Using DirX Identity Manager

The File menu contains items that act on a particular configuration object as a whole. The menu selections are:

The Edit menu contains all commands to manipulate a particular item. The visibility of the commands depends on the current context.

The view menu contains menu selections that optionally display or hide parts of the main window. The menu selections are:

The tools menu contains only one option for key store management. The menu selections are:

The Help menu contains command items to show selected topics of the online documentation. The selections are:

The following context menu selections can appear in both Provisioning and Connectivity views:

Certificate Change Notification - if you added or exchanged a certificate for attribute and bind profile encryption, this menu option allows you to distribute the new certificate to all applications.

Copy - copies the selected objects with all its content to the clipboard. Use Paste to insert this content at another location. That means that you can use the Copy and Paste sequence to copy objects. Copy together with Paste performs the same operation as Copy Object but with different handling. Alternatively you can use the drag and drop feature.

Copy Object - copies the object with all its content. You are asked for the new name (a proposal is presented). Please note that references are not updated automatically. You must perform this task by hand. Copy Object performs the same operation as Copy and Paste but with different handling. Alternatively you can use the drag and drop feature.

Cut - copies the selected objects with all its content to the clipboard. If you Paste it at the target location, the content at the source location is deleted. That means that you can use a cut-and-paste sequence to move objects. Cut together with Paste performs the same operation as Move Object but with different handling. Alternatively you can use the drag and drop feature.

Delete Collection Entries - after explicit confirmation by the user, deletes all entries that are defined by this collection. It deletes the LDAP entries in the following sequence:

Down-up order ensures that single objects or subtree lists will be processed in the desired order. For example, suppose we have the following entries in single objects:

The Delete action will delete the entire sequence starting from the last object up to the first one.

Note that you can use the Import Collection File method to restore a delete operation if you have previously exported the data.

Export Collection - exports the defined collection(s) to the defined LDIF files. This item is only available at the Collection object, a selected set of collection objects (use multi selection) or a Collection Folder.

Export File - exports objects that contain text data to a text file into the file system. You are asked for the name and location of this file in a file dialog. At the end of the operation, you can view the trace file.

Goto Dataview - displays the selected object in the Data View.

Import Collection File - imports the file of this collection definition from the defined path. The action supports multi selection so that you can import multiple files with one click. It works with these import options: add new entries + modify existing entries + overwrite attribute values. This selection allows easy rollback of a previous Delete Collection Entries operation if you exported the file in a previous operation.

Import File - imports text data in a file into an object that contains text data. You are asked for the name and location of the file to import in a file dialog. Do not try to import these files with another mechanism (the internal structure is complex - a lot of special characters are contained).

Load IdS-J Configuration - loads all Java-based workflow definitions into the IdS-J server. The sent message contains the domain name. Depending on the setting of the flag Include domain into topic at the domain object, the Java-based Server performs the reload (flag is TRUE) or not (flag is FALSE). It also loads the Java-based schedules and the adaptor configuration. Nothing else is loaded; for example no object descriptions are loaded. Note: This menu option does not load the server configuration. This is only possible during an IdS-J server restart. The algorithm of the domain name calculation depends on where the command is executed:

Move Object - moves objects between folders. You are asked for the new location. Then a progress dialog is displayed. You should not abort this operation because you can undo it simply by moving the object back to the original location. Move Object performs the same operation as Cut and Paste but with different handling. Alternatively you can use the drag and drop feature.

New - creates a new object. If several objects can be created under this object a selection list is displayed in the sub menu.

Open - performs the defined viewer command of the connected directory. In the Connectivity Expert View, this item is only available at the Connected Directory object. In the Provisioning view, this selection is only available through the Connectivity context menu selection on a target system object. Please note that each Open command in the Global View opens another instance of the viewer.

Paste - inserts cut or copied objects from the clipboard (see Cut or Copy). This option is only available if it is allowed to copy these objects to the current location.

Properties - shows the properties of an object in a separate window. You must close this window before you switch to another location in the Expert View.

Refresh - refreshes an object by reading actual data from the configuration database.

Reload Object Descriptors - all object descriptions are read during startup of the DirX Identity Manager. Changes are not reflected automatically to this memory copy. You can restart the DirX Identity Manager or you can use this option to reload the object descriptions after changes.

Rename - renames the object display name (not the common name!) of the object.

Report - generates reports in either HTML or XML format. HTML format is best used for documentation; XML can be used for further processing. For a detailed description of the parameters, see the Reports section in the "Context Sensitive Help" chapter of the DirX Identity Provisioning Administration Guide. For information on how to set up your own reports, see the chapter "Customizing Status Reports" in the DirX Identity Customization Guide.

Run Workflow - starts a workflow from the Expert View (only available at workflow objects in the Workflows folder) or from the Connectivity context menu selection on a target system object in the Provisioning view. A "Run workflow workflowname" window is displayed for Tcl-based workflows or a note is displayed that the Java-based was started. Note: You can also start workflows from the Global View context menu (right-click on a workflow line, select a workflow from the context menu, and then click Run).

The following selections can appear in Provisioning view context menus:

Abort - aborts a request workflow activity if it is in the WaitInError state. The resulting state is Failed.Temporary. This item is only available on a Request Workflow Instance object.

Connectivity - operates on the connected directory linked to the target system through the Relationship - Connected Directory link. The selection provides options to configure and open the connected directory or to add or assign new workflows. You can also run workflows. DirXmetaRole represents the Identity Store connected directory.

Delete - deletes the object. The selection displays a confirmation dialog that asks you whether or not you really want to delete this object. Because the object may still contain history (audit) information or may be protected by request workflows for deletion, the object is only deleted after an object-specific procedure. For more information, see the DirX Identity Provisioning Administration Guide.

Export Nationalization Items - exports all nationalization items within the selected tree into a nationalization file. This selection is available in the Domain view and the Workflows view.

Login/Logout - creates a new instance of a Provisioning view or a Data View and authenticates you to this instance, or logs you out of an instance of a view. The DirX Identity login dialog is displayed (See "Logging In" for details). This menu selection allows you to run multiple instances of Provisioning views or Data Views. It is available at the top-level trees of Provisioning views and Connectivity and Provisioning Data Views.

Resume - triggers the request workflow engine to run this activity again. Either the activity runs successfully or enters the state WaitInError again. This item is only available on a Request Workflow Instance object that is in state WaitInError. This selection is available in the Workflows view.

The following selections can appear in Connectivity view context menus:

Configure - starts the connected directory configuration wizard or the configuration wizard for the workflow for reconfiguration. This item is only available at the Connected Directory and Workflow object in the Global View and Expert View.

Delete - deletes the object. The selection displays a confirmation dialog that asks you whether or not you really want to delete this object. You can also select whether or not the deletion process should check for references to avoid broken links (Check references to avoid broken links). When references are detected, a confirmation dialog is displayed and deletion is not performed. We recommend that you use the checked option. The first use during a session needs more time, repeated use works much faster due to caching mechanisms. You can use the Show References menu option to test for references before a deletion operation. Please note that no undo is available. We recommend that you make regular backups of your configuration database.

Disable Scheduling - disables the scheduling mechanism previously enabled with Enable Scheduling (enabled from C++-based server startup). You can use this option to disable all schedules (running workflows are not aborted!). After checking with Get Server State that no workflows are running on any of the servers, you can be sure that no automatic activity can occur. You should use this option before restoring the database or when using complex operations like Import Data. This item is only available at the Schedules object in the Expert View.

Edit Content - allows editing the XML content of this object directly. After editing it is stored directly in LDAP and is not interpreted by the service layer (which could adapt the result).

Enable Scheduling - enables the scheduling mechanism previously disabled with Disable Scheduling. This item is only available at the Schedules object in the Expert View.

Export Configuration - exports the entire configuration tree into an LDIF file. You can read this information with Import Data. This feature permits you to make backups of the configuration tree. This item is only available at the root object Connectivity Configuration Data. If an error occurs, a dialog is displayed at the end of the operation. You can also view the trace file.

Export Data - exports complete logical trees of data from the configuration database to an LDIF file. You are asked for the name and location of the file to export in a file dialog. If an error occurs, a dialog is displayed at the end of the operation. You can also view the trace file.
Note: The default code set is utf-8 (the scripts support the switch -code <encoding>).

Export Subtree - exports the selected object and all of its children in the tree from the configuration database to an LDIF file. You are asked for the name and location of the file to export in a file dialog. If an error occurs, a dialog is displayed at the end of the operation. You can also view the trace file.
Note: The default code set is utf-8 (the scripts support the switch -code <encoding>).

Get Server State - displays the server state of a C++-based Server object (only available at this object).

Import Data - imports data that has been exported to LDIF format with Export Data or Export Configuration. This item is only available at the root object Connectivity Configuration Data. The imported data does not delete objects, it only adds and modifies them. If you want to replace the entire configuration tree, use Replace Configuration instead. If an error occurs, a dialog is displayed at the end of the operation. You can also view the trace file.

Manage IdS-J Configuration - allows specifying static load distribution. You can define specific adaptor types, where the scheduler and the request workflow timeout check run, and, for high availability, which server supervises which server.

Replace Configuration - imports data that has been previously been exported to LDIF format with Export Configuration. Before the import operation is started, the configuration tree is deleted (only the configuration objects that keep important configuration information for the local DirX Identity domain are not touched). This item is only available at the root object Connectivity Configuration Data. At the end of the operation a dialogue is displayed when an error happened. You can also view the trace file.

Replace Occurrences - maps all links that point to the selected object to a new one that you can select from a tree browser.
Note: This command does not copy the attributes of the source object to the target object. You must do this by hand if necessary.

Run Activity - runs a workflow from any activity. Be sure that all input conditions for this activity are satisfied, for example, an intermediate file must be present in the working directory of the previous activity. This item is only available at the root object Activity object under a Workflow object.

Show References - checks whether other objects refer to a specific object. This selection helps to maintain the database while avoiding broken references. Note that you can use this feature in the Delete menu option. The next figure shows a typical situation.

The figure shows two selected objects (Connected Directory 1 and 2). Both objects have sub structures as there are bind profile folders with bind profiles and channel folders with channels.

The connected directories refer to their bind profiles and to the same shared attribute configuration object. The channels refer back to the connected directory objects. External references (thick dotted lines) refer to channel and connected directories. Thus deletion of both connected directory objects together with their subtrees would lead to 5 broken references. The secure method is to remove the external references, to check that they no longer point to these objects and then to delete the object trees.

The show references method has two options:

In other words: When this option is checked, only references from “outside” to the selected object (external references) are taken into account. To find out if an object may be deleted without corrupting the database, check both options.

Show Structure - displays the structure of a workflow object from the Expert View (only available at workflow objects in the Workflows folder).

Synchronize Schedulers - synchronizes the current schedules information to all schedulers (for example, after a reload of the configuration database). Interactive changes of a schedule object should be synchronized automatically. This item is only available at the Schedules folder in the Expert View.

The scenario pane appears in the left portion of the global view and gives you quick access to all currently existing scenarios.

The scenario pane displays the scenarios as hierarchical tree. Open the folders to find the scenario elements.

Right-click a scenario to display its context menu, which contains all the functionality from the scenario subtree in the Expert View. For more information on these selections, see "Using the Context Menu".

The most important selections on a folder are:

The most important selections on a scenario object are:

Note: If you rename a copied scenario, DirX Identity automatically renames the related folders in the Connected Directories, Jobs and Workflow folders.

The scenario map gives you a pictorial view of the currently selected synchronization scenario. The scenario map displays connected directories as "tin" icons and displays the workflows between them as direction lines.

The scenario map background is initially blank, but you can add your company map to it.

The scenario map fills the work area completely and grows or shrinks when you resize the main window. Growing the scenario map magnifies the map and the controls placed on it. Shrinking the map shrinks the map and the controls placed on it.

Right-click in the scenario map to display its context menu. The context menu contains the following selections:

You can adjust the following scenario map properties:

Manager stores the settings you make in the scenario map properties dialog in the corresponding scenario configuration object.

Note that a scenario object only contains links to workflow and connected directory objects, which allows these objects to be shared by multiple scenarios. Changing objects shared by multiple scenarios affects the scenarios that include these objects.

You can place a connected directory icon at any location in the scenario map.

A connected directory icon consists of the "tin" image and a label that shows the name assigned to the icon. When you change the connected directory name (from the connected directory configuration wizard or from the connected directory configuration object in the Expert View), Manager changes the connected directory icon’s label name in the scenario map.

When you resize the scenario map, the connected directory icon grows or shrinks accordingly.

Right-click a connected directory icon to display the connected directory context menu. It has the following selections.

A workflow line represents one or more synchronization workflows and is located between the center points of two connected directory icons (examples are workflows for delta or full update or for initial load). The workflow line is either unidirectional (a single arrow) or bidirectional (a double-arrow). The arrow indicates that there are one or more workflows that work in this direction.

When you resize the scenario map, the workflow lines grow or shrink accordingly.

Right-click on a workflow line to display its context menu. The menu contains the following selections:

Note: This operation copies the selected template and creates a new workflow object. It copies the workflow object and all activities to the Workflows folder into a sub folder that is named equal to the scenario. Additionally, it copies all related jobs, channels and file objects that belong to this workflow. The jobs are copied to the Jobs folder into a sub folder that is named equal to the scenario. The channels and file objects are created under the related connected directory objects.

The Run Workflow window consists of two tabs:

Use the Close button to close the run workflow window.

The structure view is a powerful tool to view and edit a workflow configuration object. The view provides a clear representation of the workflow’s most important components.

Use the workflow structure view to display and edit the components that contribute to the workflow.

At the top of the view, two property items are shown:

Workflow - The workflow configuration object.

on Identity Server - The C++-based Server on which the workflow will be executed.

Below these property items is a table that contains a list of all activities that belong to the workflow ordered by their execution sequence. The table displays the following items:

Activity - The list of workflow activities, in the order in which they will run.

Identity Server - The C++-based Server on which the activity will run.

Run Object - The job to be run when its corresponding activity runs. Alternatively a workflow can be attached to this activity in case of nested workflows. In this case the rest of the columns are empty. Double-click the workflow object to open the next level of the structure view.

Channel - The input and output channels assigned to the job if Run Object is linked to a job.

Direction - The data flow direction from or to a connected directory if Run Object is linked to a job.

Connected Directory - The connected directory that corresponds to the channel if Run Object is linked to a job.

You can open more than one instance of the structure view, and the view can remain open while you are performing other tasks in the DirX Identity Manager’s main window.

Click Edit to edit the workflow configuration object. When focusing a table cell by clicking on it or moving the focus by pressing the TAB key, the appropriate editor element appears, which can be used as described in the Expert View.

Click Save to store your changes. Click Reset to discard them. Click Close to close the structure view window.

When you select a configuration object in the logical tree view, the work area on the right-hand portion of the view displays a property dialog for working with the object’s properties.

An object’s property dialog consists of a general page that represents the object’s textual, number or option properties. An object’s property can also be a reference to another configuration object. For example, the service configuration object contains a system property, which is a reference to a system configuration object.

The Manager displays an object’s properties in read-only mode. Click Edit to open the properties for editing. Click Save to save your changes. (You must save an object’s property changes before working on another object.)

You cannot switch to another object while you are in edit mode (this is indicated by a special cursor shape when you go outside the edit window). If you click outside the edit window, Manager asks you whether you want to leave this object and save (select Yes) or not (select No) or whether you want to go back to the edit mode (select Cancel).

A property dialog in the Expert View is always based on a tabular control and can thus be composed of multiple pages that you access by tab clicks. A property dialog contains a work area that offers the following types of fields for editing the property values:

The property dialog also contains the following buttons for editing control:

When you click Edit, the editing control buttons change to:

The DirX Identity Manager can read the schema from any LDAP-based connected directory into the Connectivity configuration and can automatically create the attribute configuration information that the meta controller requires. You use the Schema Displayer’s Synchronize action to direct DirX Identity Manager to read the schema of an LDAP connected directory. You can then use the Schema Displayer to view and check the read-in schema data.

Some LDAP directories - for example, Active Directory - do not allow anonymous access for a schema read. For these directories, at least one bind profile must exist for the connected directory description that can be used as the bind profile for schema read access.

Reading or updating the schema performs an automatic update of the attribute configuration information. The procedure for an update is:

The Object class tab shows a table that lists all object classes in the schema. The fields in the table include:

Select an object class, and then click the details button to display the remaining class properties. This dialog contains the following fields:

The DirX Identity meta controller requires attribute configuration information for the connected directories it is to manage. This information can also be used in DirX Identity to provide information for Identity agent configuration files (*.ini files), for example, the ODBC agents.

The C++-based Server can automatically derive the necessary attribute configuration information from the schemas of LDAP connected directories that have been read into the configuration database (as described in the topic "Using the Schema Displayer"). For all other types of connected directories, the attribute configuration information must be present in the configuration database.

You use the Attribute Configuration Editor to supply the necessary attribute configuration information for a connected directory. You can use the Attribute Configuration Editor to:

You can also use the Attribute Configuration Editor to export attribute configuration information into a file in the file system.

In the Global View, you access the attribute configuration editor when you run the connected directory configuration wizard. In the Expert View, you access the Attribute Configuration Editor when you work on the properties of a connected directory configuration object.

The Attribute Configuration Editor displays two tabs:

Click Edit to begin entering information into the attribute list table or the global information fields.

Click Save to save your attribute configuration information. Please note that large schemas or attribute configurations take time to be stored in the configuration database (up to 1 minute for 1000 rows).

Click Reset to cancel any changes since the last save operation.

An important step in setting up a synchronization scenario is to define the set of attributes to be synchronized between the source and target connected directories. The set of attributes to be synchronized is a subset of the total set of attributes defined in the connected directory schema.

You use the selected attribute editor to select the set of attributes to be synchronized. In the Global View, you access the selected attribute editor when you run the workflow configuration wizard. In the Expert View, you access the selected attribute editor when you work on the properties of a channel configuration object.

The selected attribute editor consists of two tables:

You select the attributes for synchronization by copying them from the Attributes in the schema list to the Selected attributes list. Click Edit to start working with the tables.

To copy an attribute from the Attributes in the attribute configuration list to the Selected attributes list, click the attribute in the schema list to select it, and then click the > arrow button.

Click the >> arrow button to copy all the attributes from the Attributes in schema list to the Selected attributes list.

To remove an attribute from the Selected attributes list, click the attribute in the list, and then click the < arrow button. Click the << arrow button to remove all the attributes from the Selected attributes list.

To work with the synchronization flags available for the attribute:

By default, the target selected attributes list is sorted. For special purposes (for example to define the field sequence in a CSV file) you can switch off the automatic sort mechanism and order the attributes to your requirements.

Click Save to save your changes (or click Reset to cancel them).

The Mapping Editor allows you to edit attribute mappings for Tcl mapping files in the DirX Identity Manager. Its main features are:

The Mapping Editor consists of two tabs:

DirX Identity is delivered with several predefined mapping functions. You can find the definition of these functions in the folder Configuration → Tcl → Mapping Functions.

As lots of different functions exist; a naming scheme has been created so that the classification and look-up of functions can be easily done.

The name consists of the following parts

Note: If native Tcl functions are used, the original name is used, which may not conform in some cases to the naming rules just described.

Examples:

lStringEscape - takes a list and escapes all list elements.

lBool2Integer - converts a list of boolean values to a list of integer values.

StringAppend - appends strings to build a composed string as result.

The next sections describe the functions that are available (this is a selection of native Tcl functions that make sense in the mapping editor environment and newly written functions). See the "Mapping Functions" chapter in the DirX Identity Connectivity Administration Guide or the DirX Identity Manager online help for a description of all Tcl Mapping Functions.

This section shows some typical examples of how to use the mapping functions.

You can define your own mapping functions which can be used like the built-in ones. This task requires Tcl programming knowledge. Once those functions are added to the Mapping Functions folder in the Configuration branch of the Connectivity Configuration Data tree, they will appear in the Mapping function combo box that appears when you select a cell in the respective column of the mapping editor.

The Code Editor is a special editing tool that you can use to maintain Tcl scripts, XML object descriptions, INI files, etc.. The Code Editor consists of a text-editing window and if a Tcl script is edited, a field that can be used to select a Tcl procedure. This field allows you to adjust the text window to the beginning of a specific procedure.

The Code Editor highlights keywords of the respective programming language, comments and string items and automatically checks bracket settings. To display documentation about a Tcl keyword, double-click it. The code editor also provides the Find and Replace functions available in any standard text editor.

The main features of the Code Editor are:

Especially for Tcl editing, the following features can be used:

The Code Editor consists of the following elements:

The Superior Info Editor consists of a table with three columns:

Naming attribute - Here you can define the naming attribute the following definitions belong to.

Mandatory attribute - Set the mandatory attribute name that is necessary to create the naming attribute.

Default value - Define the default value for the mandatory attribute.

For naming attributes with several mandatory attributes you have to define a separate line for each mandatory attribute.

Example:

You need to create entries under higher level nodes c, o and ou. Therefore, you should define:

Naming attribute Mandatory attribute Default value
c objectclass country;top
o objectclass organization;top
ou objectclass organizationalUnit;top

Creation of the entry cn=Smith Joe,ou=Marketing,o=My-Company,c=DE would then result in the creation of the c=DE, o=My-Company and ou=Marketing node if not yet present.

Some objects can be extended by additional attributes. There are two levels of extension:

The objects Configuration, Channel, Connected Directory, Job and Workflow contain a Specific Attributes tab that allows you to add, modify and delete attributes:

These attributes can be used to create specific information to be used in workflows. Use references to transfer the attribute values to command lines or configuration files.

Examples:

The tree pane (the left-hand pane) displays a hierarchical tree of status entries. At the top of the tree is the Status Data folder. It contains hierarchical workflow folder structures, filter folders and the process table.

Opening a workflow folder structure displays the workflow status entries ordered by workflow name and date at the lowest level. When you expand a workflow status entry, the tree pane shows its activity status entries. DirX Identity automatically creates workflow folders when it runs a workflow. The created structure is equal to the structure under the Workflows folder in the Expert View.

You can create query folders to define your individual view of the status entries. Some initial folders are delivered with DirX Identity.

The Process Table entry contains an entry for each C++-based Server. You can enable monitoring to view running workflows in the entire DirX Identity domain but separately for each server instance.

Open one of the folders in the tree pane to list the next level of information in the list pane (the upper right-hand pane). Use the Result column to find relevant entries.

Click a workflow status entry in the tree pane to list its activity status entries in the list pane and display its properties in the object pane.

Click an activity status entry in the tree pane to display its properties in the object pane.

Special Error Status Entries

If DirX Identity is requested to start the same workflow twice or if any other error condition occurs, then DirX Identity will create entries of type:

Meta2LDIFfile_Full 20020128175803Z-E

The extension -E or -En, where n represents an integer, indicates that the same workflow was requested to run at the same time multiple times. In this case, only workflow status entries with the relevant error messages are written. No activity status entries will be present.

No Status Entry Available

In some situations, the workflow fails but there is no status entry available because the workflow failed at a very early stage. Check that the C++-based Server is running correctly and also check the message server.

If these checks succeed, (for example, you can run other workflows without any problems) the setup of the workflow structure could be the problem. Check the event log or log files for messages about structure errors and correct them. This problem can occur when building nested workflows with parallel activities.

The list pane displays the main properties of workflow status entries and activity status entries in columns.

For workflow status entries, the list pane displays:

For activity status entries, the list pane displays:

Use the object pane to view all the properties of a workflow or activity status entry in detail. To display a workflow or activity status entry in detail, click it in the list pane or the tree pane. The monitor view displays all the properties of the selected status entry in the object pane.

When you display the properties of an activity status entry in the object pane, the Files tab displays links to all the relevant files that the DirX Identity status tracker has saved in the status area. You can click the Properties button to the right of each file to display the file’s content (DirX Identity Manager opens the files in read-only mode). You can configure the viewing editor that you would like to use here.

DirX Identity displays all workflow data even it is distributed on several physical machines. The directory entries and the stored files are some kind of hybrid database that is presented in a transparent and easy to use way.

DirX Identity provides two ways to handle status entry deletions (only complete workflow status entries can be deleted):

Each workflow status entry has a timestamp after which it can be deleted. The status tracker periodically scans the expiration timestamps of workflow status entries and automatically deletes the entries whose expiration time has been reached.

You can edit a workflow configuration object to adjust the value of the Status Life Time field to your requirements.

You can edit the global configuration properties to adjust:

To edit the global configuration properties:

To delete workflow status entries using the Monitor View:

You can also click on single entries in the tree view of the Monitor View and perform the same procedure.(You can’t select a range of entries when you delete entries in the tree view.)

Status entries in the configuration database can have related entries in the file system status areas (see the Status Path fields in the related C++-based Server configuration objects).DirX Identity does automatically delete these corresponding directories.If necessary it uses the file transfer service to perform this task on a remote computer.

The following file defines a viewgroup that contains a set of views. The view group is displayed as a blue bar, and each view is displayed as a clickable icon.

The complete file defines a Provisioning viewgroup that contains Users, Business Objects and other views. Each view can consist of a pane structure. You can define horizontal and vertical splitpanels. The Users view defined in the file has two horizontal panels: the first is a tabbedpanel and the second is a splitpanel.

The tabbedpanel consists of a tree (the treepanel) and a search tab (the ldapquicksearchpanel).

The vertical splitpanel consists of a listpanel and a propertiespanel.

Most of the properties of the XML elements are easy to understand. The next sections describe the important parts that you can customize, for example, to hide or add complete views and configure search panels or list panels.

You can easily remove a complete view if you remove the entire XML section. For example, if some of your administrators should not be able to view the Policy view, remove or comment this section from the file:

The search panel (ldapquicksearchpanel) allows you to define the attribute lists that are visible in the Search for area. Configure all object classes whose attributes are to be visible, for example:

Now you can select these object classes from the Object class(es) list. The names are more readable, for example dxrRole is displayed as Role, because they come from the display name attributes of the relevant object descriptions. After selecting a specific object class, all related attributes are now available for search. The attribute names are also the display names of the relevant property descriptions in the object descriptions.

You can easily configure the columns of list panes. For example, see the Users view definition:

This definition hides the list panel completely if the selected leaf object has no more children (hifeIfEmpty="true"). The next section lists the columns. You can define the LDAP attribute name and a display name for each attribute. To guarantee a consistent user interface, the display name should be the same as the display name configured for this attribute in the properties section of the object description.

This list of attributes defines the initial state of the definitions when they are loaded for the first time in your DirX Identity Manager instance. Now you can move columns, resize them or hide them (set or reset the flags of the context menu of the header to perform this task). You can reset everything to the initial state if you use the option Reset to default from the menu. You can sort all columns. All of these individual settings are stored with your Manager instance.

Warning: Using the 'More…​' menu in the Search tab destroys your configuration. You must restart the Manager and perform a new search to fix this problem.