Loopback Service Driver: Facilitating Moving Objects Using the Move Proxy Service

DirXML drivers can synchronize objects that are replicated on the same server, in either a master or read/write replica. One of the things a driver can do is to move objects from one container to another. For example, you can set up a driver to place users in Novell® eDirectoryTM based on the organization they are assigned to in a human resources application. When the organization for a user is changed in the human resources application, the driver can move the eDirectory user object to the corresponding container.

If you want a driver to be able to move objects from one container to another, you need to do one of the following:

The Move Proxy service is a particular configuration that you can run with the Loopback Service Driver shim. This section explains the Move Proxy service and how to set it up and configureother connected system drivers to take advantage of the service.

In this section:


Understanding the Move Proxy Service

With NsureTM Identity Manager and eDirectory, moving an object is best done on the master replica, especially if any other modifications are being made to the object at the same time.

If you want a driver to be able to move objects from one container to another, you need to do one of the following:

The Move Proxy service is a Driver object with a special configuration that you run on the server with the master replica. The purpose of the Move Proxy service is to move objects on behalf of DirXML drivers that are running on servers that hold read/write replicas. Delegation of the move allows object modifications that were performed by the delegating driver to replicate to the master server before the move is performed.

The following steps take place when a move is delegated from a driver to the Move Proxy service:

  1. A driver delegates the move by setting a value for the moveProxyTrigger attribute of the object that needs to be moved. The driver sets the moveProxyTrigger attribute to the DN of the destination container to which the object should be moved.
  2. The Move Proxy service monitors "add value" events for the moveProxyTrigger attribute, and converts the events into a custom commands that specify the source DN of the object to be moved and the DN of the destination container.

    The custom command is created by the Subscriber Event Transformation Rule of the Move Proxy service driver.

  3. The Move Proxy service driver initiates the actual object move on its Publisher channel. Then the Move Proxy service driver removes the destination DN value from the object moveProxyTrigger attribute.

    If the move fails with a "retry" status (usually because a previous move of the same object has not yet completed), the status is returned to Identity Manager via the Subscriber channel. Identity Manager will resubmit the original event every 30 seconds or until the move succeeds or fails for other reasons.


Setting Up the Move Proxy Service

Set up the Move Proxy service on the server that holds the master replica. For an overview of when you might need this service, see Understanding the Move Proxy Service.

After completing this procedure, configure drivers that are running on other servers to delegate their moves to the Move Proxy driver, so the moves can be performed on the master replica.

  1. Install Identity Manager on the server with the master replicas, if it is not already installed.

  2. Confirm that the following files for the Move Proxy service have been installed with Identity Manager. If they have not been installed, obtain them from your product distribution or from Novell Support.

    • loopback.jar

      This is the Loopback Driver shim file needed to run the Move Proxy service. This driver shim file should be placed in the /lib directory of the respective OS.

    • moveproxy.xml

      This is the driver configuration file. If it is not placed in the default location where the other driver configuration files are located, you need to browse to it when you are creating the Driver object in Step 4.

    • moveproxy.xlf

      This file creates the prompts you see when importing the driver configuration moveproxy.xml.

    • mvproxy_client_publisher_command_transformation.xsl

      This file provides the Command Transformation style sheet that you add to each driver that delegates moves to the Move Proxy service, as explained in Configuring Other Drivers To Delegate Moves to the Move Proxy Service.

  3. Confirm that your eDirectory schema includes the attribute named DirXML-moveProxyTrigger. If it does not, extend the eDirectory schema using the mvproxy.sch file and the appropriate utility depending on your platform (nwconfig on NetWare, install.dlm on Win32, and ndssch on UNIX).

    Obtain the mvproxy.sch file from Novell Support.

    NOTE:  If the schema already includes the DirXML-moveProxyTrigger attribute, your product distribution should also contain the files listed in Step 2. If your schema does not include the attribute, and you obtain the mvproxy.sch schema extension file and the other files listed in Step 2 from Novell Support, keep in mind that the files from Novell Support use an attribute named moveProxyTrigger instead of DirXML-moveProxyTrigger. The setup is the same but the attribute name is slightly different.

  4. Create a new DirXML Driver object for the server holding the master replica, importing moveproxy.xml to create the driver configuration.

    The DirXML Engine runs this Driver object using the Loopback Driver shim.

  5. For the new Driver object you just created, edit the Subscriber and Publisher filters to include the object classes for which you want moves to be proxied. Then add the DirXML-moveProxyTrigger (or moveProxyTrigger) attribute to the filter for each of those classes.

    Do not add any other attributes for the classes in the filters.

  6. Set the desired Driver Startup Option for the Driver object, and start the driver.

    After the driver has been configured and is operating correctly, Automatic is the preferred Driver Startup Option.

  7. Make sure the drivers on other servers are set up to take advantage of the Move Proxy service, by setting them up as clients of the Move Proxy service, as explained in Configuring Other Drivers To Delegate Moves to the Move Proxy Service.


Configuring Other Drivers To Delegate Moves to the Move Proxy Service

For an overview of when you might need this service, see Understanding the Move Proxy Service.

  1. Make sure you have completed Setting Up the Move Proxy Service.

  2. Create a DirXML-Stylesheet object in the driver's DirXML-Publisher object.

  3. Confirm that the file named mvproxy_client_publisher_command_transformation.xsl has been installed with Identity Manager.

    This style sheet is one of the Move Proxy files that you checked for in Step 2. If it has not been installed, obtain it from your product distribution or from Novell Support.

  4. In the new Stylesheet object you just created, go to the Edit XML property page and paste in the contents of the file named mvproxy_client_publisher_command_transformation.xsl.

  5. Make the style sheet part of the Command Transformation Rule by doing one of the following:

    • If the DirXML-Publisher object does not have a Command Transformation Rule, make the new style sheet the Command Transformation Rule.
    • If the DirXML-Publisher object already has a Command Transformation Rule, use rule chaining and set the next transformation of the existing Command Transformation Rule to be the new style sheet.

  6. If any style sheets used in either the Subscriber or Publisher channel are generating and sending moves to eDirectory via the srcCommandProcessor or destCommandProcessor, modify those style sheets to send a modify event similar to the one generated by the new Command Transformation Rule you created in Step 5.