Sun Java System Directory Server Enterprise Edition 6.1 Administration Guide

Creating and Testing the Join Data View

ProcedureTo Create the Join Data View

  1. Create a join data view named myjoin1–view.

    Specifying the LDAP data view as the primary data view, and the JDBC data view as the secondary data view.


    % dpconf create-join-data-view myjoin1-view myds1-view mysql1-view o=join
  2. Define a join rule on the secondary data view.

    The following join rule specifies that the uid attribute of entries from the secondary data view should match the uid attribute of entries from the primary data view.


    % dpconf set-jdbc-data-view-prop mysql1-view filter-join-rule:uid='${myds1-view.uid}'
  3. If the filter join rule is set on the join data view, you need to set a virtual transformation rule on the secondary data view to be able to add an entry on the join data view.


    dpconf add-virtual-transformation secondary-view-name \
    write add-attr-value dn uid=\${uid}

    Note –

    Without setting this rule, addition of entries to join data view would not be possible.


  4. Define the set of attributes that can be read from and written to the primary data view through a join data view.


    % dpconf set-ldap-data-view-prop myds1-view viewable-attr:dn viewable-attr:cn \
     viewable-attr:sn viewable-attr:givenName viewable-attr:objectClass viewable-attr:ou \
     viewable-attr:l viewable-attr:uid viewable-attr:mail viewable-attr:telephoneNumber \
     viewable-attr:facsimileTelephoneNumber viewable-attr:roomNumber viewable-attr:userPassword
    % dpconf set-ldap-data-view-prop myds1-view writable-attr:dn writable-attr:cn \
     writable-attr:sn writable-attr:givenName writable-attr:objectClass writable-attr:ou \
     writable-attr:l writable-attr:uid writable-attr:mail writable-attr:telephoneNumber \
     writable-attr:facsimileTelephoneNumber writable-attr:roomNumber writable-attr:userPassword

    These definitions apply only in the context of the join view. By default all attributes can be read and written if you access the LDAP data view directly.

  5. Define the set of attributes that can be read from and written to the secondary data view through a join data view.


    % dpconf set-jdbc-data-view-prop mysql1-view viewable-attr:dn viewable-attr:objectclass \
     viewable-attr:sn viewable-attr:room viewable-attr:userpassword viewable-attr:jobtitle \
     viewable-attr:country viewable-attr:tel
    % dpconf set-jdbc-data-view-prop mysql1-view writable-attr:dn writable-attr:objectclass \
     writable-attr:sn writable-attr:room writable-attr:userpassword writable-attr:jobtitle \
     writable-attr:country writable-attr:tel

    These definitions apply only in the context of the join view. By default all attributes can be read and written if you access the JDBC data view directly.

ProcedureTo Create the Required ACIs

  1. As the proxy manager, add a global ACI that allows anonymous access to the join data view.


    % ldapmodify -p 1389 -D "cn=proxy manager" -w password
    dn: cn=myjoin1,cn=virtual access controls
    changetype: add
    objectclass: acisource
    dpsaci: (targetattr="*") (target = "ldap:///o=join") \
     (version 3.0; acl "anonymous_access"; allow(all) userdn="ldap:///anyone";)
    cn: myjoin1
  2. Create a connection handler to handle connections to the o=join domain.


    % dpconf create-connection-handler myjoin1-handler
  3. Enable the connection handler and configure it to handle all binds from users under o=join.


    % dpconf set-connection-handler-prop myjoin1-handler is-enabled:true \
     bind-dn-filters:"uid=.*,ou=people,o=join"
  4. Configure the connection handler to use the pool of ACIs added previously.


    % dpconf set-connection-handler-prop myjoin1-handler aci-source:myjoin1

ProcedureTo Test the Join Data View

  1. As an anonymous user, search the join data view.

    In this step, we search Kirsten Vaughan's entry to see whether data from both join views is retrieved.


    % ldapsearch -p 1389 -b o=join "uid=kvaughan"

    Note that the returned entry includes the attributes from both the LDAP data view and the JDBC data view.

  2. As a user under o=join, modify the userPassword attribute to verify that you can write to the join data view.


    % ldapmodify -p 1389 -D "uid=kvaughan,ou=people,o=join" -w myNewPassword
    dn: uid=kvaughan,ou=people,o=join
    changetype: modify
    replace: userPassword
    userPassword: myPassword