Chapter 6   Views in Meta-Directory


In joining data, Meta-Directory lets you view information in two ways, in connector views and in meta views. A connector view displays data from an external data source. A meta view displays integrated data from a number of connector views. This chapter contains the following sections:

• Connector Views

• Meta View

• Creating New Data in the Meta View

• Refreshing the Views

Connector Views

---

A connector view is an LDAP representation of data that resides in an external source. Connector views provide LDAP-ready information to the join engine, which uses this information to build the meta view. In order for data from the connector view to become part of the meta view, the connector view must be enabled as a participating view, in effect, allowing connector view data to flow. Only connector views added to the participating views list will synchronize entries to and from the meta view. (Data can flow in both directions between the meta view and the participating connector view.) The following sections explain how to add and remove connector view instances.

---

Note	To prevent duplicate user IDs from occurring, one connector view should not be nested as a subtree of another connector view. Each connector view should be a flat tree with no subentries.

---

To Add a Connector View Instance

1. Select Connector Views from the Meta-Directory console navigation tree, and right-click.

   A context menu appears.

   
   
   

2. Select New View.

   The New Instance Creation dialog appears.

   
   
   

3. Provide information for the following fields:

   View Name	Enter a name for the connector view. The default is CV#, where # is an integer.
   View ID	Enter no more than five characters to represent a unique ID for the connector. The default is CV#, where # is an integer.
   View Base DN	Enter the base DN under which the view's information will be stored. The default is o=CV#, where # is an integer. (If you are creating a connector view instance for the Universal connector, do not create the location under the root for all products, o=NetscapeRoot.)
   Data Server URL	Select (or enter) a Directory Server or Oracle database URL where the data will be stored.
   Data Server Bind DN	Enter a DN with which the join engine will authenticate to the Directory Server.
   Data Server Bind Password	Enter the password associated with the bind DN.

4. Click OK.

   The Load Schema dialog box appears:

   
   
   

5. Click Yes to load the schema.

   If the base entry of your schema does not exist, the Subschema Subentry dialog box appears:

   
   
   

   This dialog box appears because Meta-Directory has proprietary attributes that are not contained within the Directory Server. Accept the default location of cn=schema, or provide another subentry, to store these attributes and click OK.

   
   

   ---

   Note

   While loading the schema to a Directory Server instance which does not contain the Meta-Directory configuration information, "cannot delete" error messages might result from the ldapmodify utility trying to delete an entry that does not exist. These messages are not serious. For more information, see Appendix C "Troubleshooting Meta-Directory."

   ---

   
   

6. The system will create the new instance, which may require several minutes.

   The message "Instance Creation Succeeded" appears after the instance has been created.

To Remove a Connector View Instance

1. In the Meta-Directory console, highlight the instance in the navigation tree that you want to remove, and right-click.

   A context menu appears.

2. Choose Delete View.

   The instance is deleted.

Providing a Connector View Description

Descriptive information can be added to an existing connector view instance using the following procedure.

1. In the navigation tree of Meta-Directory console, select the connector view for which you want to add a description.

   The General tab displays the values for the View ID, Name, and DN fields that were provided in the New Instance Creation dialog box. These values cannot be changed.

2. Enter descriptive text in the Description field.

3. Click Save.

Meta View

---

The meta view is a unified view of entries from one or more connector views; it represents the result of the join process. After the join engine processes the information received from a connector view, it transfers the information to the meta view. (Like the connector view, the meta view is a sub-tree on a Directory Server.) From the meta view, you can view linked entries as well as modify them and send the changes back to the original entries via the connector views. When you create an instance of the join engine, the meta view is created at the same time. You can see the meta view icon in the Meta-Directory console navigation tree under the join engine instance you created. It is an empty meta view until it is joined with at least one connector view. Meta-Directory supports only one meta view per join engine instance.

For information on creating instances of the join engine and creating a meta view, see "Creating the Join Engine Instance" of Chapter 5 "Configuring The Join Engine."

Providing a Meta View Description

Descriptive information can be added to a meta view that has already been created by following the procedure below.

To Provide Descriptive Information for a Meta View

1. Select Meta View from the Meta-Directory console navigation tree.

   The General tab displays the values for the View ID, Name, and DN fields that were provided in the New Instance Creation dialog. These values cannot be changed.

   
   
   

2. Enter descriptive text in the Description field.

3. Click Save.

Creating New Data in the Meta View

New data can be added to the database through the meta view. Once the join engine is installed and a meta view is created, new entries, groups and organizations can be integrated with existing data.

---

Note	New data should only be added through the meta view or the external data source. Do not add new entries through the connector view as the connector view already reflects the contents of the external data source or meta view.

---

To Create an Entry in the Meta View

1. Select the Contents of the meta view.

2. From the menu bar, select Object > New > User.

   The Create New User dialog box appears.

3. Provide information for the following fields:
   

   
   
   

   First Name	Specify the common name of the entrant.
   Last Name	Specify the surname of the entrant.
   Common Name	The given name of the entrant is generated automatically as the names are entered above.
   User ID	A default user ID is generated as the first and last names are entered. Make sure that the User ID is alphanumeric and does not contain any of the following characters: - ~ ! @ # $ % ^ & * ( ) _ + | \ : " , . < > / ?
   Password
   Confirm Password
   E-Mail	Specify the entrant's e-mail address.
   Phone	Specify the entrant's telephone number.
   Fax	Specify the entrant's fax number.

4. Optional: Select a language and provide language-specific user information.

5. Optional: If using the NT Domain connector, enable NT User Attributes and provide the necessary information.

6. Optional: If using the Posix operating system, enable Posix User Attributes and provide the necessary information.

7. Click OK.

   The user name appears in the Contents of the meta view within the right pane of the Meta-Directory console.

To Create a Group in the Meta View

1. Select the Contents of the meta view.

2. From the menu bar, select Object > New > Group.

   The Create New Group dialog box appears.

3. Provide information for the following fields:
   

   
   
   

   Group Name	Specify the name of the group.
   Description	Specify a description of the group.

4. Choose the entries that will become members of the group.

5. Optional: Select a language and provide language-specific user information.

6. Click OK.

   The group's name appears in the Contents of the meta view within the right pane of the Meta-Directory console.

To Create an Organization in the Meta View

1. Select the Contents of the meta view.

2. From the menu bar, select Object > New > Organization.

   The Create New Organization dialog box appears.

3. Provide information for the following fields:
   

   
   
   

   Name	Specify the name of the organization.
   Description	Specify a description of the organization.
   Phone	Specify the telephone number of the organization.
   Fax	Specify the fax number of the organization.
   Alias	Specify an alias for the organization.
   Address	Specify the address of the organization.

4. Optional: Select a language and provide language-specific user information.

5. Click OK.

   The organization's name appears in the Contents of the meta view within the right pane of the Meta-Directory console.

To Modify an Entry in the Meta View

1. Click on the Contents of the Active Directory meta view.

2. Double-click on the Active Directory user you want to modify.

   The Edit Entry dialog box appears.

3. Alter the fields as needed, then click OK.

Participating Views

---

In order for a connector view to be accessed by the meta view it must be added as a participating view and configured to participate in the join process. Once a connector view becomes a participating view and is enabled, data can flow bi-directionally between that view and the meta view.

Once a participating view is added, it is configured by applying join process rules to it. Each participating connector view is configured separately. Enabling the participating view is the final step in allowing the connector view to participate in the join process.

To Add a Participating View

1. In the navigation tree of the Meta-Directory console, right-click the Participating Views object.

   A context menu appears.

   
   
   

2. Choose Add Participating View.

   The Select View dialog box appears.

   
   
   

3. Select the connector view or views you want to participate in a synchronization to the meta view.

4. Click OK.

   Selected views are added to the navigation tree as shown below.

   
   
   

To Remove a Participating View

1. Highlight the view you want to remove, and right-click.

   A context menu appears.

2. Select Delete View.

   The view is deleted.

Configuring a Participating View

Before enabling a participating view, you need to configure it so that data flow between the connector view and the meta view can be managed. Join process rules are applied to the participating view which the join engine will then apply to the connector view entries. In addition, you can specify capability settings, refresh schedules and group filters for each participating view.

To Configure a Participating View

1. Select the participating connector view you want to configure and choose the Configuration tab from the right panel.

   The Configuration tab for a participating connector view contains a set of drop-down lists that allow you to apply the rules for the join process.

   
   
   

2. Select the appropriate combinations of rules from the drop-down list boxes, and click Save.
   1. Select rule sets for Attribute Flow, Join Rules, DN Mapping Rules, and Filters. The choices are derived from the rules that you set up in "Creating the Join Engine Instance" of Chapter 5 "Configuring The Join Engine."

      When choosing join process rules for a participating view, Attribute Flow rules and DN Mapping rules contain a selection called Atomic. Atomic refers to Meta-Directory default rules that flow, map, and join LDAP attributes that are clearly the same. For example, when the join engine applies an atomic attribute flow rule, attributes in the source entry that have no match in the destination entry will not be flowed. When the join engine applies an atomic DN mapping rule, the RDN of the source entry is added to the base DN of the destination view to form a full DN. For instance, an RDN of user1 in a connector view located in cn=user1,ou=cv1,o=iplanet.com would remain the same when applied atomically to the meta view as cn=user1,o=mv.

   2. For Entry Default Ownership, select Connector or Meta View for each of these two drop-down lists:
      • The selection made in To Connector specifies the view that owns the entries replicated from the meta view to the connector view.

      • The selection made in To Meta View specifies the view that owns the entries replicated from the connector view to the meta view.

      When an entry is owned by either the meta view or the connector view, it can only be deleted through that view. By default, an entry is owned by the view from which it originates; the default ownership can be changed with this option.

      
      

      ---

      Note

      Ownership here is not the same as granularity and ownership discussed in Chapter 7 "Connectors and Connector Rules." The values discussed here refer to ownership of entries shared between the connector view and the meta view. Chapter 7 refers to ownership of entries shared between the data source and a connector view.

      ---

      
      

   3. For Entry Default Membership, select Member of CV or Not A Member of CV for each of these two drop-down lists:
      • The selection made in To Connector specifies whether new entries will or will not be members of the connector view as the data flows from the meta view to the connector view.

      • The selection made in To Meta View specifies whether new entries will or will not be members of the connector view as the data flows from the connector view to the meta view.

      Membership identifies an entry within a connector view that is native to the data source represented by the connector view. Rules can then be configured and applied based on the attributes that are already present in the data source.

3. Select the Capabilities tab.

   
   
   

   The Capabilities tab contains a set of options that control the behavior of data flow back and forth between the meta view and connector view. Select the Capabilities you want:

   Attributes Flow to Connector View	Additions and changes to attributes in a meta view entry are sent to the connector view if there are suitable attribute flow rules.
   Attributes Flow to Meta View	Additions and changes to attributes in a connector view entry are sent to the meta view if there are suitable attribute flow rules.
   Entries Flow to Connector View	Entries added to a meta view are sent to the connector view if there are suitable DN mapping and attribute flow rules.
   Entries Flow to Meta View	Entries added to a connector view are sent to the meta view if there are suitable DN mapping and attribute flow rules.
   Delete Entry from Connector View	Deletes the entry in connector view if either: The corresponding meta view (or different connector view) entry has been deleted, or The connector view you are configuring does not own the entity.
   Re-Add Entry to Connector View	Re-adds a deleted connector view entry if either: An agent other than the join engine has deleted the connector view entry, or The connector view you are configuring does not own the entity.

4. Select the Schedule tab.

   
   
   

   In the Schedule tab, you can configure a refresh schedule for the participating connector view. (If no schedule is configured, the view will only be refreshed manually.)

   1. Click New to add a new schedule entry.

      The scheduler can operate as many times as once every second; therefore, the finest granularity occurs every second.

   2. Change the default values in the list boxes and field entries at the bottom of the window to schedule the desired task.

      Alternatively, you can provide settings in a tabular format by clicking Advanced... The Advanced Schedule Options dialog box appears.

      
      
      

      Numerals can be used in the Advanced Schedule Options fields:

      Field Name	Value
      Second Specifier	Enter a value from 0 to 59.
      Minute Specifier	Enter a value from 0 to 59.
      Hour Specifier	Enter a value from 0 to 23.
      Day Specifier	Enter a value from 1 to 31.
      Month Specifier	Enter a value from 1 to 12.
      Day of the Week Specifier	Enter a value from 0 to 6, where 0 is Sunday and 6 is Saturday.

      When configuring a schedule with numerals, both single values and ranges (such as 1,2,5-7,10/5) can be used.

      Expressions can also be used in the Advanced Schedule Options fields:

      Expression	Definition
      *	Matches any value.
      */step	Matches any value in increments. For example, */2 matches 0,2,4,6... up to the maximum allowed value for values that start with zero, or it matches 1,3,5,7... up to the maximum value allowed.
      x-y	Specifies a range where: Both x and y are greater than or equal to the minimum allowed value. y is less than or equal to the maximum allowed value. x is less than y. The expression matches any value in the range.
      x-y/step	Specifies a range as above, but with a step value that is not necessarily 1.
      x	Specifies a single number within the allowed range.
      x/step	Matches any value starting at x and then at x + step, x + 2*step, and so forth.
      x,y,z...	Specifies a comma-separated list of values.
      x-y,z-q	Specifies a comma-separated list of ranges.

   3. Click Update.

      Your specifications appear in the Current Schedule. For instance, if you wanted to refresh only the meta view beginning at 30 minutes past the hour, every 60 minutes between 2 and 6 on Sunday, the Current Schedule would appear as shown:

      
      
      

5. Select the Group Filters tab.

   
   
   

   The Group Filters tab enables you to create one or more filters for LDAP data sources. You can use the group filters to refresh entries of a connector view only. The format of the filter is (attribute=value). Note that the parentheses are part of the syntax.

   When you refresh groups, the join engine refreshes only the entries that match the group filter or filters you have specified. For information about refreshing groups, see "Join Engine Operations".

6. Click Save when you finished configuring the participating connector view.

   The connector instance must be restarted to activate it's configuration. For procedures on how to stop and re-start the connector, see Chapter 13 "Starting and Stopping Components."

Enabling a Participating View

In order to flow data, a participating view must be enabled. Enabling is what allows data to flow. Before enabling it, a connector view must be added and configured as a participating view.

To Enable a Participating View

1. Click the Status tab from above the navigation tree window in Meta-Directory console.

2. Select the join engine from the navigation tree and click the Operations tab.

   
   
   

   For more information on join engine and connector view operations, see "Operations" of Chapter 14 "Monitoring Meta-Directory Components".

3. Select a participating view listed in the View list box that is disabled.

   The View list box has two columns: View and Status. (The size of the View column can be reduced by dragging the column divider to the left; this should make the Status column visible. Both columns can be increased in size by enlarging the console window.) All added participating views are listed in these columns along with their status: Enabled or Disabled.

4. Choose Enable from the Operation drop-down list.

   This option disables the Traverse drop-down menu.

5. Click Start.

   The status of the view changes from Disabled to Enabled allowing data to flow to the meta view. Any error in the connector view's configuration will automatically disable the participating view.

6. Select Refresh from the Operation List Window, then select either Meta View or Connector View from the Traverse menu list.

   Once the participating view is enabled, you should refresh it in order to update the data.

7. Click Start.

Checking Entry Links

There are several reasons why an entry in a connector view might not link up to an entry in the meta view. One reason is that the join engine found more than one entry to link to. Another possible reason is that the external data contains errors. Because of these possibilities, you should check, as a standard procedure, for errors and omissions by doing one or both of the following:

• Review the Directory Server error log for reports of failures. This can be done by using a Perl script or using the command grep -i fail *.log in the log directory.

• As discussed in Chapter 15 "Administration Tools", use the Query Tool to check for entries which were not linked.

If you find errors, you can use join commands in the Fix-It Tool to fix the problems as described in Chapter 15 "Administration Tools."

Refreshing the Views

---

To incorporate new or modified data or to bypass regularly scheduled refresh synchronizations for immediate updates, you use the Refresh option of the specific Meta-Directory component. In addition, to flow entries that preexist in a connector view, you must refresh the connector view's enabled participating view.

Refreshing Meta Views

When meta views are refreshed, the join rules are re-applied (or traversed) to each entry in the targeted view and the data is reconstructed. The other rules are then applied accordingly:

• If the entry is found, the attribute flow rule is applied.

• If the entry is not found, the DN mapping rule is applied.

• If the entry exists, the attribute flow rule is applied.

• If the entry doesn't exist, an entry is created.

  
  

  ---

  Note	If you change any of your rules, you need to refresh the join engine to get the data to flow according to the new rules.

  ---

  
  

To Refresh the Meta View

1. Select the Status tab and the join engine in the Meta-Directory console's navigation tree.

2. Select the Operations tab.

   All participating views are listed in the View field.

3. Select the participating view whose data needs to be refreshed.

4. Choose Refresh, Refresh Unlinked or Refresh Groups from the Operation drop-down menu.
   • If you choose Refresh, the entire view will be scanned for new entries and changes to existing entries.

   • If you choose Refresh Unlinked, the view will be scanned for only entries that are not currently linked.

   • If you choose Refresh Groups, the entire view will be scanned after the application of the Group Filter. (The group filter is an LDAP filter used to select certain entries prior to refresh. Information on configuring group filters can be found on page 119 of this chapter.)

5. Choose Meta View or Connector View from the Traverse menu.

   Choosing Meta View will re-apply join rules to all entries in the meta view and, similarly, choosing Connector View will re-apply join rules to all entries in the connector view.

6. Press Submit Request to begin the process.

Refreshing the External Data or Connector View

New or modified data flowing to the external directory or the connector view of a particular connector can also be refreshed.

To Refresh External Data or the Connector View

1. Select the Status tab and the specific connector in the Meta-Directory console's navigation tree.

2. Select the Operations tab.

   The connector's participating view is listed in the View field.

3. Select the participating view.

4. Choose Refresh from the Operation drop-down menu.

5. Choose External Directory or Connector View from the Updates to the drop-down menu.

   Choosing External Directory will refresh the external data source with new data or data modifications made in the meta view and transferred to the connector view. Choosing Connector View will refresh the connector view with new data or data modifications made in the external data source.

6. Press Start to begin the process.

   The Modify Task Status dialog box appears.

7. Choose the type of refresh operation and press OK.

   If you are updating the external directory, you will be asked to choose the from the following options:

   • Re-propagate all existing entries in the Connector View to the External Directory immediately.

   • Propogate all existing entries in the Connector View that meet the filter criteria to the External Directory immediately.

   • Select the filter desired. Only those configured for the "NoSubtreesExcept" option are displayed when Select Filter... is chosen, not filters configured for the "AllSubtreesExcept" option.

   • Perform the above two operations in sequence.

   If you are updating the connector view, the only option is to delete from the connector view all existing entries that originate in the external data source.

   If you are refreshing the external directory, the following version of the box appears:

   
   
   

   You must select a filter for the second and third options. Only filters configured for the "NoSubtreesExcept" option are displayed when you click Select Filter, not filters configured for the "AllSubtreesExcept" option.

   
   

   ---

   Note

   The Refresh command in the View menu at the top of the console window does not refresh Meta-Directory, the join engine or connector. It, and the Refresh command seen when a component name in the navigation tree is right-clicked, are commands that refresh the data displayed in the console navigation tree only.

   ---