Determining Which Objects Are Synchronized

DirXML uses filters on the Publisher and Subscriber channels to control which objects are synchronized and to define the authoritative data source for these objects.

The default filters are illustrated in Filters. Use the following procedures to make changes to the default.

Defining Schema Mapping

Different LDAP servers have different schemas. When the driver is first started, it queries the server for the specific schema.

You must be familiar with the characteristics of eDirectory attributes and the LDAP server attributes. The driver handles all LDAP attribute types (cis, ces, tel, dn, int, bin).  It also handles the eDirectory Facsimile Telephone Number.

When mapping attributes, follow these guidelines:

• Verify that every class and attribute specified in the Subscriber and Publisher policies is mapped in the Mapping policy unless the class or attribute names are the same in both directories.
• Verify that an LDAP server attribute actually exists before mapping an eDirectory attribute to it. For example, the Full Name attribute is defined for a User object on eDirectory but fullname does not exist in an inetOrgPerson object on Netscape.
• Always map attributes to attributes of the same type, for example, strings attributes to strings attributes, octet attributes to binary attributes, telenumber attributes to telenumber attributes.
• Map multi-valued attributes to multi-valued attributes.

The driver does not provide data conversion between different attribute types or conversions from multi-valued to single-valued attributes. The driver also does not understand structured attributes except for Facsimile Telephone Number and Postal Address.

DirXML is flexible on the syntax that it accepts coming in from the Publisher, notably:

1. DirXML will accept any non-structured/non-octet syntax for any other non-structured/non-octet syntax as long as the actual data can be coerced to the appropriate type (that is, if eDirectory is looking for a numeric value, the actual data should be a number).
2. When DirXML is expecting octet data and gets another non-octet/non-structured type, it will coerce the data to octet by serializing the string value to UTF-8.
3. When DirXML is passed octet data and another non-structured type is expected, it will coerce the data to a string by decoding the Base64 data and then try to interpret the result as a UTF-8 encoded string (or the platform's default character encoding if it is not a valid UTF-8 string) and then apply the same rules as 1.
4. For faxNumber, if a non-structured type is passed in, 1) and 3) are applied to the data to get the phone number portion of the fax number, and the other fields are defaulted.
5. For state, False, No, F, N (in either upper or lowercase), 0 and "" (empty string) are interpreted as False, and any other value is interpreted as True.
6. For emailAddress, if a non-structured type is passed in, 1) and 3) are applied to the data to get the address, and the type is defaulted to 3 (SMTP).

To configure the Schema Mapping policy:

1. In iManager, click DirXML Management > Overview.

2. Locate the driver in its driver set.

3. Click the driver to open the Driver Overview page.

4. Click the schema mapping icon on the Publisher or Subscriber channel.

5. Edit the policy as appropriate for your setup.

Defining Object Placement

We recommend following the Netscape naming rules for objects in Netscape Directory Server. A brief explanation of naming rules is included here for your convenience.

The directory contains entries that represent people. These person entries must have names. In other words, you must decide what the relative distinguished name (RDN) will be for each person entry. The DN must be a unique, easily recognizable, permanent value. We recommend that you use the uid attribute to specify a unique value associated with the person. An example DN for a person entry is:

uid=jsmith,o=novell

The directory will also contain entries that represent many things other than people (for example, groups, devices, servers, network information, or other data). We recommend that you use the cn attribute in the RDN. Therefore, if you are naming a group entry, name it as follows:

cn=administrators,ou=groups,o=novell

The directory will also contain branch points or containers. You need to decide what attributes you will use to identify the branch points. Attribute names have a meaning, so use the attribute name with the type of entry it is representing. The Netscape recommended attributes are defined as follows:

Attribute Name	Definition
c	Country name
o	Organization name
ou	Organizational Unit
st	State
l	Locality
dc	Domain Component

A Subscriber Placement Policy specifies the naming attribute for a classname. The example below is for the User classname. The <placement> statement specifies that uid is used as the naming attribute.

<placement-rule>  
   <match-class class-name="User"/>  
   <match-path prefix="\Novell-Tree\Novell\Users"/>  
   <placement>uid=<copy-name/>,ou=People,o=Netscape</ 
 placement>  
</placement-rule>

The Subscriber Placement policy below specifies that ou is used as the naming attribute for class-name Organizational Unit.

<placement-rule>  
   <match-class class-name="Organizational Unit"/>  
   <match-path prefix="\Novell-Tree\Novell\Users"/>  
   <placement>ou=<copy-name/>,ou=People,o=Netscape</placement>  
</placement-rule>

Working with eDirectory Groups

Group attributes are different in eDirectory and Netscape Directory Server, so some special processing is required by the driver. On the Publisher channel, special processing takes place when the driver sees the attribute uniquemember in the classname groupofuniquenames.

The driver also sets the attribute Equivalent To Me in the eDirectory Group.  The attribute Equivalent To Me must be included in the Publisher filter. The attribute Equivalent To Me need not be in the Schema Mapping policy because the eDirectory attribute name is used. There is no equivalent attribute name in Netscape Directory Server. No special processing is required on the Subscriber channel.