bscully Absent Member.
Absent Member.
321 views

JDBC Driver Application Attributes and Modifies


Hi and thanks for taking the time to look at this with me.

I’m using a JDBC Driver connected to an Informix View that’s being used
to create User accounts and Groups. It uses simple Schema Mapping for
user details (links below to the XML, if you’re interested).

Schema Map
https://docs.google.com/document/d/12t7Pm8qGZQoKMfUqY8GSX_lix6AtnN4DecLociRbgCg/edit

I then use Application source attribute values from the View to build
the destination DN in placing the student accounts.

Placement Rule
https://docs.google.com/document/d/1GM0uOEl9DNhpdHcHgqV5n-F3LI6JthsUcuSnIll2V8Y/edit


Lastly, I use Application source attribute values that define which
academic program the student is enrolled in from the same user record to
create a corresponding eDir Group, if it doesn’t exist, and set user
membership.

Program Groups
https://docs.google.com/document/d/1BfvnMBIaW3Jp-KYygnQfIUV2B-kk0u5z9mboyViTVCA/edit

This is all working well and good for adds. However, I notice that
changes in the View, say, a Program Group, aren’t being picked-up by the
driver. Any changes to the Schema Attributes that are mapped are coming
across. For what it’s worth, I am using triggerless publication.

I’m assuming that mods to things like Program Groups aren’t triggering
changes because they aren’t in the Filter, set to Class/Attribute sync
or something along those lines.

I’d like your advice on how to best tackle this. Should I, for
example, define Application Classes/Attributes, create custom Identity
Vault Classes/Attributes, map them, and set to Synchronize? Maybe
there’s a better way all together.

Thanks a lot,

Bill


--
bscully
------------------------------------------------------------------------
bscully's Profile: http://forums.novell.com/member.php?userid=16027
View this thread: http://forums.novell.com/showthread.php?t=450637

Labels (1)
0 Likes
9 Replies
bscully Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies


I guess I'm just wondering if I have to create custom attributes in the
vault that match the application attributes in order to monitor
modifies? Up until now, I would just have those application attributes
written to create specific groups when the user account was created, but
the problem is if, on the application side, a change is made, the driver
isn't picking up the change. Seems to me that my only option is to map
an application attribute to a vault attribute to monitor change and
trigger modifies. Is that right? Thanks, Bill

PS. If this helps with the larger picture, this process is to
create/place users in groups based on academic programs they are
enrolled in. Our ERP system keep track of what programs students are
enrolled in and I need the vault to have matching groups with user
membership. Thanks


--
bscully
------------------------------------------------------------------------
bscully's Profile: http://forums.novell.com/member.php?userid=16027
View this thread: http://forums.novell.com/showthread.php?t=450637

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, you basically have two ways of getting application changes.

1. Application sends you the change, preferably old now-removed
value(s) as well as new value(s). This is how the IDM engine sends
changes, which is the best way since it's immediate and requires no
guesswork in policy.

2. Detect changes by comparing what you know about old, and what is now
there. This is how things like triggerless publication in the JDBC
driver work, though tha tdriver is specifically made to do that where
your application may not be so you'll be doing the queries of all data
and comparing things instead. Hopefully you'll be comparing on an
object-by-object basis, not something bigger like JDBC does. In order
to do this, of course, you must have the old values somewhere, and
you've correctly found one way to do it.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPEX8nAAoJEF+XTK08PnB5dH0QAIO25QeN1+687gE2ys47GKkd
e4ga4HMr3C3YWHL9IrW24eaeWpYR+gIMXCErw1ln6UjBVoRyLM3ndA09aD7C2pE6
Ggn3YS+z6EJsm3QbXXfs00VJ6UJj/JRRHa2bdqvbO3PgLUw0niPqyyd8cQL7M5eq
OPlVKQQN9/9NKncTVuqXIwocEiZipxQlezXsi/hqpgrg08G3mDx4j5EeIQeblA+B
CIhl/swjubJFmiok5Aiec4Sl1OtI0UtdeIGfuJILqyxgekjjRAgpEeUp4dmu/xYy
tWLSKeJckOgKO9vOMBAzXepwAk+xxobJK/bd81vtpyhb8oVx70ro+Qz9OcZQxs5y
GFGCzbVmquszWXp4l/lXEKBBJhngBwpr2MfCZkap6P3c25/CdBs/xXXGpI7DQS+5
hW5ZkdrmygJqADU07idu4W34OBINTcvzazCApwfBkzn4HGg7PJ2y/3AF5m8af4OP
TGoz5UgoITrNJRMKwxBcqIXs/NwQAJuacfj5ofkx+SSQV/+Lly+hOxuO7grPM0I8
vJBznFHLpsUXAkreuRRM4BzIEkgVJnzVAf4NsImhxBpQ8gq9AbpGltP7LPWQcW1p
7cGLhCzar7400da8HwcZeT6N/j+GKDccOE4CgzL6Iayh0RfQYbJ8lxY8tGzNcguq
KzypHYLzyyuIwV7WPc4M
=7ggB
-----END PGP SIGNATURE-----
0 Likes
bscully Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies


Thanks.

Sorry if I'm not getting it, but if I understand you correctly, it
would be best to create a map between the application attributes and
custom vault attributes that I would create to match the connected
system. Then set the filter to notify of changes. Is that right?


--
bscully
------------------------------------------------------------------------
bscully's Profile: http://forums.novell.com/member.php?userid=16027
View this thread: http://forums.novell.com/showthread.php?t=450637

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No, "best" would be to have the application send you changes of objects
and attribute values directly. If that is not an option then the only
other way to find what is changing is to look at the application objects
directly via some kind of query and, to see what changed, compare with
what you have stored in the vault. If you have things in the
application that are not also stored in the vault already, then you'll
need new attributes on your objects (via auxiliary classes) to have a
place to store the values for later comparison.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPEfvVAAoJEF+XTK08PnB5uSkP/2eS5DxaC11rZNZghrCbRyY/
uLUwLQDI/63AL16/ruqwh6v8+thHmxPVKJ3PI2mMP6pWXop3VCcYA65nYiP1VJDk
Dhuu3e3cOq1y/uO7knG7S7Tw6gmwZB9pn11eH18oC1g9buPk9wqlTv+BiXeu/pUf
4jwNW1B/3SLvppanSDQdJC3B7M+gqHw8GNPHtnv5cff2t+3SjUW/y2PD+0DSHZQE
CqzSeDAK4sWRwYlhSjXrmIqDjVoPwaH8BxmSYx4x+TCAu51wrsw2yvzsENBO6veQ
m3gPcr5QkytgF3VVvflFPePMDC8CiYl/fTjJC9PviFu/XFpFmX7LLa44ol9B1EsN
6xd0sjkoGSM2WXgyIt/c4p8mn80MsbV7EryXOFY9wf8A2h2PedROMQ8sBLfPQHgJ
pxWapGY51+RSXbqq3QGAnXWrzmanFsU1Tab/fGFyd9z808CjXTsEFc1n4lBgChkz
QzyWRFOp7dU/rvZtmmTHUPm0Ie4cVGU6KssIWUkmGUzeq1RdV2k2Ly3sc3B3wY+2
W0WvVO4a1VZv2a/QBxEAUf5zpAJmtuxVdLwjrd9H4LvQyWb0jvpqZYebNvWRnPJ1
tzOGBxra4TkVIlL6pVrSQ1+GMU1Lz1hP8yjpgbgT2SMFVbUFiFunvUT9Av22pkZm
iK0zUsYoSy9C2s1a8IuI
=2Vpu
-----END PGP SIGNATURE-----
0 Likes
bscully Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies


Ahhh, helpful.

OK, I think the second options fits my particular situation: A view
that presents userid, name, password, and they're all mapped to vault
attributes. 5 other columns are in the view and were being brought over
as source attributes:

mv_idm_site char(4)
mv_idm_prog char(4)
mv_idm_subprog char(4)
mv_idm_cl char(2)
mv_idm_major1 char(4)

I was using policy rules to create groups based on the above 5
variables when the user account was created. Worked fine. However, any
modification to these variables weren't being capture by the driver and
I assume that's because they weren't mapped and set to synchronize.

I gather from what you've recommended, I will need to create an
auxiliary class and attributes to match these 5 and then write policy to
create groups and assign membership based on their values.

Sound good?

Thanks for your patience and advice.


--
bscully
------------------------------------------------------------------------
bscully's Profile: http://forums.novell.com/member.php?userid=16027
View this thread: http://forums.novell.com/showthread.php?t=450637

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If an attribute is not in the filter then, true, it will never
synchronize, even if there are equivalent attributes defined in the
vault to hold those values. My initial comment about having attributes
defined in the fault may have been off course based on what you've been
writing since then (my own misunderstanding).

If you want to see things that are in the JDBC-connected system then
those things must either be queried for (queries are not limited by the
driver config's filter) or else they must be in the filter and allowed
to naturally flow into the vault from the application. There is no need
to properly map an application's data to attributes within eDirectory in
order for data to be picked up as long as you do not eventually (at the
end of the Publisher channel) try to write the data to eDirectory. If
you do not need the data in eDirectory but you just want to see changes
coming from the application then start by putting the attributes in the
filter properly and see if that is enough. If not, you may get to play
with schema and a bit more IDM work to get everything synchronized fully.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPEknTAAoJEF+XTK08PnB5OtAQAI9vf3luoxLar7EurMNEjbOd
xgbQH0ZiDssdC1ddbr4GqkMtQg3mF9WI81fdP7aQSHaZh3ogDddMXcEeVX0qiScT
xPRjf7MsZ+6OEjDx4WW4XGZIYlWdYRUFz6vGrK4OEZtmlXLex069eQVvAIGq3KJK
ON/k2cRgmN51tevQwy3/yzQzuXJT0LNw6WzhsiThwGV0uXztkbjMK5PCpDQX+xll
zHORb8kHOh0ERxlZ08OyTbnYDucY03YCiT3OMe4REmReHu8/bfgvCktFpE6yGGRB
V4P+/HcW/YfYDhJhMSFOH7CrPmAAWmQJhXD7tQWaEiOQvEpgsL2i0Lest9pJrw5L
EuvafGlkztqj6BfvlVzfwidQpXRPD6RtuDnMa6LMBZWKxS81Vl5+gFaclmpZAh/A
I4HiXzxDi43pr737hrzJSo8Hqsgpg8Grjh06qIMc/ZyMmqjmkjH2hRMnBj2JnvSe
bypVY67hd5Pt8pHZAvaD3so+1OdtaEvS9Mxb3M91Z22gf4AvGmQBVg/uH4u3C0o5
WYfkCzMCth3WTHRE7oRoj7bttk4AOkyWdc7OR5aKIunDy1jcVgQIDzPjvY23dLja
FlO7tYhar3tOnPljmXBbAJsfdrJ2kv3hH5OorYdgyDz6MHEcFEsFT+GLIAvPI5pt
0SkHVJWREtv5P6y8XS/g
=s00s
-----END PGP SIGNATURE-----
0 Likes
bscully Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies


You have given me a lot to think about. Over the next few days I'm
going to work on this and see what I can come up with. I'll let you
know what I came up with.

Thanks a lot. This has been very helpful.


--
bscully
------------------------------------------------------------------------
bscully's Profile: http://forums.novell.com/member.php?userid=16027
View this thread: http://forums.novell.com/showthread.php?t=450637

0 Likes
bscully Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies


Hi AB,

Wanted to update you that I created the 5 Attributes that I needed in
the Vault, mapped them to the Application Attributes, set them up in the
Driver Filter to Notify, created Policy Sets under PCT, and modifies are
coming across beautifully! Thanks a lot for your help!

Bill


--
bscully
------------------------------------------------------------------------
bscully's Profile: http://forums.novell.com/member.php?userid=16027
View this thread: http://forums.novell.com/showthread.php?t=450637

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: JDBC Driver Application Attributes and Modifies

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Great! Nice work and thank-you for posting back your results.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPFdzjAAoJEF+XTK08PnB5M0sP+wX3uYh3ko63jMDBlykRKfY0
9EqaaWWCkljn7zzwZPtKLk8l16kv2ip19F9cUCiIRaqbRpDLtIggftx30vHWKses
AJQygHOAYwqNfu9gDU0lSwbo0RKUdIvG5agGVso+s16oKOpWCOWRDu6mCYDx7RUh
C7I9PHZN640FL3d84a/floNuUlgd1CdOwCTYYhi1TVFnazhphvqkwEIzD1Q4rWX2
/fPVMONgws8O3FAVE20DyCpKA7mv1sbVbAh/nwerDxsgkyv9inaGjhLC3jSEMLVm
8AyH/F2Uwe93xsVneBDOOJLfcCvk4qLemSGLTAxewRe6YxJsw6kPfehoGCUoEdWt
6awqrwSDFmxZB6dL72vyfoMjCl8OwWEQoxU7a5adPUgJ5/Iw8eSbipOG5Yky9VY9
2MBye5HwptbxYjhheN+hxMhGL9EP/GvFOwLDYYAiBYtLhk8aQJonP7aH4LNCDsT7
UQPrlJmwDCe0wxLCcBpQqwZY7wq9Qycsf0C1ikXyDU6/fjzOF/I2N0FGIa7yEsyD
+qzHeId7UYk5oBoVcnuAxjttz/MPY7MRe38Uf2zrBxkD8TDCe3Wvb7vpXvoJxkWI
BL40j/jSheD+ZF6kn7Vu1CixTSU6qpe1O/9DN4IejO2u2fsXeEuvovtfFCShOw3o
Gug4FWgYBI25f8p8mR/e
=65Av
-----END PGP SIGNATURE-----
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.