| Sun ONE Meta-Directory 5.1.1 Administration Guide | 
Chapter 3
Connectors and Connector RulesMeta-Directory uses a connector to transfer data to and from an external database. The connector takes the external data and creates a sub-tree in the Directory Server, which displays the data in LDAP. This sub-tree is called a Connector View.
There are two types of connectors: direct and indirect. The Connector View for an LDAP directory or an Oracle SQL database uses a direct connector; it communicates directly with the Join Engine. The Connector View for other sources of data uses an indirect connector, which translates data into LDAP so that the Join Engine can work with it. Indirect connectors use indirect connector rules, in the same way as the Join Engine, to manage the transfer of entries between an external data source and the Connector View.
This chapter contains the following sections:
About Direct ConnectorsA Directory Server (Sun ONE Directory Server 5.1/5.2, iPlanet Directory Server 5.x, and Netscape Directory Server 4.16) and an Oracle 8.1.5, 8.1.7, and 9.2.0 database server have direct connectors. Support for each of this is provided through an appropriate plug-in with the Join Engine.
An Oracle database accessible by SQL is considered to have direct connectors. To read and write an entry stored in a SQL database, the Join Engine uses the Database connector to provide direct, two-way SQL access. (Because the Database Connector is a Join Engine plug-in as opposed to software outside the Join Engine, it is considered a direct connector.)
About Indirect ConnectorsIndirect connectors transfer the entries stored in external data sources that use protocol not directly accessible by the Join Engine.
Meta-Directory consists of the following indirect connectors:
This transfers data between data sources and a Connector View. The Universal Text Parser (UTP) is a set of text file parsers and generators that are used with the UTC to make certain text files (Comma-Separated Values (CSV), LDAP Data Interchange Format (LDIF), and Name-Value Pair (NVP)) compatible with the Connector View.
About Indirect Connector RulesWhen an indirect connector is synchronizing entries from the external data source to the Connector View, it directs the process and transforms the data using rules similar to those used during the join process. The indirect connector rules include "Configuring Attribute Flow Rules," "Configuring Attribute Flow Rules," and "Creating Filter Rules." These rules, which are used by the connectors, are different from the Attribute Flow, Default Attribute, and Filter rules used by the Join Engine. Indirect connector rules are defined at the connector node and specifically applied to the connector instance.
Note
Indirect connector rules can be applied anytime. However, the connector instance should be restarted, once changes to the configuration is completed, to flow the data again using the new rules.
Attribute Flow Rules
Attribute flow rules are created to specify the external data source attributes that are mapped to Connector View attributes and vice versa. (The assignment of an attribute in one source to a particular attribute in another source is called mapping.) When you create the attribute flow rules, you also specify the source that owns the entry; by default, is the external data source.
Default Attribute Value Rules
If no value exists for a particular attribute in an entry, either because the attribute is not part of the entry or the attribute exists with no value, the connector applies pre-configured attribute rules to create appropriate default values. You can change these default attribute rules as required.
Filter Rules
An indirect connector uses filter rules to selectively exclude entries from the synchronization process.
Configuring Attribute Flow RulesAttribute flow rules specify the attributes in the external data source which are mapped to the LDAP attributes in the Connector View. When applying these rules, two concepts you must know: Granularity refers to the complexity of the application of the rules, that is, whether the entry flows completely or is divided into its base attributes which then flows separately. Ownership refers to where the entry originates (in the external data source or Connector View), that is, source the entry originates from is considered the owner of the entry.
About Granularity and Ownership
If you do not configure your indirect connector rules, the indirect connector uses default attribute flow rules and the process is considered to have entry-level granularity. Entry-level granularity has the following characteristics:
If an attribute flow rule is applied, the flow is considered to have attribute-level granularity. Attribute-level granularity has the following characteristics:
- Entries can be added, and therefore flow from either the data source or Meta View, and the entry’s ownership is based on this.
- Only the owner of an entry can delete or rename the entry.
- Because specific attributes flow independently of complete entries, modifications can be made from either the data source or Meta View.
For both Entry-Level granularity and Attribute-Level granularity, renaming a non-owned entry would result in:
- Renaming the externally owned entry in Connector View
The renamed entry is deleted from the Connector View and the original entry is added back to the Connector View in the next external datasource to Connector View synchronization cycle.- Renaming the Connector View owned entry in External Data Source
The renamed entry remains in the External Data Source and is synchronized to the Connector View as an externally owned entry in the next external datasource to Connector View synchronization cycle. The original entry is then added back to the External Data Source in the next Connector View to external datasource synchronization cycle.These concepts explain certain flow behaviors and should be reviewed when configuring and applying attribute flow rules for the indirect connectors.
To configure an attribute flow rule (to achieve attribute-level granularity)
- Select the connector to configure from the Meta-Directory console navigation tree.
- Select the Attribute Flow tab, and then click New.
The ‘New Flow Configuration Name’ dialog box displays. Click Reset to delete all new configurations and return to the last saved state.
- Type a name for the new attribute flow configuration, and then click OK.
The name is displayed in the Configurations list box.
- From the Mapping Type list box, select ‘Mappings for Connector View Owned Objects’ or ‘Mappings for Locally Owned Objects’.
- Click Insert. The ‘Insert Attribute Mappings’ dialog box displays.
This displays a list of all attributes configured as external attributes for the specific connector. (For information on adding external attributes, see "To add external attributes for connectors".)
Alternately, click Insert Defaults to display a list of the default mappings, in which the external data source attributes match the Connector View attributes. These default mappings are the same as those selected at the connector node in the General configuration window.
- The mapping type, selected in Step 4, can be changed from in this dialog box.
- Specify the flow direction, either mappings of attributes from external data source to the Connector View or from the Connector View to the external data source.
- Specify either All Attributes or All Language Tagged Attributes from the Connector View Objectclass drop-down list.
If you specify All Language Tagged Attributes as the Connector View objectclass, choose a supported language subtype. Select the ‘Add Phonetic Type’ option to indicate if the attribute value is a phonetic representation. For more information, see "To compose language-tagged attribute conditions".
- Select an external attribute and the Connector View attribute to map it to.
If an external attribute for which there is a matching Connector View attribute selected, then the Connector View attribute is automatically selected. However, any Connector View attribute can be selected for any external attribute.
Tip
Type the first letter of the external attribute or Connector View attribute, to locate the attribute. For example, to find uid, type u to find the attribute.
- Click Insert. The mapping for the configuration is displayed.
- Select additional combination. Click Insert after each combination is selected. Click Close when completed.
- Click Save to complete.
To modify a configuration
- Select the configuration to modify from the Attribute Flow tab.
- Do one of the following:
- To add a mapping, see Step 5.
- Or -
- To remove a mapping, select the mapping to remove, and then click Remove.
- Click Save to complete.
Configuring Default Attribute Value RulesIf no attribute values exist, the connector applies default attribute value rules to ensure that specified attributes contain a value. If an attribute does not exist in the external data source or Connector View or if the attribute does exist but has a NULL value, a default attribute value rule is used to allow the transfer of data. Default attribute value rules do not affect the connectors’ behavior.
To configure default attribute values
- Select the Configuration tab. From the navigation tree, select the indirect connector to specify its default attribute values.
- Select the Default Values tab, and then click New.
- Specify a name for the default attribute configuration in the Name field.
- Select either Connector View or External Directory from the Attribute Destination list box.
- Click Add, and then click the Attribute field to display a list box.
- Either select an attribute from the list or type an attribute.
For information on creating attributes for this list, see "To add external attributes for connectors".
- Double-click the Default Value field, and then type a value.
- Click Save to complete.
Creating Filter RulesIndirect connectors use filter rules to exclude data from the synchronization process. Filters can be configured to exclude entire sub-trees while individual entries from the sub-trees can be included again using entry filters.
Note
DNs used in Filter Rules should be the DN from the Connector View’s entry regardless of the ownership of the entry.
To create a new filter rule
- Select the Configuration tab. From the navigation tree, select the indirect connector.
- Select the Filter tab, and then click New. The ‘Filter Name’ dialog box is displayed.
- Enter a name and click OK.
Figure 3-1 Connector View Tree Structure with Entries
- To specify the direction of entry flow, select ‘To Connector View’ or ‘From Connector View’ from the list box.
- From the list box, select one of these:
- ‘All Subtrees Except’ to include all subtrees with an exception (exclude specific entries of the subtree you select). For example, include ou=madison subtree but exclude cn=x1, cn=x2 (see Figure 3-1). Click ‘Add Subtree’. This displays the ‘Sub-tree DN’ dialog box. Goto Step 6.
- Or -
- ‘No Subtrees Except’ to exclude all subtrees with an exception (include specific entries of the subtree that you select). For example, exclude ou=parc subtree but include cn=y1, cn=y2 entries (see Figure 3-1). Click ‘Add Subtree’. This displays the ‘Sub-tree DN’ dialog box. Goto Step 6.
- Select the subtree and click OK. The subtree is displayed in the list box. Perform Step 5 for other subtrees.
- Once complete, do one or more of the following to exclude or include entries of the subtrees you selected (in Step 5).
- Click Save to confirm changes.
To remove an RDN for an entry
To remove a subtree DN
To delete a filter rule