Configuring Identity Manager 2 (formerly DirXML ® ) for JDBC (w/DirXML) Jason Elsberry Software...

Configuring Identity Manager 2 (formerly DirXML®) for JDBC (w/DirXML)

Jason Elsberry Software [email protected]

© March 9, 2004 Novell Inc.2

one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.

The one Net vision

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:


The one Net vision

Novell Nsure solutions take identity management to a whole new level. Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently, and best of all, affordably.

Novell Nsure™

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:


Novell eDirectory

Server

Identity Manager Architecture

Identity Manager 2

DirXMLEngine

DirXML DriverShim

Policies

Policies

IdentityVault Application

Subscriber Channel

Publisher Channel

5

Remote Loader Service

Identity Manager ArchitectureThe Remote Loader

Application

Identity Manager 2

DirXMLEngine

Remote Loader Shim

Novell eDirectory

Server Policies

Policies

DirXML DriverShim

Subscriber Channel

Publisher Channel

ApplicationIdentity

Vault


Supported Databases:

• IBM DB2 Universal Database (UDB)

• Microsoft SQL Server

• Oracle 8i, 9i

• Sybase Adaptive Server Enterprise (ASE)

• MySQL

• Informix Dynamic Server (IDS)

* Supported == Tested* A more specific list is available in the Implementation Guide.

Identity Manager 2 Driver for JDBC


Minimum Database Requirements:

• Support SQL grammar used by the driver

- SQL92 entry level?

• JDBC-accessible

- Third-party JDBC driver

- Third-party ODBC driver via JDBC-ODBC Bridge driver

• Trigger support (publication only)

*Schema support is no longer required.



Supported Data Types (java.sql.Types):• JDBC 1.0 data types - time, date, timestamp - char, varchar, long varchar - binary, varbinary, long varbinary

• JDBC 2.0 data types - clob, blob



Two Synchronization Models:

Indirect Direct



Indirect Synchronization on the Subscriber Channel

Subscriber

Driver’sSchema

Synchronization

Trigger(s)

IntermediateTable(s)

CustomerTable(s)

Database


Database

EventLogPublisher

Driver’sSchema

Synchronization

Trigger(s)

PublicationTrigger(s)


CustomerTable(s)




Subscriber

Driver’sSchema

Synchronization

Trigger(s)


CustomerTable(s)

Database


Database

EventLogPublisher

Driver’sSchema

Synchronization

Trigger(s)

PublicationTrigger(s)


CustomerTable(s)




Commonly Used Driver Parameters:• Synchronize Schema (<sync-schema>)• Synchronize Tables (<sync-tables>)• Connection Tester Class Name (<connection-tester-class>)• Connection Test Statement (<connection-test-stmt>)• Retrieve Minimal Metadata? (<minimal-metadata>)


Synchronize Schema:• Identifies the tables/views to synchronize by owner.

• Tables/views need to be owned by the same user. Disallows cross-schema synchronization.

• Causes the driver to cache all tables/views in the schema. This is problematic for large schemas.

Commonly Used Driver Parameters


Synchronize Tables:• Identifies the tables/views to synchronize by name instead of by owner.

• Tables/views do not need to be owned by the same user. Allows cross-schema synchronization.

• Causes the driver to cache tables/views discriminately.



Connection Tester Class:

• There is no method defined in the JDBC interface

to determine connection state

- The java.sql.Connection.isClosed() method doesn’t tell you anything you don’t already know.

• This parameter allows users to define a database-specific class to determine connection state

• Example

- The Microsoft SQL Server connection tester class MSSQLConnectionTester executes the statement SELECT NULL FROM sysusers WHERE -1=0.

- The Informix connection tester class uses database-specific error codes to determine connection state.



Connection Test Statement:• Shortcut for “Connection Tester Class Name”.

• Example - Test statement for Microsoft SQL Server: SELECT NULL FROM sysusers WHERE -1=0.



Retrieve Minimal Metadata?• If set to “no” (default), the driver calls required and optional metadata methods• If set to “yes”, the driver only calls required metadata methods• Example - The Progress JDBC driver does not support the optional metadata method DatabaseMetaData.getExportedKeys().

• See Appendix D in Implementation Guide for list of optional and required methods.



Commonly Used Subscriber Parameters:• Primary Key Generation (<key-gen>)• Key Generation Timing (<key-gen-timing>)



Primary Key Generation:• How does the driver get values to create an association for an <add> event? - From a stored procedure/function in the database

- The driver needs to create them

- The values are already present in the event

Commonly Used Subscriber Parameters


Key Generation Timing:• When should the driver attempt to retrieve primary key values for <add> events? Before or after rows are inserted into a table/view? • Possible values - Before (default)

- After

• Example - For Oracle, values are available before insertion via sequence objects; for all other databases, primary key values are generally available after insertion through identity columns

Commonly Used Subscriber Parameters


Commonly Used Publisher Parameters:•Log Table Name (<log-table>)•Delete From Log (<delete-from-log>)•Allow Loopback (<allow-loopback>)



Log Table Name?• The name of the table where publication events are stored.• The table names and column names are configurable.• Column order and data type are fixed.

Commonly Used Publisher Parameters


Delete From Log?

• If set to “no”, the publisher will mark rows in the log table as processed rather than delete them.

- This setting is helpful when debugging.

• If set to “yes” (default), the publisher will delete records in the log table.

- This setting allows for better performance and should be used in production.



Allow Loopback?• If set to “no” (default), the publisher will only process events caused by a database user other than itself• If set to “yes,” the publisher will process events caused by any database user• Example - In order to facilitate user account management on Sybase, the driver’s database login account has to be granted system administrator rights - Making the driver a sys admin, however, changes the driver’s identity to “dbo” - Because the driver’s identity is no longer unique, the publisher is unable to determine whether an event was caused by the subscriber or another database user with sys admin rights



Style Sheet Configuration:• Embedded SQL - Facilitates user account management

• Multi-valued attribute to single-valued column mapping - Which value to sync to database?

Advanced Configuration

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

Configuring Identity Manager 2 (formerly DirXML ® ) for JDBC (w/DirXML) Jason Elsberry Software...

Documents

Transcript of Configuring Identity Manager 2 (formerly DirXML ® ) for JDBC (w/DirXML) Jason Elsberry Software...