Click here to load reader

SAP NetWeaver Identity Management Virtual …...SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources Section 1: Viewing the data sources and opening

  • View
    9

  • Download
    0

Embed Size (px)

Text of SAP NetWeaver Identity Management Virtual …...SAP NetWeaver Identity Management Virtual Directory...

  • SAP NetWeaver® Identity Management

    Virtual Directory Server

    Tutorial - Joining data sources

    Version 7.0 Rev 4

  • © Copyright 2008 SAP AG. All rights reserved.

    SAP Library document classification: PUBLIC

    No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

    Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

    Microsoft, Windows, Outlook, Excel, and PowerPoint are registered trademarks of Microsoft Corporation.

    IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries, zSeries, System i, System i5, System p, System p5, System x, System z, System z9, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, POWER5+, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation.

    Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.

    Oracle is a registered trademark of Oracle Corporation.

    UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

    Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.

    HTML, XML, XHTML, and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.

    Java is a registered trademark of Sun Microsystems, Inc.

    JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.

    MaxDB is a trademark of MySQL AB, Sweden.

    SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves information purposes only. National product specifications may vary.

    These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

  • i

    Preface

    The product The SAP NetWeaver Identity Management Virtual Directory Server can logically represent information from a number of disparate directories, databases, and other data repositories in a virtual directory tree. Different users and applications can, based on their access rights, get different views of the information.

    Features like namespace conversion and schema adaptations provide a flexible solution that can continually grow and change to support demands from current and future applications, as well as requirements for security and privacy, without changing the underlying architecture and design of data stores like databases and directories.

    The reader This manual is written for people who are to use join groups in the Virtual Directory Server.

    Prerequisites To get the most benefit from this tutorial, you should have the following knowledge:

    • Basic knowledge of LDAP.

    • Basic knowledge of Java.

    • Knowledge of SAP NetWeaver Identity Management Virtual Directory Server corresponding to the tutorials (Accessing databases and Accessing LDAP servers).

    The following software is required:

    • SAP NetWeaver Identity Management Virtual Directory Server version 7.0 or newer, correctly installed and licensed.

    • A Java development environment. This can be downloaded from http://java.sun.com (version 1.5).

    • Microsoft Access.

    • The source file for this tutorial:

    • The mvd-join.xml configuration file with a minimum configuration for the Virtual Directory Server, including the necessary Java classes.

    • The addresses.mdb database file containing the postal addresses of the employees.

    • The departments.mdb database file containing the employee's departments.

    • The directory server for the tutorials that is installed with the product.

    The manual This document contains a tutorial for joining information from an LDAP directory and databases using the Virtual Directory Server.

    © Copyright 2008 SAP AG. All rights reserved.

    http://java.sun.com/

  • ii

    Related documents You can find useful information in the following documents:

    • The X.500 standard, which can be ordered from http://www.itu.int.

    • LDAP v. 2, RFC1777, "Lightweight Directory Access Protocol".

    • LDAP v. 3, RFC 2251, "Lightweight Directory Access Protocol (V3)".

    RFCs and Internet drafts can be downloaded from http://www.ietf.org.

    © Copyright 2008 SAP AG. All rights reserved.

    http://www.itu.int/http://www.ietf.org/

  • iii

    Table of contents Introduction........................................................................................................................................ 1

    The join process .........................................................................................................................................1 Verifying the configuration of the Virtual Directory Server......................................................................2 Section overview........................................................................................................................................3

    Section 1: Viewing the data sources and opening the server configuration ................................. 4 Starting the directory server .......................................................................................................................4 Viewing the contents of the directory server..............................................................................................4 Viewing the contents of addresses.mdb .....................................................................................................6 Viewing the contents of departments.mdb .................................................................................................6 Defining the LDAP mapping .....................................................................................................................7 Opening the server configuration ...............................................................................................................8 Enable logging..........................................................................................................................................10

    Section 2: Adding the directory server .......................................................................................... 11 Section 3: Building the virtual tree................................................................................................. 14

    Renaming the virtual tree .........................................................................................................................14 Creating the nodes in the virtual tree........................................................................................................15

    Section 4: Running the server......................................................................................................... 18 Specifying the port number ......................................................................................................................18 Running the server ...................................................................................................................................18 Viewing the contents................................................................................................................................19

    Section 5: Adding the databases as data sources .......................................................................... 21 Creating the ODBC System DSNs...........................................................................................................21 Adding the addresses.mdb as a data source .............................................................................................21 Adding the departments.mdb as a data source .........................................................................................29 Testing the data sources ...........................................................................................................................33

    Section 6: Creating the join group.................................................................................................. 34 Adding the join group ..............................................................................................................................35 Adding the addresses as an attribute source.............................................................................................36 Adding the attribute definition .................................................................................................................38 Modifying the data source node ...............................................................................................................40 Viewing the contents................................................................................................................................41

    Section 7: Extending the join group ............................................................................................... 42 Adding the attribute source ......................................................................................................................42 Adding attributes from the attribute source..............................................................................................43 Viewing the contents................................................................................................................................44

    © Copyright 2008 SAP AG. All rights reserved.

  • iv

    © Copyright 2008 SAP AG. All rights reserved.

  • 1 Introduction SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Introduction When performing a SEARCH request, the Virtual Directory Server normally will access the back-end data source and return the result. With a join group you can extend this by adding secondary data sources that provide additional information before returning the result to the client.

    This tutorial shows how you can define the necessary data sources and configure the join group.

    The Virtual Directory Server receives the incoming SEARCH request and joins the information in the master data source with information from the external data sources. The result is then returned to the client.

    The join process The join process used in this tutorial can be illustrated as following:

    1. A client submits a search request to the Virtual Directory Server. In the virtual tree, the starting point of this search request is a join group.

    2. First, a search toward join groups’ main data source (the master) is executed and the resulting attribute set is obtained.

    3. Based on the data in the returned data set and the information that can be obtained from the incoming starting point, rules that describe how to extract the corresponding entries from additional data sources must be configured.

    4. The configured rules are utilized through a series of new searches in additional data sources is executed.

    5. The response, an attribute set containing attributes both from the master data source and the additional data sources, is returned to the client.

    © Copyright 2008 SAP AG. All rights reserved.

  • 2 Introduction

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Verifying the configuration of the Virtual Directory Server When you installed the Virtual Directory Server, you specified the location of the Java runtime environment. The configuration may look like this when choosing Tools/Options…:

    © Copyright 2008 SAP AG. All rights reserved.

  • 3 Introduction SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Section overview The tutorial consists of the following sections:

    Section 1: Viewing the data sources and opening the server configuration

    In this section you will view the contents of the database. You will also open the server configuration that contains the initial configuration.

    Section 2: Adding the directory server This section describes how you can add the directory server as a data source in the Virtual Directory Server.

    Section 3: Building the virtual tree In this section, you create the virtual tree with the nodes referencing the directory server.

    Section 4: Running the server Here, you run the server and use an LDAP client to view the contents of the virtual directory.

    Section 5: Adding the databases as data sources This section describes how you add the databases as data sources and test the connection to the data sources.

    Section 6: Creating the join group Here, you create the join group and add the addresses as an attribute source.

    Section 7: Extending the join group Finally, you will add the second attribute source to the join group.

    © Copyright 2008 SAP AG. All rights reserved.

  • 4 Section 1: Viewing the data sources and opening the server configuration

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Section 1: Viewing the data sources and opening the server configuration

    In this section, you look at the data sources involved in the tutorial. You also open the server configuration that contains the initial configuration.

    The tutorial and the necessary files are installed in a sub-directory below the product installation directory. For a default installation, the tutorial will be located in C:\Program Files\SAP\IdM\Virtual Directory Server\Tutorials.

    Copy them to another directory before you start working with the configuration so that you can repeat this tutorial if you wish to do so.

    The tutorial includes three files:

    • The configuration file mvd-join.xml. Copy this file to a directory where you can access it from the Virtual Directory Server.

    • Two Microsoft Access database file, addresses.mdb and departments.mdb. Copy these files to the same directory as the configuration file.

    • Additionally you need to start the directory server that you will access in this tutorial.

    Starting the directory server You will access a directory server that is part of the installation.

    To start the database server on Microsoft Windows:

    • Choose Programs/SAP NetWeaver Identity Management/Virtual Directory Server/Start tutorial prerequisites from the Start menu.

    A status window is displayed where you verify that the server started successfully. The port number to use is 7389 to avoid conflicts with any other LDAP servers on the system.

    Viewing the contents of the directory server The directory server for this tutorial runs on localhost, port 7389, with the user name and password join and starting point o=join. When using an external LDAP client, the contents look like this.

    © Copyright 2008 SAP AG. All rights reserved.

  • 5 Section 1: Viewing the data sources and opening the server configuration SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    When selecting the "General" tab of the "Directory object properties" dialog box, you can view all LDAP attributes for this entry:

    Note that there are no phone numbers or postal addresses for these entries.

    © Copyright 2008 SAP AG. All rights reserved.

  • 6 Section 1: Viewing the data sources and opening the server configuration

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Viewing the contents of addresses.mdb The Microsoft Access database addresses.mdb contains the title, postal addresses, telephone number, e-mail address and department of the employees listed in the directory server. The employee ID will be used to join the entries in this database with the corresponding entries in the directory server.

    Viewing the contents of departments.mdb The database departments.mdb contains the departments with locality and fax number of the employees. The departments will be used to join the entries in this database to the corresponding departments in the addresses.mdb.

    © Copyright 2008 SAP AG. All rights reserved.

  • 7 Section 1: Viewing the data sources and opening the server configuration SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Defining the LDAP mapping The columns in the database do not match the LDAP attributes in the clients' requests. There are several ways to perform this mapping in the Virtual Directory Server. In this case, the mapping is performed as part of the data source configuration. The tables below show the columns in the database and suggested LDAP attributes.

    The addresses.mdb database Column name LDAP attribute Comments

    Title title

    PostalAdress postalAddress

    Homenumber telephoneNumber

    Email mail

    Dep ou

    EmployeeID Normally, this attribute would have been converted to the LDAP attribute uid, but in this join scenario we will show a join method without converting this attribute.

    The departments.mdb database Column name LDAP attribute Comments

    Dep ou

    Locality l

    Fax facsimileTelephoneNumber

    © Copyright 2008 SAP AG. All rights reserved.

  • 8 Section 1: Viewing the data sources and opening the server configuration

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Opening the server configuration To open the configuration file:

    1. Start the Virtual Directory Server by choosing Programs/SAP NetWeaver Identity Management/Virtual Directory Server from the Start menu.

    2. Choose File/Open…. The "Open server configuration" dialog box is displayed:

    Locate and select the configuration file mvd-join.xml that accompanied this tutorial.

    © Copyright 2008 SAP AG. All rights reserved.

  • 9 Section 1: Viewing the data sources and opening the server configuration SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    3. The expanded configuration tree looks like this:

    © Copyright 2008 SAP AG. All rights reserved.

  • 10 Section 1: Viewing the data sources and opening the server configuration

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Enable logging To see errors, warnings or other information when running the server we will enable the operation log:

    1. Choose Configure/Logging/Operation log….

    Select "Debug" as log level, including log level for extensions.

    2. Choose "OK" to close the dialog.

    You can view the log by choosing the "Operation" button in the toolbar.

    © Copyright 2008 SAP AG. All rights reserved.

  • 11 Section 2: Adding the directory server SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Section 2: Adding the directory server In this section you add the directory server as a data source in the Virtual Directory Server.

    To add the directory server as a data source:

    1. Select the entry "Singles" below "Data sources" and choose "New…" from the context menu. The "Select template" dialog box is displayed:

    Select "LDAP" in the "Group" list and "Generic directory" in the "Template" list.

    2. Choose "OK" to open the "LDAP Directory" wizard.

    © Copyright 2008 SAP AG. All rights reserved.

  • 12 Section 2: Adding the directory server

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Fill in the fields:

    Server Enter localhost as the server's host name.

    Port Enter 7389 as the directory server's port number.

    Starting point Enter o=join as starting point in the directory server.

    User name Enter join as the user name to log on to the directory server.

    Password Enter join as the password.

    3. Choose "OK". The "LDAP server properties" dialog box is displayed:

    Fill in the following fields:

    Enable Select "Enable".

    Display name Enter Master – directory server as the name of the data source.

    Unique name Enter a unique name for the data source. This name is used when referencing the data source from the Java classes.

    © Copyright 2008 SAP AG. All rights reserved.

  • 13 Section 2: Adding the directory server SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    4. Select the "LDAP" tab:

    The values you specified in the wizard are filled in.

    5. Choose "Test connection" to verify that you have specified correct parameters to the data source.

    6. Choose "OK" to close the dialog box.

    © Copyright 2008 SAP AG. All rights reserved.

  • 14 Section 3: Building the virtual tree

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Section 3: Building the virtual tree To be able to view the contents of the directory server, you need to create a virtual tree with a node that references the data source.

    Renaming the virtual tree The first step is to rename the default virtual tree.

    1. Select the entry "Tree 1" and choose "Properties…" from the context menu. The "Virtual tree properties" dialog box is displayed:

    Fill in the following fields:

    Virtual tree name Enter Join tree as the name of the virtual tree.

    2. Choose "OK" to close the dialog box.

    © Copyright 2008 SAP AG. All rights reserved.

  • 15 Section 3: Building the virtual tree SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Creating the nodes in the virtual tree The next step is to define the necessary nodes in the virtual tree. It will consist of one static node (the organization) and one data source node referencing the data source, the directory server containing the person entries.

    Adding the static node 1. Select the virtual tree and choose "New…" from the context menu. The "Add node" dialog

    box is displayed:

    Fill in the fields with the following values:

    Relative DN Enter o=employees as the node's relative distinguished name.

    Object class Select the object class "top" and "organization" for this node.

    Keep the default values for the other fields.

    © Copyright 2008 SAP AG. All rights reserved.

  • 16 Section 3: Building the virtual tree

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    2. Select the "Access control list" tab:

    Select the default user group "Anonymous" and the default rule "FullReadAccess". This

    will allow anybody connecting with anonymous access read-only access to this virtual tree.

    3. Choose "OK" to close the dialog box.

    Adding the data source node To add the data source node:

    1. Select the node o=employees and choose "New…" from the context menu. The "Node properties" dialog box is displayed:

    Fill in the fields with the following values:

    Relative DN Enter * as the node's relative distinguished name. This will match all possible DNs on this level.

    Data source category Select "Data source" in the list.

    © Copyright 2008 SAP AG. All rights reserved.

  • 17 Section 3: Building the virtual tree SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Source

    Select "Master – directory server" in the list.

    Object class Select "inetOrgPerson" in the "" list.

    Keep the default values in the other fields.

    2. Choose "OK" to close the dialog box.

    © Copyright 2008 SAP AG. All rights reserved.

  • 18 Section 4: Running the server

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Section 4: Running the server In this section, you configure the service, start the server and perform a search.

    Specifying the port number We are going to deploy the configuration as an LDAP deployment. The port number is part of the deployment configuration:

    1. Select the entry "main_listener" and choose "Properties…" from the context menu to open the "Server properties" dialog box:

    If the existing port number conflicts with an existing server, enter another port number.

    2. Choose "OK" to close the dialog box.

    Running the server Start the service by choosing the "Start" button in the toolbar. When the server is started, the indicator in the status bar turns green.

    Use the internal LDAP client to view the virtual directory, or you can use an external LDAP client to access the Virtual Directory Server.

    Configure the client using the following information:

    • Server address (host name) according to your system's configuration.

    • The same port number as you used when configuring the server.

    • LDAP version 3.

    • Starting point o=employees.

    • Anonymous login.

    © Copyright 2008 SAP AG. All rights reserved.

  • 19 Section 4: Running the server SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Viewing the contents When browsing the virtual directory, you should see the following:

    © Copyright 2008 SAP AG. All rights reserved.

  • 20 Section 4: Running the server

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    When viewing the properties of the entry, you see that the person does not have phone numbers or e-mail address:

    Note: If you have problems accessing the directory, turn on the operation log to see any error messages and correct the problem.

    © Copyright 2008 SAP AG. All rights reserved.

  • 21 Section 5: Adding the databases as data sources SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Section 5: Adding the databases as data sources In this section you will add the databases addresses.mdb and departments.mdb as data sources.

    Creating the ODBC System DSNs Before you can add the databases as data sources, you need to define an ODBC system DSN for the database. Name the DSN "Addresses" and "Departments".

    A detailed description of how you define an ODBC system DSN is included in the database tutorial for the Virtual Directory Server. You can also access the help system in the "ODBC Data Source Administrator" for details.

    Adding the addresses.mdb as a data source To add the database as a data source:

    1. Select entry "Singles" below "Data sources" and choose "New…" from the context menu. The "Select template" dialog box is displayed:

    Select "Database" in the left list and "Generic Database" in the right.

    © Copyright 2008 SAP AG. All rights reserved.

  • 22 Section 5: Adding the databases as data sources

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    2. Choose "OK" to open the "Generic Database template" wizard.

    3. Choose the "…" button to the right of the "Database" field to open the "JDBC URL wizard".

    Locate and select "Sun JDBC-ODBC bridge" in the list.

    © Copyright 2008 SAP AG. All rights reserved.

  • 23 Section 5: Adding the databases as data sources SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    4. Choose "Next >".

    Enter the system DSN you created for the database.

    5. Choose "Next >" and then "Finish" to complete the wizard and return to the "Generic database template" dialog box.

    6. Choose "OK". The "Database properties" dialog box is displayed:

    Fill in the following fields:

    Select "Enable".

    Display name Enter Addresses as the data source's display name.

    Unique name Enter a unique name for the data source.

    © Copyright 2008 SAP AG. All rights reserved.

  • 24 Section 5: Adding the databases as data sources

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    7. Select the "Database" tab:

    The values you entered in the URL wizard are filled in.

    8. Choose "Get database schema" to verify that you have access to the database and get the database schema.

    © Copyright 2008 SAP AG. All rights reserved.

  • 25 Section 5: Adding the databases as data sources SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    The "Available attributes" dialog is displayed. Select the "Addresses" table to view the

    columns in the table.

    9. Choose "OK" to return to the "Database properties" dialog box.

    Size limit type

    Select "TOP" as the size limit type for this database. This is because Microsoft Access uses "SELECT TOP n" to limit the number of records returned.

    © Copyright 2008 SAP AG. All rights reserved.

  • 26 Section 5: Adding the databases as data sources

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    10. Select the "Data source attributes" tab:

    The columns in the database table are listed in the attribute list. You can keep the values

    that are selected.

    11. It is necessary to map between the unique identifier of the database, EmployeeID and the LDAP unique identifier, uid. This is the attribute that is used to construct the DN for the SEARCH request that joins the information from the master data source with the information from the attribute source. Choose "Define…" to open the "Define parameters" dialog box:

    Select "UID=" from the "Attribute types" list.

    © Copyright 2008 SAP AG. All rights reserved.

  • 27 Section 5: Adding the databases as data sources SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Select "EmployeeID" from the "Available attributes" list. "Treat as String" is deselected, as

    the EmployeeID is a numeric value in the database.

    Choose "Add attribute" to fill in the fields with the correct values.

    Choose "OK" to return to the "Database properties" dialog box.

    12. Select the "Conversion from" tab:

    Select "Enable conversion from internal attributes".

    Use the information in the table on page 7 and enter the attribute pairs as displayed above. This is necessary to be able to return the attributes to the client.

    Select "Add all data source attributes" to fill in the "To column".

    Select the value in the "LDAP attribute" column in the "From" list.

    © Copyright 2008 SAP AG. All rights reserved.

  • 28 Section 5: Adding the databases as data sources

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    13. Select the "Conversion to" tab:

    Select "Enable conversion to internal attributes".

    Choose "Synchronize" to add the conversions you defined on the "Conversion from" tab.

    14. Choose "OK" to close the dialog box.

    © Copyright 2008 SAP AG. All rights reserved.

  • 29 Section 5: Adding the databases as data sources SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Adding the departments.mdb as a data source Add the departments.mdb in the same way as addresses.mdb:

    1. Add the data source under the "Singles" node and choose the "Generic database" template.

    2. Use the "JDBC URL wizard" to create the URL to the database.

    3. The "Database properties" dialog box is displayed:

    Select "Enable" and enter "Departments" as the name and a unique name for the data

    source.

    © Copyright 2008 SAP AG. All rights reserved.

  • 30 Section 5: Adding the databases as data sources

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    4. Select the "Database" tab:

    Choose "Get database schema" and select the "Departments" table.

    Select "TOP" as "Size limit type.

    © Copyright 2008 SAP AG. All rights reserved.

  • 31 Section 5: Adding the databases as data sources SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    5. Select the "Data source attributes" tab:

    Select "Define…" and create a DN of "OU=" as "Attribute type" and "Dep" as attribute.

    6. Select the "Conversion from" tab:

    © Copyright 2008 SAP AG. All rights reserved.

  • 32 Section 5: Adding the databases as data sources

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Select "Enable conversion from internal attributes" and add the conversions from the table on page 7 as displayed above.

    7. Select the "Conversion to" tab:

    Select "Enable conversion to internal attributes" and choose "Synchronize" to add the

    conversions.

    8. Choose "OK" to close the dialog box.

    © Copyright 2008 SAP AG. All rights reserved.

  • 33 Section 5: Adding the databases as data sources SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Testing the data sources You are able to test that you can access the data sources by running the Virtual Directory Server in test mode. When running in test mode, you can access the data sources through the internal virtual tree instead of building a separate virtual tree only to access the attribute sources.

    1. Choose Server/Test mode…:

    Select "Enable test mode"

    The fields "User name" and "Password" contain the credentials that you must use to access the data sources.

    The list below contains all available starting points in the internal tree, o=internal. You see the data source name to the right of the starting point.

    2. Choose "OK" to close the dialog box.

    3. If necessary start the server or update the configuration if it is already running.

    Note: Reloading the configuration may take a few seconds. The light in the status bar turns yellow while it is reloaded and turns green when the server is running again.

    4. Use the internal LDAP client and select "Test user" to perform a search using the credentials for the test mode.

    Verify that you are able to access the data source and that the search returns the expected result.

    5. Turn off test mode again and reload the server configuration when you are finished.

    © Copyright 2008 SAP AG. All rights reserved.

  • 34 Section 6: Creating the join group

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Section 6: Creating the join group You have now defined the directory server and the databases as single data sources. The next step is to create a join group where you add the information from the databases to the entries in the directory server before they are returned to the client.

    This involves the following steps:

    • Adding the join group

    • Adding the attribute sources

    • Defining the attributes

    In the final configuration, the relations will be as illustrated below:

    • The data source "Master – directory server" is added as the master in the join group.

    • The two databases "Addresses" and "Departments" are added as attribute sources.

    • The join group is referenced from the data source node in the virtual tree.

    © Copyright 2008 SAP AG. All rights reserved.

  • 35 Section 6: Creating the join group SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Adding the join group To add the join group:

    1. Choose the entry "Groups/Operations/Join" below "Data sources" and choose "New…" from the context menu. The "Join group properties" dialog box is displayed:

    Fill in the fields with the following values:

    Select "Enable".

    Display name Enter Employees as the name of the group.

    Unique name Enter EMPL as the data source groups unique name.

    Join properties Select "Join base search operations" to specify that the join will be performed only on base SEARCH operations. The join operation can be time consuming, so it can be necessary to limit the join to base SEARCH operations.

    2. Select "…" to the right of the "Master" field to open the "Select data source" dialog box:

    Select "Data source" and select the directory server in the "Source" list.

    3. Choose "OK" to return to the "Join group properties" dialog box.

    4. Choose "OK" to close the dialog box. You must confirm that you want to close the dialog box without any attribute definitions.

    © Copyright 2008 SAP AG. All rights reserved.

  • 36 Section 6: Creating the join group

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Adding the addresses as an attribute source You already have added the addresses.mdb as a data source, but now you need to add it as an attribute source to the join group. There are two ways you could have referenced the data source: You could either have defined a separate virtual tree for the attribute sources, or you can reference the data source in Virtual Directory Server's internal tree, as we will do here. The nodes in this virtual tree are generated by the Virtual Directory Server based on the available data sources.

    In the next step, we have to define properties of the SEARCH request that is able to find the single, unique entry that matches the entry from the master data source. The execution of this SEARCH request will retrieve the attributes that are included in the join operation.

    In this tutorial we will describe two ways this can be done. Both will yield the same result. You can choose one of them or try both.

    • Join by DN

    • Join by filter

    Join by DN In this example, we will find the correct entry by constructing its exact distinguished name. To achieve this, the search type will be set to BASE and the filter to (objectclass=*) (not relevant for the search result).

    In order to construct the target distinguished name, we will use the uid from the incoming distinguished name. To extract the uid from the DN, we use the DN matching template feature.

    To add the attribute source:

    1. Select the "Employees" node and choose "New…" from the context menu. The "Attribute source" dialog box is displayed:

    Fill in the fields with the following values:

    Attribute source name Enter Addresses as the name of the attribute source.

    © Copyright 2008 SAP AG. All rights reserved.

  • 37 Section 6: Creating the join group SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    DN matching template

    Enter uid= as the uid attribute is retrieved from the SEARCH request and used in the starting point.

    The value of the uid from incoming distinguished name will be stored into the temporary variable valueofuid.

    VDS tree Select "Internal tree" as we will access the attribute source through the internal tree.

    Starting point Enter uid= as the starting point. The stored value of valueofuid will be used here.

    on The list contains all data sources. Select the starting point in the internal tree that corresponds to the attribute source.

    Filter Enter (objectclass=*) as the filter.

    2. Choose "OK" to close the dialog box.

    Join by filter In the second example, we will find the correct entry by performing a ONE-LEVEL (or SUB) search in the data source and specifying a filter that will result in a single entry.

    In order to construct the correct filter we will use a uid from the incoming distinguished name.

    Note: You are not limited to use values from the RDN from incoming distinguished name. Any attribute value from master’s data set could be used here.

    1. Select the "Employees" node and choose "New…" from the context menu to display the "Attribute source" dialog box:

    Attribute source name

    Enter Addresses as the name of the attribute source.

    © Copyright 2008 SAP AG. All rights reserved.

  • 38 Section 6: Creating the join group

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    DN matching template Enter uid= as the uid attribute is retrieved from the SEARCH request and used in the filter.

    VDS tree Select "Internal tree" as we will access the attribute source through the internal tree.

    Starting point Leave the starting point empty, as this would search from the top of the data source.

    on The list contains all data sources. Select the starting point in the internal tree that corresponds to the attribute source.

    Filter Enter (employeeid=) as the filter as this would search for the entry with the EmployeeID matching the uid received from the SEARCH request.

    2. Choose "OK" to close the dialog box.

    Adding the attribute definition The next step is to define how the attributes are retrieved from the attribute source:

    1. View the properties of the "Employees" join group and choose "New…" to the right of the "Attribute definitions" list:

    Fill in the fields with the following values:

    Select "Enable".

    Attribute name Enter or select the attribute name in the list.

    Original attribute set Keep the default value "A – Append to original value" to specify that you will append the values from the attribute source to any values that exists in the master data source.

    Data source Select "S – Single data source" to specify that the attribute will be found in only one data source..

    © Copyright 2008 SAP AG. All rights reserved.

  • 39 Section 6: Creating the join group SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Available data sources

    Select "Addresses" in the list and choose "->".

    2. Choose "OK" to add the attribute.

    3. Repeat this process for the attributes postalAddress, telephoneNumber and mail.

    4. The ou attribute will be used as a key in the second attribute source, so we will be sure that the attribute has a value. Thus, we will define the attribute as mandatory and supply a default value that will be used if the attribute is not found in the first attribute source:

    5. The attribute list will look like this:

    6. Choose "OK" to close the dialog box.

    © Copyright 2008 SAP AG. All rights reserved.

  • 40 Section 6: Creating the join group

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Modifying the data source node At the moment, the data source node o=employees,* in the virtual tree references the data source "Master – directory server" directly. To be able to view the result of the join process, this node must reference the join group you have created:

    1. View the properties of the data source node:

    Modify the values in the following fields:

    Data source category Select "Join group" in the list.

    Source Select "Employees" in the list.

    2. Choose "OK" to close the dialog box.

    © Copyright 2008 SAP AG. All rights reserved.

  • 41 Section 6: Creating the join group SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Viewing the contents Reload (or start) the server configuration by choosing the "Update" button .

    You can view the properties of an entry in the directory:

    Here you see that the postal address has been added to the entry.

    If this does not happen, you can try to find the reason by inspecting the operation log. Follow the processing of the LDAP request and see if you find information that can help you solve the problem.

    © Copyright 2008 SAP AG. All rights reserved.

  • 42 Section 7: Extending the join group

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Section 7: Extending the join group Finally we will add the departments to the join group.

    Adding the attribute source To add the attribute source:

    1. Select the join group "Employees" and choose "New…" from the context menu:

    Fill in the following fields:

    Attribute source name Enter Departments as the name of the attribute source.

    DN matching template You can leave this field empty as the attributes needed to build the starting point is not in the DN of the SEARCH request.

    VDS tree Select "Internal tree" in the list to specify that you want to reference the data source through the internal tree in the Virtual Directory Server.

    Starting point Enter ou=.

    on Select the data source in the list.

    Filter Enter (objectClass=*) as the filter for the search.

    2. Choose "OK".

    © Copyright 2008 SAP AG. All rights reserved.

  • 43 Section 7: Extending the join group SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Adding attributes from the attribute source The next step is to specify which attributes that should be included from this attribute source:

    1. View the properties of the join group and choose "New…" to add the attribute:

    Fill in the fields with the following values:

    Select "Enable".

    Select "l" in the "Attribute name" list.

    Select "S – Single data source" in the "Data sources" list.

    Select "Departments" in the "Available data sources" list and choose "->".

    2. Choose "OK".

    3. Repeat the process for the facsimileTelephoneNumber attribute.

    4. Choose "OK" to close the dialog box.

    © Copyright 2008 SAP AG. All rights reserved.

  • 44 Section 7: Extending the join group

    SAP NetWeaver Identity Management Virtual Directory Server Tutorial - Joining data sources

    Viewing the contents Update the server configuration and view the contents of the server.

    You see that the "locality" attribute is added to the entries.

    View the properties of an entry:

    You see that the fax number has been added to the entry.

    © Copyright 2008 SAP AG. All rights reserved.

    SAP NetWeaver® Identity Management Virtual Directory Server Tutorial: Joining data sourcesPrefaceTable of contentsIntroductionThe join processVerifying the configuration of the Virtual Directory ServerSection overview

    Section 1: Viewing the data sources and opening the server configurationStarting the directory serverViewing the contents of the directory serverViewing the contents of addresses.mdbViewing the contents of departments.mdbDefining the LDAP mappingThe addresses.mdb databaseThe departments.mdb database

    Opening the server configurationEnable logging

    Section 2: Adding the directory serverSection 3: Building the virtual treeRenaming the virtual treeCreating the nodes in the virtual treeAdding the static nodeAdding the data source node

    Section 4: Running the serverSpecifying the port numberRunning the serverViewing the contents

    Section 5: Adding the databases as data sourcesCreating the ODBC System DSNsAdding the addresses.mdb as a data sourceAdding the departments.mdb as a data sourceTesting the data sources

    Section 6: Creating the join groupAdding the join groupAdding the addresses as an attribute sourceJoin by DNJoin by filter

    Adding the attribute definitionModifying the data source nodeViewing the contents

    Section 7: Extending the join groupAdding the attribute sourceAdding attributes from the attribute sourceViewing the contents