Previous     Contents     Index     Next     
iPlanet Directory Access Router Administrator's Guide



Chapter 9   Creating and Managing Action Objects


iPlanet Directory Access Router (iDAR) supports event-driven actions, that is, you can configure iDAR to execute specified actions when specific events occur. This chapter explains how to create and manage action objects using the iDAR Configuration Editor Console.

The chapter has the following sections:



Overview of Actions

An action refers to a task that iDAR can execute. You use an action object to specify the action iDAR should take if the rules or conditions defined by an event object evaluates to TRUE. Event objects are used to specify conditions which are evaluated by iDAR at predetermined states. For details about events, see Chapter 8 "Creating and Managing Event Objects."

Currently, iDAR can execute one action called ChangeGroup. This action enables you to configure iDAR to change a client from one access group to another based on the evaluation of a rule. For details about groups, see Chapter 6 "Creating and Managing Groups."

The change-group feature is especially useful if your LDAP directory contains information about mobile users, for example, users who connect to the directory from different IP addresses or physical locations. You can setup iDAR in such a way that a mobile user would connect to iDAR with a dynamic IP address and drop into a "default" access group. The "default" access group would have a rule based on the OnBindSuccess event, that evaluates to TRUE only if the bind credentials provided by the mobile user are authenticated. This rule would also have the ChangeGroup action configured to change the mobile user's access group from "default" to the access group the mobile user is usually assigned to when accessing iDAR with a static IP address.



Creating Action Objects



You can create objects for actions that needs to be executed when certain events occur. The instructions below explain how to create an action object for changing groups.

To create an action object for a client to change from one group to another:

  1. Access the iDAR Configuration Editor Console; see Accessing the iDAR Consoles.

  2. In the navigation tree, expand the Actions node, and then, select Change Group.

    The right pane shows the list of existing action objects.



  3. Click New.

    The Create Change Group Action window appears.



  4. In the Name field, type a name for the object. The name must be a unique alphanumeric string.

  5. In the Action tab, select the action to be performed when the event occurs (that is, when the event evaluates to TRUE).

    Change Table. Displays a list of groups to which a client can change. For a change to occur, the client must match a DN expression associated with each group. To edit the DN expression associated with a particular group or "no change" entry, click the "If client DN matches" column in the table. The list is evaluated from top to bottom until a DN expression is matched. Therefore, it is important that the most general DN expression is at the bottom of the list so that all expressions will be evaluated.

    Regular expressions must be normalized, that is, there should be no spaces in between RDN components and the equal to (=) sign, all attribute names and values must be capitalized.

    You can use the following book as a reference on regular expressions: Mastering Regular Expressions, by Friedl and Oram, published by O'Reilly, ISBN: 1565922573.

    Add. Displays a menu for adding a group to which a client connection could potentially change. Group change entries can be of the following types: "Group change entry," or "No change entry."

    Group change entry. Displays a dialog for selecting a network group to which a client will change depending on whether or not the associated DN expression evaluates to TRUE.

    No change entry. Adds a row to the table indicating that NO change should occur if the associated DN expression evaluates to TRUE. This is useful in providing a "short circuit" of the evaluation of the change group list.

    Edit. Displays a dialog for editing the currently-selected entry in the table.

    Remove. Removes the currently-selected entry in the table.

  6. Click Save to create the action object.

    The iDAR configuration is modified, and you're prompted to restart the servers that rely on this configuration. Don't restart the servers yet. You can do this after you've completed all the configuration changes.

  7. Repeat Step 3 through Step 6 to create any additional objects.

  8. Restart the servers; see Restarting iDAR.



Modifying Action Objects

To modify an action object:

  1. Access the iDAR Configuration Editor Console; see Accessing the iDAR Consoles.

  2. In the navigation tree, select Actions.

    The right pane shows the list of existing action objects.



  3. In the list, select the action object you want to modify and click Edit.

  4. Make the required modifications.

  5. Click Save to save your changes.

    The iDAR configuration is modified, and you are prompted to restart the servers that rely on this configuration. Don't restart the servers yet. You can do this after you've completed all the configuration changes.

  6. Repeat Step 3 through Step 5 to modify any additional objects.

  7. Restart the servers; see Restarting iDAR.



Deleting Action Objects

You can delete any unwanted action objects from the iDAR configuration. Before deleting an action object, make sure that it's not used in the configuration of any event objects.

To delete an action object:

  1. Access the iDAR Configuration Editor Console; see Accessing the iDAR Consoles.

  2. In the navigation tree, select Actions.

    The right pane shows the list of existing action objects.



  3. In the list, select the action you want to delete and click Delete.

  4. Confirm your action.

    The name of the object you deleted is now removed from the list. The iDAR configuration is modified, and you are prompted to restart the servers that rely on this configuration. Don't restart the servers yet. You can do this after you've completed all the configuration changes.

  5. Repeat Step 3 and Step 4 to delete any additional objects.

  6. Restart the servers; see Restarting iDAR.


Previous     Contents     Index     Next     
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.

Last Updated July 26, 2001