|   | |
| Sun Java[TM] System Identity Manager 7.0 Administration | |
Appendix D
Active Sync WizardOverview
In versions of Identity Manager prior to 7.0, the Active Sync Wizard is used to create and manage active synchronization. This appendix contains information about using the Active Sync Wizard to set up and manage active synchronization in supported versions of Identity Manager. For version 7.0 and later, a synchronization policy is used to configure synchronization.
Setting Up Synchronization
Use the Active Synce Wizard in the Identity Manager resources area to set up active synchronization. This wizard leads you through a varying set of steps, depending on the choices you make, to set up active synchronization for a resource.
To launch the Active Sync Wizard, select a resource in the resources list, and then select Active Sync Wizard from the Resource Actions list of options.
Synchronization Mode
The Synchronization Mode page lets you determine the range of configuration options you can choose during active synchronization setup.
Select from these options:
Input Form Usage — Select the mode to use when setting up active synchronization. You can choose to use a pre-existing form, which limits configuration choices for this resource. Alternatively, you can use a form that is generated by the Active Sync Wizard, which offers a complete set of configuration choices.
- If you select Pre-Existing Input Form (the default), then make selections for these options:
- Input Form — Select an input form that will process data updates. This optional configuration item allows attributes to be transformed before they are saved on the accounts.
- Process Rule — Optionally, select a process rule to run for each incoming account. This selection overrides all other options. If you specify a process rule, the process will be run for every row, regardless of other settings on the resource. It can be either a process name, or a rule evaluating to a process name.
Figure 13-17 Active Sync Wizard: Synchronization Mode, Pre-Existing Form Selections
- If you select Use Wizard Generated Input Form, then make selections for these options:
- Configuration Mode — Select whether to use basic or advanced mode within the Active Sync Wizard. Basic mode is the default option. If you select advanced mode, you can define event types and set process rules.
- Process Rule — (Displays with advanced configuration mode only.) Optionally, select a process rule to run for each incoming account. This selection overrides all other options. If you specify a process rule, the process will be run for every row, regardless of other settings on the resource. It can be either a process name, or a rule evaluating to a process name.
- Post-Process Form — (Displays with advanced configuration mode only.) Optionally select a form to run, in addition to the form generated by the Active Sync Wizard. This form overrides any settings from the Active Sync Wizard.
Figure 13-18 Active Sync Wizard: Synchronization Mode, Wizard Generated Form Selections
Click Next to continue with the wizard. The Active Sync Running Settings page appears.
Running Settings
This page allows you to establish the following settings for active synchronization:
Startup Settings
Make selections for Active Sync startup from the following options:
Polling Settings
If you set a polling start date and time that is in the future, polling will begin when specified. If you set a polling start date and time that is in the past, Identity Manager determines when to begin polling based on this information and the polling interval. For example:
In this case, the resource will begin polling on July 25, 2005 (the following Monday).
If you do not specify a start date or time, then the resource will poll immediately. If you take this approach, each time the application server is restarted, all resources configured for active synchronization will begin polling immediately. The typical approach, is to set a start date and time.
Make selections to set up polling:
- Poll Every — Specify how often to poll. Enter a number, and then select the unit of time (Days, Hours, Minutes, Months, Seconds, or Weeks). Minutes is the default unit.
- Polling Start Date —- Enter the day that the first scheduling interval should start, in yyyyMMdd format.
- Polling Start Time — Enter the time of day that the first scheduling interval should start, in HH:mm:ss format.
Logging Settings
Make selections to set up logging information and levels from the following options:
- Maximum Log Archives — If greater than zero, retain the latest N log files. If zero, then a single log file is re-used. If -1, then log files are never discarded.
- Maximum Active Log Age — After this period of time has elapsed, the active log will be archived. If the time is zero, then no time-based archival will occur. If Maximum Log Archives is zero, then the active log will instead be truncated and re-used after this time period. This age criteria is evaluated independently of the time criteria specified by Maximum Log File Size.
Enter a number, and then select the unit of time (Days, Hours, Minutes, Months, Seconds, or Weeks). Days is the default unit.
- Log File Path — Enter the path to the directory in which to create the active and archived log files. Log file names begin with the resource name.
- Maximum Log file Size — Enter the maximum size, in bytes, of the active log file. The active log file will be archived when it reaches maximum size. If Maximum Log Archives is zero, then the active log will instead be truncated and re-used after this time period. This size criteria is evaluated independently of the age criteria specified by Maximum Active Log Age.
- Log Level — Enter the level of logging:
Figure 13-19 is a sample view of the Running Settings page.
Figure 13-19 Active Sync Wizard: Running Settings
Click Next to continue with the wizard. The General Active Sync Settings page appears.
General Active Sync Settings
Use this page to specify general active synchronization configuration parameters.
Resource Specific Settings
Available resource-specific settings vary depending on the resource type. For example, for an LDAP resource, the following settings might apply. .
- Object Classes to Synchronize — Enter the object classes to synchronize. The change log is for all objects; this filters updates only to the listed object classes.
- LDAP Filter for Accounts to Synchronize — Enter an optional LDAP filter for the objects to synchronize. The change log is for all objects; this filter updates only objects that match the specified filter. If you specify a filter, an object will be synchronized only if it matches the filter and includes a synchronized object class.
- Attributes to synchronize — Enter the attribute names to synchronize. This ignores updates from the change log if they do not update any of the named attributes. For example, If only department is listed, then only changes that affect department will be processed. All other updates are ignored. If blank (the default), then all changes are processed.
- Change Log Blocksize — Enter the number of change log entries to fetch per query. The default number is 100.
- Change Number Attribute Name — Enter the name of the change number attribute in the change log entry.
- Filter Changes By — Enter the names (RDNs) of directory administrators to filter from the changes. Changes with the attribute modifiersname that match entries in this list will be filtered.
The standard value is the administrator's name used by this adapter, to prevent loops. Entries should be in the format cn=Directory Manager.
Common Settings
- Correlation Rule — Optionally, specify a correlation rule to override the correlation rule specified in the resource's reconciliation policy. Correlation rules correlate resource accounts to Identity system accounts.
- Confirmation Rule —- Optionally, specify a confirmation rule to override the confirmation rule specified in the resource's reconciliation policy.
- Resolve Process Rule — Optionally specify the name of a Task Definition to run in case of multiple matches to a record in the feed. This should be a process that prompts an administrator for manual action. It can be a process name or a rule evaluating to a process name.
- Delete Rule — Optionally specify a rule, which returns true or false, that will be evaluated for each incoming user update to determine if a delete operation should occur.
- Create Unmatched Accounts — When true, the adapter will attempt to create accounts that it does not find in the Identity system. When false, the adapter will run the account through the process returned by the Resolve Process Rule.
- Assign Active Sync resource on create events — When this option is selected, the Active Sync source resource will be assigned to the user that is created when a create event is detected.
- Populate Global — All attributes in the incoming accounts will always be available to the form under the ActiveSync namespace. If this option is selected, then all attributes (except accountId) will be available on the global namespace also.
- When reset, ignore past changes — When the adapter is started for the first time or reset, select to ignore past changes. To reset the adapter, edit the XmlData object SYNC_resourceName to remove the MapEntry for the desired synchronization process, for example ActiveSync. This option is not available for all adapters.
- Pre-Poll Workflow — Select an optional workflow to be executed immediately before each poll.
- Post-Poll Workflow — Select an optional workflow to be executed immediately after each poll.
Click Save or Next to save changes to general settings for the resource:
- If you are using the pre-existing input form, click Save to complete the wizard selections and return to the Resources list.
- If you are using the wizard-generated input form, click Next to continue.
- If you are using basic configuration mode, the Target Resources page appears. (Skip forward in this chapter to Target Resources.)
- If you are using advanced configuration mode, the Event Types page appears.
Event Types
Use this page to configure a mechanism to determine whether a certain type of change event has occurred on the active sync resource.
About Events
An active synchronization event is defined as a change that occurs on an active sync resource. The event types listed for each resource depend on the type of resource and the object affected by the change event. Some event types are create, delete, update, disable, enable, and rename.
Ignoring Events
You can select a mechanism to determine whether to ignore an active sync event. Options are:
- None — No active sync events will be ignored.
- Rule — Use a rule to determine whether to ignore the active sync event. If you select this option, then you must additionally select a rule from the options list.
- Condition — Use a condition to determine whether to ignore the active sync event. After selecting this option, click Edit Condition to use the Condition Panel to define the condition.
Options for determining event types are:
- None — There is no method for determining the event type.
- Rule — Use a rule to determine the event type. If you select this option, then you must additionally select a rule from the options list.
- Condition — Use a condition to determine the event type. After selecting this option, click Edit Condition to use the Condition Panel to define the condition.
Click Next to continue in the wizard. The Process Selection page appears.
Process Selection
Use this page to set up a workflow or process to run when the user view is checked in for a specific active sync event instance or type of active sync event.
Process Mode
You can select from two modes that determine which workflow or process will run when an active sync event occurs:
After selecting this option, select a rule (process determination rule) from the list.
Figure 13-20 illustrates the Process Selection page where you indicate the rule selection.
Figure 13-20 Active Sync Wizard: Process Selection (Rule)
After selecting this option, select a workflow or process to run for each event type listed, as shown in Figure 13-21.
Figure 13-21 Active Sync Wizard: Process Selection (Event Type)
Click Next to continue in the wizard. The Target Resources page appears.
Target Resources
Use this page to specify target resources to synchronize with this resource.
Figure 13-22 Active Sync Wizard: Target Resources
Target Attribute Mappings
Use this page to define the target attribute mappings for each target resource.
Figure 13-23 Active Sync Wizard: Target Attribute Mappings
- Select a target resource from the options list. To add a target attribute to the list, click Add Mapping.
- Select the attribute, type, and attribute value for each target attribute.
- In the Applies To column, select one or more actions (Create, Update, or Delete) to which the mapping will apply.
- Continue making selections for each target resource.
To remove an attribute row from the list, select the row, and then click Remove Mapping.
Click Save to save the attribute mappings and return to the resources list.