Application Delivery Management
Application Modernization & Connectivity
IT Operations Management
CyberRes
In this, part 3 of 4, the Subscriber Command Transform, Filter, Schema Mapping are covered.
Rule: DL Entitlement: add or remove DL memberships
Rule: Account Entitlement: Enable or Disable account
Purpose: If the driver has been configured (driver.gw.ent.account.remove = disable) to disable the GroupWise mailbox when the associated User object is deleted, and if the user's entitlement to a GroupWise mailbox (gwAccount) is changing, then this rule transforms the change in entitlements in to events to implement the entitlement. The mailbox will be enabled or disabled based on the user's entitlement to it.
Rule: Account Entitlement: Expire or Unexpire account
Purpose: If the driver has been configured (driver.gw.ent.account.remove = expire) to expire the GroupWise mailbox when the associated User object is deleted, and if the user's entitlement to a GroupWise mailbox (gwAccount) is changing, then this rule transforms the change in entitlements in to events to implement the entitlement. The mailbox will be expired or unexpired based on the user's entitlement to it.
Rule: Account Entitlement: Enable/Unexpire or Disable/Expire account
Purpose: If the driver has been configured (driver.gw.ent.account.remove = dispire) to disable and expire the GroupWise mailbox when the associated User object is deleted, and if the user's entitlement to a GroupWise mailbox (gwAccount) is changing, then this rule transforms the change in entitlements in to events to implement the entitlement. The mailbox will be expired and disabled or unexpired and enabled based on the user's entitlement to it.
Rule: Account Entitlement remove: Delete account
Purpose: If the driver has been configured (driver.gw.ent.account.remove = delete) to remove the GroupWise mailbox when the associated User object is deleted, and if the user's entitlement to a GroupWise mailbox (gwAccount) is changing, then this rule transforms the change in entitlements in to events to implement the entitlement. The mailbox will be deleted because the user is no longer entitlement to it.
Rule: User gwAccount Entitlement change (Delete Option)
Purpose: This rule checks two Global Configuration Values (drv.entitlement.GWAccount and driver.gw.ent.account.remove) to see if it should activate. This rule is used to handle the GroupWise driver being configured to Create or Delete the GW mailbox when the entitlement is changed. It then also checks to see if the object being processed is a User, if the event is an Add or Modify, and to see if the gwAccount entitlement is what is changing (the reason that this User is being added or modified). If all of these conditions are true, then several Operation Properties are added to the current event. These contain data
This data is then forwarded to the configured audit platform agent.
Rule: User gwAccount Entitlement change (Disable Option)
Purpose: This rule checks two Global Configuration Values (drv.entitlement.GWAccount and driver.gw.ent.account.remove) to see if it should activate. This rule is used to handle the GroupWise driver being configured to Expire/Unexpire or Enable/Disable the GW mailbox when the entitlement is changed. It then also checks to see if the object being processed is a User, if the event is an Add or Modify, and to see if the gwAccount entitlement is what is changing (the reason that this User is being added or modified). If all of these conditions are true, then several Operation Properties are added to the current event. These contain data
This data is then forwarded to the configured audit platform agent.
Rule: User gwAccount Entitlement remove (Delete Option)
Purpose: This rule checks two Global Configuration Values (drv.entitlement.GWAccount and driver.gw.ent.account.remove) to see if it should activate. This rule is used to handle the GroupWise driver being configured to Create or Delete the GW mailbox when the entitlement is changed. It then also checks to see if the object being processed is a User, if the event is an Delete, and to see if the gwAccount entitlement is what is changing (the reason that this User is being deleted from GroupWise). If all of these conditions are true, then several Operation Properties are added to the current event. These contain data
This data is then forwarded to the configured audit platform agent.
Rule: Convert add nspmDistributionPassword attribute to a modify-password operation
Purpose: This is one of the standard Universal Password password synchronization policies. It transforms the nspmDistributionPassword in an <add> document to a <modify-password> event, if the driver has been configured for password synchronization (password subscribe).
Rule: Convert modify nspmDistributionPassword attribute to a modify-password operation
Purpose: This is the second of the standard Universal Password password synchronization policies. It transforms the nspmDistributionPassword in an <modify> document to a <modify-password> event, if the driver has been configured for password synchronization (password subscribe).
Rule: Block empty modify operations
Purpose: The third of three standard Universal Password rules. If nothing remains of the <modify> document, this rule strips it. So if all that changed in the original modify is the password value, the modify-password event replaces it, otherwise, other changes in the document will be processed because the document is non-empty.
This is a standard Filter, containing the object classes and attributes that this driver is going to process on the Subscriber and Publisher channels. By default, User, GroupWise External Entity, GroupWise Distribution List, GroupWise Post Office, GroupWise Resource, Group, and Organizational Unit objects will be processed. Configuration, via Global Configuration Values, is used to control what this driver actually does.
This is a standard IDM schema map, containing eDirectory and GroupWise object and attribute values.
Rule: Strip nspmDistributionPassword
Purpose: This rule unconditionally removes nspmDistributionPassword from all documents. Normally this is done in the Command Transform by one of the standard Universal Password password synchronization rules.
Rule: GW 6.5 from eDir
Purpose: This rule checks to see if the driver is configured to work with a GroupWise 5.50 or a GroupWise 6.00 system. If not, it assumes then that the driver is working with a GroupWise 6.5 or newer system. It then checks to see if the event being processed is coming from eDirectory (ie: on the Subscriber) via local variable fromNDS (equal to 'true'). Then, if the object being processed is a User, it fiddles with some attribute names to map eDirectory to GroupWise. This would normally be done by the schema map, but it appears that some of the GroupWise attribute names have changed between versions, so this bit of policy handles the conditional mapping needed to have one driver preconfig work with multiple versions of GroupWise.
Rule: GW 6.5 from GW
Purpose: This rule checks to see if the driver is configured to work with a GroupWise 5.50 or a GroupWise 6.00 system. If not, it assumes then that the driver is working with a GroupWise 6.5 or newer system. It then checks to see if the event being processed is coming from GroupWise (ie: on the Publisher) via local variable fromNDS (equal to 'false'). Then, if the object being processed is a User, it fiddles with some attribute names to map eDirectory to GroupWise. This would normally be done by the schema map, but it appears that some of the GroupWise attribute names have changed between versions, so this bit of policy handles the conditional mapping needed to have one driver preconfig work with multiple versions of GroupWise.
Rule: GW 5.5/6.0 from eDir
Purpose: This rule checks to see if the driver is configured to work with a GroupWise 5.50 or a GroupWise 6.00 system. If so, it then checks to see if the event being processed is coming from eDirectory (ie: on the Subscriber) via local variable fromNDS (equal to 'true'). Then, if the object being processed is a User or External Entity, it fiddles with some attribute names to map eDirectory to GroupWise. This would normally be done by the schema map, but it appears that some of the GroupWise attribute names have changed between versions, so this bit of policy handles the conditional mapping needed to have one driver preconfig work with multiple versions of GroupWise.
Rule: GW 5.5/6.0 from GW
Purpose: This rule checks to see if the driver is configured to work with a GroupWise 5.50 or a GroupWise 6.00 system. If so, it then checks to see if the event being processed is coming from GroupWise (ie: on the Publisher) via local variable fromNDS (equal to 'false'). Then, if the object being processed is a User or External Entity, it fiddles with some attribute names to map eDirectory to GroupWise. This would normally be done by the schema map, but it appears that some of the GroupWise attribute names have changed between versions, so this bit of policy handles the conditional mapping needed to have one driver preconfig work with multiple versions of GroupWise.