Understanding Novell DirXML™ Technology Novell BrainShare 2002 Understanding Novell DirXML™ Technology Nick Nikols DirXML Architect and Engineering Manager Novell, Inc. nick@novell.com Steven Weitzeil Director, DirXML and Common UI sweitzeil@novell.com TUT235—Understanding Novell DirXML Technology

Vision…one Net Mission A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

What Is DirXML™? Data-sharing service Provides bi-directional data flow between eDirectory and enterprise applications Administrator determines the data to be shared Matches existing business processes Runs on all Novell eDirectory™ supported platforms (NetWare®, Win2K, NT, Solaris, Linux, AIX) Requires no changes to existing applications Transforms data into the format required by the target application

Islands of Isolated Data HR ERP DB OS E-mail Dir. DEN

Sharing Data through the Directory ERP DB OS Novell eDirectory with DirXML E-mail Dir. DEN

DirXML Architecture DirXML Novell Engine eDirectory Application DirXML Rules and Stylesheets DirXML Subscriber Channel DirXML Engine DirXML Driver Shim Novell eDirectory Application Publisher Channel Novell eDirectory Server

DirXML Architecture The Remote Loader Rules and Stylesheets DirXML Subscriber Channel DirXML Engine Remote Loader Shim Remote Loader Service DirXML Driver Shim Novell eDirectory Application Publisher Channel Novell eDirectory Server

Components of DirXML DirXML engine DirXML Driver Shim eDirectory interface Join engine DirXML Driver Shim XML interface Application’s native interface Subscriber and publisher channels Filters manage flow in both directions Policies may be applied differently to each channel

DirXML Engine eDirectory interface Join engine Supports loading of multiple drivers Guaranteed delivery of eDirectory events eDirectory event loop-back detection Join engine Handles data transformations Rules processor XSLT processor

DirXML Driver Shim XML interface Application’s native interface Issue and receive XML documents Document Object Model (DOM) Application’s native interface Applications don’t have to change Can be either remoted via the remote loader or can use the application’s own remote capability (if any)

Publisher and Subscriber Channels Publisher channel Propagates events from the application to eDirectory Subscriber channel Propagates events from eDirectory to the application Filters Manage the flow of data on both channels A list of desired classes and their attributes Determines the authoritative source(s) of data

Publisher and Subscriber Filters

Authoritative Data Sources Problem Some applications are authorities over certain data and should be the sole publishers of that data Solution Publisher and subscriber filters control the flow of changes to the data eDirectory rights allow only the publisher to modify the data

Authoritative Data Sources (cont.) CN Bobby Department Marketing Sales EmpId 003456 E-mail bdoe@ab.com Date of birth 2/15/1965 Publisher only Dept Subscriber only Dept Assoc. E-mail bdoe@ab.com Assoc. HR 003456 EmpId 003456 Address bdoe@ab.com Dept Marketing Sales Dept Sales Marketing DOB 15.2.1965 Birthdate 2/15/65 HR E-mail

Converting to Application’s Native Format Schema mapping Object mapping Data transformation Event transformation

Schema Mapping Problem Solution Different applications support different class and attribute names Solution Schema mapping rules DirXML provides straightforward rules for mapping between different schemas All connected applications can have different schemas

Schema Mapping Rule (cont.)

Schema Mapping Rule (cont.) Provides a one-to-one mapping of classes and their attributes Same rule used for both Publisher and Subscriber <?xml version="1.0" encoding="UTF-8"?> <attr-name-map> <!-- Schema mapping for User object. --> <class-name> <nds-name>User</nds-name> <app-name>inetOrgPerson</app-name> </class-name> <attr-name class-name="User"> <nds-name>CN</nds-name> <app-name>cn</app-name> </attr-name> <nds-name>uniqueID</nds-name> <app-name>uid</app-name> <nds-name>Given Name</nds-name> <app-name>givenname</app-name> </attr-name-map>

Schema Mapping HR E-mail Date of birth Date of birth DOB Birthdate CN Bobby Department Sales EmpId 003456 Date of birth E-mail bdoe@ab.com Date of birth Date of birth 2/15/1965 Assoc. E-mail bdoe@ab.com DOB Assoc. HR 003456 Birthdate EmpId 003456 Address bdoe@ab.com Dept Sales Dept Sales DOB 15.2.1965 Birthdate 2/15/65 HR E-mail

Object Mapping Problem Solution Different systems have different unique identifiers for same objects Solution Association attribute DirXML stores the unique identifier for each system in eDirectory No need to have a single unique ID across all systems Objects can be mapped regardless of hierarchy

Associations Novell eDirectory HR E-mail O=People OU=Sales OU=Engineering CN=Rita CN=John CN=Bobby CN=Suzy HR E-mail 007886 009843 005484 003456 rdoe@ab.com bdoe@ab.com jdoe@ab.com sdoe@ab.com

Associations HR E-mail CN Bobby 003456 Sales bdoe@ab.com 2/15/1965 Department EmpId E-mail Date of birth Assoc. E-mail bdoe@ab.com Assoc. HR 003456 HR E-mail EmpId 003456 Address bdoe@ab.com Dept Sales Dept Sales DOB 15.2.1965 Birthdate 2/15/65

Building Associations Finding an existing object that matches Is there an object that matches my criteria? Creating a new object Do I have all of the required info to create the new object? Placing a new object Where should I place the new object?

Object Matching Rule

Object Matching Rule (cont.) Determines the criteria for finding a match Must have a unique result Multiple matches results in an error meaning the matching criteria was too vague <?xml version="1.0" encoding="UTF-8"?> <matching-rules> <matching-rule description=“Initial Matching Criteria”> <match-class class-name=“User”/> <match-attr attr-name=“Surname”/> <match-attr attr-name=“Social Security Number”/> </matching-rule> <matching-rule description=“Secondary Matching Criteria”> <match-attr attr-name=“Given Name”/> <match-attr attr-name"Surname”/> <match-attr attr-name=“Telephone Number”/> </matching-rules>

Object Create Rule

Object Create Rule (cont.) Determines the set of required attributes Vetoes create if required attributes are not present Default values and templates can be specified <?xml version="1.0" encoding="UTF-8"?> <create-rules> <create-rule class-name="User" description="Create Rule"> <required-attr attr-name="Given Name"/> <required-attr attr-name="Surname"/> <required-attr attr-name="uniqueID"/> <required-attr attr-name="L"> <value type="string"><![CDATA[Provo]]></value> </required-attr> <template template-dn="\DirXML-Tree\Novell\User-Role"/> </create-rule> </create-rules>

Object Placement Rule

Object Placement Rule (cont.) <?xml version="1.0" encoding="UTF-8"?> <placement-rules dest-dn-format="slash" src-dn-format="ldap"> <!-- Placement rule for User objects.--> <placement-rule description="Placement based on Location"> <match-class class-name="User"/> <match-attr attr-name="L"> <value type="string"><![CDATA[Provo]]></value> </match-attr> <placement> <![CDATA[\DirXML-Tree\Novell\PRV\]]><copy-name/> </placement> </placement-rule> <placement-rule> <![CDATA[\DirXML-Tree\Novell\]]><copy-attr attr-name=”Surname"/> </placement-rules> Determines criteria for placement of the new object Criteria can be based on class, attribute, or path

Building Associations on the Subscriber Channel Desired eDirectory event occurs Error Apply matching rule: Multiple Apply create rule Does this object have an association? NO Number of matches Do we have all required attributes? NO Zero Query App Query eDirectory One YES YES Modify App object Modify eDirectory object Modify App Object Merge attributes Apply placement rule Write association Create App Object Mark association pending

Building Associations on the Publisher Channel Error Desired App event occurs Apply matching rule: Multiple Does this object have an association? Apply create rule Number of matches Do we have all required attributes? NO NO Query eDirectory Zero Query eDirectory One YES YES Modify eDirectory object Modify eDirectory object Modify App object Merge attributes Query App Apply placement rule Write association Create eDirectory object

Data Transformation Problem Solution Applications have different representations for the same data 15.2.1965 vs. 2/15/65 Solution DirXML allows data to be transformed to a canonical format Requires an XSLT stylesheet Extensions can be provided to call procedural programs

Data Transformation HR E-mail 2/15/1965 2/15/1965 15.2.1965 2/15/65 CN Bobby Department Sales EmpId 003456 2/15/1965 E-mail bdoe@ab.com 2/15/1965 Date of birth 2/15/1965 Assoc. E-mail bdoe@ab.com 15.2.1965 Assoc. HR 003456 2/15/65 EmpId 003456 Address bdoe@ab.com Dept Sales Dept Sales DOB 15.2.1965 Birthdate 2/15/65 HR E-mail

Event Transformation Problem Solution Events may need to be transformed A delete event may need to be transformed into a modify Solution DirXML allows events to be transformed to perform other operations Is processed before the DirXML add processor Requires an XSLT stylesheet Extensions can be provided to call procedural programs

Event Transformation HR O=People OU=Sales OU=Engineering CN=Rita CN=John CN=Bobby deleted CN=Bobby CN=Suzy Delete object CN=Bobby 003456 disabled 003456 005484 007886 009843 HR

Transforming Between eDirectory Format and Application Format Rules and Stylesheets eDirectory to APP Subscriber Channel eDirectory Event eDirectory formatted XML APP formatted XML Apply to APP DirXML Driver Shim DirXML Engine Novell eDirectory Application Publisher Channel APP to eDirectory APP formatted XML Apply to eDirectory eDirectory formatted XML APP Event DirXML Novell eDirectory Server Rules and Stylesheets

Order of Rule Processing on the Subscriber Channel The DirXML Engine Subscriber Filter Does an association exist? Event Cache Schema Mapper Convert Event to XML YES NO Event Transformation Command Transformation Output Transformation Matching Rule Create Rule Placement Rule Subscriber Add Processor

Order of Rule Processing on the Publisher Channel Publisher Add Processor Placement Rule Create Rule Matching Rule Publisher Filter Schema Mapper Convert XML to eDirectory NO YES Does an association exist? Command Transformation Event Transformation Input Transformation The DirXML Engine

DirXML 1.1 New Functionality Novell BrainShare 2002 DirXML 1.1 New Functionality Remote Loader Command Transformation Rule Rule Chaining Dynamic Class Loader Enhanced Error Logging Product Activation TUT235—Understanding Novell DirXML Technology

Command Transformation Similar to Event Transformation Is processed after the DirXML add processor Requires an XSLT stylesheet Extensions can be provided to call procedural programs

Rule Chaining Previously, if more complex policies were required, a DirXML rule could be replaced by an XSLT stylesheet You could reference either a DirXML rule, or an XSLT stylesheet, but not both Rule Chaining DirXML rules can now reference XSLT stylesheets Provides the ability to simply describe most policies in a DirXML rule and reference XSLT stylesheets to describe the more complex policies

Novell BrainShare 2002 Dynamic Class Loader Previously, the administrator needed to reload the JVM if The classpath changed A new .JAR file (java drivers) is added Dynamic Class Loader New .JAR files are loaded upon request Reload JVM only if replacing an existing .JAR file TUT235—Understanding Novell DirXML Technology

Enhanced Error Logging Novell BrainShare 2002 Enhanced Error Logging DirXML engine and drivers Historically errors have been written in multiple locations Errors are now written to the appropriate object Driver set Publisher Subscriber Errors are still written to log files and the trace screen This greatly reduces effort needed to find error information TUT235—Understanding Novell DirXML Technology

Novell BrainShare 2002 DirXML Activation To allow for easier evaluation, DirXML 1.1 is now freely available for a 90 day trial period DirXML 1.1 can then be “Activated” once the product has been purchased The Activator assists customers in notifying Novell about Themselves The product they are activating The “domain” they are activating the product in TUT235—Understanding Novell DirXML Technology

Conclusion DirXML provides a bi-directional data flow framework between eDirectory and enterprise applications DirXML matches existing business processes Administrators determine the data to be shared Runs on all Novell eDirectory supported platforms (NetWare, Win2K, NT, Solaris, Linux, AIX) Requires no changes to existing applications Transforms data into the format required by the target application

Training and Education at BrainShare Study and preview Directory and Database Integration Using DirXML (Course 992) at The Learning Zone DirXML self-study materials at the BrainShare Bookstore

Training and Education Directory and Database Integration Using DirXML Course 992 Import Drivers Implementation Strategies ATT—Advanced DirXML Troubleshooting Techniques Customization XML, XDS Rules, and XSLT Provo, March 25-28 Additional information at http://www.novell.com/education/train_product/dirxml.html