A.0 Example
XML Document Received from the Driver
The following example is a typical XML document received from
the default driver configuration.
<nds dtdversion=”1.0” ndsversion=”8.5”>
<source>
<product build="20050509_1030" instance="SAP-USER-REMOTE-46C" version="1.0">Identity
Manager Driver for User Management of SAP Software</product> <contact>Novell, Inc.</contact>
</source>
<input xmlns:sapshim="http://www.novell.com/dirxml/drivers/sapusershim">
<modify class-name="US" event-id="O_001_0000000000216097" src-dn="SSAMPLE"
timestamp="20030509">
<association>USdJSMITH</association>
<modify-attr attr-name="PROFILES:BAPIPROF">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="USERNAME:BAPIBNAME">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="ACTIVITYGROUPS:AGR_NAME">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="PROFILES:BAPIPROF">
<add-value>
<value>SAP_ALL</value>
<value>SAP_NEW</value>
</add-value>
</modify-attr>
<modify-attr attr-name="USERNAME:BAPIBNAME">
<add-value>
<value>JSMITH</value>
</add-value>
</modify-attr>
<modify-attr attr-name="ACTIVITYGROUPS:AGR_NAME">
<add-value>
<value>SAP_EMPLOYEE</value>
</add-value>
</modify-attr>
</modify>
</input>
</nds>
Some characteristics to note:
- All XML documents received from the
SAP system are translated into <modify> documents. This translation
occurs because it is not possible to determine whether the object
described by the document has been modified or is new. Additional
modification or translation of the document is accomplished through
policies and the Metadirectory engine.
- The <modify> element contains the classname of
the object described in the SAP namespace (that is, US=User).
The event-id attribute contains the IDoc number from which the data
is derived. The src-dn attribute contains the SAP Object name value.
The timestamp attribute contains the date that the IDoc was processed
by the driver.
- The <association> element data always contains
the format “USd”.
User names in SAP are always uppercase.
- The <modify-attr> element contains the attr-name
described in SAP format (Structure or Table name:Attribute Name).
- Because multivalue attributes cannot be consistently
mapped across systems, the <remove-all-values> element is used
prior to all <add-value> tags on Publisher channel documents.
This instructs the Metadirectory engine to remove all existing values
for the attribute prior to assigning the new values. If this functionality
is not desired, one of the policies may be used to modify the document.
- All values are in a string format.
- All values for DirXML-locSapRoles and DirXML-locSapProfiles
require that you set two fields in SAP. In order to map from a single
string value to a structured format, default policies use a colon “:” delimiter
in the Identity Vault values (such as ADMCLNT100:SAP_ESSUSER),
which are then transformed to (or from) the SAP structured format. The Schema Mapping Policy indicates
the structure components to set for these values.