Persistent Objects and Views

Users in the LDAP directory can be accessed as persistent objects. In addition to retrieving the normal attributes stored in the directory, the context also retrieves extended provisioning information stored in special attributes. This includes information about links to other accounts associated with the directory user. This extended information is only available through the context API, it cannot be accessed by pure LDAP applications.

A second object model called Views may also be accessed through the context. View objects are not stored in the directory, rather they are assembled at runtime from one or more persistent objects. User objects in the directory are most often accessed through a view rather than a persistent object. The user view contains all of the information found in the persistent object, but may in addition contain attribute from other accounts linked to this user. Manipulating a user view is how all provisioning operations are performed in Service Provider.

Views are represented in memory using a generic memory model based on simple Java data types such as lists and hash maps. This regular structure allows views to be easily manipulated by technologies such as forms, and makes the view attributes easier to associate with HTTP form fields. For more information about views, see Chapter 4, IDMXUser View.