Novell Documentation: Novell Identity Manager 3

5.1 Filter Tasks in Designer

This section contains instructions on performing common filter-related tasks in Designer:

5.1.1 Accessing the Filter Editor

The Filter Editor allows you to edit the filter. There are two different ways to access the filter. To access the Filter Editor from within a project:

In an open project, click the Outline tab.
Click the Model Outline icon.
Select the driver you want to manage the filter for, then click the plus sign to the right.
Double-click the Filter icon and to launch the Filter Editor.

Figure 5-1 Outline Access

To access the Filter Editor through the Policy Flow:

In Designer, open a project, then click the Outline tab.
Select the Policy Flow icon.
Select the filter, which is represented by the Sync or Notify icons.
Double-click the filter as it appears in the Policy Set Manager below the Policy Flow to launch the Filter Editor.

Or

Double-click the Sync or Notify icons to launch the Filter Editor.

Figure 5-2 Policy Flow Access

5.1.2 Editing the Filter

The Filter Editor allows you to create and edit the filter. To display a context menu, right-click an item.

Removing or Adding Classes and Attributes

By removing or adding classes and attributes, you determine what objects synchronize between the connected data store and the Identity Vault.

Removing a Class or Attribute

If you do not want a class or an attribute to synchronize, the best practice is to remove the class or the attribute completely from the filter. There are two different ways to add or remove attributes and classes from the filter:

Right-click the class or attribute you want to remove, then select Delete.
Select the class or attribute you want to remove, then click the Delete icon in the upper-right corner.

Adding a Class

Right-click in the Filter Editor, then click Add class.

Or

Click the class icon in the upper-right corner
Browse and select the class you want to add, then click OK.
Change the options to synchronize the information.
To save the changes, click File > Save.

Adding an Attribute

Right-click in the Filter Editor, then click Add attribute.

Or

Click the attribute icon in the upper-right corner.
Browse and select the attribute you want to add, then click OK.
Change the options to synchronize the information.
To save the changes, click File > Save.

Copying an Existing Filter

You can copy an existing filter from another driver and use it in the driver you are currently working with.

Click the Copy an existing filter icon

Or

Right-click in the Filter Editor, then click Copy an existing filter.
Browse to and select the filter object you want to copy, then click OK.

If you have more than one Identity Vault in your project, you can copy filters from the other Identity Vaults. When you are browsing to select the other object, you can browse to the other Identity Vault and use a filter stored there.

Figure 5-3 Multiple Identity Vaults

Refreshing the Application Schema

If you have modified the schema in the connected application, these changes need to be reflected in the Filter. To make the new schema available, click the Refresh application schema icon in the toolbar.

When you create a new class or attribute mapping, you can see the new schema in the drop-down list for the connected application.

Setting Default Values for Attributes

You can define the default values for new attributes when they are added to the Filter.

Click the Set default values for new attributes icon in the upper-right corner.
Select the options you want new attributes to have, then click OK.

Modifying the Filter

The Filter Editor gives you the option of modifying how information is synchronized between the Identity Vault and the connected system. The Filter has different options for classes and attributes.

Class Options

Options	Definitions
Publisher	Synchronize - Allows the class to synchronize from the connected system into the Identity Vault. Ignore - Does not synchronize the class from the connected system into the Identity Vault.
Subscriber	Synchronize - Allows the class to synchronize from the Identity Vault into the connected system. Ignore - Does not synchronize the class from the Identity Vault into the connected system.
Create Home Directory	Yes - Automatically creates home directories. No - Does not create home directories.
Track Member of Template	Yes - Determines whether or not the Publisher channel maintains the Member of Template attribute when it creates objects from a template. No - Does not track the Member of Template attribute.

Attribute Options

Options	Definitions
Publisher	Synchronize - Changes to this object are reported and automatically synchronized. Ignore - Changes to this object are not reported nor automatically synchronized. Notify - Changes to this object are reported, but not automatically synchronized. Reset - Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher or Subscriber channel, not both.)
Subscriber	Synchronize - Changes to this object are reported and automatically synchronized. Ignore - Changes to this object are not reported nor automatically synchronized. Notify - Changes to this object are reported, but not automatically synchronized. Reset - Resets the object value to the value specified by the opposite channel. (You can set this value on either the Publisher or Subscriber channel, not both.)
Merge Authority	Default Behavior - If an attribute is not being synchronized in either channel, no merging occurs. If an attribute is being synchronized in one channel and not the other, then all existing values on the destination for that channel are removed and replaced with the values from the source for that channel. If the source has multiple values and the destination can only accommodate a single value, then only one of the values is used on the destination side. If an attribute is being synchronized in both channels and both sides can accommodate only a single value, the connected application acquires the Identity Vault values unless there is no value in the Identity Vault. If this is the case, the Identity Vault acquires the values from the connected application (if any). If an attribute is being synchronized in both channels and only one side can accommodate multiple values, the single-valued side’s value is added to the multi-valued side if it is not already there. If there is no value on the single side, you can choose the value to add to the single side. This is always valid behavior. Identity Vault - Behaves the same way as the default behavior if the attribute is being synchronized on the Subscriber channel and not on the Publisher channel. This is valid behavior when synchronizing on the Subscriber channel. Application - Behaves the same as the default behavior if the attribute is being synchronized on the Publisher channel and not on the Subscriber channel. This is valid behavior when synchronizing on the Publisher channel. None - No merging occurs regardless of synchronization.
Optimize Modification to Identity Manager	Yes - Changes to this attribute are examined on the Publisher channel to determine the minimal change made in the Identity Vault. No - Changes are not examined.

5.1.3 Testing Filters

Designer comes with a new tool called the Policy Simulator. It allows you to test your policies and filters before deploying them. You can launch the Policy Simulator through the Filter Editor to test your Filter after you have modified it. Follow the steps listed below to access the Policy Simulator and to test the Filter:

To access the Policy Simulator, click the Launch Policy Simulator icon in the toolbar.
Select Import to browse to a file that simulates an event, then click Open. This example uses the \simulation\add\User.xml file, which simulates an Add event for a user object.

The Policy Simulator displays the input document of the user Add event.
Click Start to begin the simulation.

The Policy Simulator displays the log of the Add event as well as the output document. With the radio button set to Log, you see the results of the Add event as you would through DSTRACE. With the radio button set to Output, the Policy Simulator displays the output document.
Click Continue to select a different input document and see the results of that event.
When you have finished testing the filter, click Close to close the Policy Simulator.

NOTE:You can edit the input and output documents. If you want to keep the changes, click the Save As icon.

5.1.4 Viewing the Filter XML Source

The Source view enables you to view and edit the XML by using an XML editor or text editor. The default editor that is loaded is associated to .xml file types. If a default editor can’t be found, the system text editor is loaded. The functionality and operations of the Source view are based on the editor that loads.

For more information about the XML source see Editing the DirXML Script.

To open the Source view, select Source, at the bottom of the Filter Editor’s workspace.

You can edit the XML through the XML editor. You can make changes here as well as through the GUI interface.

To choose a different XML editor for your source view:

From the Main menu, click Window > Preferences.
Click General > Editor > File Associations.
Select *xml from the list of file types.
Select the editor you want (for example, Novell XML Editor) in the Associated editors pane. (If the editor you want isn’t in the list, you can click Add, then add it to the list.)
Click OK.
Close and reopen the Filter Editor. The default editor should be loaded in the Source view.