The DirXML Data Sharing Model

In simplest terms, DirXML delivers application-specific drivers and a data transformation engine to communicate data changes between applications. DirXML drivers take their direction for what data to manage and how to manage it from DirXML rules and style sheets. You customize these rules and style sheets to meet requirements unique to your environment.

Figure 1
DirXML Architecture

DirXML employs PasswordSync Filters to capture password changes and PasswordSync Agents to communicate those changes to eDirectory.

Figure 2
Password Synchronization Model

These DirXML components and their functions are described briefly in the following sections.

For a more complete discussion of DirXML and PasswordSync architecture, see the following documents:

DirXML Engine

The DirXML engine is the communication foundation for any number of drivers communicating with various databases, directories, and applications. The DirXML engine translates data events into XML documents and uses rules to determine how the data modifications are sent to participating applications. The engine ensures consistent processing methods for disparate data.

DirXML Driver for Active Directory

This driver runs on a Windows* workstation or server and is designed to synchronize data between Active Directory and participating applications. Using the Active Directory driver, you can also enable an Active Directory object as a Microsoft Exchange 2000 mailbox. The driver comes with a configuration file to help you set up initial data processing policies and driver behavior.

DirXML Driver for NT Domain

This driver runs on a Windows workstation or server and is designed to synchronize data between an NT 4 domain and participating applications. It comes with a configuration file to help you set up initial data processing policies and driver behavior.

DirXML Driver for eDirectory

This driver runs on an eDirectory server (a NetWare server for this Starter Pack) and is designed to synchronize objects and attributes between different eDirectory trees. Because you are synchronizing data between eDirectory trees, you will always have two drivers installed, each in its own tree. The driver in one tree communicates with the driver in the other tree. The driver comes with a configuration file to help you set up initial data processing rules and driver behavior.

Evaluation Drivers

In addition to the licensed drivers that are included when you purchase the DirXML Starter Pack, additional drivers are included in the media for your evaluation. They may include the following:

Evaluation drivers are fully functional, separately licensed drivers. They provide you with the opportunity to explore data synchronization for additional systems.

NOTE:  Evaluation drivers are not provided as product updates. To download patches and fixes for DirXML drivers, visit Product Updates.

You are invited to install these drivers and test them with your own data; however, unless activated, an evaluation driver will stop working 90 days after installation. To continue using the driver, you must purchase and activate it. This purchase and activation is separate from the purchase and activation of the Starter Pack.

If you decide not to purchase an evaluation driver that you have tested, you should uninstall it and reverse any data changes resulting from your use of the driver.

Filters, Rules, and Style Sheets

Filters, rules, and style sheets are the driver-specific controls that manage data exchange and transformation. They are applied to data coming from the target system into eDirectory (Publisher data) and to data going from eDirectory into the target system (Subscriber data).

Filters specify which objects and attributes can be shared between the target system and eDirectory. A driver generally has two filters: the Subscriber filter, which determines the objects and attributes that are owned by eDirectory and are pushed to the application, and the Publisher filter, which determines the objects and attributes that are owned by the application and pushed to eDirectory.

Rules are used to define requirements for object creation, matching, and placement. For example, a Creation rule might require that a User object include values for the Given Name and Surname attributes before the creation can take place.

Style Sheets are XSLT documents used to transform events and data. For example, you might have an event transformation style sheet that generates an initial password based on user-specific data when a new account is created. Complex customizations are managed with style sheets and require XSLT expertise.

Password Synchronization Filters and Agents

PasswordSync Filters intercept password changes and then route the change notifications to PasswordSync Agents for distribution. Filters also receive relayed notice of password changes from agents and then set new passwords in the domain. A filter must be installed on every domain controller in each domain that participates in password synchronization.

The PasswordSync Agent is a service that runs on a Windows computer. When an agent receives password change notifications, it finds an available domain controller for each of the domains that it services and then sends the notification to the filters installed on these domain controllers. You can install agents on several workstations to improve performance when network topology issues arise and to provide redundancy for fault tolerance.

Agents and filters are indirectly dependent on DirXML drivers; they rely on the drivers to ensure that the necessary password synchronization objects and attributes are established initially.

DirXML Objects in eDirectory

DirXML components are represented as objects in the eDirectory tree. These objects include the following:

Object Description

 Driver Set

A driver set is a container that holds DirXML drivers. Only one driver set can be active on a server at a time. As a result, all active drivers must be grouped into the same driver set.


A DirXML driver object represents a driver that connects to an application that integrates with eDirectory.


DirXML rule objects define the criteria for data exchanges. DirXML includes the following kinds of rules:

  • Matching Rule: Specifies what constitutes a match when objects already exist in both eDirectory and the target application
  • Creation Rule: Determines the requirements for object creation
  • Placement Rule: determines object placement
  • Schema Mapping Rule: Establishes the mapping between objects and attributes in the target application and those in eDirectory

Each driver comes with a default set of rule definitions that you can modify to meet the data sharing requirements of your environment.


This object represents a PasswordSync Agent. The agent uses this object to authenticate to eDirectory and gain access to other objects participating in password synchronization, including users, nadDomains, and servers.


This object provides the connection between a PasswordSync Agent (represented as the parent nadPwdSync Object) and a domain. It holds domain-specific information required by the agent.


The nadDomain object describes a single NT or Active Directory domain. Each nadDomain object holds a DirXML association with the DirXML driver that controls the domain.

Management Utilities

We recommend that you set up and configure DirXML using Novell iManager 2.0. iManager includes several DirXML wizards to help you quickly complete tasks such as creating a new rule, creating a new driver, or exporting existing driver configurations. It also gives you a graphical view of DirXML objects and their relationships to each other.

Figure 3
Novell iManager 2.0

NOTE:  The initial release of iManager 2.0 runs only on NetWare 6.5. Subsequent releases will run on additional platforms. If iManager is not an option for your environment, DirXML can be managed using ConsoleOne®. Information about using ConsoleOne to manage DirXML is available in the DirXML 1.1 Administration Guide.

  Previous Page: Introducing the Novell DirXML Starter Pack  Next Page: Default Data Flow