Embed Size (px)
Citation preview
www.novell.com
Understanding Novell DirXML™ TechnologyUnderstanding Novell DirXML™ Technology
Nick NikolsDirXML Architect and Engineering ManagerNovell, [email protected]
Steven WeitzeilDirector, DirXML and Common UINovell, [email protected]
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
What Is DirXML™?
• Data-sharing service Provides bi-directional data flow between
eDirectory and enterprise applications Administrator determines the data to be shared
• Matches existing business processes Runs on all Novell eDirectory™ supported platforms
(NetWare®, Win2K, NT, Solaris, Linux, AIX) Requires no changes to existing applications Transforms data into the format required by the
target application
Islands of Isolated Data
HR ERP
DEN
Dir.E-mail
OSDB
Sharing Data through the Directory
HR ERP
Dir.E-mail
OSDB
Novell eDirectoryNovell eDirectory
with with DirXMLDirXML
DEN
DirXML Architecture
NovelleDirectory
DirXML
DirXMLEngine
DirXML DriverShim
Novell eDirectory
Server
Application
Subscriber Channel
Publisher Channel
Rules and Stylesheets
Rules and Stylesheets
DirXML ArchitectureThe Remote Loader
NovelleDirectory
DirXML
DirXMLEngine
Novell eDirectory
Server
Application
DirXML
DriverShim
Remote
LoaderShim
Rem
ote
Load
er
Serv
ice
Subscriber Channel
Publisher Channel
Rules and Stylesheets
Rules and Stylesheets
Components of DirXML
• DirXML engine eDirectory interface Join engine
• DirXML Driver Shim XML interface Application’s native interface
• Subscriber and publisher channels Filters manage flow in both directions Policies may be applied differently to each
channel
DirXML Engine
• eDirectory interface Supports loading of multiple drivers Guaranteed delivery of eDirectory events eDirectory event loop-back detection
• Join engine Handles data transformations Rules processor XSLT processor
DirXML Driver Shim
• XML interface Issue and receive XML documents Document Object Model (DOM)
• Application’s native interface Applications don’t have to change Can be either remoted via the remote loader or
can use the application’s own remote capability (if any)
Publisher and Subscriber Channels
• Publisher channel Propagates events from the application to
eDirectory
• Subscriber channel Propagates events from eDirectory to the
application
• Filters Manage the flow of data on both channels A list of desired classes and their attributes Determines the authoritative source(s) of data
Publisher and Subscriber Filters
Authoritative Data Sources
• Problem Some applications are authorities over certain
data and should be the sole publishers of that data
• Solution Publisher and subscriber filters control the flow
of changes to the data eDirectory rights allow only the publisher to
modify the data
Authoritative Data Sources (cont.)
EmpId 003456
Dept Sales
DOB 15.2.1965
Dept Sales
Birthdate 2/15/65
HR
CN
EmpId
Assoc.
Assoc.
Department
Date of birth
Bobby
003456
Sales
2/15/1965
003456Subscriber
onlyDept
Publisheronly Dept
HR E-mail
Marketing
Marketing
Marketing
Converting to Application’s Native Format
• Schema mapping
• Object mapping
• Data transformation
• Event transformation
Schema Mapping
• Problem Different applications support different class
and attribute names
• Solution Schema mapping rules
• DirXML provides straightforward rules for mapping between different schemas
• All connected applications can have different schemas
Schema Mapping Rule (cont.)
Schema Mapping Rule (cont.)
• Provides a one-to-one mapping of classes and their attributes
• Same rule used for both Publisher and Subscriber
<?xml version="1.0" encoding="UTF-8"?><attr-name-map> <!-- Schema mapping for User object. --> <class-name> <nds-name>User</nds-name> <app-name>inetOrgPerson</app-name> </class-name> <attr-name class-name="User">
<nds-name>CN</nds-name><app-name>cn</app-name>
</attr-name> <attr-name class-name="User">
<nds-name>uniqueID</nds-name><app-name>uid</app-name>
</attr-name> <attr-name class-name="User">
<nds-name>Given Name</nds-name><app-name>givenname</app-name>
</attr-name></attr-name-map>
Schema Mapping
EmpId 003456
Dept Sales
DOB 15.2.1965
Dept Sales
Birthdate 2/15/65
Date of birth
HR
CN
EmpId
Assoc.
Assoc.
Department
Date of birth
Bobby
003456
Sales
2/15/1965
003456DOB
Date of birth
Birthdate
HR E-mail
Object Mapping
• Problem Different systems have different unique
identifiers for same objects
• Solution Association attribute
• DirXML stores the unique identifier for each system in eDirectory
• No need to have a single unique ID across all systems• Objects can be mapped regardless of hierarchy
AssociationsNovell eDirectory
O=People
OU=EngineeringOU=Sales
CN=Rita
CN=Bobby
CN=John
CN=Suzy
007886
009843
005484
003456
HR E-mail
Associations
EmpId 003456
Dept Sales
DOB 15.2.1965
Dept Sales
Birthdate 2/15/65
HR
CN
EmpId
Assoc.
Assoc.
Department
Date of birth
Bobby
003456
Sales
2/15/1965
003456
HR E-mail
Building Associations
• Finding an existing object that matches Is there an object that matches my criteria?
• Creating a new object Do I have all of the required info to create the
new object?
• Placing a new object Where should I place the new object?
Object Matching Rule
• Determines the criteria for finding a match
• Must have a unique result
• Multiple matches results in an error meaning the matching criteria was too vague
<?xml version="1.0" encoding="UTF-8"?><matching-rules> <matching-rule description=“Initial Matching Criteria”> <match-class class-name=“User”/> <match-attr attr-name=“Surname”/> <match-attr attr-name=“Social Security Number”/> </matching-rule> <matching-rule description=“Secondary Matching Criteria”> <match-class class-name=“User”/> <match-attr attr-name=“Given Name”/> <match-attr attr-name"Surname”/> <match-attr attr-name=“Telephone Number”/> </matching-rule></matching-rules>
Object Matching Rule (cont.)
Object Create Rule
• Determines the set of required attributes
• Vetoes create if required attributes are not present
• Default values and templates can be specified
<?xml version="1.0" encoding="UTF-8"?><create-rules> <create-rule class-name="User" description="Create Rule"> <required-attr attr-name="Given Name"/> <required-attr attr-name="Surname"/> <required-attr attr-name="uniqueID"/> <required-attr attr-name="L"> <value type="string"><![CDATA[Provo]]></value> </required-attr> <template template-dn="\DirXML-Tree\Novell\User-Role"/> </create-rule></create-rules>
Object Create Rule (cont.)
Object Placement Rule
• Determines criteria for placement of the new object
• Criteria can be based on class, attribute, or path
<?xml version="1.0" encoding="UTF-8"?><placement-rules dest-dn-format="slash" src-dn-format="ldap"><!-- Placement rule for User objects.--> <placement-rule description="Placement based on Location"> <match-class class-name="User"/> <match-attr attr-name="L"> <value type="string"><![CDATA[Provo]]></value> </match-attr> <placement> <![CDATA[\DirXML-Tree\Novell\PRV\]]><copy-name/> </placement> </placement-rule> <placement-rule> <match-class class-name="User"/> <placement> <![CDATA[\DirXML-Tree\Novell\]]><copy-attr attr-name=”Surname"/> </placement> </placement-rule></placement-rules>
Object Placement Rule (cont.)
Building Associations on the Subscriber Channel
Applymatching
rule:
Applymatching
rule: Number ofmatches
One
Writeassociation
QueryApp
Mergeattributes
Markassociation
pending
Do wehave all required
attributes?
Applyplacement
rule
Applyplacement
rule
Zero NO
YES
CreateApp Object
ModifyApp object
Error
Multiple
Does this object have an
association?
YES
NO
DesiredeDirectory
eventoccurs Apply
createrule
Applycreaterule
QueryeDirectory
ModifyApp Object
Modify eDirectory
object
Building Associations on the Publisher Channel
Number of matches
Zero
Mergeattributes
One
ModifyApp object
Does this object have an
association?
YES
Do wehave all required
attributes?
Create eDirectory
object
NOApply
matchingrule:
Applymatching
rule:
Query eDirectory
Query AppModify
eDirectoryobject
YES
NO
Error
Multiple
Applycreaterule
Applycreaterule
Applyplacement
rule
Applyplacement
rule
Writeassociation
QueryeDirectory
Modify eDirectory
object
DesiredApp event
occurs
Data Transformation
• Problem Applications have different representations for
the same data• 15.2.1965 vs. 2/15/65
• Solution DirXML allows data to be transformed to a
canonical format Requires an XSLT stylesheet Extensions can be provided to call procedural
programs
Data Transformation
EmpId 003456
Dept Sales
DOB 15.2.1965
Dept Sales
Birthdate 2/15/65
2/15/1965
HR
CN
EmpId
Assoc.
Assoc.
Department
Date of birth
Bobby
003456
Sales
2/15/1965
00345615.2.1965
2/15/1965
2/15/65
HR E-mail
Event Transformation
• Problem Events may need to be transformed
• A delete event may need to be transformed into a modify
• Solution DirXML allows events to be transformed to
perform other operations Is processed before the DirXML add processor Requires an XSLT stylesheet Extensions can be provided to call procedural
programs
Event Transformation
HR
O=People
OU=EngineeringOU=Sales
CN=Rita
CN=Bobby
CN=John
CN=Suzy
007886
009843
005484
003456
CN=Bobbydeleted
Delete objectCN=Bobby
003456 disabled
Transforming Between eDirectory Format and Application Format
NovelleDirectory
DirXML
DirXMLEngine
DirXML DriverShim
Novell eDirectory Server
Application
Subscriber Channel
Publisher Channel
Rules and Stylesheets
Rules and Stylesheets
eDirectory Event
eDirectory formatted
XML
eDirectory to
APP
APPformatted
XML
Applyto
APP
APP EventAPP
formattedXML
APPto
eDirectory
eDirectoryformatted
XML
Applyto
eDirectory
Order of Rule Processing on the Subscriber Channel
ConvertEvent
toXML
EventTransformation
Does an association
exist?
SchemaMapper
OutputTransformation
MatchingRule
CreateRule
PlacementRule
Subscriber Add Processor
SubscriberFilter Event
Cache
NO
YES
The DirXML Engine
CommandTransformation
The DirXML Engine
Order of Rule Processing on the Publisher Channel
MatchingRule
CreateRule
PlacementRule
Publisher Add Processor
InputTransformation
SchemaMapper
EventTransformation
PublisherFilter
ConvertXMLto
eDirectory
NO
YES
Does an association
exist?
CommandTransformation
DirXML 1.1New Functionality
• Remote Loader• Command Transformation Rule• Rule Chaining• Dynamic Class Loader• Enhanced Error Logging• Product Activation
Command Transformation
• Similar to Event Transformation• Is processed after the DirXML add processor• Requires an XSLT stylesheet• Extensions can be provided to call
procedural programs
Rule Chaining
• Previously, if more complex policies were required, a DirXML rule could be replaced by an XSLT stylesheet
You could reference either a DirXML rule, or an XSLT stylesheet, but not both
• Rule Chaining DirXML rules can now reference XSLT stylesheets Provides the ability to simply describe most
policies in a DirXML rule and reference XSLT stylesheets to describe the more complex policies
Dynamic Class Loader
• Previously, the administrator needed to reload the JVM if
The classpath changed A new .JAR file (java drivers) is added
• Dynamic Class Loader New .JAR files are loaded upon request Reload JVM only if replacing an existing .JAR file
Enhanced Error Logging
• DirXML engine and drivers Historically errors have been written in multiple
locations Errors are now written to the appropriate object
• Driver set• Publisher• Subscriber
Errors are still written to log files and the trace screen
This greatly reduces effort needed to find error information
DirXML Activation
• To allow for easier evaluation, DirXML 1.1 is now freely available for a 90 day trial period
• DirXML 1.1 can then be “Activated” once the product has been purchased
• The Activator assists customers in notifying Novell about
Themselves The product they are activating The “domain” they are activating the product in
Conclusion
• DirXML provides a bi-directional data flow framework between eDirectory and enterprise applications
• DirXML matches existing business processes Administrators determine the data to be shared Runs on all Novell eDirectory supported platforms
(NetWare, Win2K, NT, Solaris, Linux, AIX) Requires no changes to existing applications Transforms data into the format required by the
target application
Training and Education at BrainShare
• Study and preview Directory and Database Integration Using DirXML (Course 992) at The Learning Zone
• DirXML self-study materials at the BrainShare Bookstore
Training and Education
• Directory and Database Integration Using DirXML Course 992 Import Drivers Implementation Strategies
• ATT—Advanced DirXML Troubleshooting Techniques Customization XML, XDS Rules, and XSLT Provo, March 25-28
Additional information at http://www.novell.com/education/train_product/dirxml.html
