Active Sync-enabled adapters are an extension of a standard resource adapter and they are used to implement the Active Sync interface for some common resources, such as Active Directory. These adapters pull data changes directly from the resource to initiate the following activities in Waveset:
Polling or receiving change event notification
Issuing actions to create, update, or delete resource accounts
Editing or creating users with a custom form
Saving the resource changes
Logging progress information and errors
Active Sync-enabled adapters are particularly suitable for supporting the following resource types:
Applications with audit or notification interfaces
Some applications, such as Microsoft Active Directory and PeopleSoft, have external interfaces. You can configure these application interfaces to add events to an audit log or to notify other applications when certain changes occur.
For example, you can configure the interface to record an transaction in the audit log whenever a user account is modified natively on the Active Directory server. You can configure the Waveset Active Directory resource to review this log every 30 minutes and trigger events in Waveset when any changes occur. You can register other Active Sync-enabled adapters with the resource through an API, and use event messages to notify the adapter when changes occur. These event messages can reference the item that changed, the information that was updated, and frequently the user who made the change.
Databases populated with update information
You can manage database resources by generating a table of deltas and generate this table in several different ways. For example, you can compare a snapshot of the database to current values and create a new table with the differences. The adapter pulls rows from the table of deltas, processes them, and subsequently marks them when completed.
Databases with modification timestamps
You can create Active Sync-enabled queries for database entries that have been modified after a particular time. The adapters run updates and then poll for new queries. By storing the last successfully processed row, Waveset can perform a “starts with” query to minimize the polling impact. Only those changes made to the resource since the previous set of modifications were made are returned for processing.
Resources with change-log entries
Most LDAP servers provide a change-log mechanism that you can use to track changes, optionally constrained to sections of interest in the DIT. By periodically querying the change-log entries, the LDAP resource adapter can update Waveset with detected changes; including creates, deletes, and updates.
Active Sync-enabled adapters generally follow these steps when listening or polling for changes to the resource managed by Waveset. When the adapter detects that a resource has changed, the Active Sync-enabled adapter:
Extracts the changed information from the resource.
Determines which Waveset object is affected.
Builds a map of user attributes to pass to the IAPIFactory.getIAPI method, along with a reference to the adapter and a map of any additional options, which creates an Identity Application Programming Interface (IAPI) object.
Sets the logger on the IAPI event to the adapter’s Active Sync logger.
Active Sync Manager processes the IAPI object and returns a WavesetResult object to the adapter. The WavesetResult object informs the Active Sync-enabled adapter if the operation succeeds.
The WavesetResult object might contain many results from the various steps the Waveset system used to update the identity. Typically, a workflow also handles errors within Waveset, often ending up as an Approval for a managing administrator.
Exceptions are logged in the Active Sync and Waveset tracing logs with the ActiveSyncUtil.logResourceException method.
When Active Sync-enabled adapters detect a change to an account on a resource, the adapter maps the incoming attributes to an Waveset user or, if the adapter cannot match the user account, creates an Waveset user account.
The following rules and parameters determine what happens when a change is detected.
If present, a Process rule determines whether the adapter uses IAPIProcess or attempts to use IAPIUser. If the adapter cannot use IAPIUser because a Correlation or Confirmation rule does not uniquely identify an Waveset user for the event (given the other parameter settings), and a Resolve Process rule is configured, the adapter uses the Resolve Process rule to create an IAPIProcess event. Otherwise, the adapter reports an error condition.
IAPIUser checks out a view and makes this view available to the User form.
For creates and updates, IAPIUser checks out the User view.
For deletes, IAPIUser checks out the Deprovision view.
However, a User view is not checked out or available with IAPIProcess. Either a Process rule has been set or a Resolve Process rule is invoked.