Novell Doc: Identity Manager User Application: Design Guide - About the Directory Abstraction Layer

3.1 About the Directory Abstraction Layer

The directory abstraction layer is a set of XML-based files that define a logical view of an Identity Vault for the user application. The directory abstraction layer defines:

The Identity Vault objects and attributes that the user application can display or modify.
How the user application displays Identity Vault data.
What relationships the user application can display.
The provisioning request categories the user application can display.

You use the directory abstraction layer editor to define the contents of the directory abstraction layer.

3.1.1 About the Directory Abstraction Layer Editor

The directory abstraction layer editor is a graphical tool for defining the directory abstraction layer files. When you add a User Application driver to an Identity Manager project, Designer creates an initial set of directory abstraction layer files. These base files are displayed when you start the directory abstraction layer editor.

To start the directory abstraction layer editor:

Open the Provisioning view and double-click the Directory Abstraction Layer node.

Designer displays a tree containing Entities, Lists, Relationships, and Configuration nodes.

The following table describes the nodes.

Node	Description
Entities	Entities represent the Identity Vault objects available to the user application. There are two types of entities: Entities mapped from the schema: Entities that represent Identity Vault objects directly exposed to users via the user application. Users can typically create, search, and modify the attributes of these entities. Entities representing LDAP relationships: Called DN lookups, these entities represent indexed searches and are used to support particular types of attributes in the user application. DN lookup entities provide information about relationships between LDAP objects. DN lookup entities are: Used by the Org Chart portlet to determine relationships. Used in the Search List, Create, and Detail portlets to provide selection lists and DN contexts. Available to the workflow request and approval flow forms you define using the provisioning request definition editor.
Lists	Defines the contents of global lists. Global lists are: Associated with an attribute. The user application displays the attribute values as a drop-down list in the user application. Used to display Resource Request categories.
Relationships	Lets you map hierarchical relationships among schema-based entities. Used by the Organization Chart action of the Identity Self-Service tab of the user application.
Configuration	General configuration parameters.

Use the left pane to navigate the directory abstraction layer nodes. When you select an item in the left pane, the right pane displays the attributes and settings for the selection.
Use the right pane to define the properties for the selection. For more information about the properties, see Section 3.7, Directory Abstraction Layer Property Reference.

The following table describes the directory abstraction layer toolbar:

Table 3-1 Directory Abstraction Layer Toolbar

Toolbar button	Description
	Launches the Add Entity Wizard.
	Launches the Add Attribute Wizard.
	Launches the New List Wizard.
	Launches the New Relationship Wizard.
	Runs the Validation Checker.
	Launches the Set Global Access Modifiers dialog box.
	Launches the Set Global Localization dialog box.
	Sets focus on the next or previous location.

3.1.2 About Directory Abstraction Layer Editor Files

The directory abstraction layer files you work with are stored in the Designer project’s Provisioning\AppConfig\DirectoryModel directory. The filenames are derived from the object key.

Table 3-2 Local Directory Abstraction Layer Directories

Directory name	Description
ChoiceDefs	Contains the files that define global lists. Files have the .choice extension.
EntityDefs	Contains the files that define the entities and attributes. Files have the .entity extension.
RelationshipDefs	Contains the files that define the relationships available to the Org Chart portlet. These files have the .relation extension.

Designer creates the base set of directory abstraction layer files for each provisioning project. An identical set is deployed to the User Application driver when the user application is installed.

To customize the Identity Manager user application, you change the directory abstraction layer objects and deploy the changes to the User Application driver. Some entities, attributes, lists, and relationships are required for the user application to function properly. The editor displays a lock next to the definitions that you should not delete. From the list below, you can see that you should not delete the Task Group entity or any of its attributes.

Figure 3-1 The Task Group Entity Attributes