Direct Application of System Actions, Configuration and Shadow User Tree

DirX Access Server can be altered and configured in two ways: via the REST interfaces and via the Direct Application of System Actions and Configuration. While the former can be used only in presence of published corresponding interfaces, the latter is applicable anytime. Therefore, it is used for the initial configuration of DirX Access Server.

Direct Application of Configuration

The Direct Application of Configuration executes during the start-up of DirX Access Server according to the following algorithm:

  1. Read all JSON files from {installation_folder}/Services/instances/ {instance}/startup/config/. The files are read in the alphabetical order. The files must be of the same format as is the import/export format of the Config REST Web Service.

  2. For each valid file

    1. Create all the configuration objects that are not present in the configuration tree of the application repository

    2. Modify all configuration objects already present in the tree.

  3. Move successfully applied files into`{installation_folder}/Services/instances/ {instance}/startup/config/used/`.

Direct Application of System Actions

The Direct Application of System Actions executes during the start-up of DirX Access Server according to the following algorithm:

  1. Read all JSON files from`{installation_folder}/Services/instances/{instance}/ startup/sysactions/`. The files are read in the alphabetical order. The files must be of the same format as the corresponding SysActions REST Web Service operations.

  2. For each valid file, execute the contained system action.

  3. Move successfully applied files into {installation_folder}/Services/instances/ {instance}/startup/sysactions/used/.

Direct Application of Users and Groups in Shadow User Tree

The Direct Application of Users and Groups in Shadow User Tree executes during the start-up of DirX Access Server according to the following algorithm:

  1. Read all JSON files from {installation_folder}/Services/instances/{instance}/ startup/sut/. The files are read in the alphabetical order. The files must be of the same format as is the export format of the Groups and Users endpoints of the SCIM 2.0 REST Web Service.

  2. For each valid file

    1. Create all the user or group objects that are not present in the shadow user tree of the application repository

    2. The Application repository service section of the Cluster configuration object contains the option to enable or disable modification operations during the Direct Application execution.

    3. In case of disabled modification operations (default), all user or group objects already present in the repository are moved to {installation_folder}/Services/instances/{instan- ce}/startup/sut/{name_of_the_original_file}_partial_{timestamp}.json separate file.

    4. In case of enabled modification operations during import, all user or group objects already present in the repository are modified accordingly.

    5. In case of failure for any reason, all unimported user or group objects are moved to {installation_folder}/Services/instances/{instance}/startup/sut/{name_of_the_original_file}_partial_{timestamp}.json separate file. The intention here is to do manual review of the remaining entries and repeat the import.

  3. Move successfully applied files into {installation_folder}/Services/instances/{instan- ce}/startup/sut/used/.

  4. Unsuccessful files remain in {installation_folder}/Services/instances/{instance}/ startup/sut.

Please be aware that the availability of imported users and groups within the shadow user tree depends on the number of entries to be processed. 50 000 entries can take about half an hour.

Additional information

The existence of this feature implies a proper securing of the installation folder of DirX Access Server has to exist.

Please be aware that the order of the imported files matters. An existing configuration object can be overwritten by an imported configuration object in an additional configuration file. Files are taken from the file system by their names.

By default, a default configuration JSON file named dxaDefaultConfig.json is applied. The file contains default configuration objects to be able to start any DirX Access Services instance. Please, be aware that the import of the default JSON file is needed only for the first instance of the DirX Access Services server. In the case the deployment of more servers with a single application repository is needed, the default JSON file must be imported only once.

Direct Application of Configuration and System Actions is a blocking task during the startup of DirX Access Server. Direct Application of Users and Groups in Shadow User Tree is not a blocking task during the startup of DirX Access Server. However it may slow down the DirX Access Server.

Template Files

DirX Access provides the template files for the most common configuration and system action scenarios. These template files can be found in {installation_folder}/Services/instances/{instance}/ etc/templates/ and have to be typically customized before applied in an existing DirX Access Server installation.

Description of these files can be found in Template Files section.