placement-rules

Deprecated as of Identity Manager 2.0. Use DirXMLScript <policy> instead.

Remarks

<placement-rules> is the top level (document) element for object placement rules. Object matching rules are stored in the DirXML-XmlData attribute of a DirXML-Rule object that is pointed to by the DirXML-PlacementRule attribute of a DirXML-Subscriber or DirXML-Publisher object.

In the Subscriber channel, the source is eDirectory, and the destination is the application. In the Publisher channel, the source is the application and the destination is eDirectory.

Object placement rules are used to generate a distinguished name for an object that is about to be created as the result of an <add> event in the source. (Identity Manager automatically converts <modify> into <add> for events from unassociated objects). Object placement rules are applied only after any existing creation rules are applied and the <add> is not vetoed.

<placement-rules> contains 0 or more <placement-rule> elements. The placements rule processor evaluates each <placement-rule> in order until a suitable rule is found. That rule then fills in the dest-dn attribute of the <add>.

The distinguished name format for the source event is specified by src-dn-format or src-dn-delims (but not both) and must be match what the source application actually uses. The distinguished name format for the destination event is specified by dest-dn-format or dest-dn-delims (but not both) and must match what the destination application actually uses. The format used by eDirectory through Identity Manager is slash.

One of the standard DN formats should be adequate for most applications, but it might be necessary to specify a custom delimiter set. The eight characters that make up the delimiter set are defined as follows:

  • Typed Name Boolean Flag: 0 means names are not typed, 1 means names are typed

  • Unicode* No-Map Character Boolean Flag: 0 means don't output or interpret unmappable Unicode characters as escaped hex digit strings, such as \FEFF. The Unicode characters 0xfeff, 0xfffe, 0xfffd, and 0xffff are not accepted by eDirectory.

  • Relative RDN Delimiter

  • RDN Delimiter

  • Name Divider

  • Name Value Delimiter

  • Wildcard Character

  • Escape Character

If the RDN Delimiter and Relative RDN Delimiter are the same character, then the orientation of the name is root right, otherwise the orientation is root left.

Example

<placement-rules src-dn-format="slash" dest-dn-format="ldap">        <!-- for Users coming from the subtree \Tree\novell in eDirectory-->        <!-- place them in the same relative hierarchy under o=novell -->        <placement-rule>                <match-class class-name="User"/>                <match-path prefix="\TREE\novell"/>               <placement><copy-path-suffix/>,o=novell</placement>        </placement-rule>        <!-- for all other users and groups -->        <!-- place them in the department container under novell -->        <placement-rule>                <match-class class-name="User"/>                <match-class class-name="Group"/>                <placement>cn=<copy-name/>,ou=<copy-attrattr-name="OU"/>,o=novell</placement>        </placement-rule>        <!-- for everything else, try to mirror the hierarchy -->        <placement-rule>                <placement><copy-path/></placement>        </placement-rule></placement-rules>

Allowed Content

Element

Description

placement-rule

Object placement rule. Deprecated as of Identity Manager 2.0.

Attributes

Attribute

Possible Values

Default Value

dest-dn-delims

CDATA

Custom delimiters for the dest-dn.

#IMPLIED

dest-dn-format

dot | qualified-dot | slash | qualified-slash | ldap

Format of the src-dn.

slash

src-dn-delims

CDATA

Custom delimiters for the src-dn.

#IMPLIED

src-dn-format

dot | qualified-dot | slash | qualified-slash | ldap

Format of the src-dn.

slash

Content Rule

( placement-rule * )

Parent Elements

None