Novell Cool Solutions: Feature
By Richard F. Moore
Digg This -
Posted: 28 Mar 2001
I would like to pass on some DirXML goodies that I acquired while working on the Gateway DirXML project. DirXML is an awesome technology and is a very valuable skill set to acquire. Resources and information are scarce, but it's getting better. Below are the explanations and a few tips on using these tools.
Stylesheets: Stylesheets let you transform data using logic while it passes to or from NDS. I have enclosed a few examples along with a brief explanation. The good thing is that you can use these to learn from and write you own. You will need a book written by Michael Kay titled "XSLT Programmers Reference" if you want to learn the language since you pretty much on your own. I would rather go to the dentist then write a stylesheet :)
PubCreateStripAdd: This stylesheet will work on either channel if you want to strip out an add event in order to keep accounts from being created. You probably will never use this on the subscriber channel as you would defeat the purpose of DirXML. Sometimes you may not want a disparate database like NT Domain from creating accounts in NDS. In this scenario an account will be created only from NDS to the domain. Whenever a new account is created in NDS it will try and match accounts in other databases. If an account is in the domain that matches the new NDS account you will get a match and close the loop on the rouge NT account.
SubNameCreate: This stylesheet will change the name of the account before is created in the destination database. The default action is to create the destination account using the NDS CN. I tested this with the NT domain driver on the subscriber channel. It is set to use the first two characters of the first name plus the last name for the account name. You can easily change it to use any attribute or combination of attributes to make an account name.
NameCreateRule: This stylesheet was written to provide a fallback if you tried to create an account in NDS that already existed. This is a great stylesheet for learning XSL.
PS_SSCreate: This is for the Peoplesoft publisher channel. It is another great example to learn from. Great example of how to query NDS.
AddPassword_1: This demonstrates how to add an initial password during an add event.
DeleteToDisable: This stylesheet will strip out a delete on the Publisher channel and change it to a disable. I will have one later this week that will do the same thing on the NT Driver subscriber channel.
Xml Rules: Xml rules define minimum criteria for creates and matches along with instructions on where to place objects.
SubCreateXml: I use this on the NT Driver subscriber channel to force a boolean attribute in NDS to hold a value of true before a create event can be proceed. The other match in this rule is for an attribute that will never be there. The account will never be created unless the attribute I have defined has a value of true. Very useful.
ExchSubCreateXml: I use this rule on the Exchange driver subscriber channel. I have one rule that preferred name must be present for the create and one rule that requires a location attribute and a default if one is not present. The preferred name attribute is populated in NDS by the Domain driver. Preferred name is then mapped to the preferred account variable in the Exchange driver. This allows the Exchange driver to work in unison with the Domain driver by knowing what domain account to associate the new mailbox with during the create. You can use the Exchange driver to create domain accounts, but in order to use both drivers at the same time you have to use this method. The benefit of using the Domain driver over just creating the domain accounts with the Exchange driver is that you cannot create the home directory, change the description, or the full name with the Exchange driver.
Tips and Tricks
- Set the application log in the event viewer to roll over events when the log fills to capacity. If you don't, DHOST will most likely gpf when it happens.
- Acquire dependancy walker (Depend.exe). This application allows you to load DLL, EXE etc and determine why your driver won't load. Great example is when you run the Exchange driver remote from the Exchange server. The driver will not load and you will have a sad face. This configuration requires that DAPI.DLL is present. Solution is to install the Mailbox Manager Application on the box. Without depend you may jump off a roof :)
- Go to the other tab on your driver set and add both DirXML trace options and set to 3. This will give you the tracing you need to debug your XSL, and XML.
- DirXML on NT loves processors. Quad boxes really perform well.
- If you receive an error while trying to access the mapping rule make sure you driver is not disabled and you have the correct path to the Driver DLL or JAR
- When bringing up a DirXML implementation for the first time you will most likely encounter a vast number of accounts in disparate databases that will have to be matched to a unique NDS identity. This will require that an identity is created in NDS and an association is created for each database that has a matching account. You may either let DirXML automatically build the associations based on your matching rules or do it manually. The manual method is the method of choice. Every database has a limited set of attributes that can be used to make a match, while tools such as Pearl, Java etc can take advantage of any attribute an application has to determine a match. Once your data is matched you can bulkload the NDS accounts with an LDIF and bulkload the associations with Oimport. DO NOT USE LDAP TO BULKLOAD THE ASSOCIATION. LDAP has a bug the will randomly corrupt the association. I have seen this bug on NT Domain account associations. The domain association uses "\" to separate the account name from the domain name. It appears that a "\" with the right combination of letters is interpreted as an escape character. You will see all types of weird symbols in the broken association. Use the Oimport/Oexport and schema file that I have attached. It's special. I have also included an example input file. Test is the domain name in the example.
- If you choose to use the bulkload method make sure that your driver has never been started and you have it set to a disabled state. A disabled state will keep it from caching events and a virgin driver will not have a base timestamp for changes. Everything will still work if you forget this step, but the server will be confused and check every account when you start it up. This tends to spin up the server really good.
- If you have the dstrace enabled for max Dirxml events and are inducing a load on the DirXML engine. Killing the dstrace screen may gpf DHOST.
- Do not try to add more than one driver set to a server. You will have a sad face as all of your drivers in the previous driver set will be trashed. Group servers together based on driver. If you have two servers that both run the NT and Exchange driver they should belong to the same driver set.
- Open NDSCONS and highlight DS (TAO). Click configure and you will see all of the triggers and DS parameters that you can change.
- I have a patch for the 629C Tao release that fixes some memory leaks. Let me know if you want it.
- Don't forget to use a -D when expanding the NDS and DirXML files to create the directory structure.
- If your attribute is not present in the filter for either the subscriber or publisher it will not pass thru the channel. This is helpful if you want data to move in one direction or the other. Very frustrating if you don't know about it.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com