsml:directory-entries> <dsml:entry dn="...">...</dsml:entry> . . . </dsml:directory-entries> . . . <dsml:directory-schema> <dsml:class id="..." ...>...</dsml:class> <dsml:attribute-type id="..." ...>...</dsml:attribute-type> . . . </dsml:directory-schema> </dsml:dsml>
The element type
entry represents a directory entry in a DSML document. The
entry element contains elements representing the entry's directory attributes. The distinguished name of the entry is indicated by the XML attribute
Here is an XML entry to describe the directory entry:
<dsml:entry dn="uid=Heman, c=in, dc=oracle, dc=com"> <dsml:objectclass> <dsml:oc-value>top</dsml:oc-value> <dsml:oc-value ref="#person">person</dsml:oc-value> <dsml:oc-value>organizationalPerson</dsml:oc-value> <dsml:oc-value>inetOrgPerson</dsml:oc-value> </dsml:objectclass> <dsml:attr name="sn"> <dsml:value>Siva</dsml:value></dsml:attr> <dsml:attr name="uid"> <dsml:value>Heman</dsml:value></dsml:attr> <dsml:attr name="mail"> <dsml:attr name="givenname"> <dsml:value>Siva V. Kumar</dsml:value></dsml:attr> <dsml:attr name="cn"> <dsml:value>SVK@example.com</dsml:value></dsml:attr> <dsml:value>Siva Kumar</dsml:value></dsml:attr>
oc-value's ref is a URI Reference to a class element that defines the object class. In this case it is a URI  Reference to the element that defines the
person object class. The child elements
attr are used to specify the object classes and the attributes of a directory entry.
The element type
class represents a schema entry in a DSML document. The
class element takes an XML attribute
id to make referencing easier.
For example, the object class definition for the
person object class might look like the following:
<dsml:class id="person" superior="#top" type="structural"> <dsml:name>person</dsml:name> <dsml:description>...</dsml:description> <dsml:object-identifier>188.8.131.52</object-identifier> <dsml:attribute ref="#sn" required="true"/> <dsml:attribute ref="#cn" required="true"/> <dsml:attribute ref="#userPassword" required="false"/> <dsml:attribute ref="#telephoneNumber" required="false"/> <dsml:attribute ref="#seeAlso" required="false"/> <dsml:attribute ref="#description" required="false"/> </dsml:class>
The directory attributes are described in a similar way. For example, the attribute definition for the
cn attribute may look like this:
<dsml:attribute-type id="cn"> <dsml:name>cn</dsml:name> <dsml:description>...</dsml:description> <dsml:object-identifier>184.108.40.206</object-identifier> <dsml:syntax>220.127.116.11.4.1.1418.104.22.168.44</dsml:syntax> </dsml:attribute-type>
With the XML framework, you can now use non-ldap applications to access directory data. The XML framework broadly defines the access points and provides the following tools:
"Oracle Internet Directory Server Administration Tools" in Oracle Fusion Middleware Reference for Oracle Identity Management for information about syntax and usage.
The client tool
ldifwrite generates directory data and schema LDIF files. If you convert these LDIF files to XML, you can store the XML file on an application server and query it. The query and response time is small compared to performing an LDAP operation against an LDAP server.