Office 365 Driver Walk Through Part 14:
270
In part one of this series ( ) I walked through some of the configuration, Packages, and GCVs used in the Office 365 IDM driver.
In part two of this series ( ) I walked through more of the GCVs and looked at some possible values for the License entitlements.
In part three of this series ( ) I looked at the Filter and Schema Map and some more entitlement issues.
In part four of this series ( ) I looked at the configuration settings and then on to actual policies, getting through the Subscriber Event Transform policy set.
In part five of this series ( ) I worked through the Subscriber Match and Create policy sets.
In part six of this series ( ) I started in on the Subscriber Command Transform policy set.
In part seven of this series ( ) I continued through the EntitlementsImpl policy in the Command Transform.
In part eight of this series ( ) I finished up the Command Transform and started into the Output Transform.
In part nine of this series ( ) I finished walking through the Output Transform.
In part ten of this series ( ) I started down the Input Transform policy set getting through the first six policy objects.
In part eleven of this series ( ) I finished the Input Transform policy set and got through the Publisher Event Transform policy set.
In part twelve of this series ( ) I got through the Match, Create, Placement, and almost all of the Command transform policy sets.
In part thirteen of this series ( ) I finished the Publisher channel, wrapping up the driver.
And yet, here we are again... At some point this has to end, right? I mean, I cannot keep going forever? Or can I?
It turns out that the way NetIQ is doing packages, is basically an excuse to keep writing these articles forever! Ha ha! Fools, now I have you!
The best part about packages is that they are meant to be designed to be upgradable. This is hugely different than the previous XML file monoliths. Before if you applied the latest XML driver file, it would erase stuff you had changed. With packages, your changes remain, and are in fact flagged, and you can see the list. This is great, since with a new Package, perhaps NetIQ fixed an issue you had noticed, now you can revert your change and use theirs instead? Or perhaps you were clever and made all your changes in policies in your own package and now it is independent of the NetIQ packages, so upgrades are less painful. All these are great changes, and my favorite part of Packages. Alas, all is not perfect, and I could spend many articles explaining the issues. Maybe I should. Hmm, not a bad idea for a new series. Or at least an updated series on Packaging, 2 years after I wrote my last set, with all that I have learned in the past 2 years or so.
Anyway, when I started this series lo so many years ago, I noted the specific packages I was reviewing because I expected that they would get updated as time passed. I honestly did not think it would take so long to get them all out:
NOVLOFFIBASE 2.1.0.20130111115820 Base package
NOVLOFFIDCFG 2.1.0.20130111153536 Default configuration
NOVOFFAUDENT 2.1.0.20121212171705 Audit Entitlements
NOVLOFFIATRK 2.1.0.20130101164900 Account tracking for Identity Audit
NOVLOFFIPSWD 2.1.0.20130110125335 Password Synchronization
NOVLOFMSINFO 2.1.0.20121217151110 Managed System Info
NOVLOFFENT 2.1.0.20130110181516 Entitlement support
NOVLOFFIOPTL 2.1.0.20130110140328 Optional Packages
I also picked up some package dependencies and got:
Account Tracking Common 2.1.0.20120718113432
Audit Entitlements Common 1.0.0
Data Collection Common 1.0.0
Password Synchronization Common 1.0.3.20120423124853
There were a couple of driver set packages that came in via dependencies as well:
Advanced Java Class 1.0.1
Common Settings 1.0.01
In the intervening year or so, these have all been updated. So lets see what it looks like with the new packages. Designer 4.02 Auto Update 2 or so added the ability to compare packages. So I will compare the version I used against the latest packages, and report back on what has changed. Lets see if anyone at NetIQ read my articles and fixed the issues I noted. The way it works is, open the Outline view, find your Package Catalog. Find the package of interest. Click on the version you want to start with. (Will be on the left in the compare window). Then you can right click and select Compare Package. If you do not get this menu, try turning on Package Developer Mode in one of your trees, or making sure you are at the latest Auto Update for Designer.
Then you get to select from all the versions that Designer locally knows about. These have to be packages that are:
1) Brought into Designer via "Online Updates" whether NetIQ's site, or someone else's, or by pointing at a local filestore.
2) Packages Imported, just into this project.
That is the difference between doing a Check for Package Updates, getting the updates, and Import Packages. The former case makes the packages available to all projects that this Designer install instance works on. This also means you need Admin privileges on Winders, as UAC will try and stop Designer from writing downloaded files to the install directory. Whereas the latter only makes the package available to current project.
This is an important distinction, since the first case, stores them with the Designer binary files. Whereas the second stores them just in the workspace. Usually the binary files are in C:\Program Files on Winders, which is protected as of Win7 and Win 8.
In one of the 4.02 Auto Updates they also made it that if you reference a package, say by adding a driver, then the needed packages (and only the needed packages) get added to the current project's catalog. This is to save memory, since the entire project is kept in memory in its own copy, for each and every tab you open. Thus minimizing the size of the catalog is a good thing.
This auto import is also used when you do a compare. Just because you only have a single package in your catalog, does not mean you cannot compare. If your package came via Designer Online Updates, then you can chose from all versions the Designer instance knows about. If however, you got your packages as JAR files that you imported into your project, then you would have to import all the versions you want to compare into your catalog.
If you want to distribute packages like the Online Updates approach, what you do is Build a package and get it ready. Once you are ready, Build it with the Release tick box selected. These actions generate the single, simple JAR file that you may be used to. Once you have Build/Released a package, you right click again, and now there is Publish item on the menu.
You need to point this at a directory that holds your other published packages, (maybe mount the web server file system? Maybe manage it local then copy over?) as it adds to the site.xml file your new packages. Thus you get to build your distribution site, and all you need to do is expose it via HTTP to allow people to use it. If you just want to do it locally, in the Preferences window, Designer, Packages, Online Updates, add a new Update Site, with the URL for the HTTP site, or the local filesystem as: "file:///c/path/to/file/on/windows". Note the three forward slashes after the file colon.
In our case here, the updated packages that need to be considered are:
NOVLOFFIBASE - Base package
Was: 2.1.0.20130111115820 Now: 2.3.0.20130819145818
NOVLOFFIDCFG - Default configuration
Was: 2.1.0.20130111153536 Now: 2.3.0.20130907194121
Intermediate step of 2.2.0.20130404201615 will be ignored.
NOVLOFFIPSWD - Password Synchronization
Was: 2.1.0.20130110125335 Now: 2.3.0.20130907194140
NOVLOFFENT - Entitlement support
Was: 2.1.0.20130110181516 Now: 2.2.0.20130627174421
NOVLOFFIATRK - Account tracking for Identity Audit
Was: 2.1.0.20130101164900 Now: 2.2.0.20130513160359
So looks like there are five packages to look at changes made in. This could take awhile!
Might as well start at the top, with the Base package, NOVLOFFIBASE.
First up they updated the Readme which make me very happy. I think they should be doing lots more of this. Add comments in the policies, add comments in the Filter, add comments in the Readme. The more the merrier. Thus I am glad to see this. The new stuff is:
-2.3
https://bugzilla.novell.com/show_bug.cgi?id=791963
-2.2
Changes made for enhancement to support DistributionList group.
So looks like the overall 2.2 package version was all about adding Distribution List support, and that the 2.3 release was a bunch of bug fixes.
This one has 5 differences, one GCV object and four resource objects:
NOVLOFFIBASE-GCVs
NOVLOFFIBASE-DriverNamePrompt
NOVLOFFIBASE-GCVs-Prompt
NOVLOFFIBASE-InitSettingsPrompt
NOVLOFFIBASE-RemoteLoaderPrompts
NOVLOFFIBASE-GCVs
Lets start with the 'easy' one, a GCV object.
Looks like three changes.
First was just a cosmetic change of adding a Header node, into the GCV. It is not entirely well documented all the various things you can do in the GCV XML, but a node like below can make things look more professional.
You have seen examples of this in common drivers, but nice to know you can add it yourself. Of course, be nice if the GUI supported adding it to make life easier, but it does not.
I wrote a series of articles about the various GCV types a few years ago, that can help explain some of the options in the GCV DTD that are available.
http://www.novell.com/communities/node/4860/discussing-gcvs-comments-field-identity-manager
http://www.novell.com/communities/node/11344/explaining-gcvs-part-1
http://www.novell.com/communities/node/11471/explaining-gcvs-part-2
http://www.novell.com/communities/node/11480/structured-global-configuration-values-idm
Amusingly, the docs actually link to the last article on Structured GCV's instead of really dealing with defining them. I wish they would do that more often, as extra useful content to point readers at. I know of 4 places in the docs where they link to stuff I have written, if you happen to find more, let me know, since I am keeping a list.
Second is simply a better default, suggested value for the GCV drv.domain.name. Was djshah.onmicrosoft.com and now defaults to adminpoint.onmicrosoft.com. Looks like Dhval Shah, who did a lot of the development work on this driver left his personal instance in the default GCV which does not matter very much, since everyone needs to set their own to make it even begin to work.
Third item is another default change for the GCV drv.usage.location, which is a two letter country code, that defaults to ff in the old version and US in the new one. Probably a reasonable change. After all does anyone in the world actually live outside the US? (And I say that as a Canadian! Cultural imperialism is fun if you are at the top of the heap).
NOVLOFFIBASE-DriverNamePrompt
NOVLOFFIBASE-GCVs-Prompt
NOVLOFFIBASE-InitSettingsPrompt
NOVLOFFIBASE-RemoteLoaderPrompts
These four are interesting. Designer says they are unequal, but the compare shows no differences, so not sure what is going on here. Likely there is some whitespace differences throwing the checksums off, but semantically null in XML world, so the compare does not even show it. Odd, but not a big deal.
NOVLOFFIDCFG - Default configuration
Next up is the default configuration which went from 2.1.0.20130111153536 to 2.3.0.20130907194121, with a 2.2.0 intermediate step that I will ignore.
Here we see differences in 5 policies, and one Resource object:
Policies:
NOVLOFFIDCFG-otp-Transform
NOVLOFFIDCFG-pub-pp
NOVLOFFIDCFG-smp
NOVLOFFIDCFG-sub-cp
NOVLOFFIDCFG-sub-ctp-Rename
NOVLOFFIDCFG-sub-mp
Resource:
NOVLOFFIDCFG-Filter
In a move that makes me very happy, I see that the Readme got updated as well, adding this content in:
-2.2
Changes made for enhancement to support DistributionList group.
-2.3
https://bugzilla.novell.com/show_bug.cgi?id=801315
https://bugzilla.novell.com/show_bug.cgi?id=800395
https://bugzilla.novell.com/show_bug.cgi?id=811567
https://bugzilla.novell.com/show_bug.cgi?id=798697
https://bugzilla.novell.com/show_bug.cgi?id=798696
https://bugzilla.novell.com/show_bug.cgi?id=798698
That gives some hints at what changed and why.
Lets do the filter first since it is simplest to compare. There are two changes, both on the Group class. First is to Owner, where it was publisher sync, and is now publisher ignore. I wonder why? Hopefully the policy differences will hint at why.
The second change is the addition of EMail Address, which is NOT the Internet EMail Address you may be thinking but instead if the structured attribute used by GroupWise that allows specifying the mail transport type as well. In many ways, this is more equivalent to how Active Directory uses proxyAddress where the SMTP:geoffc@acme.com means my default SMTP address (because SMTP is in capitals) but x400:cn=geoffc\dc=acme\dc=com means this is my additional X400 mail transport address. (I suck at free hand typing X400, I know the format is wrong, don't bug me about it). This is set to bidirectional sync, with optimize modify enabled and default merge authority.
I expect to see a transform policy (maybe the otp-Transform) add support for handling this value. Looks like the Schema map is updated to map this to EmailAddresses in the application.
As an example, an add event with a EMail Address attribute would look something like this snippet of XML:
geoffc@acme.com
7
I forget what all the eMailType values are but I seem to recall that 7 is SMTP. To handle this, you would add a very simple Reformant Operation Attribute token that looks like this:
That will handle the Add, Modify, and Query case I believe, in 5 lines of XML, one token. Very simple. It does seem that the author of this configuration is not aware of this token.
Speaking of a transform, lets do that one next. But that will have to wait until the next article. Stayed tuned, same Bat time, same Bat channel! At least two more articles after this, but I really think I am near the end! Honestly, I mean it. For real this time. Well, maybe, time will tell.