matching-rules

Deprecated as of Identity Manager 2.0 - use DirXMLScript <policy>.

Remarks

<matching-rules> is the top level (document) element for object matching rules. Object matching rules are stored in the DirXML-XmlData attribute of a DirXML-Rule object that is pointed to by the DirXML-MatchingRule attribute of a DirXML-Subscriber or DirXML-Publisher object.

In the Subscriber channel, the source is eDirectory, and the destination is the application. In the Publisher channel the source is the application and the destination is eDirectory.

Object matching rules are used to try to find a matching object in the destination for an unassociated object in the source as a result of an <add> event in the source. (Note that DirXML automatically converts <modify> into <add> for events from unassociated objects). Object matching rules are applied before deciding if a new object should be created in the destination.

<matching-rules> contains 0 or more <matching-rule> elements. The matching rule processor evaluates each <matching-rule> in order until one or more matching objects in the destination are found.

If exactly one matching object is found, that object is automatically associated with the source object and Identity Manager attempts to reconcile any differences in the attribute values of the two objects as allowed by the Publisher and Subscriber filters.

If more than one matching object is found, an error is signaled and the object either has to be manually associated or the object matching rules has to be modified to be more specific.

If no matching objects are found, Identity Manager continues processing the event.

Example

<matching-rules>        <!-- for Users, first try to match on Surname, Given Name andLocation -->        <matching-rule>                <match-class class-name="User"/>                <match-attr attr-name="Surname"/>                <match-attr attr-name="Given Name"/>                <match-attr attr-name="Location"/>        </matching-rule>        <!-- for Users, then try to match on Surname only in -->        <!-- the o=novell subtree -->        <matching-rule>                <match-class class-name="User"/>                <match-path prefix="o=novell"/>                <match-attr attr-name="Surname"/>        </matching-rule>        <!-- for all classes try to match on CN only -->        <matching-rule>                <match-attr attr-name="CN"/>        </matching-rule></matching-rules>

Allowed Content

Element

Description

matching-rule

Object matching rule. Deprecated as of Identity Manager 2.0.

Attributes

None

Content Rule

( matching-rule * )

Parent Elements

None