The following section describes configuration and maintenance attributes and operations for the Extended Web Services Subscriber Profile communication service. It also provides a workflow for the configuration:
All subscriber profile related operations are handed off to network nodes that accept LDAP queries according to LDAPv3. The decision concerning which node in the LDAP directory should be used to perform the query is decided in runtime based on configuration settings. The data that is handed back to the application that initiated the Subscriber Profile query is filtered using the result filter mechanism in the service provider group and application group SLAs. See description of <resultRestrictions>
in section
Defining Service Provider Group and Application Group SLAs in Managing Accounts and SLAs
A connection pool is used for connections to the LDAP server. The connection pool is shared among all plug-in instances, and any configuration settings related to this pool or schema updates are broadcast to all plug-in instances in the cluster.
Note: | To make any configuration change take effect, Operation: updateLDAPSettings must be used. |
The ID is given when the plug-in instance is created, see Managing and Configuring the Plug-in Manager.
|
|
A schema is used for constructing queries, see Listing 29-1.
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="LdapConfig">
<xs:complexType>
<xs:sequence>
<xs:element name="Keys" type="KeySet" minOccurs="1" maxOccurs="unbounded"/>
<xs:element name="LdapObject" type="LdapObject" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:complexType name="KeyObject">
<xs:sequence>
<xs:element name="uriScheme" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="addressKeyName" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="objectKeyName" type="xs:string" minOccurs="0" maxOccurs="1"/>
<xs:element name="objectKeyValue" type="xs:string" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="id" type="xs:string" use="optional"/>
</xs:complexType>
<xs:complexType name="KeySet">
<xs:sequence>
<xs:element name="Key" type="KeyObject" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="id" type="xs:string" use="required"/>
</xs:complexType>
<xs:complexType name="LdapObject">
<xs:sequence>
<xs:element name="ObjectKeySet" type="xs:string" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="id" type="xs:string" use="required"/>
<xs:attribute name="keyName" type="xs:string" use="required"/>
<xs:attribute name="keyValue" type="xs:string" use="required"/>
</xs:complexType>
</xs:schema>
The document consists of the following elements:
Listing 29-2 is an example of how a directory information tree is built up using the above schema.
<?xml version="1.0" encoding="UTF-8"?>
<LdapConfig xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
xsi:noNamespaceSchemaLocation='sp_config.xsd'>
<Keys id="myKeys">
<Key id="misidnKey">
<uriScheme>tel</uriScheme>
<addressKeyName>msisdn</addressKeyName>
<objectKeyName>domainName</objectKeyName>
<objectKeyValue>msisdnD</objectKeyValue>
</Key>
<Key id="imsiKey">
<uriScheme>imsi</uriScheme>
<addressKeyName>imsi</addressKeyName>
<objectKeyName>domainName</objectKeyName>
<objectKeyValue>imsiD</objectKeyValue>
</Key>
<Key id="subscriberIdKey">
<uriScheme>id</uriScheme>
<addressKeyName>id</addressKeyName>
<objectKeyName>domainName</objectKeyName>
<objectKeyValue>subsD</objectKeyValue>
</Key>
<Key id="ipv4Key">
<uriScheme>ipv4</uriScheme>
<addressKeyName>ipv4Addr</addressKeyName>
<objectKeyName>domainName</objectKeyName>
<objectKeyValue>ipv4D</objectKeyValue>
</Key>
</Keys>
<LdapObject id="mySchema" keyName="serviceName" keyValue="mySchema">
<ObjectKeySet>myKeys</ObjectKeySet>
</LdapObject>
</LdapConfig>
Below is an outline for configuring an Extended Web Service Subscriber Profile/LDAPv3 network protocol plug-in instance:
Move on to the provisioning of service provider accounts and application accounts.
No specific management operations, except for Operation: updateLDAPSettings which must be used in order to update the LDAP connection pool after changing any of the following attributes:
If the results from the LDAP query should be filtered, use the service provider group and application group SLAs. See description of <resultRestrictions>
in section
Defining Service Provider Group and Application Group SLAs in Managing Accounts and SLAs.
Below is a list of attributes and operations for configuration and maintenance:
Specifies the host name or IP address of the LDAP server to connect to.
myldapserver.mycompany.org
192.168.0.14
Specifies the port number of the LDAP server to connect to.
Specifies the base DN (Distinguished name) for the LDAP database in use.
o=acompany,c=uk
Specifies the authentication user name (distinguished name) for the LDAP server.
cn=admin,o=acompany,c=uk
Specifies the password associated with the Attribute: AuthDN.
Specifies the maximum time to wait for an LDAP connection to be established. If the related timer expires, a retry is performed: see Attribute: RecoverTimerInterval.
Any change to this setting must be followed by Operation: updateLDAPSettings.
Specifies the minimum number of connections to establish using connections from the LDAP connection pool.
Any change to this setting must be followed by Operation: updateLDAPSettings.
Specifies the maximum number of connections in the LDAP connection pool.
Any change to this setting must be followed by Operation: updateLDAPSettings.
Specifies the time to wait before performing an LDAP connection retry after an LDAP connection error. Should be at least twice the time defined in Attribute: ConnTimeout.
Any change to this setting must be followed by Operation: updateLDAPSettings.
Refreshes the LDAP connection pool to use the new configuration.
During the update, the LDAP connection is temporary unavailable and the connection status is update_pending. See Status of the connection to the LDAP server.
updateLDAPSettings()
Updates the schema to use when doing lookups in the LDAP database.
During the update, the LDAP connection is temporary unavailable and the connection status is update_pending. See Status of the connection to the LDAP server.
updateSchemaURL(SchemaURL : String)