ccikara Absent Member.
Absent Member.
186 views

eDir-to-eDir


Hi all,

I have 3 questions I am struggling to find the answers to...

1. If I removed an association on the 1 leg of the eDir-to-eDir driver
using the remove association verb, will that remove the association on
both "legs" of the eDir-to-eDir driver? Or is there something "smart" I
need to do.
i.e. On the publicher channel of the 2nd leg I am doing a check, if
that check fails, I want to remove the association on both trees...

2. If I set a local vairable on the 1 "leg" of the eDir-to-eDir driver
and make the scope of that variable "driver" will it be passed to the
2nd leg of the eDir-to-eDir driver?

3. If I have an entitlement enabled eDir-to-eDir driver and the
entitlements are valued, will the values be passed to the 2nd leg of the
driver?
i.e. I have a valued entitlement that contains different values and can
be assigned multiple times, but I need those values on the publisher of
the 2nd leg to set an attribue in that tree.
Will I need to entitlement enable the 2nd leg of the eDir-to-eDir
driver and maybe give it the same values, then sync the
DirXML-EntitlementRef attribute???

Thanks in advance!

Regards,
Craig Cikara


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: http://forums.novell.com/member.php?userid=86966
View this thread: http://forums.novell.com/showthread.php?t=452201

Labels (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: eDir-to-eDir

On 13.02.2012 13:56, ccikara wrote:
>
> Hi all,
>
> I have 3 questions I am struggling to find the answers to...
>
> 1. If I removed an association on the 1 leg of the eDir-to-eDir driver
> using the remove association verb, will that remove the association on
> both "legs" of the eDir-to-eDir driver? Or is there something "smart" I
> need to do.
> i.e. On the publicher channel of the 2nd leg I am doing a check, if
> that check fails, I want to remove the association on both trees...


When you refer to second leg, do you mean the publisher channel on the
other eDir-to-eDir driver driver?

> 2. If I set a local vairable on the 1 "leg" of the eDir-to-eDir driver
> and make the scope of that variable "driver" will it be passed to the
> 2nd leg of the eDir-to-eDir driver?


If I understand you correctly, then then the answer is no. These are two
separate drivers running on separate servers communicating via XML.

You need to use operational properties to pass information, that will work.

> 3. If I have an entitlement enabled eDir-to-eDir driver and the
> entitlements are valued, will the values be passed to the 2nd leg of the
> driver?
> i.e. I have a valued entitlement that contains different values and can
> be assigned multiple times, but I need those values on the publisher of
> the 2nd leg to set an attribue in that tree.
> Will I need to entitlement enable the 2nd leg of the eDir-to-eDir
> driver and maybe give it the same values, then sync the
> DirXML-EntitlementRef attribute???


Entitlements are a structured attribute with one of the components a DN
path to the entitlement object. This exact entitlement object cannot
possibly exist in the other eDirectory driver, so generally the answer
to this question is no.

As a rule of thumb, you should choose one channel (publisher or
subscriber) and add policy ONLY within that channel in each side of the
eDir-eDir driver. Otehrwise you end up with a design that is very
difficult to maintain and test.
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
ccikara Absent Member.
Absent Member.

Re: eDir-to-eDir


Regarding the entitlements...

I have created a admin defined valued entitlement on the Vault tree
(treeA), these values will be based on what group the user is a member
of.
But we cannot create the groups across to treeB, so syncing is out of
the questions...

Now since I am using one entitelement that can be granted multiple
times with different values, I need to pass those values across to treeB
so I can set an attribute there. But I do not want to set desitination
attribute on the subscriber channel of treeA as, like you said, things
will get messy if there are too many rules on the subscriber channel and
the publisher channel.

Can I send those values across using an operational property? The
following rule will go in CTP on the subscriber channel...

<policy>
<rule>
<description>Handle Group Entitlement Grant and Revoke</description>
<conditions>
<and>
<if-entitlement name="Sales Entitlement" op="changing"/>
</and>
</conditions>
<actions>
<do-for-each>
<arg-node-set>
<token-removed-entitlement name="Sales Entitlement"/>
</arg-node-set>
<arg-actions>
<do-set-op-property name="removedValue">
<arg-string>
<token-entitlement name="Sales Entitlement"/>
</arg-string>
</do-set-op-property>
</arg-actions>
</do-for-each>
<do-for-each>
<arg-node-set>
<token-added-entitlement name="Sales Entitlement"/>
</arg-node-set>
<arg-actions>
<do-set-op-property name="addedValue">
<arg-string>
<token-entitlement name="Sales Entitlement"/>
</arg-string>
</do-set-op-property>
</arg-actions>
</do-for-each>
</actions>
</rule>
</policy>

Thanks!!


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: http://forums.novell.com/member.php?userid=86966
View this thread: http://forums.novell.com/showthread.php?t=452201

0 Likes
Knowledge Partner
Knowledge Partner

Re: eDir-to-eDir

On Tue, 14 Feb 2012 06:56:01 +0000, ccikara wrote:

> But we cannot create the groups across to treeB, so syncing is out of
> the questions...


Why can't you create groups in the destination tree?


> Now since I am using one entitelement that can be granted multiple times
> with different values, I need to pass those values across to treeB so I
> can set an attribute there. But I do not want to set desitination
> attribute on the subscriber channel of treeA as, like you said, things
> will get messy if there are too many rules on the subscriber channel and
> the publisher channel.


Good advice, but sometimes you have to break it for other (good) reasons.


> Can I send those values across using an operational property? The
> following rule will go in CTP on the subscriber channel...


Operation data is stripped before the document leaves the driver to go to
the other side. Your best bet is to create some fake attributes, used
only to communicate data from one driver to the other.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.novell.com

Please post questions in the forums. No support provided via email.

0 Likes
ccikara Absent Member.
Absent Member.

Re: eDir-to-eDir


Thanks Alex,

For question 1.
When I say 2nd leg, I do mean the publisher channel on the other
eDir-to-eDir driver.
So when a user is processed on the eDir-to-eDir driver, that user will
have 2 associations, one on each "leg" of the driver. I am not sure of
the jargin to properly explain myself here... But lets take an example,
of a user Bob that was created manually in treeA, he is then passed
through the driver to treeB and created in treeB. Now the driver on
treeA will have an association for Bob and so will treeB. So there will
be 2 associations for this user.
Now my question is, when I remove the association on treeA becuase the
user is deleted (or some other reason) on the subcriber channel, will
that automatically remove the association on the treeB driver side? Or
will I need to remove that association in the publisher channel on
treeB.
The trick comes in when there is a rule in the publisher channel that
says that the current association needs to be removed and then
reassociated with another object. Would removing the treeB association
then reassociating the object surfice, or will I need to do something on
treeA for the association to be valid?

Thanks for your help on the other questions!

Regards,
Craig Cikara


--
ccikara
------------------------------------------------------------------------
ccikara's Profile: http://forums.novell.com/member.php?userid=86966
View this thread: http://forums.novell.com/showthread.php?t=452201

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.