Blank 2002 Template

Download Report

Transcript Blank 2002 Template 

Understanding Novell
™
DirXML Technology
www.novell.com
Nick Nikols
DirXML Architect and Engineering Manager
Novell, Inc.
[email protected]
Steven Weitzeil
Director, DirXML and Common UI
Novell, Inc.
[email protected]
Vision…one Net
A world where networks of all types—corporate and public,
intranets, extranets, and the Internet—work together as
one Net and securely connect employees, customers,
suppliers, and partners across organizational boundaries
Mission
To solve complex business and technical challenges with Net
business solutions that enable people, processes, and
systems to work together and our customers to profit from
the opportunities of a networked world
What Is DirXML™?
• Data-sharing service
 Provides
bi-directional data flow between eDirectory
and enterprise applications
 Administrator determines the data to be shared
• Matches existing business processes
 Runs
on all Novell eDirectory™ supported platforms
(NetWare®, Win2K, NT, Solaris, Linux, AIX)
 Requires no changes to existing applications
 Transforms data into the format required by the target
application
Islands of Isolated Data
HR
ERP
OS
DB
Dir.
E-mail
DEN
Sharing Data through the Directory
HR
ERP
OS
DB
Novell eDirectory
with DirXML
Dir.
E-mail
DEN
DirXML Architecture
Rules and Stylesheets
Subscriber Channel
Novell
eDirectory
DirXML
Engine
DirXML
Driver
Shim
Publisher Channel
DirXML
Novell eDirectory
Server
Rules and Stylesheets
Application
DirXML Architecture
The Remote Loader
Rules and Stylesheets
Subscriber Channel
Remote
Loader
Shim
Publisher Channel
DirXML
Novell eDirectory
Server
Rules and Stylesheets
Remote
Loader
Service
Novell
eDirectory
DirXML
Engine
DirXML
Driver
Shim
Application
Components of DirXML
• DirXML engine
 eDirectory
interface
 Join engine
• DirXML Driver Shim
 XML
interface
 Application’s native interface
• Subscriber and publisher channels
 Filters
manage flow in both directions
 Policies may be applied differently to each channel
DirXML Engine
• eDirectory interface
 Supports
loading of multiple drivers
 Guaranteed delivery of eDirectory events
 eDirectory event loop-back detection
• Join engine
 Handles
data transformations
 Rules processor
 XSLT processor
DirXML Driver Shim
• XML interface
 Issue
and receive XML documents
 Document Object Model (DOM)
• Application’s native interface
 Applications
don’t have to change
 Can be either remoted via the remote loader or can
use the application’s own remote capability (if any)
Publisher and Subscriber Channels
• Publisher channel
 Propagates
events from the application to eDirectory
• Subscriber channel
 Propagates
events from eDirectory to the application
• Filters
 Manage
the flow of data on both channels
 A list of desired classes and their attributes
 Determines the authoritative source(s) of data
Publisher and Subscriber Filters
Authoritative Data Sources
• Problem
 Some
applications are authorities over certain data
and should be the sole publishers of that data
• Solution
 Publisher
and subscriber filters control the flow of
changes to the data
 eDirectory rights allow only the publisher to modify
the data
Authoritative Data Sources
Publisher
only
Bobby
Department
Marketing
Sales
EmpId
003456
E-mail
[email protected]
Date of birth
2/15/1965
Assoc.
E-mail [email protected]
Assoc.
Dept
EmpId
003456
Dept
Sales
Marketing
DOB
15.2.1965
HR
CN
HR
003456
(cont.)
Dept
Subscriber
only
Address
[email protected]
Dept
Marketing
Sales
Birthdate
2/15/65
E-mail
Converting to Application’s
Native Format
• Schema mapping
• Object mapping
• Data transformation
• Event transformation
Schema Mapping
• Problem
 Different
applications support different class and
attribute names
• Solution
 Schema
mapping rules
• DirXML provides straightforward rules for mapping between
different schemas
• All connected applications can have different schemas
Schema Mapping Rule
(cont.)
Schema Mapping Rule
<?xml version="1.0" encoding="UTF-8"?>
<attr-name-map>
<!-- Schema mapping for User object. -->
<class-name>
<nds-name>User</nds-name>
<app-name>inetOrgPerson</app-name>
</class-name>
<attr-name class-name="User">
<nds-name>CN</nds-name>
<app-name>cn</app-name>
</attr-name>
<attr-name class-name="User">
<nds-name>uniqueID</nds-name>
<app-name>uid</app-name>
</attr-name>
<attr-name class-name="User">
<nds-name>Given Name</nds-name>
<app-name>givenname</app-name>
</attr-name>
</attr-name-map>
(cont.)
• Provides a oneto-one mapping
of classes and
their attributes
• Same rule used
for both
Publisher and
Subscriber
Schema Mapping
Date of birth
CN
Bobby
Department
Sales
EmpId
003456
E-mail
[email protected]
Date of birth
2/15/1965
Assoc.
E-mail [email protected]
Assoc.
DOB
HR
003456
Date of birth
Birthdate
EmpId
003456
Address
[email protected]
Dept
Sales
Dept
Sales
DOB
15.2.1965
Birthdate
2/15/65
HR
E-mail
Object Mapping
• Problem
 Different
systems have different unique identifiers
for same objects
• Solution
 Association
attribute
• DirXML stores the unique identifier for each system in
eDirectory
• No need to have a single unique ID across all systems
• Objects can be mapped regardless of hierarchy
Associations
Novell eDirectory
O=People
OU=Sales
OU=Engineering
CN=Rita
CN=John
CN=Bobby
CN=Suzy
HR
E-mail
003456
005484
[email protected]
[email protected]
007886
[email protected]
009843
[email protected]
Associations
CN
Bobby
Department
Sales
EmpId
003456
E-mail
[email protected]
Date of birth
2/15/1965
Assoc.
E-mail [email protected]
Assoc.
HR
003456
HR
E-mail
EmpId
003456
Address
[email protected]
Dept
Sales
Dept
Sales
DOB
15.2.1965
Birthdate
2/15/65
Building Associations
• Finding an existing object that matches
 Is
there an object that matches my criteria?
• Creating a new object
 Do
I have all of the required info to create the new
object?
• Placing a new object
 Where
should I place the new object?
Object Matching Rule
Object Matching Rule
(cont.)
• Determines the
<?xml version="1.0" encoding="UTF-8"?>
<matching-rules>
<matching-rule description=“Initial Matching Criteria”>
<match-class class-name=“User”/>
<match-attr attr-name=“Surname”/>
<match-attr attr-name=“Social Security Number”/>
</matching-rule>
<matching-rule description=“Secondary Matching Criteria”>
<match-class class-name=“User”/>
<match-attr attr-name=“Given Name”/>
<match-attr attr-name"Surname”/>
<match-attr attr-name=“Telephone Number”/>
</matching-rule>
</matching-rules>
criteria for finding
a match
• Must have a unique
result
• Multiple matches
results in an error
meaning the
matching criteria
was too vague
Object Create Rule
Object Create Rule
<?xml version="1.0" encoding="UTF-8"?>
<create-rules>
<create-rule class-name="User" description="Create Rule">
<required-attr attr-name="Given Name"/>
<required-attr attr-name="Surname"/>
<required-attr attr-name="uniqueID"/>
<required-attr attr-name="L">
<value type="string"><![CDATA[Provo]]></value>
</required-attr>
<template template-dn="\DirXML-Tree\Novell\UserRole"/>
</create-rule>
</create-rules>
(cont.)
• Determines the
set of required
attributes
• Vetoes create if
required attributes
are not present
• Default values and
templates can be
specified
Object Placement Rule
Object Placement Rule
(cont.)
<?xml version="1.0" encoding="UTF-8"?>
<placement-rules dest-dn-format="slash" src-dn-format="ldap">
<!-- Placement rule for User objects.-->
<placement-rule description="Placement based on Location">
<match-class class-name="User"/>
<match-attr attr-name="L">
<value type="string"><![CDATA[Provo]]></value>
</match-attr>
<placement>
<![CDATA[\DirXML-Tree\Novell\PRV\]]><copy-name/>
</placement>
</placement-rule>
<placement-rule>
<match-class class-name="User"/>
<placement>
<![CDATA[\DirXML-Tree\Novell\]]><copy-attr attr-name=”Surname"/>
</placement>
</placement-rule>
</placement-rules>
• Determines
criteria for
placement
of the new
object
• Criteria can
be based
on class,
attribute,
or path
Building Associations on the
Subscriber Channel
Desired
eDirectory
event
occurs
Error
Does this
object have an
association?
YES
Modify
App object
NO
Apply
matching
rule:
Query
App
Modify
eDirectory
object
Write
association
Mark
association
pending
Multiple
Number of
matches
One
Modify
App Object
Create
App Object
Zero
Apply
create
rule
Query
eDirectory
NO
Do we
have all required
attributes?
YES
Merge
attributes
Apply
placement
rule
Building Associations on the
Publisher Channel
Desired
App event
occurs
Query
eDirectory
Error
NO
Does this
object have an
association?
YES
Modify
eDirectory
object
Apply
matching
rule:
Query
eDirectory
Modify
eDirectory
object
Modify
App object
Write
association
Create
eDirectory
object
Multiple
Number
of matches
Zero
Apply
create
rule
One
Merge
attributes
NO
Do we
have all required
attributes?
YES
Query App
Apply
placement
rule
Data Transformation
• Problem
 Applications
have different representations for the
same data
• 15.2.1965 vs. 2/15/65
• Solution
 DirXML
allows data to be transformed to a canonical
format
 Requires an XSLT stylesheet
 Extensions can be provided to call procedural
programs
Data Transformation
2/15/1965
CN
Bobby
Department
Sales
EmpId
003456
E-mail
[email protected]
Date of birth
2/15/1965
Assoc.
E-mail [email protected]
Assoc.
15.2.1965
HR
2/15/1965
003456
2/15/65
EmpId
003456
Address
[email protected]
Dept
Sales
Dept
Sales
DOB
15.2.1965
Birthdate
2/15/65
HR
E-mail
Event Transformation
• Problem
 Events
may need to be transformed
• A delete event may need to be transformed into a modify
• Solution
 DirXML
allows events to be transformed to perform
other operations
 Is processed before the DirXML add processor
 Requires an XSLT stylesheet
 Extensions can be provided to call procedural
programs
Event Transformation
O=People
OU=Sales
CN=Rita
CN=Bobby
deleted
OU=Engineering
CN=John
CN=Suzy
Delete object
CN=Bobby
003456 disabled
005484
007886
009843
HR
Transforming Between eDirectory
Format and Application Format
Rules and Stylesheets
eDirectory
Event
Novell
eDirectory
Apply
to
eDirectory
APP
eDirectory
eDirectory
formatted
formatted
SubscribertoChannel XML
APP
XML
DirXML
Engine
DirXML
Driver
Shim
APP
APP
eDirectory
formatted
to
Publisher Channel
formatted
XML
eDirectory
XML
DirXML
Novell
eDirectory Server
Rules and Stylesheets
Apply
to
APP
Application
APP Event
Order of Rule Processing on
the Subscriber Channel
The DirXML Engine
Subscriber
Filter
Event
Cache
Convert
Event
to
XML
Does an
association
exist?
YES
Event
Transformation
NO
Matching Create Placement
Rule
Rule
Rule
Subscriber Add Processor
Schema
Mapper
Command
Transformation
Output
Transformation
Order of Rule Processing on
the Publisher Channel
Publisher Add Processor
Placement Create Matching
Rule
Rule
Rule
Publisher
Filter
NO
Convert
XML
to
eDirectory
Schema
Mapper
YES
Command
Transformation
Does an
association
exist?
The DirXML Engine
Event
Transformation
Input
Transformation
DirXML 1.1
New Functionality
•
•
•
•
•
•
Remote Loader
Command Transformation Rule
Rule Chaining
Dynamic Class Loader
Enhanced Error Logging
Product Activation
Command Transformation
•
•
•
•
Similar to Event Transformation
Is processed after the DirXML add processor
Requires an XSLT stylesheet
Extensions can be provided to call procedural
programs
Rule Chaining
• Previously, if more complex policies were
required, a DirXML rule could be replaced by an
XSLT stylesheet
 You
could reference either a DirXML rule, or an XSLT
stylesheet, but not both
• Rule Chaining
 DirXML
rules can now reference XSLT stylesheets
 Provides the ability to simply describe most policies
in a DirXML rule and reference XSLT stylesheets to
describe the more complex policies
Dynamic Class Loader
• Previously, the administrator needed to reload
the JVM if
 The
classpath changed
 A new .JAR file (java drivers) is added
• Dynamic Class Loader
 New
.JAR files are loaded upon request
 Reload JVM only if replacing an existing .JAR file
Enhanced Error Logging
• DirXML engine and drivers
 Historically
errors have been written in multiple
locations
 Errors are now written to the appropriate object
• Driver set
• Publisher
• Subscriber
 Errors
are still written to log files and the trace
screen
 This greatly reduces effort needed to find error
information
DirXML Activation
• To allow for easier evaluation, DirXML 1.1 is now
freely available for a 90 day trial period
• DirXML 1.1 can then be “Activated” once the
product has been purchased
• The Activator assists customers in notifying Novell
about
 Themselves
 The
product they are activating
 The “domain” they are activating the product in
Conclusion
• DirXML provides a bi-directional data flow
framework between eDirectory and enterprise
applications
• DirXML matches existing business processes
 Administrators
determine the data to be shared
 Runs on all Novell eDirectory supported platforms
(NetWare, Win2K, NT, Solaris, Linux, AIX)
 Requires no changes to existing applications
 Transforms data into the format required by the
target application
Training and Education at BrainShare
• Study and preview Directory and Database
Integration Using DirXML (Course 992) at
The Learning Zone
• DirXML self-study materials at the BrainShare
Bookstore
Training and Education
• Directory and Database Integration Using DirXML



Course 992
Import Drivers
Implementation Strategies
• ATT—Advanced DirXML





Troubleshooting Techniques
Customization
XML, XDS Rules, and XSLT
Provo, March 25-28
Additional information at
http://www.novell.com/education/train_product/dirxml.html