4.8 Importing, validating, and deploying directory abstraction layer definitions

Importing, validating, and deploying directory abstraction layer definitions are actions performed from the Provisioning View of the designer.

4.8.1 About importing

The import feature lets you import a set of existing definitions. You’ll want to use import when:

  • You want to begin a new project based on a deployed project.

  • You want to share definitions with other developers working on the same project. For example, another developer adds an attribute to the user entity, or adds a new global list. If the developer deploys the new definition to the identity vault, you can import it, and ensure that you are both working with identical definitions.

To import existing definitions:

  1. Open the Provisioning View.

  2. Determine whether you want to import:

    • A complete set of definitions

    • A set of one definition type, such as all entities or all relationships.

    • A specific object (such as the User entity)

  3. To import:

    • A specific object, select it from the list, right-mouse and select Import Object.

    • A complete set of definitions, select the Directory Abstraction Layer node, right-mouse and select Import All or Import Object.

  4. Click the eDirectory Browse icon and navigate to the DirectoryModel node and select the object(s) to import then click OK.

    • If the objects match, then you are notified that there are no differences and the import does not proceed.

    • If the objects do not match, you are able to confirm which object(s) to import. Review the items selected for import, make any changes needed then click OK.

Setting import preferences

Import preferences let you specify how you want the designer to resolve conflicts between the data in the identity vault and your local directory abstraction layer files. These conflicts can arise because different users and tools have access to the identity vault’s directory abstraction layer definitions. The definitions can be changed by other administrators or developers using iManager tools or their own local designer-based project. When conflicts arise between the definitions on your local file system and the identity vault, these preferences allow you to specify how the conflicts are handled.

To set Import preferences:

  1. Choose Window>Preferences.

  2. Open the Provisioning node of the tree and click Import.

    Description: Description: Illustration

  3. Choose the preferences:

    Preference

    Description

    Modified external object will overwrite modified local object

    Both the local file and the identity vault definitions contain changes. The local changes have not yet been deployed.

    Select this option if you want the identity vault object to overwrite the changes that you’ve made to the local file.

    Unmodified local copy overwritten by externally recreated object

    The identity vault object was deleted and then recreated. The local file set includes the original definition with no changes.

    Select this option if you want the import to overwrite the local copy.

    External object overwrites modified local object

    The local file contains changes not deployed to the identity vault. Select this option if you want the local files to be overwritten on import.

    External object overwrites deleted local object

    You have deleted a definition locally, but have not deployed the changes. This means that the object still exists in the identity vault.

    Select this option if you want identity vault objects to be copied to the local file system. If you choose this option, you will lose your undeployed changes.

4.8.2 About validation

You can validate the directory abstraction layer data definitions on the local files system before you attempt to deploy them. The validation:

  • Verifies that the XML is well-formed and complies with the schema that defines the elements needed for entities, attributes, lists, relationships, and so on.

  • Checks every entity to ensure that references to other entities and global lists are valid.

For example when validating an entity and its attributes, the validator checks that all references to other entities via the Edit Entity, DN Lookup, and Detail Entity fields reference entities that actually exist.

  • Ensures that every entity has at least one attribute defined.

  • Ensures that every local and global list contains at least one item.

You can selectively validate definitions from the Provisioning View. To validate:

  • All of the items within a node, select the node, right-mouse and select Validate.

  • A single object within a node, select the object, right-mouse and select Validate.

You can validate all of the definitions by clicking the Validate Abstraction Layer button from the directory abstraction layer toolbar.

NOTE:The validation does not check the identity vault for the existence of any objects.

4.8.3 About deploying

You must deploy your definitions to an identity vault before you will see the resulting changes within the Identity Manager user application.

To deploy a set of definitions to an identity vault:

  1. Save all of the changes that you’ve made using the directory abstraction layer editor.

    If you do not save your changes before attempting the deploy, the editor display a dialog that shows the definitions that have not been saved. It prompts you to save the most recent changes. If you do not to save the changes, the object is still deployed to the server but what is deployed does not include the unsaved changes. Choosing not to save the changes does not cancel the deployment.

  2. Open the Provisioning View.

  3. Decide if you want to deploy all of the objects defined using the directory abstraction layer editor or a subset.

    • To deploy all:

      Select the root node, right-mouse and choose Deploy All

    • To deploy a specific entity, relationships, list, or configuration setting:

      Select it, right-mouse and choose Deploy object.

    You might be prompted for identity vault credentials. The editor performs a validation and displays any validation messages in a dialog. Respond to the validation messages by selecting/deselecting the items to deploy. After you’ve made your deployment selections and submitted them, you are notified on the deployment’s success or failure.

Setting deployment preferences

Deploy preferences let you specify how you want the designer to resolve conflicts between the data in the identity vault and your local directory abstraction layer files. Conflicts might arise because other users have deployed changes to the identity vault and these changes are not reflected in the definitions on your local file system. To ensure that conflicts are handled the way you want them to be, you can set preferences specifying the conflict resolution.

To set Deploy preferences:

  1. Choose Window>Preferences.

  2. Open the Provisioning node of the tree and click Deploy.

    Description: Description: Illustration

  3. Specify general deploy preferences:

    Preference

    Description

    Set delete from identity vault as default for all “Confirm Delete” dialogs

    If you attempt to delete an object in the Provisioning view or the directory abstraction layer editor, you are prompted to confirm the deletion with a dialog like this:

    This preference determines whether the delete confirmation dialog check box labeled Delete object in identity vault on deploy is selected by default. To select this preference means the default is to always delete the identity vault object.

    The local object is always deleted.

    Allow deployment of objects with validation errors

    Select—Select this option if you want to deploy objects that fail validation. At deploy, the designer validates the definitions that are being deployed following the validation rules outlined in Section 4.8, Importing, validating, and deploying directory abstraction layer definitions.

    Deselect—To prevent deployment of definitions that fail validation.

    Allow deployment of unmodified objects that will overwrite externally modified newer version

    Select—If your local files have not been changed, but the identity vault objects have. Do you want the local files to overwrite the identity vault files? If so, then select this preference.

    Deselect—If you want to keep the newer identity vault versions.

    When selected, you can set this as the default behavior by also selecting the conflict resolution preference Unmodified local copy overwrites externally modified newer version.

  4. Specify conflict resolution preferences:

    Preference

    Description

    Local change overwrites externally created object

    Select—If you want the object you are deploying to overwrite the object that is in the identity vault.

    Deselect—Deploy does not occur when this conflict occurs.

    Unmodified local copy recreates externally deleted object

    Select—If you want the local object you are deploying to create an object that was already deleted from the identity vault.

    Deselect—Deploy does not occur when this conflict occurs.

    Local change overwrites externally modified object

    Select—If you want the local definition to always be deployed even if the identity vault has been changed by another user.

    Deselect—Deploy does not occur when this conflict occurs.

    Local copy overwrites deleted and recreated object

    Select—If you want the local object to always be deployed even if the identity vault object has been deleted or has been deleted and recreated.

    Deselect—Deploy does not occur when this conflict occurs.

    Unmodified local copy overwrites externally modified newer version

    This preference can only be set when the general deploy preference Allow deployment of unmodified objects that will overwrite externally modified newer version is selected.

    Select—If your local files have not been changed, but the identity vault objects have changed and you always want the local files to overwrite the identity vault files as the default behavior.

    Deselect—If you want to keep the newer identity vault versions.