Previous Contents Index DocHome Next |
iPlanet Meta-Directory v 5.0 Configuration and Administration Guide |
Chapter 7 Connectors and Connector Rules
In order to transfer data to and from an external database, Meta-Directory uses a connector. The connector takes the external data and creates a sub-tree on a Directory Server which displays the data in LDAP. This sub-tree is called a connector view.There are two types of connectors: direct and indirect. The connector view for an LDAP directory or a SQL database uses a direct connector; in other words, it communicates directly with the join engine. The connector view for other sources of data uses an indirect connector, which translates data into LDAP so that the join engine can work with it. Indirect connectors use indirect connector rules, in much the same way as the join engine, to manage the transfer of entries between an external data source and the connector view. This chapter contains the following sections:
Direct Connectors
Direct Connectors
A directory accessible by LDAP (such as the directory provided by iPlanet Directory Server) and a database accessible by SQL (such as an Oracle database) are considered to have direct connectors. Because the join engine understands LDAP, it can directly read or write any entry stored on an LDAP-based directory. On the other hand, in order to read and write to an entry stored within a SQL database, the join engine uses the Database connector to provide direct, two-way SQL access. (Because the Database Connector is a join engine plug-in as opposed to software outside the join engine, it is considered a direct connector.)
Indirect Connectors
Indirect connectors transport entries stored in external data sources that use protocol not directly accessible by the join engine. Meta-Directory supports the following indirect connectors:
The Universal Connector and Universal Text Parser
The Universal connector (also known as the Universal Text Connector or UTC) is an indirect connector that enables the transfer of data between data sources and a connector view. The Universal Text Parser (UTP) is a set of text file parsers and generators that are used with the UTC to make certain text files [currently Comma-Separated Values (CSV) files, LDAP Data Interchange Format (LDIF) files and Name-Value Pair (NVP) files] compatible with the connector view.
The Windows NT Domain Connector
The Windows NT Domain connector is a Universal connector with NT-specific Perl scripts and binaries that provides two-way synchronization of user and group data between a Windows NT SAM database and its connector view.
Active Directory Connector
The Active Directory connector is a Universal connector with Active Directory-specific Perl scripts and binaries that provides two-way synchronization of user and group data between an Active Directory database and its connector view.
Indirect Connector Rules
When an indirect connector is synchronizing entries from the external data source to the connector view, it directs the process and transforms the data using rules similar to those used during the join process. The indirect connector rules include Attribute Flow Rules, Default Attribute Value Rules and Filter Rules. (The Attribute Flow, Default Attribute and Filter rules used by the connectors are different from, and should not be confused with, the Attribute Flow, Default Attribute and Filter rules used by the join engine.) Indirect connector rules are defined at the connector node and applied to the connector instance specifically.
Note Indirect connector rules can be applied at anytime but the connector instance should be restarted after changes in the configuration are made in order to re-flow data using the new rules.
Attribute Flow Rules
Attribute flow rules are established to specify which external data source attributes are mapped to which connector view attributes and vice versa. (The assignment of an attribute in one source to a particular attribute in another source is called mapping.) When you establish attribute flow rules, you also specify which source owns the entry which, by default, is the external data source.
Default Attribute Value Rules
If no values exist for a particular attribute in an entry, either because the attribute isn't part of the entry or the attribute exists with no value, the connector applies pre-configured attribute rules for creating appropriate default values. You can change these default attribute rules as needed.
Filter Rules
An indirect connector uses filtering rules to selectively exclude entries from the synchronization process.
Attribute Flow Rules
Attribute flow rules specify which attributes in the external data source will be mapped to which LDAP attributes in the connector view. In the definition and application of these rules there are two concepts that, although not specifically referred to in the GUI, are important to remember. Granularity refers to the complexity of the application of the rules, i.e.: whether the entry flows as a whole piece or whether the entry is divided into its base attributes which then flow separately. Ownership refers to where the entry originates (in the external data source or in the connector view), i.e.: whichever source the entry originates from is considered the owner of the entry.
Granularity and Ownership
If you don't configure your own indirect connector rules, the indirect connector uses default attribute flow rules and the process is considered to have entry-level granularity. Entry-level granularity is characterized by all of the following:
Entries can be added in, and therefore flow from, either the data source or the meta view and the entry's ownership is based on this
If, on the other hand, an attribute flow rule is written and applied, the flow is considered to have attribute-level granularity. Attribute-level granularity is characterized as follows:Only the owner of an entry can modify or delete that entry
Entries flow back and forth as complete entries with no specific attribute mapping or filtering allowed.
Entries can be added in, and therefore flow from, either the data source or the meta view and the entry's ownership is based on this
These concepts explain certain flow behaviors and should be kept in mind when configuring and applying attribute flow rules for the indirect connectors.Only the owner of an entry can delete that entry
Because specific attributes flow independently of complete entries, modifications can be made from either the data source or the meta view
To Configure an Attribute Flow Rule
To achieve attribute-level granularity, an attribute flow rule is written and applied, as described in the following procedure.
Select the connector you want to configure from the Meta-Directory console navigation tree and click The Attribute Flow tab.
Type a name for the new attribute flow configuration and click OK.
- The New Flow Configuration Name dialog box appears. Reset can be clicked at any time to delete all new configurations and return to the last saved state.
In the Mapping Type drop-down list, select Mappings for Connector View Owned Objects, or Mappings for Locally Owned Objects.
- The name appears in the Configurations list box.
Click Insert.
- Mappings for Connector View Owned Objects is selected for entries created within the connector view and Mappings for Locally Owned Objects is selected for entries created within the external data source.
- The Insert Attribute Mappings dialog box appears. This displays a list of all attributes configured as external attributes for the specific connector. (Adding external attributes is described in "To add external attributes for connectors" on page 148.)
- Alternately, you can click Insert Defaults and Meta-Directory populates the list box at the bottom of the window with default mappings, in which the external data source attributes match the connector view attributes. These default mappings are the same as those chosen at the connector node in the General configuration window.
The mapping type, selected in Step 4, can be changed from within this dialog box.
Click Save in the Attribute Flow tab to save the attribute flow rules.Specify the flow direction, either mappings of attributes from external data source to the connector view or from the connector view to the external data source.
Specify either All Attributes or All Language Tagged Attributes from the Connector View Objectclass drop-down list.
Select an external attribute and the connector view attribute you wish to map it to.
- If you specify All Language Tagged Attributes as the connector view objectclass, choose a supported language subtype. Check Add Phonetic Type box to indicate if the attribute value is a phonetic representation. For more information on these fields, see "To Compose Language Tagged Attribute Conditions" of Chapter 7 "Connectors and Connector Rules."
Click Insert.
- If you select an external attribute for which there is a matching connector view attribute, the connector view attribute is automatically selected. However, any connector view attribute can be selected for any given external attribute. You can also use a keyword search by typing the first letter of the external attribute or connector view attribute you want to find. For instance, if you wanted to find uid, you would only have to type u.
Select additional pairs, clicking Insert after each pair is selected. Click Close when finished.
- The mapping for your configuration appears at the bottom of the Attribute Flow window.
In the Attribute Flow tab, select the configuration you want to change.
Either add or remove a mapping.
Click Save when you are finished changing the configuration.
- You can add or remove mappings, but you cannot edit them.
Default Attribute Value Rules
In the absence of any attribute values, a connector applies default attribute value rules to ensure that specified attributes contain a value. If an attribute does not exist in the external data source or connector view or if the attribute does exist but has a NULL value, a default attribute value rule is called upon to allow the transfer of data. Default attribute value rules don't affect the connectors' behavior.
To Configure Default Attribute Values
In the navigation tree of the Configuration tab, select the indirect connector whose default attribute values you want to specify.
Select the Default Values tab.
In the Name field, specify a name for the default attribute configuration you are creating.
Select either Connector View or External Directory from the Attribute Destination drop-down list.
- The name appears in the Configurations list box.
Click within the blank Attribute field.
- Blank fields appear below the Attribute and Default Value fields.
Either select an attribute from the list or type in an attribute.
- A drop-down list appears.
Double-click within the blank Default Value field and type in a value.
- To create attributes for this list, follow the procedure headed "To add external attributes for connectors" on page 148.
Repeat steps 4 - 9 to set up additional default attributes for the selected configuration.
Filter Rules
The indirect connector uses filter rules to exclude source data from the synchronization process. Filters can be configured to exclude entire sub-trees while individual entries from the sub-trees can be re-included using entry filters.
Note DNs used in Filter Rules should be the DN from the connector view's entry regardless of the ownership of the entry.
In the navigation tree of the Configuration tab, select the indirect connector and click the Filters tab.
Enter a name and click OK.
- The Filter Name dialog box appears.
Select either To Connector View or From Connector View.
- The new name appears in the Filter Name list box.
Provide a list of subtrees to exclude or include by selecting All Subtrees Except or No Subtrees Except, then click Add.
Specify the full DN of a connector view sub-tree to exclude or include, then click OK.
- The Sub-tree DN dialog box appears.
Provide a list of entries to exclude or include by selecting a sub-tree, then selecting All Entries Except or No Entries Except. Click Add.
- The subtree appears in the list box. Repeat steps 5 - 6 for additional sub-trees.
- The Entry RDN dialog box appears.
To filter entries back in from the excluded sub-trees using All Entries Except:
Click Save when finished.
Specify a connector view RDN entry to include, then click OK.
To specify singular excluded entries using No Entries Except:
Repeat this procedure to include additional entries.
- The entry appears in the list box. The entry must be a child entry of the sub-tree specified.
Specify a connector view RDN entry to exclude, then click OK.
To filter entries back out from included sub-trees using All Entries Except:
Repeat this procedure to exclude additional entries.
- The entry appears in the list box. Again, the entry must be a child entry of the sub-tree specified.
Specify a connector view RDN entry to exclude, then click OK.
To specify singular included entries using No Entries Except:
Repeat this procedure to exclude additional entries.
- The entry appears in the list box. Again, the entry must be a child entry of the sub-tree specified.
Specify a connector view RDN entry to include, then click OK.
Repeat this procedure to exclude additional entries.
- The entry appears in the list box. Again, the entry must be a child entry of the sub-tree specified.
Note With this filter, entries in all subtrees that are not specifically included are excluded, no matter how the associated entry-level filters are set.
Previous Contents Index DocHome Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated August 03, 2001