Policies are highly configurable for use within any business environment.
The default driver is configured to be primarily a Subscriber channel driver. This means the primary purpose is to create SAP User accounts using information collected in the Identity Vault. The default configuration does allow basic bidirectional User create, delete, and modify functionality.
You must modify policies and the filter to work with your specific business environment. We recommend that you make modifications in this order:
Setting attributes in the filter to “publish” specifies which classes and attributes are published from the SAP system to eDirectory.
The default driver configuration publishes the following User class attributes in the filter.
Setting attributes in the filter to “subscribe” specifies which classes and attributes are synchronized from eDirectory to the SAP system.
The default driver configuration subscribes to the following User class attributes in the filter:
The Schema Mapping policy is referenced by the driver object and applies to both the Subscriber and Publisher channel. The purpose of the Schema Mapping policy is to map schema names (particularly attribute names and class names) between eDirectory and the SAP User database. Any modification or removal of existing entries in the Schema Mapping policy could destroy the default configuration and policies processing behavior. Adding new attribute mappings is discretionary.
NOTE:The Application Schema definition in the default driver configuration is from a SAP R/3 version 4.7 system with Web Application Server version 6.40. If the target SAP system is a different version, the actual User object schema might be different. Refresh application schema using the iManager Schema Mapping editor to obtain the actual schema of the target server.
The following class mapping is included with the default driver configuration:
The User class is configured to synchronize bidirectionally between SAP and eDirectory. A change made in one system will transfer to the other system.
All attributes in the Publisher and Subscriber filters should be mapped unless they are used only for policy processing.
SAP User field values can be arranged in three types:
The following table includes common attribute mappings for the User class and their descriptions, assuming that only the primary piece of structure communication data is required (such as ADDTEL:TELEPHONE). If fields of a table are to be mapped, you should specify only the Table name in the mapping (such as LOCACTIVITYGROUPS). If you do this, the driver generates all table field values in structured format. For more information, see Section B.0, Structured Format Examples. On the Publisher channel, the structured data must be transformed to string format.
The Schema Mapping policy is highly dependent on the extension of the standard eDirectory schema. The extensions used by the driver come in the form of an LDIF file created by SAP for use with the SAP directory interfaces for user management. A Novell-standard .sch version of the file is also provided. These files are included with the driver. Refer to Extending the Schema for more information.
The default mappings for the driver are as follows:
You modify the Input Transform policy to implement your specific business rules. The Input Transform policy is applied to affect a transformation of the data received from the driver shim.
The policy is applied as the first step of processing an XML document received from the driver shim. The Input Transform policy converts the syntax of the SAP attributes into the syntax for eDirectory.
The default driver configuration includes two rules that perform the following functions:
You modify the Output Transform policy to implement your specific business rules. The Output Transformation policy is referenced by the driver object and applies to both the Subscriber channel and to the Publisher channel. The purpose of the Output Transformation policy is to perform any final transformation necessary on XML documents sent to the driver by Identity Manager.
The default driver configuration:
The Publisher Placement policy is applied to an Add Object event document to determine the placement of the new object in the hierarchical structure of eDirectory.
The Placement policy places all User objects in an eDirectory container that you specify during installation. You can also modify this location by using the Publisher User Placement Global Configuration Variable (GCV.)
The default driver configuration:
The Publisher Matching policy is applied to a Modify Object event document. Matching policies establish links between an existing entry in eDirectory and an existing entry in the SAP system. The Matching policy attempts to find an existing object that matches the object generating the event by the criteria specified in the policy.
The default driver checks for matches based on the sapUsername attribute. A fallback policy is also provided that checks for matches on the Given Name and Surname attributes.
The Publisher Create policy is applied when a new object is to be added to eDirectory. The default driver configuration:
The Subscriber Matching policy is applied to a Modify Object event document. Matching policies establish links between an existing entry in the Identity Vault and an existing entry in the SAP system. The Matching policy attempts to find an existing object that matches the object generating the event by the criteria specified in the policy.
The default driver checks for matches based on the values of the Given Name, Surname, and sapUsername attributes.
The Subscriber Create policy is applied when you want to add a new object to eDirectory. The default driver configuration: