Managing Connected Directories

Connected directory management tasks include:

  • Setting up and maintaining the connected directory structure

  • Setting up and maintaining the authentication information (bind profiles)

  • Setting up and maintaining the schema and attribute configuration

The next sections discuss these tasks in more detail.

Setting Up the Connected Directory Structure

A connected directory represents a single data store in an Identity environment.The connected directory configuration object holds all the data required to describe the properties of the respective directory or database that is common for access by all workflows or services.

Connected directories can reside under the connected directories folder (or one of its subfolders) or under a job object.In the latter case, the connected directory is an intermediate connected directory that is used to store information between two related activity steps of a workflow.

The folder structure under the connected directory folder depends on the scenario structure you intend to create.If you use the Provisioning view’s target system wizard, the wizard creates the structure automatically.If the wizard-generated structure is not correct, you can create your own folders and move objects to them accordingly.Be aware that the target system wizard creates additional objects in the default folder structure.You must move these objects after using the wizard.

For source system provisioning, you must create and maintain your own scenario and folder structure.You can include the same connected directory instance into several scenarios (use the Assign menu item) to separate specific workflow groups from each other.

Setting Up Connected Directory Authentication Information

Connected directories allow you to define the authentication information via bind profiles.A connected directory can have one or more bind profiles that can be used by several workflows.

Bind profiles let you define the user and password information, where the password can either be stored in a simple scrambled format or in encrypted format.Be aware that the scrambled format is simply not readable but nevertheless not secure at all.It is easy to crack.To protect the information in your connected directories, we recommend using encrypted storage of bind profile passwords.

Bind profiles also define the security level for all access information (for example SSL/TLS).

Schema and Attribute Configuration Handling

Connected directory configuration objects can contain schema information, but only the information that is necessary to configure the synchronizations properly.This type of schema information consists mainly of the directory objects and their related attributes, which are necessary for attribute selection and mapping.

DirX Identity requires the schema information to be in a specific "attribute configuration" format that is mainly used by the meta controller.This format allows for the description of the schema information required for any directory type.Supported directory types are:

  • LDAP directories with a flexible and extensible schema (for example, DirX and Active Directory).

  • Other databases (for example, ODBC) with a flexible and extensible schema

  • Databases and directories with a fixed schema (for example, the Windows NT directory)

  • File directories, which keep a collection of files in the same format.

Schema Handling for LDAP Directories

For LDAP directories, the DirX Identity Manager (at the administrator’s request) can read the relevant part of the schema directly from the directory.

Administrators must explicitly update this schema information with DirX Identity Manager after making schema changes or extensions. Note that a schema read from Active Directory requires the presence of a bind profile in the connected directory configuration object.

After a schema update, DirX Identity generates the attribute configuration information for the LDAP directory automatically from the schema information after requesting confirmation by the user.

DirX Identity provides a comprehensive mechanism to customize the LDAP schema update. See "Using the Schema Displayer" in the chapter "Using DirX Identity Manager" in the DirX Identity User Interfaces Guide.

Schema Handling for Other Databases

For ODBC databases or other similar types, the administrator uses the DirX Identity Manager to enter the schema information into the configuration database. The administrator uses the Attribute Configuration Editor to enter the information by hand or uses the editor’s import selection to import the information from an existing attribute configuration file.

A schema configuration object is not required for these kinds of directories. The attribute configuration information is sufficient.

Schema Handling for Fixed Directories and Databases

Some databases-for example, Windows NT - have a fixed schema. DirX Identity stores these schemas in the central configuration object underneath the connected directory type configuration object. A reference points from the connected directory instance to these entries.

Schema Handling for Files

Connected directories can also be a collection of files with the same format; that is, the same schema description. If you want to model files with a different schema description, you need a separate connected directory definition for each file.

This common description is held in the attribute configuration object. No schema object is necessary. In contrast to the information for LDAP directories, additional information for field, record and multi-value separators is necessary.

The administrator uses the Attribute Configuration Editor in the DirX Identity Manager to enter this information by hand or by an import from an existing attribute configuration file. For details about the Attribute Configuration Editor and DirX Identity Manager, see the DirX Identity User Interfaces Guide.