Sun SeeBeyond eWay(TM) LDAP Adapter User`s Guide
Contents
1. Note An alert code is a warning that an error has occurred It is not a diagnostic The user actions noted above are just some possible corrective measures you may take Refer to the log files for more information For information on Managing and Monitoring alert codes and logs see the Sun SeeBeyond eGate Integrator System Administration Guide Sun SeeBeyond eWay LDAP Adapter User s Guide 21 Sun Microsystems Inc Chapter 3 Setting LDAP eWay Properties This chapter explains how to set the properties for the LDAP eWay What s in This Chapter Creating and Configuring a LDAP eWay on page 22 Configuring the eWay Connectivity Map Properties on page 23 Configuring the eWay Environment Properties on page 24 eWay Connectivity Map Properties on page 25 eWay External Properties on page 36 31 Creating and Configuring a LDAP eWay All eWays contain a unique set of default configuration parameters After the eWays are established and a LDAP External System is created in the Project s Environment the eWay parameters are modified for your specific system The LDAP eWay configuration parameters are modified from two locations From the Connectivity Map which contains parameters specific to the LDAP eWay and may vary from other eWays of the same type in the Project From the Environment Explorer tree which contains global parameters that commonly apply to all eWays of the same type i2. OrderAttributeValues field Tells the eWay to order the values for each attribute This field is of type Boolean set this field to true to order the values of each attribute or false to ignore the order of the values The default is false STCEntry node See Table 13 414 STCEntry Subnode The STCEntry subnode appears many times in the LDAP OTD This node has only two nodes under it the Name and Attributes The Attributes node contains a collection of attributes under the STCAttribute node Sun SeeBeyond eWay LDAP Adapter User s Guide 45 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure This subnode is the basic container used to send data to the LDAP server The structure of the STCEntry subnode is shown in Figure 8 See Table 13 for a description of this subnode showing the subnode levels under the STCEntry subnode Table 13 STCEntry Subnode First Second Third Fourth aes Level Level Level Level Fifth Level Description Name Name of the entry Attributes Collection of attributes for the entry STCAttribute Container to hold the details of a single attribute Name Name of the attribute STCValues Collection of values for the attribute STCValue Container to hold a single value of the attribute s value ByteValue Value of the attribute as a byte array StringValue Value of the attribute as a string Value Value of the attribute as a
3. lt gt logger debugt Time Limit is Idapsearch_ldapsearch_1 Searchoptions Timelimit e E map amp If Idapsearch_Idapsearch_1 Searchoptions Timelimit is not equal to null H S logger debugt Scope Limit is Scope lt gt logger debugt Scope Limit is Idapsearch_Idapsearch_1 Searchoptions Scope HA map If dapsearch_Idapsearch_1 Searchoptions Scope is not equal to null HE map FT For Loop i is less than count of Idapsearch_Idapsearch_1 Searchoptions Retumattributes Attribute H D logger debugt Page Size is Pagesize lt gt logger debugt Page Size is Idapsearch_Idapsearch_1 Searchcontrols Pagecontrol Pagesize Copy Sortattributes to SortAttributes lt gt Copy Idapsearch_Idapsearch_1 Searchcontrols Sortcontrol Sortattributes to LDAPClient_1 Search LDAPSearchControls SortAttributes Copy new Boolean Sorteriticality to SortControlCriticality lt gt Copy new Boolean Idapsearch_Idapsearch_1 Searchcontrols Sortcontral Sortcriticality booleanValue to LDAPClient_1 Search LDAPSearchControls SortControlCriticality Copy integer parseint Pagesize to PageSize lt gt Copy Integer parselnt Idapsearch_Idapsearch_1 Searchcontrols Pagecontrol Pagesize to LDAPClient_1 Search LDAPSearchControls PageSize L Copy new Boolean Pagectiticality to PageControlCriticality lt gt Copy new Boolean Idapsearch_Idapsearch_1 Searchcontrols P agecontrol Pagecriticality booleanValue t
4. Sun SeeBeyond eWay LDAP Adapter User s Guide 14 Sun Microsystems Inc Chapter 2 Section 2 1 Installing the LDAP eWay Installing the LDAP eWay 2 Select the products for your Java Composite Application Platform Suite and include the following FileeWay the File eWay is used by most sample Projects LDAPeWay To upload the LDAP eWay User s Guide Help file Javadoc Readme and sample Projects select the following LDAPeWayDocs 3 Once you have selected all of your products click Next in the top right or bottom right corner of the Select Java Composite Application Platform Suite Products to Install box 4 From the Selecting Files to Install box locate and select your first product s SAR file Once you have selected the SAR file click Next Your next selected product appears Follow this procedure for each of your selected products The Installation Status window appears and installation begins after the last SAR file has been selected 5 Once your product s installation is finished continue installing the Java Composite Application Platform Suite as instructed in the Composite Application Platform Suite Installation Guide Adding the eWay to an Existing Java Composite Application Platform Suite Installation It is possible to add the eWay to an existing Java Composite Application Platform Suite installation Steps required to add an eWay to an Existing Java CAPS installation include 1 Complete steps 1 t
5. The retrieved events are stored in a queue you can access using the EventQueue node This node contains the results of the current Persistent Search as an STCNotificationEvent node object See STCNotificationEvent Nodes on page 65 for details on this node The PersistentSearch node consists of subnodes as shown in Table 16 Table 16 PersistentSearch Node Name Description ContextName field Used to set the root of the search in the directory The context name is relative to the context specified in the eWay s ProviderURL property If the context name is not set correctly the eWay is not able to properly resolve the context name relative to the initial eWay connection Example of a context name ou MyOrg where ou MyOrg is relative to Idap myldapserver1 389 dc acme dc com In this case ou MyOrg dc acme dc com is the DN EntryName field The name of the entry RDN relative to the context name on which the listener is registered Sun SeeBeyond eWay LDAP Adapter User s Guide 52 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Table 16 PersistentSearch Node Continued Name Description EventQueue node This node contains the results returned as an STCNotificationEvent node object see Table 24 for details on this node s structure SearchFilter field The search filter expression per RFC 2254 to filter out the search results Sea
6. LDAP Adapter User s Guide 39 Sun Microsystems Inc Chapter 3 Section 3 5 Setting LDAP eWay Properties eWay External Properties Table 9 LDAP eWay Security SSL Settings Name Description Required Value Verify hostname Determines whether the host True or False the default is False name verification is done on the server certificate during the SSL For additional information on required handshake values for this property see Verify Hostname on page 35 You can use this property to enforce strict checking of the server host name in the request URL and the host name in the received server certificate X509 Algorithm Specifies the X509 algorithm The name of a valid X509 algorithm the Name name to use for the trust and key default is SunX509 If you are running manager factories the Integration Server on AIX specify IbmX509 353 Additional Security SSL Property Notes Listed below are additional notes for the following Security SSL section properties SSL Connection Type on page 34 Verify Hostname on page 35 SSL Connection Type Make sure that the SSL properties including security certificate installation port number and so on are set correctly for the current LDAP server Transport Layer Security TLS is a protocol that guarantees privacy and data integrity between client server applications communicating over the Internet The TLS operation for this eWay supports both secure and nonsec
7. s Guide 78 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project Figure 22 Connectivity Map Associating Binding the Project s Components fe Fileln LDAP_Service A FileOut F LDAP_Service LD Service_FileOut Fileln Filein_LDAP_Service Rule SearchCollab eee x LDAP 1 Implemented Services Invoked Services Clie aput FE Filecli Fileli geai LDAPC LDAPC a flidapse Idapse LDAP_Service LDAP_Service_LDAP_Systern LOAP D gt E LDAP_System 7 Minimize the LDAP_Service Binding dialog box by clicking the chevrons in the 8 upper right corner Save your current changes to the Repository 5 4 7 Creating an Environment Environments include the external systems Logical Hosts integration servers and message servers used by a Project and contain the configuration information for these components Environments are created using the Enterprise Designer s Environment Editor Steps required to create an Environment 1 From the Enterprise Designer s Enterprise Explorer click the Environment Explorer tab Right click the Repository and select New Environment A new Environment is added to the Environment Explorer tree Rename the new Environment to envLDAPProj Right click envLDAPProj and select LDAP External System Name the External System esLDAP Click OK esLDAP is added to t
8. sn Doe retrieves the entry with the attribute sn which equals Doe gt Retrieves entries that have a particular sn gt Doe retrieves all the entries attribute whose value is greater than or equal whose attribute sn falls between to the specified value sn Doe and sn Z D is less than Z lt Retrieves entries that have a particular sn lt Doe retrieves all the entries attribute whose value is less than or equal to the specified value Retrieves entries that have a particular attribute that has any value whose attribute sn falls between sn A and sn Doe A is less than D sn retrieves all the entries whose attribute sn has some value Retrieves entries that have a particular attribute with some value similar to the specified value This operator is used for approximate matches sn Doa retrieves the entry sn Doe Doa matches approximately to Doe SearchFilter Boolean Operators You can define different conditions using binary operators combined with Boolean operators The syntax for using Boolean operators is Boolean_operator filter filter filter In this example of syntax filter is an expression using one of the binary operators and the Boolean_operator is one of the following symbols amp For example cn John Doe sn Smith gets the entries with attribute cn equal to John Doe or entries with attribute sn equal to Smith Boolean operat
9. 819 7383 10 Version 20061006152109 Sun SeeBeyond eWay LDAP Adapter User s Guide 2 Sun Microsystems Inc Contents Contents Chapter 1 Introducing the LDAP eWay 6 About LDAP 6 Entries Attributes and Values 6 LDAP Directory Structure 7 Distinguished Names and Relative Distinguished Names 7 LDAP Service and LDAP Client 8 Referrals 8 About the LDAP eWay 9 eWay General Operation 9 Java Naming and Directory Interface 10 Third Party License File Agreement 10 What s New in This Release 10 What s In this Document 11 Scope 11 Intended Audience 12 Text Conventions 12 Related Documents 12 Sun Microsystems Inc Web Site 12 Documentation Feedback 13 Chapter 2 Installing the LDAP eWay 14 Installing the LDAP eWay 14 Installing the LDAP eWay on a Java CAPS system 14 Adding the eWay to an Existing Java Composite Application Platform Suite Installation 15 After Installation 16 Extracting the Sample Projects and Javadocs 16 ICAN 5 0 Project Migration Procedures 16 Java CAPS 5 1 0 and 5 1 1 Upgrade Procedures 18 5 0 x to 5 1 2 Upgrade Procedures 18 5 1 0 or 5 1 1 to 5 1 2 Upgrade Procedures 18 Configuration Precedence 19 Installing Enterprise Manager eWay Plug Ins 20 Sun SeeBeyond eWay LDAP Adapter User s Guide 3 Sun Microsystems Inc Contents Viewing Alert Codes 20 Chapter 3 Setting LDAP eWay Properties Creating and Configuring a LDAP eWay Configuring the eWay Connectivity Map Properties Configuring the eWay Envir
10. Reviewing the Sample Project 512 LDAP_SampleProject_510 zip The LDAP_SampleProject_510 has been created for testing the following features of the LDAP eWay These LDAP operations appear as Collaborations in your imported sample Project The sample documented in this guide describes how the SearchCollab operation uses the import data format of the Idapsearch dtd to pull values from an XML file Java Collaborations included with the LDAP_SampleProject_510 sample Project are listed in Table 26 Table 26 Java Collaborations in the LDAP_SampleProject_510 Java Collaborations Purpose AddCollab Designed to add a new entry into the directory SearchCollab Designed to search the directory for specified entries CompareCollab Designed to find out the presence absence of specified attributes ModifyCollab Designed to add attributes remove attributes and replace attribute values RenameCollab Designed to rename an entry in the directory RemoveCollab Designed to remove an entry from the directory SearchCollab_Persistent Designed demonstrates the persistent search control mechanism SearchCollab_TimestampSearch Designed alternative to persistent search control where this control is not supported Uses the timestamp of entries to detect changes SearchCollab_SSL Designed search entry scenario using SSL connection SearchCollab_StartTLS Designed search entry scenario
11. You can now update the Environment properties with any necessary change and run the project Figure 3 Configuration Template Warning Window The configuration template is out of date for LDAP evay The template is revision 5 1 0 20040927 The installed seed template is revision 5 1 2 20060823 The template will be updated before the configuration is opened for editing Co If you attempt to build a project without first opening either the Connectivity Map or Environment property window code generation will automatically upgrade the Configuration template Once this build time upgrade scenario is complete you will not see the warning window anymore as shown in Figure 3 233 Configuration Precedence There are two sets of Connection and Security configuration sections in the Connectivity Map and Environment properties windows Values set in the following three Environment properties act as a trigger during build time These parameters are as follows Environment Configuration gt Connection gt ProviderURL Environment Configuration gt Connection gt Principal Environment Configuration gt Connection gt Credentials If any of above three parameters holds a value in the Environment properties window both Connection and Security configuration in the Environment will be used for code generation and the Connection and Security sections in the Connectivity Map are ignored On the other hand if all above param
12. an object was renamed 3 Object changed an object was modified OldName The name of the entry before the current operation This could be null if the event type is object added NewName The name of the entry after the current operation This could be null if the event type is object removed OldAttributes The attributes of the entry before the current operation This could be null if the event type is object added NewAttributes The attributes of the entry after the current operation This could be null if the event type is object removed Note For more information on OTD nodes and methods see the eGate Integrator User s Guide For more information on Java classes and methods see the Javadoc Sun SeeBeyond eWay LDAP Adapter User s Guide 65 Sun Microsystems Inc Chapter 5 Reviewing the Sample Project This section describes how LDAP eWay components are created and implemented in a Java Composite Application Platform Suite Project It is assumed that the reader understands the basics of creating a Project using the Enterprise Designer For more information on creating an eGate Project see the Sun SeeBeyond eGate Tutorial and the Sun SeeBeyond eGate Integrator User s Guide What s in This Chapter Sample Project Description on page 66 Steps Required to Run the Sample Project on page 71 Importing a Sample Project on page 71 Building Deploying an
13. and call the performAddAttributesValues method If the modification is successful performAddAttributesValues returns true Otherwise an LDAPApplicationException exception is thrown or false is returned How It Works If values are specified for an attribute and the attribute does not exist for the entry the attribute and values are added for that entry If values are specified for an attribute and the attribute does exist for the entry only the values are added to the attribute An LDAPApplicationException exception is thrown if no value s are specified for an attribute Note Attempting to add an existing value results in an AttributelnUseException exception RemoveAttributesValues node Used to specify the entry to modify and the attributes or values you want to remove from the specified entry To remove attributes or values from an entry specify the options the name of the entry to modify the attributes and values and call the performRemoveAttributes Values method If the modification is successful performRemoveAttributesValues returns true Otherwise an LDAPApplicationException exception is thrown or false is returned How It Works If values are specified for an attribute the values are removed If all the values of the attribute are removed the attribute itself is also removed To remove an attribute do not specify any values for that attribute Instead specify the attribute name you want to remove Note Att
14. oE EventQueue o Events Qed STCNotificationEvent EventType Q Gd NewaAttributes O BR STCAttribute amp NewName O E oldattributes O BR STCAttribute L OldName SearchFilter L SearchScope EF RemoveEntry RenameEntry a Search TimestampSearch TisExtension oa javaCollabDefLDAP 0000 javaCollabDefLDAP Figure 11 shows that the subnodes under NewAttributes and OldAttributes are identical in form to the subnodes under the STCEntry subnode They also function in the same way See Table 13 for details on these subnodes Persistent Search Limitations The Persistent Search control feature has the following limitations Works only against the Sun ONE server as OpenLDAP and Active Directory on Windows 2000 Windows NET supports this control does not support persistent search control On Sun ONE when an object is renamed or removed only the old object name is returned by Persistent Search The Sun ONE Directory server does not return the attributes of the removed object or the attributes of the old object before renaming This problem is a shortcoming in the server Windows 2000 does not support Persistent Search control Windows NET however does support this control Sun SeeBeyond eWay LDAP Adapter User s Guide 51 Sun Microsystems Inc Chapter 4 Using the LDAP OTD Section 4 1 LDAP OTD Node Structure LDAP Version 3 Controls and Extensions LDAP versio
15. off You can use an incomplete domain host name for example https localhost 444 or a complete domain host name for example https localhost stc com 444 and get a positive response in each case If Verify hostname is set to True Host name checking between the requested URL and the server certificate is turned on If you use an incomplete domain host name for example https localhost 444 you can get the exception java io IOException HTTPS hostname wrong You must use a complete domain host name for example https localhost stc com 444 If the Java SDK version used by the Logical Host and the corresponding Logical Host property setting do not match you can get the exception java lang ClassCastException Sun SeeBeyond eWay LDAP Adapter User s Guide 35 Sun Microsystems Inc Chapter 3 Section 3 5 Setting LDAP eWay Properties eWay External Properties 35 eWay External Properties The eWay External System consists of the following properties categories Configuring Connection Section Properties on page 36 Configuring the Security SSL Section Properties on page 37 Configuring the Connection Retry Settings on page 42 Configuring the Connection Pool Settings on page 42 351 Configuring Connection Section Properties The LDAP eWay Connection Section Properties allow you to define the connection to the LDAP system Note The Connection section is new in LDAP version 5 1 2 If you are upgrading a projec
16. ModifyEntry subnode called Replace Values Figure 10 shows the ModifyEntry node in its expanded form Figure 10 ModifyEntry Node a input IS LDAPClient_1 E AddEntry m CompareEntry E ModityEntry O E addattributesValues ies EntryOptions IgnoreAttributelDCase OrderAttributeValues E stcentry O Ge Attributes O BR STCAttribute Name Q EF RemoveAttributesValues ies EntryOptions IgnoreAttributelDCase OrderAttributeValues E stcentry O ER Attributes L Name o Ge ReplaceValues ir EntryOptions IgnoreAttributelDCase OrderAttributeWalues E stcentry ER Attributes Name javaCollabDefLDAP i javaCollabDefLDAP In Figure 10 the subnodes under the STCEntry nodes are identical in form to the subnodes under STCEntry in the AddEntry node They also function in the same way See Table 13 for details on these subnodes Table 15 explains the nodes and fields exposed on the ModifyEntry node Sun SeeBeyond eWay LDAP Adapter User s Guide 48 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Table 15 ModifyEntry Node Name Description AddAttributesValues node Used to specify the entry to modify and the attributes or values you want to add to the specified entry To add attributes or values to an entry specify the options the name of the entry to modify the attributes and values
17. Search node in its expanded form Sun SeeBeyond eWay LDAP Adapter User s Guide 54 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Figure 14 Search Node ies Search E LDAPSearchControls Controls PageControlCriticality PageSize Sortattributes SortControlCriticality o E SearchOptions ir AttributesSelection L AttributesList ContextName CountLimit ReturningObjFlag SearchFilter SearchScope EEEE E TimeLimit Q rs SearchResults 2 MoreResults irs Result Name E STCAttributes O BR STCAttribute Name E stcvalues BR STCValue o ByteValue Figure 14 shows that the subnodes under Result are identical in form to the subnodes under the STCEntry subnode They also function in the same way See Table 13 on page 46 for details on these subnodes The Search node has the following subnodes LDAPSearchControls SearchOptions SearchResults It has the following method performSearch To perform a search first specify any LDAP search controls to use then the search options such as the search filter and finally call the performSearch method Upon successfully calling the performSearch method you retrieve the results of the search by using the SearchResults node LDAPSearchControls LDAP version 3 provides a way of extending functionality through the use of controls Sun SeeBeyond eWay LDAP Adapter User s Guide 55 Su
18. been copied to the Environment If you are upgrading a project from version 5 1 0 or 5 1 1 please refer to the 5 1 0 or 5 1 1 to 5 1 2 Upgrade Procedures on page 18 Sun SeeBeyond eWay LDAP Adapter User s Guide 31 Sun Microsystems Inc Chapter 3 Setting LDAP eWay Properties Section 3 4 eWay Connectivity Map Properties Table 7 LDAP eWay Security SSL Settings Name Description Required Value JSSE Provider Class Specifies the fully qualified name of the JSSE provider class For more information see the Sun Microsystems Java site at http java sun com The name of a valid JSSE provider class the default is com sun net ssl internal ssl Provider If you are running the Integration Server on AIX specify com ibm jsse IBMJSSEProvider KeyStore Specifies the default KeyStore file The keystore is used for key certificate management when establishing SSL connections A valid package location there is no default KeyStore password Specifies the default KeyStore password The password is used to access the KeyStore used for key certificate management when establishing SSL connections there is no default KeyStore type Allows you to specify the default KeyStore type The keystore type is used for key certificate management when establishing SSL connections If the KeyStore type is not specified the default KeyStore type JKS is used KeyStore username The user n
19. cn John Doe mail johndoe sun com mail jdoe stc com telephoneNumber 471 6000 x 1234 Each part of the descriptive information such as an employee s name is known as an attribute In the example above the Common Name cn attribute represents the name of the employee The other attributes are mail and telephoneNumber Each attribute can have one or more values For example an employee entry may contain a mail attribute whose values are johndoe sun com and jdoe stc com In the previous example the mail attribute contains two mail values 1 1 2 LDAP Directory Structure The organization of a directory is a tree structure The topmost entry in a directory is known as the root entry This entry normally represents the organization that owns the directory Entries at the higher level of hierarchy represent larger groupings or organizations Entries under the larger organizations represent smaller organizations that make up the larger ones The leaf nodes or entries of the tree structure represent the individual persons or resources 113 Distinguished Names and Relative Distinguished Names An entry is made up of a collection of attributes that have a unique identifier called a distinguished name DN A DN consists of a name that uniquely identifies the entry at that hierarchical level In the example above John Doe and Jane Doe are different common names cn that identify different entries at that same level A DN is als
20. com stc connector ldapadapter utils RCFUtil list samplercf txt Listing entries in the referral credentials file Enter username gt gt test Enter password gt gt test 1 gt localhost stc com 389 cn Manager dc stc dc com 1 ZRticfNKc C temp gt c ICAN510 edesigner jdk bin java cp stcldap13 jar com stc connector ldapadapter utils RCFUtil list decrypt samplercf txt Listing entries in the referral credentials file Enter username gt gt test Enter password gt gt test 1 gt localhost stc com 389 cn Manager dc stc dc com secret Other operations such as removing a credential entry and modifying a credential entry for an entry can be done using the RCF utility in the same way The following example shows the content of a credentials file samplercf txt with explanatory comments This properties file was generated by com stc connector ldapadapter utils RCFUtil Do NOT modify this file by hand if you don t understand the nature or format of this file Use the utility to create and manage this file Tue Feb 14 17 49 17 PST 2006 password P9He6eCUY6Q localhost stc com 389 test P9He6eCUY60 username test New credentials entry that was created 345 Configuring the Security SSL Section Properties The LDAP eWay Security SSL Section Properties are used to set the basic security features for SSL Note The Security SSL section in LDAP version 5 1 2 has
21. command line utility Follow Allows you to select whether referrals Select yes or no the default is returned by an LDAP server must be yes Enter the desired value as followed follows Yes Follow referrals No Referrals are not followed 344 Additional Referrals Section Notes Following are additional notes related to the properties found in the Referrals section Handling Search Referrals A referral is an entity used to redirect a client s request to another server A referral contains the names and locations of other objects It is sent by the server to indicate that the information the client has requested can be found at another location or locations possibly at another server or several servers When you execute a search operation you may encounter a referral entry which is just a pointer to where that information can be found The pointer is usually in a form similar to the Provider URL configuration of the eWay It consists of the following components Host name Sun SeeBeyond eWay LDAP Adapter User s Guide 27 Sun Microsystems Inc Chapter 3 Setting LDAP eWay Properties Port number Context name optional Section 3 4 eWay Connectivity Map Properties You have the following options when you encounter a referral Ignore Ignore the referral Follow Follow the referral that is connect to the referred system and continue the search operation Throw Throw a referral
22. files are uploaded with the eWay s documentation SAR file and then downloaded from the Installer s Documentation tab The LDAP_SampleProject_510 file contains the various sample Project ZIP files Sun SeeBeyond eWay LDAP Adapter User s Guide 71 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project Note Make sure you save all unsaved work before importing a Project 2 From the Enterprise Designer s Project Explorer pane right click the Repository and select Import Project from the shortcut menu The Import Manager appears 3 Browse to the directory that contains the sample Project ZIP file Select the sample file and click Import 4 Click Close after successfully importing the sample Project s4 Building Deploying and Running the Sample Project The following provides step by step instructions for manually creating the LDAP_SampleProject_510 sample Project Steps required to create the sample project include Creating a Project on page 72 Creating the OTDs on page 72 Creating the Collaboration Definitions Java on page 73 Create the Collaboration Business Rules on page 73 Creating a Connectivity Map on page 77 Binding the eWay Components on page 78 Creating an Environment on page 79 Configuring the eWays on page 80 Creating and Starting the Domain on page 82 Building and Deploying the Project on page 83 Running the Sample on p
23. is SunX509 If you are running manager factories the Integration Server on AIX specify IbmX509 346 Additional Security SSL Property Notes Listed below are additional notes for the following Security SSL section properties SSL Connection Type on page 34 Verify Hostname on page 35 SSL Connection Type Make sure that the SSL properties including security certificate installation port number and so on are set correctly for the current LDAP server Transport Layer Security TLS is a protocol that guarantees privacy and data integrity between client server applications communicating over the Internet The TLS operation for this eWay supports both secure and nonsecure communication on the same connection However some LDAP servers are required to start on a configured nonsecure port and cannot start on a secure port For details see the appropriate documentation for the LDAP server TLS on Demand A feature of LDAP version 3 StartTLS extended operation which is supported in Java SDK version 1 4 and later Selecting this option allows you to establish an SSL connection on demand programmatically Note Ifyou are using the TLS on Demand option the ProviderURL property must point to a nonsecure LDAP port the default is 389 After selecting this option whenever secure communication is required you must place any method call to the LDAP server between startTLS and stopTLS calls which can be accessed via the L
24. ldapsearch_ldapsearch_1 getSearchoptions getScope map for int i 0 i lt ldapsearch_ldapsearch_1 getSearchoptions getReturnattributes c ountAttribute i Sun SeeBeyond eWay LDAP Adapter User s Guide 75 Sun Microsystems Inc Chapter 5 Reviewing the Sample Project Sun SeeBeyond eWay LDAP Adapter User s Guide Section 5 4 Building Deploying and Running the Sample Project map AttributesSelection addAttribute Attribute i LDAPClient_1 getSearch getSearchOptions getAttributesSelection addAttribute ldapsearch_ldapsearch_1 getSearchoptions getReturnattributes g etAttribute i map logger debug Page Size is Pagesize logger debug Page Size is ldapsearch_ldapsearch_1 getSearchcontrols getPagecontrol getPa gesize map Copy Sortattributes to SortAttributes LDAPClient_1 getSearch getLDAPSearchControls setSortAttributes ldapsearch_ldapsearch_1 getSearchcontrols getSortcontrol getSo rtattributes map Copy new Boolean Sortcriticality to SortControlCriticality LDAPClient_1 getSearch getLDAPSearchControls setSortControlCri E ticality new Boolean ldapsearch_ldapsearch_1 getSearchcontrols getSortcontrol getSo rtcriticality booleanValue map Copy Integer parseInt Page
25. lt iDAPClient_1 getSearch getSearchResults getResult getSTCAttr ibutes countSTCAttribute il il 1 map for int 12 0 i2 lt LDAPClient_1 getSearch getSearchResults getResult getSTCAttr ibutes getSTCAttribute il getSTCValues countSTCValue i2 i2 1 map Copy Name to attributeName 76 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project attributeName LDAPClient_1 getSearch getSearchResults getResult getSTCAttr ibutes getSTCAttribute il getName map Copy STCValue i2 to value value LDAPClient_1 getSearch getSearchResults getResult getSTCAttr ibutes getSTCAttribute il getSTCValues getSTCValue i2 map Copy Entry Name is entryName n to output output Entry Name is entryName n map Copy Attribute Name is attributeName n to output output Attribute Name is attributeName n map Copy StringValue to output output LDAPClient_1 getSearch getSearchResults getResult getSTCAttr ibutes getSTCAttribute il getSTCValues getSTCValue i2 getStringValue map Copy n to output output n catch Exception e map logger debug Exception thrown while fetching results e logger debug Exception thrown while fetching results e map Copy output
26. one of several client APIs available in order to access the directory service 115 Referrals The native APIs developed for the LDAP eWay query the results of a search based on specified criteria The search results may consist of a number of referrals A referral is an entity that is used to redirect a client s request to another server A referral contains the names and locations of other objects For example an LDAP server sends a referral to the client to indicate that the information that the client has requested can be found at another location or locations possibly at another server or several servers The referral contains the URL of the LDAP server that holds the actual entry The LDAP URL contains the server s host port and an object s DN For instructions on how to set the eWay properties for referrals see Configuring the Referrals Section Properties on page 27 Sun SeeBeyond eWay LDAP Adapter User s Guide 8 Sun Microsystems Inc Chapter 1 Section 1 2 Introducing the LDAP eWay About the LDAP eWay 12 About the LDAP eWay This section describes the general information about the LDAP eWay and its operation with Sun SeeBeyond eGate Integrator also referred throughout this book as eGate Integrator 121 eWay General Operation The LDAP eWay enables eGate to exchange data with an LDAP directory on an LDAP server The eWay consists of two components an LDAP connector and an LDAP Object Type Definition OTD The OTD
27. to Text FileClient_1 setText output map FileClient_1 write FileClient_1 write 545 Creating a Connectivity Map The Connectivity Map provides a canvas for assembling and configuring a Project s components Steps required to create a new Connectivity Map 1 From the Project Explorer tree right click the new LDAP_SampleProject_510 Project and select New gt Connectivity Map from the shortcut menu 2 The New Connectivity Map appears and a node for the Connectivity Map is added under the Project on the Project Explorer tree labeled CMap1 Rename this project to be CMap Populating the Connectivity Map Add the Project components to the Connectivity Map by dragging the icons from the toolbar to the canvas Each Connectivity Map in the LDAP_SampleProject_510 sample Project requires the following components File External Application x2 LDAP External Application Sun SeeBeyond eWay LDAP Adapter User s Guide 77 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project Service Any eWay added to the Connectivity Map is associated with an External System To establish a connection to LDAP first select LDAP as an External System to use in your Connectivity Map Steps required to select a LDAP External System 1 Click the External Application icon on the Connectivity Map toolbar 2 Select the external systems n
28. using Start TLS extension Sample Project Components The LDAP_SampleProject_510 sample Project includes the following components File external application inbound File eWay FileIn File external application outbound File eWay FileOut Business logic implementation employs a Java based Collaboration eGate Service component for processing data LDAP_Service External LDAP system LDAP eWay LDAP_System Sun SeeBeyond eWay LDAP Adapter User s Guide 68 Sun Microsystems Inc Chapter 5 Section 5 1 Reviewing the Sample Project Sample Project Description Sample Project Operation The sample Project operates as follows FileIn The external file system inbound File eWay provides query and selection instructions to the inbound File eWay this eWay gets a text file containing the instructions and passes them to a Java based Collaboration Service LDAP_Service LDAP_Service The LDAP_Service sends instructions to the desired LDAP system via the LDAP eWay LDAP_Service also receives the information from the LDAP system via the LDAP eWay then sends it to a File eWay FileOut LDAP_System The LDAP eWay handles inbound and outbound communication with this system FileOut The external file system outbound File eWay that receives the query information another File eWay writes the received information to a text file on this system The following illustration shows how this scenario operates Figure
29. utilizes the connector to connect to a particular LDAP server By connecting to an LDAP server the eWay enables eGate to search compare and modify an LDAP directory using the LDAP protocol The eWay utilizes the LDAP OTD to perform these functions This OTD carries LDAP information through eGate and allows the information to be processed by eGate s Java based Collaborations See Figure 2 for a general diagram of the architecture of the LDAP eWay Figure 2 LDAP eWay Architecture Java based Collaboration LDAP Server LDAP Database In addition the LDAP OTD exposes the application programming interface API for accessing the LDAP directory The LDAP OTD enables you to create Java based Sun SeeBeyond eWay LDAP Adapter User s Guide 9 Sun Microsystems Inc Chapter 1 Section 1 3 Introducing the LDAP eWay What s New in This Release Collaboration Definitions that execute LDAP operations for example searching an LDAP directory adding entries to the directory and modifying entries in the directory A given instance of an LDAP OTD uses only one instance of an LDAP connector You can use as many instances of the LDAP OTD in a single data exchange scenario as necessary 122 Java Naming and Directory Interface The LDAP eWay uses Sun Microsystem s Java Naming and Directory Interface JNDI LDAP provider This set of APIs allows a Java program to store objects and look up objects using multiple naming services in a sta
30. which is of type java lang String ClearAttributes does not take any arguments and removes any attributes added SearchOptions Node Fields Table 19 explains the fields exposed on the SearchOptions node Table 19 SearchOptions Node Field Name Description ContextName Used to set the root of the search in the directory The context name is relative to the context specified in the eWay s ProviderURL property If the context name is not set correctly the eWay is not able to properly resolve the context name relative to the initial connection Example of a context name ou MyOrg where ou MyOrg is relative to Idap myldapserver1 389 dc acme dc com In this case ou MyOrg dc acme dc com is the DN CountLimit Defines the maximum number of entries that can be returned on a search result SearchFilter Used to specify the search filter for the search and is of type String The basic search syntax is Attribute Operator Value Where Attribute is one of the possible attributes that an entry may have Operator defines the comparison value such as Value is a value that an attribute may have Example cn John Doe In the example cn is the attribute is the operator and John Doe is the value The search filter specifies for entries where the attribute cn is equal to John Doe For more information see SearchFilter Binary Operators on page 59 and SearchFilter Boolean Operators on page 60 Note
31. 1 2 Sun SeeBeyond LDAP eWay Adapter changes include copying Connection and Security sections from the Connectivity Map properties window to the LDAP External System Environment properties window This change improves backwards compatibility support for eGate eXchange or other Sun SeeBeyond products which use the LDAP eWay 231 5 0 x to 5 1 2 Upgrade Procedures There are no special requirements when importing 5 0 x projects into 5 1 2 Standard ICAN 5 0 project migration procedures apply under these conditions Refer to ICAN 5 0 Project Migration Procedures on page 16 for more details 232 5 1 0 or 5 1 1 to 5 1 2 Upgrade Procedures There are new versions of the Configuration templates used in 5 1 2 For previous 5 1 0 or 5 1 1 projects that are imported or going through an in place upgrade to the latest version the Configuration template will be upgraded during design time or build time At design time when you open the Connectivity Map or Environment properties window a warning window appears see Figure 3 on page 19 and the Configuration Sun SeeBeyond eWay LDAP Adapter User s Guide 18 Sun Microsystems Inc Chapter 2 Section 2 3 Installing the LDAP eWay Java CAPS 5 1 0 and 5 1 1 Upgrade Procedures template automatically upgrades The Connection and Security sections in the Connectivity Map retain the original values from previous 5 1 x version Both sections in the Environment properties window are populated with default values
32. 20 Sample Project Scenario LDAP System 513 XML File Naming Conventions The sample input XML files are also named according to the performed operation Each file name ends with the two letter code for the directory server to which the data pertains as follows AD Active Directory OL OpenLDAP SO Sun ONE For example the input_ldapmodify_replaceattr_SO xml file is used with the modify operation to replace an attribute This type of operation must be used with the Sun ONE directory server Place these XML files in the desired location and set properties for the input File eWay accordingly For more information see Configuring the eWay Properties on page 81 Sun SeeBeyond eWay LDAP Adapter User s Guide 69 Sun Microsystems Inc Chapter 5 Section 5 1 Reviewing the Sample Project Sample Project Description 514 Sample Project Directory Structure Running the sample Project requires entering the input data into the directory server using the LDIF files found in the input_data folder Sending data to a prescribed location requires creating the following directory structure Active Directory Location Data LDIF ActiveDirectory Files Idap_AD ldif creates top level nodes Idap_AD_adduser ldif adds users to the top level nodes OpenLDAP Location Data LDIF OpenLDAP Files Idap_openldap ldif Sun ONE Location Data LDIF SunOne Files Idap_sunone ldif For complete upload procedures refer to the appro
33. A critical control cannot be ignored by the server In other words if the server receives a critical control that it does not support regardless of whether the control makes sense for the operation if the operation is not performed an OperationNotSupportedException is thrown Note Microsoft Active Directory requires the PagedResultsControl or else only a maximum of 1000 entries are returned even if there are more than 1000 entries Once the controls are set subsequent searches send the control information to the server To remove the controls use the removeSortControlAttributes or removePagedResultsControl method from the pop up box on the LDAPSearchControls node After a control is removed subsequent searches do not send the information for removed control to the server SearchOptions The SearchOptions node specifies the search criteria such as the scope of the search and the search filter AttributesSelection Under the SearchOptions node the AttributesSelection node is used to restrict which attributes can be returned on a search AttributesSelection is a collection of attribute IDs names you can manage using the following methods Sun SeeBeyond eWay LDAP Adapter User s Guide 56 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure AddAttribute takes an attribute name as an argument of type java lang String RemoveAttribute also takes an attribute name as an argument
34. DAP OTD Sun SeeBeyond eWay LDAP Adapter User s Guide 34 Sun Microsystems Inc Chapter 3 Section 3 4 Setting LDAP eWay Properties eWay Connectivity Map Properties In the following example the call to performAddEntry goes through a secure communication channel but the call to performRename goes through a nonsecure plain communication channel startTLS performAddEntry stopTLS performRename Make sure that the TLS settings in addition to the SSL settings are configured correctly for the current LDAP server Note Using the stopTLS method may cause unexpected behavior with some LDAP servers You may need to remove the use of this method in your Collaboration Definitions For example you cannot use the stopTLS method when connecting to a Sun ONE Directory server For details see the appropriate documentation for the LDAP server For information on how to use this feature with the LDAP OTD see TlsExtension Node on page 64 Verify Hostname Under some circumstances you can get different Java exceptions depending on whether you set this property to True or False This section explains what causes these exceptions For example suppose the host name in the URL is localhost and the host name in the server certificate is localhost stc com Then the following conditions apply Note Note If Verify hostname is set to False Host name checking between the requested URL and the server certificate is turned
35. N510 edesigner jdk bin java cp stcldap13 jar com stc connector ldapadapter utils RCFUtil add samplercf txt Adding a referral credentials entry Enter username gt gt test Enter password gt gt test Enter LDAP Host gt gt localhost stc com Enter LDAP Port gt gt 389 Enter the Principal gt gt cn Manager dc stc dc com Enter the Credentials gt gt secret Done To view the contents of the credentials file 1 To view LDAP Server connection info in a referral file called samplercf txt enter the following parameters on the command line lt edesigner_home gt jdk bin java cp stcldap13 jar com stc connector ldapadapter utils RCFUtil list samplercf txt 2 Username and password are required to access the file Provide the user name and password given for creating the file previously 3 The entries in the file are listed as shown in the following single entry example Sun SeeBeyond eWay LDAP Adapter User s Guide 30 Sun Microsystems Inc Chapter 3 Section 3 4 Setting LDAP eWay Properties eWay Connectivity Map Properties 1 gt localhost stc com 389 cn Manager dc stc dc com 1 ZRticfNKc 4 The password is encrypted To display the password in its decrypted form add decrypt to the previous command The output becomes 1 gt localhost stc com 389 cn Manager dc stc dc com secret For example C temp gt c ICAN510 edesigner jdk bin java cp stcldap13 jar
36. OUT 2 The Configuration properties window opens displaying the default properties for the eWay Sun SeeBeyond eWay LDAP Adapter User s Guide 23 Sun Microsystems Inc Chapter 3 Section 3 3 Setting LDAP eWay Properties Configuring the eWay Environment Properties Figure 5 Outbound eWay Properties TRE Hee k m e Connection Connector Type LDAP Connector Referrals Connector Class com stc connector dapadapter LDAPEwayConnection Security LEO ssl Description Connector Connector Comments Connector Properties Cancel 33 Configuring the eWay Environment Properties The eWay Environment Configuration properties contain parameters that define how the eWay connects to and interacts with other eGate components within the Environment When you create a new LDAP External System you may configure the type of External System required To Configure the Environment Properties 1 In Enterprise Explorer click the Environment Explorer tab 2 Expand the Environment created for the LDAP Project and locate the LDAP External System Note For more information on creating an Environment see the eGate Integrator Tutorial 3 Right click the External System created for the LDAP Project and select Properties from the list box The Environment Configuration Properties window appears Sun SeeBeyond eWay LDAP Adapter User s Guide 24 Sun Microsystems Inc Chapter 3 Section 3 4 Se
37. P Adapter User s Guide 10 Sun Microsystems Inc Chapter 1 Section 1 4 Introducing the LDAP eWay What s In this Document What s New in Version 5 1 1 There are no new features in this release What s New in Version 5 1 The LDAP eWay no longer requires manually importing the stcldap14 jar file to properly catch the following exception message com stc connector appconn ldap LDAPApplicationException Version Control An enhanced version control system allows you to effectively manage changes to the eWay components Multiple Drag and Drop Component Mapping from the Deployment Editor The Deployment Editor now allows you to select multiple components from the Editor s component pane and drop them into your Environment component Support for Runtime LDAP Configuration eWay configuration properties now support LDAP key values MDB Pool Size Support Provides greater flow control throttling by specifying the maximum and minimum MDB pool size Connection Retry Support Allows you to specify the number of attempts to reconnect and the interval between retry attempts in the event of a connection failure Connectivity Map Generator Generates and links your Project s Connectivity Map components using a Collaboration or Business Process 14 What s In this Document This document includes the following chapters Chapter 1 Introducing the LDAP eWay Provides an overview description of the LDAP eWay as we
38. P OTD has the following components The LDAPClient OTD itself which exposes the structures and methods The Java classes which implement those structures and methods This chapter provides an overview of LDAP then explains the LDAP OTD in detail including how to use the LDAP OTD to build a Java based Collaboration Definition for accessing an LDAP directory Figure 7 shows an example of the LDAP OTD in the eGate Enterprise Designer s Collaboration Editor Java window Figure 7 LDAP OTD in Enterprise Designer 2 IS input IS LDAPClient_1 O ER AddEntry i CompareEntry O Bb ModifyEntry o i PersistentSearch o i RemoveEntry o i RenameEntry o i Search o i TimestampSearch L TisExtension oa javaCollabDefLDAP javaCollabDefLDAP The rest of the chapter provides the general outline of the OTD and the methods and properties exposed on each node For a more detailed description of each method in the OTD see the Javadoc 412 LDAP Root Node LDAPClient is the root node and provides a graphical representation of the interface Expanding the node and each subnode reveals all the methods on the interface which are themselves represented as nodes 413 AddEntry Node The AddEntry node is used to add entries to a directory When adding an entry there are different options available To add an entry specify the name of the entry to add RDN relative to the initial context the attributes and values for each a
39. SCOPE ou Groups cn John Doe cn Jane Doe ONELEVEL_SCOPE tells the eWay to search for entries one level below the named object See Figure 16 Sun SeeBeyond eWay LDAP Adapter User s Guide 58 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Figure 16 ONELEVEL_SCOPE Diagram Starting Point dc sun com Root dc sun com ou Groups cn John Doe cn Jane Doe Scope is ONELEVEL_SCOPE SUBTREE_SCOPE tells the eWay to search for all entries starting from the named object and all descendants below the named object See Figure 17 Figure 17 SUBTREE_SCOPE Diagram Starting Point dc sun com ou Groups cn John Doe cn Jane Doe Scope is SUBTREE_SCOPE SearchFilter Binary Operators Binary operators that can be used in a filter expression are listed in Table 21 Sun SeeBeyond eWay LDAP Adapter User s Guide 59 Sun Microsystems Inc Chapter 4 Using the LDAP OTD Note Operator Section 4 1 LDAP OTD Node Structure Not all servers support all the operators described in this guide See your LDAP server administrator for information on which search operators are supported by your system Table 21 Search Filter Binary Operators Comments Example Retrieves entries that have a particular attribute equaling the specified value
40. SUN SEEBEYOND eWAY LDAP ADAPTER USER S GUIDE Release 5 1 2 sS Re SUN microsystems Copyright 2006 Sun Microsystems Inc 4150 Network Circle Santa Clara California 95054 U S A All rights reserved Sun Microsystems Inc has intellectual property rights relating to technology embodied in the product that is described in this document In particular and without limitation these intellectual property rights may include one or more of the U S patents listed at http www sun com patents and one or more additional patents or pending patent applications in the U S and in other countries U S Government Rights Commercial software Government users are subject to the Sun Microsystems Inc standard license agreement and applicable provisions of the FAR and its supplements Use is subject to license terms This distribution may include materials developed by third parties Sun Sun Microsystems the Sun logo Java Sun Java Composite Application Platform Suite SeeBeyond eGate elnsight eVision eTL eXchange eView elndex eBAM eWay and JMS are trademarks or registered trademarks of Sun Microsystems Inc in the U S and other countries All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International Inc in the U S and other countries Products bearing SPARC trademarks are based upon architecture developed by Sun Microsystems Inc UNIX is a registered trademark in the U S and oth
41. Sample Project Steps Required to Run the Sample Project If any of these logical rules is violated the system throws an exception Order of Operations It is recommended that you run the sample Project in the following order of operations Add Search compare or modify add attribute replace attribute and remove attribute Rename Remove You can run Persistent Search and Timestamp Search at any time but these operations are only triggered by changes in the database resulting from a particular event 52 Steps Required to Run the Sample Project The following steps are required to run the sample projects contained in the LDAPeWayDocs sar file 1 Enter the input data into the directory server using the LDIF files found in the input_data folder For instructions on creating the required file structure see Sample Project Directory Structure on page 70 2 Import the sample Projects 3 Build deploy and run the sample Projects You must do the following before you can run an imported sample Project Create an Environment Configure the eWays Create a Deployment Profile Create and start a domain Deploy the Project 4 Check the output 53 Importing a Sample Project Sample eWay Projects are included as part of the installation package To import a sample eWay Project to the Enterprise Designer do the following 1 Extract the samples from the Java Composite Applicaton Platform Suite Installer to a local file Sample
42. The search filter syntax is described by RFC 2254 For more information refer to this RFC on http www ietf org SearchScope The scope or boundary of the search See SearchOptions Scopes on page 58 for details TimeLimit Used to specify the time out in milliseconds for a search If the search exceeds the set time limit performSearch returns without results returnObjFlag Used to set the boolean flag to enable disable returning objects returned as part of the result Sun SeeBeyond eWay LDAP Adapter User s Guide 57 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure SearchOptions Scopes This section explains the scope parameters OBJECT_SCOPE ONELEVEL_SCOPE and SUBTREE_SCOPE Each figure shows a dotted box highlighting the scope and the entries covered for that scope parameter To specify the scope of the search enter one of the values shown in Table 20 for the appropriate OTD field node Table 20 Search Options Scope Parameters Value Parameter 0 OBJECT_SCOPE 1 ONELEVEL_SCOPE 2 SUBTREE_SCOPE The following list explains these parameters OBJECT_SCOPE tells the eWay to search only within the named object defined with ContextName Using this scope essentially compares the named object for some particular attribute and or value See Figure 15 Figure 15 OBJECT_SCOPE Diagram Starting Point dc seebeyond com and scope is OBJECT_
43. User s Guide 73 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project In this sample Project the Collaboration receives query and selection instructions from the external file system Fileln This information is then passed to the LDAP system via the LDAP eWay The external file system FileOut then writes the received information to a text based file on the system The SearchCollab Collaboration contains the Business Rules displayed in Figure 21 Figure 21 SearchCollab Business Rules BB SearohCollab O receive Copy Loggen SearchCollab to logger lt gt logger info SearchCollab H A java lang String output new String Ta Copy new String to variable output E Idapsearch_Idapsearch_1 unmarshalFromString T ext lt gt Idapsearch_Idapsearch_1 unmarshalFromString input Text LD Copy Entryname to ContextName lt gt Copy Idapsearch_Idapsearch_1 Entryname to LDAPClient_1 Search SearchOptions ContextName LD Copy Searchfilter to SearchFilter lt gt Copy Idapsearch_Idapsearch_1 Searchoptions Searchfilter to LDAPClient_1 Search SearchOptions SearchFilter 1ogger debugt Count Limit is Countlimit lt gt logger debugt Count Limit is Idapsearch_Idapsearch_1 Searchoptions Countlimit HE map gt If ldapsearch_ldapsearch_1 Searchoptions Countlimit is not equal to null H logger debugt Time Limit is Timelimit
44. aboration Definition you can write the Business Rules using the Collaboration Editor Steps required to create the Collaboration 1 From the Project Explorer right click the sample Project and select New gt Collaboration Definition Java from the shortcut menu The Collaboration Definition Wizard Java appears Enter a Collaboration Definition name for this sample SearchCollab and click Next For Step 2 of the wizard from the Web Services Interfaces selection window double click Sun SeeBeyond gt eWays gt File gt FileClient gt receive The File Name field now displays receive Click Next For Step 3 of the wizard from the Select OTDs selection window double click LDAP_SampleProject_510 gt otdALL gt Idapsearch_Idapsearch The Idapsearch_ldapsearch OTD is added to the Selected OTDs field Click the Up One Level button twice to return to the Repository Double click Sun SeeBeyond gt eWays gt File gt FileClient The Selected OTDs field now lists the FileClient_1 OTD Click the Up One Level button and select LDAP gt LDAPClient The Selected OTDs field now lists the LDAPClient_1 OTD Click Finish The Collaboration Editor with the new SearchCollab Collaboration appears in the right pane of the Enterprise Designer 544 Create the Collaboration Business Rules The next step in the sample is to create the Business Rules of the Collaboration using the Collaboration Editor Sun SeeBeyond eWay LDAP Adapter
45. age 83 54 1 Creating a Project The first step is to create a new Project in the Enterprise Designer 1 Start the Enterprise Designer 2 From the Project Explorer tree right click the Repository and select New Project A new Project Project1 appears on the Project Explorer tree 3 Click twice on Project1 and rename the Project for this sample LDAP_SampleProject_510 542 Creating the OTDs The sample Project requires an OTD to interact with the LDAP eWay Sun SeeBeyond eWay LDAP Adapter User s Guide 72 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project Steps required to create an LDAP OTD 1 Right click your new Project in the Enterprise Designer s Project Explorer and select New gt Object Type Definition The New Object Type Definition Wizard window appears Select DTD from the list of OTD Wizards and click Next Browse to the location of the DTD files included in the LDAP_SampleProject_510 file and select the Idapsearch dtd file located in the Input_Data gt SearchEntry folders Click Next The Idapsearch_Idapsearch becomes a highlighted document element Click Next The Select OTD Options window appears Click Finish to create the OTD 543 Creating the Collaboration Definitions Java The next step is to create Collaboration Definitions Java or JCDs using the Collaboration Definition Wizard Java Once you create a Coll
46. ain Manager appears If you have already created a domain select your domain in the Domain Manager and click the Start an Existing Domain button Once your domain is started a green check mark indicates that the domain is running 4 If there are no existing domains a dialog box indicates that you can create a domain now Click Yes The Create Domain dialog box appears 5 Make any necessary changes to the Create Domain dialog box and click Create The new domain is added to the Domain Manager Select the domain and click the Start an Existing Domain button Once your domain is started a green check mark indicates that the domain is running For more information about creating and managing domains see the eGate Integrator System Administration Guide Sun SeeBeyond eWay LDAP Adapter User s Guide 82 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project 5 4 11 Building and Deploying the Project The Build process compiles and validates the Project s Java files and creates the Project EAR file Build the Project 1 From the Deployment Editor toolbar click the Build icon 2 If there are any validation errors a Validation Errors pane will appear at the bottom of the Deployment Editor and displays information regarding the errors Make any necessary corrections and click Build again 3 After the Build has succeeded you are ready to deploy your Project Deplo
47. alue Connector Type Lists the type of connector The default is LDAP Connector Connector Class Lists the Connector class The default connector class is com stc connector ldapadapte r LDAPEwayConnection 342 Configuring Connection Section Properties The LDAP eWay Connection Section Properties allow you to define the connection to the LDAP system Note The Connection section in LDAP version 5 1 2 has been copied to the Environment If you are upgrading a project from version 5 1 0 or 5 1 1 please refer to the 5 1 0 or 5 1 1 to 5 1 2 Upgrade Procedures on page 18 Table 4 LDAP eWay Connection Settings Name Description Required Value Authentication Allows you to select the authentication to be used none or simple Select the desired authentication as follows None No authentication that is an anonymous log on If you use this setting ensure that the LDAP server supports anonymous log ons Simple Authentication is based on a user name and password You must provide the user name and password in the appropriate fields Principal and Credentials Select none or simple the default is none Credentials Allows you to enter the credentials needed when using an authentication mechanism other than anonymous log in authentication none The appropriate credentials in the form of a valid password InitialContextFactory Allows you to enter the factory t
48. ame for accessing the keystore used for key certificate management when establishing SSL connections Note If the keystore type is PKCS12 or JKS the keystore user name property is not used PKCS12 and JKS keystore types require passwords for access but do not require user names If you enter a value for this property it is ignored for PKCS12 and JKS Sun SeeBeyond eWay LDAP Adapter User s Guide 32 Sun Microsystems Inc Chapter 3 Setting LDAP eWay Properties Section 3 4 eWay Connectivity Map Properties Table 7 LDAP eWay Security SSL Settings Name Description Required Value SSL Connection Type Allows you to specify the type of SSL connection to be used Select None Enable SSL or TLS On Demand Enter the desired value as follows None No SSL simple plain connection Enable SSL SSL is enabled All communication to the LDAP server uses a secure communication channel Note If you are using the Enable SSL option the ProviderURL property must point to a secure LDAP port the default is 636 For additional information on required values for this property see SSL Connection Type on page 34 SSL Protocol The SSL protocol to use when establishing an SSL connection with the LDAP server See your JSSE documentation for information on your Logical Host s platform Select TLS TLSv1 SSLv3 SSLv2 or SSL TrustStore Specifies the default TrustStore The T
49. assword whose value is equal to jdoepassword If the specified entry does not have matching attributes and values then peformCompare returns false An LDAPApplicationException exception is thrown if there were other internal errors Example Comparing an entry that does not exist in the directory results in an LDAPApplicationException exception thrown because of a NameNotFoundException internal exception EntryName field The DN of the entry to compare TimeLimit field Used to specify the time out in milliseconds for a compare operation If the operation exceeds the set time limit performCompare returns without results 416 ModifyEntry Node You can use the ModifyEntry node to modify an existing entry in a directory You can make the following modifications to an entry Add any attribute to an entry Add any value to any attribute of an entry Sun SeeBeyond eWay LDAP Adapter User s Guide 47 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Remove any attribute from an entry Remove any value from any attribute of an entry Replace all existing values of any attribute with any new value for an entry Adding attributes and values is accomplished by using the ModifyEntry subnode called AddAttributes Values Removing attributes and values is accomplished by using the ModifyEntry subnode called RemoveAttributes Values Replacing values is accomplished by using
50. ception java lang ClassCastException Sun SeeBeyond eWay LDAP Adapter User s Guide 41 Sun Microsystems Inc Chapter 3 Section 3 5 Setting LDAP eWay Properties eWay External Properties 354 Configuring the Connection Retry Settings The LDAP eWay Connection Retry Settings properties include the following parameters Table 10 LDAP External eWay Properties Connection Retry Settings Name Description Required Value Maximum Retries Maximum number of retries to establish a There is no required value connection upon failure to acquire one The default value is 5 Retry Interval The number of Milliseconds to wait Any valid number The default between connection retries value is 10000 355 Configuring the Connection Pool Settings The LDAP eWay Connection Pool Settings properties include the following parameters Table 11 LDAP External eWay Properties Connection Pool Settings Name Description Required Value Steady Pool Size The minimum number of connections The default value is 1 that must be maintained in the pool Maximum Pool Size The maximum number of connections The default value is 10 allowed in the pool 0 zero indicates that there is no maximum Maximum Idle The maximum time in Seconds that a The default value is 300 Timeout connection can remain idle in the pool Zero indicates that there is no limit Sun SeeBeyond eWay LDAP Adapter User s Guide 42 Sun Microsyst
51. ct see Table 24 for details on this node s structure 4112 TlsExtension Node The TlsExtension node allows you to start and stop a StartTLS extended operation The StartTLS extended operation is a feature of LDAP version 3 which is supported in the Java Software Developer s Kit SDK version 1 4 and later This feature allows you to establish an SSL connection on demand programmatically To use this feature you must call the LDAP server between startTLS and stopTLS method calls You can access these methods by right clicking the TlsExtension node and selecting the desired method from the pop up box To enable this option you must also set the TLS On Demand eWay property Security SSL SSL Connection Type See SSL Connection Type on page 34 for details and an example Sun SeeBeyond eWay LDAP Adapter User s Guide 64 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure 4 1 13 STCNotificationEvent Nodes This node is used as a container for the results returned by the PersistentSearch and TimestampSearch operations The STCNotificationEvent nodes consist of subnodes as shown in Table 24 Table 24 STCNotificationEvent Nodes Name Description EventType The type of event returned as the current result The values can be 0 Object added a new object was added to the directory 1 Object removed an object was removed from the directory 2 Object renamed
52. d Running the Sample Project on page 72 s1 Sample Project Description The LDAP sample Project demonstrates how the LDAP eWay processes information from a LDAP system The resulting information is then written to a text file The LDAP_eWay_Sample zip file contains sample Project data that provides basic instruction on creating a Collaborations that retrieves search results from XML based input files The ZIP file contains the following input_data folder LDAP_SampleProject_510 zip 5 1 1 input_data Folder When you extract the sample Project file you get an additional folder called input_data This folder contains the following LDAP Operations Folders The input_data folder contains a set of folders named for the types of LDAP operations add remove and so on The folder for each operation contains at least one DTD file used for the input data format and multiple XML files Sun SeeBeyond eWay LDAP Adapter User s Guide 66 Sun Microsystems Inc Chapter 5 Section 5 1 Reviewing the Sample Project Sample Project Description Directory Structure Files The input_data folder also contains a number of directory structure files required to run the LDAP Project For additional information see Sample Project Directory Structure on page 70 A listing of files found in the input_data folder is seen in Table 25 below Table 25 input_data Folder Items Folder Type Files AddEntry Operations Folder input_Idapadd_AD x
53. dapter User s Guide 53 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Figure 13 RenameEntry Node RenameEntry NewName OldName a Search a TimestampSearch TisExtension Mapper Table 17 describes the fields exposed on the RenameEntry node Table 17 RenameEntry Node Field Name Description OldName The entry s existing name Before calling the performRename method set the OldName field NewName The entry s new name Before calling the performRename method set the NewName field Upon successfully renaming the entry the performRename method returns true otherwise false is returned An exception is thrown if any other internal errors have occurred For example renaming an entry that does not exist in the directory results in an LDAPApplicationException exception because of a NameNotFoundException internal exception 4110 Search Node The Search node is specific to operations that are done once the eWay is connected to the LDAP server The Search node corresponds to performing searches for an entry or multiple entries of the LDAP directory To perform a search you specify the name context or starting entry for the search the search scope or the boundaries to which the search is limited and some search criteria known as a search filter The Search node its subnodes and fields are explained in the rest of this section Figure 14 shows the
54. dex A AddEntry node 44 alert codes 20 Automap 81 B binding dialog box 79 C Collaboration editor 73 Collaboration Editor Java 44 CompareEntry node 46 configuring Sybase eWay 22 conventions text 12 D Deployment Profile Automap 81 directory structure sample Project 70 document scope 11 E eWay Connectivity Map 23 25 eWay environment properties 24 eWay plug ins installing 20 external properties eWay 36 extracting Javadocs 16 Importing sample Projects 71 input data 66 installation 14 21 Installing eWay plug ins 20 LDAP 14 Sun SeeBeyond eWay LDAP Adapter User s Guide 84 migration procedures 16 Repository on UNIX 14 sample Projects and Javadocs 16 J Javadocs 16 Javadocs installing 16 L LDAP 55 eWay operation 9 LDAP definition 6 LDAP eWay Project implementing 66 LDAP OTD Node Structure 43 LDAP overview directory structure 7 distinguished names and relative distinguished names 7 entries attributes and values 6 LDAP service and LDAP client 8 referrals 8 LDAP Root Node 44 LDAP Service and LDAP Client 8 LDAPSearchControls 55 M migration procedures 16 ModifyEntry node 47 N naming and directory interface Java 10 node structure LDAP OTD 44 O OTD Node Structure AddEntry node 44 CompareEntry node 46 LDAP Version 3 controls and extensions 52 LDAPSearchControls 55 ModifyEntry node 47 persistent search limitations 51 PersistentSearch Node 50 RemoveEntry n
55. eBeyond eWay LDAP Adapter User s Guide 80 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project Configuring the eWay Properties Steps required to configure the eWay properties 1 Double click the FileIn eWay and modify the following property for your system Input File Name lt filename gt fin 2 Double click the FileOut eWay and modify the following property for your system Output File Name LDAP_output d dat 3 Double click the LDAP_System eWay and modify the following properties under the Connection section for your system Provider URL The LDAP server and port number you are using Authentication Set this if your server does not accept anonymous login In this case you may also need to set the Principle and Credentials fields Steps required to configure the Environment Explorer properties 1 From the Environment Explorer tree right click the File External System esFileClient in this sample and select Properties The Properties Editor opens to the File eWay Environment configuration 2 Modify the Parameter settings as required for your Environment and click OK Note To run this sample Project you do not need to change the default Environment Configuration properties of the LDAP External Note See Setting LDAP eWay Properties for additional configuration properties of the LDAP eWay 549 Creating the Deployment Profile A Deployment Pr
56. ecessary to create your Project for this sample LDAP and File Icons representing the selected external systems are added to the Connectivity Map toolbar 3 Rename the following components and then save changes to the Repository File1 to FileIn File2 to FileOut LDAP1 to LDAP_System 5 46 Binding the eWay Components The final step in creating a Connectivity Map is binding the eWay components together Steps required to manually bind eWay components together 1 Double click a Connectivity Map in this example CMap in the Project Explorer tree The CMap Connectivity Map appears in the Enterprise Designers canvas 2 Drag and drop the SearchCollab Collaboration from the Project Explorer to LDAP_Service The Service icon gears change from red to green 3 Double click LDAP_Service The LDAP_Service Binding dialog box appears 4 Map the input FileClient under Implemented Services to the FileIn File External Application To do this drag the FileClient OTD in the LDAP_Service Binding dialog box to the FileIn External Application in the Connectivity Map A link is now visible between FileIn and FileClient 5 From the same Binding dialog box map FileClient under Invoked Services to the FileOut External Application A link is now visible between FileOut and FileClient 6 From the same Binding dialog box map LDAPClient to the LDAP_System External Application as seen in Figure 22 Sun SeeBeyond eWay LDAP Adapter User
57. empting to remove a nonexistent value or attribute results in NoSuchAttributeException exception Sun SeeBeyond eWay LDAP Adapter User s Guide 49 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Table 15 ModifyEntry Node Continued Name Description ReplaceValues node Used to specify the entry to modify and the values for each of the attributes you want to replace To replace the values of an attribute for an entry specify the options the name of the entry to modify the attribute and values and call the performReplaceValues method If the modification is successful performReplaceValues returns true Otherwise an LDAPApplicationException exception is thrown or false is returned All existing values of an attribute are replaced by the newly specified values EntryOptions node Used to specify options when you are adding or removing attributes and or values to from an entry The following options can be set IgnoreAttributelDCase This field tells the eWay to ignore the case sensitivity of the defined attribute IDs names This field is of type Boolean set this field to true to ignore case sensitivity or false to NOT ignore case sensitivity The default value is true OrderAttributeValues This field tells the eWay to order the values for each attribute It is of type Boolean Set this field to true to order the values of each attribute or false to ignore the
58. ems Inc Chapter 4 Using the LDAP OTD This chapter explains the LDAP OTD that allows the LDAP eWay to communicate with LDAP The chapter also gives details on the OTD node structure including the nodes available methods and properties their applications and how to use them What s in This Chapter LDAP OTD Node Structure on page 43 41 LDAP OTD Node Structure This section explains the LDAP OTD node structure and layout focusing on the subnodes of the OTD s root node These subnodes and the sections that explain them are LDAP Root Node on page 44 AddEntry Node on page 44 STCEntry Subnode on page 45 CompareEntry Node on page 46 ModifyEntry Node on page 47 PersistentSearch Node on page 50 RemoveEntry Node on page 53 RenameEntry Node on page 53 Search Node on page 54 TimestampSearch Node on page 63 TIsExtension Node on page 64 STCNotificationEvent Nodes on page 65 This section also explains subnodes and their features under these nodes where necessary Sun SeeBeyond eWay LDAP Adapter User s Guide 43 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure 411 Node Structure Overview The LDAP OTD LDAPClient exposes the Application Programming Interfaces APIs for accessing an LDAP directory in the eGate Java based Collaboration environment It is an uneditable read only OTD The LDA
59. er countries exclusively licensed through X Open Company Ltd This product is covered and controlled by U S Export Control laws and may be subject to the export or import laws in other countries Nuclear missile chemical biological weapons or nuclear maritime end uses or end users whether direct or indirect are strictly prohibited Export or reexport to countries subject to U S embargo or to entities identified on U S export exclusion lists including but not limited to the denied persons and specially designated nationals lists is strictly prohibited Copyright 2006 Sun Microsystems Inc 4150 Network Circle Santa Clara California 95054 Etats Unis Tous droits r serv s Sun Microsystems Inc d tient les droits de propri t intellectuels relatifs a la technologie incorpor e dans le produit qui est d crit dans ce document En particulier et ce sans limitation ces droits de propri t intellectuels peuvent inclure un ou plus des brevets am ricains list s a l adresse http www sun com patents et un ou les brevets suppl mentaires ou les applications de brevet en attente aux Etats Unis et dans les autres pays L utilisation est soumise aux termes de la Licence Cette distribution peut comprendre des composants d velopp s par des tierces parties Sun Sun Microsystems le logo Sun Java Sun Java Composite Application Platform Suite Sun SeeBeyond eGate elnsight eVision eTL eXchange eView elndex eBAM et eWay sont des marqu
60. es de fabrique ou des marques d pos es de Sun Microsystems Inc aux Etats Unis et dans d autres pays Toutes les marques SPARC sont utilis es sous licence et sont des marques de fabrique ou des marques d pos es de SPARC International Inc aux Etats Unis et dans d autres pays Les produits portant les marques SPARC sont bas s sur une architecture d velopp e par Sun Microsystems Inc UNIX est une marque d pos e aux Etats Unis et dans d autres pays et licenci e exclusivement par X Open Company Ltd Ce produit est couvert la l gislation am ricaine en mati re de contr le des exportations et peut tre soumis la r glementation en vigueur dans d autres pays dans le domaine des exportations et importations Les utilisations ou utilisateurs finaux pour des armes nucl aires des missiles des armes biologiques et chimiques ou du nucl aire maritime directement ou indirectement sont strictement interdites Les exportations ou r exportations vers Les pays sous embargo am ricain ou vers des entit s figurant sur Les listes d exclusion d exportation am ricaines y compris mais de mani re non exhaustive la liste de personnes qui font objet d un ordre de ne pas participer d une fa on directe ou indirecte aux exportations des produits ou des services qui sont r gis par la l gislation am ricaine en mati re de contr le des exportations et la liste de ressortissants sp cifiquement d sign s sont rigoureusement interdites Part Number
61. eters are empty then code generation will ignore the Environment sections and use both configuration sections from the Connectivity Map for connection Sun SeeBeyond eWay LDAP Adapter User s Guide 19 Sun Microsystems Inc Chapter 2 Section 2 4 Installing the LDAP eWay Installing Enterprise Manager eWay Plug Ins 24 Installing Enterprise Manager eWay Plug Ins The Sun SeeBeyond Enterprise Manager is a Web based interface that allows you to monitor and manage your Java Composite Application Platform Suite applications The Enterprise Manager requires an eWay specific plug in for each different eWay you install These plug ins enable the Enterprise Manager to target specific alert codes for each eWay type The Composite Application Platform Suite Installation Guide describes how to install Enterprise Manager The Sun SeeBeyond eGate Integrator System Administration Guide describes how to monitor servers Services logs and alerts using the Enterprise Manager and the command line client The eWay Enterprise Manager plug ins are available from the List of Components to Download under the Suite Installer s DOWNLOADS tab The plug in required for LDAP is listed as the LDAP eWay Enterprise Manager Plug in The following steps are required to install eWay plug ins into the Enterprise Manager 1 From the Enterprise Manager s Explorer toolbar click the Configuration icon 2 Click the Web Applications Manager tab go to the Auto Insta
62. exception which can be caught by the client and action taken as needed With the LDAP eWay you have the following properties you must set to work with referrals Credentials File Enter a fully qualified path to a file This file must contain the appropriate referral credentials information this file has to be generated using the RCF command line utility as explained later in this section Follow Yes or No Default is Yes The scenarios shown in Table 6 can arise depending on the properties provided for the referrals and the behavior of the eWay as explained for each of these scenarios Table 6 Referral Scenarios Follow Setting Credentials File eWay Operation Follow is set to Yes The credentials file is not provided The eWay uses the original credentials user name and password provided for the initial server and tries to connect to the referred system The connection may fail if the referred system does not have the same credentials The credentials file is provided and has the credentials entry for the referred host The connection to the initial server is configured to throw LdapReferralException when a referral is encountered which is subsequently caught by eWay The eWay then establishes the connection to the referred system using the credentials information provided in the credentials file The credentials file provided does not have the credentials entry for the referred ho
63. ger and move it to the Selected Projects field by clicking the Add to Select Items arrow button or click All to include all of your Projects Sun SeeBeyond eWay LDAP Adapter User s Guide 16 Sun Microsystems Inc Chapter 2 Section 2 2 Installing the LDAP eWay ICAN 5 0 Project Migration Procedures 4 Inthe same manner select the Environment that you want to export in the left pane of the Export Manager and move it to the Selected Environments field by clicking the Add to Select Items arrow button or click All to include all of your Environments 5 Browse to select a destination for your Project ZIP file and enter a name for your Project in the ZIP file field 6 Click Export to create the Project ZIP file in the selected destination Install Sun Java Composite Application Platform Suite 7 Install the Sun Java Composite Application Platform Suite including all eWays libraries and other components used by your ICAN 5 0 Projects 8 Start the Sun SeeBeyond Enterprise Designer Import the Project 9 From the Enterprise Designer s Project Explorer tree right click the Repository and select Import Project from the shortcut menu The Import Manager appears 10 Browse to and select your exported Project file 11 Click Import A warning message Missing APIs from Target Repository may appear at this time This occurs because various product APIs were installed on the ICAN 5 0 Repository when the Project was created that a
64. he Environment Editor Right click envLDAPProj and select File External System Name the External System esFileClient Click OK esFileClient is added to the Environment Editor Right click envLDAPProj and select Logical Host The LogicalHost1 box is added to the Environment and LogicalHost1 is added to the Environment Editor tree Right click LogicalHost1 and select Integration Server A new Integration Server IntegrationSvr1 is added to the Environment Explorer tree under LogicalHost1 Sun SeeBeyond eWay LDAP Adapter User s Guide 79 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project Figure 23 Environment Editor envLDAPProj RepositoryName HEAD ER envLDAPProj i esLDAP esFileClient L j E IntegrationSvr1 8 Save your current changes to the Repository 5 48 Configuring the eWays eWays facilitate communication and movement of data between the external applications and the eGate system The Connectivity Map in the sample Project uses three eWays represented as nodes between the External Applications and the Business Process as seen in Figure 24 You must configure eWay properties in both the Connectivity Map and the Environment Explorer Figure 24 eWays in the cmDelete Connectivity Map LDAP_System eWay au ue Fileln eWay N LDAP_System P_ Service Filein LDA FileOut eWay FileOut Sun Se
65. hrough 4 above in Installing the LDAP eWay on a Java CAPS system on page 14 2 Once your product s installation is finished open the Enterprise Designer and select Update Center from the Tools menu The Update Center Wizard appears 3 For Step 1 of the wizard simply click Next 4 For Step 2 of the wizard click the Add All button to move all installable files to the Include in Install field then click Next 5 For Step 3 of the wizard wait for the modules to download then click Next 6 The wizard s Step 4 window displays the installed modules Review the installed modules and click Finish 7 When prompted restart the IDE Integrated Development Environment to complete the installation Sun SeeBeyond eWay LDAP Adapter User s Guide 15 Sun Microsystems Inc Chapter 2 Section 2 2 Installing the LDAP eWay ICAN 5 0 Project Migration Procedures After Installation Once you install the eWay it must then be incorporated into a Project before it can perform its intended functions See the Sun SeeBeyond eGate Integrator User s Guide for more information on incorporating the eWay into an eGate Project 212 Extracting the Sample Projects and Javadocs The LDAP eWay includes sample Projects and Javadocs The sample Projects are designed to provide you with a basic understanding of how certain LDAP operations are performed using the eWay while Javadocs provide a list of classes and methods exposed in the eWay Steps to ext
66. ile fetching results e L finally L E Copy output to Text H lt gt Copy output to FileClient_1 Text H D FileClient_1 write lt gt FileClient_1 write Sample code from the SearchCollab Includes package LDAP _SampleProject_510 public class SearchCollab Sun SeeBeyond eWay LDAP Adapter User s Guide 74 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project public com stc codegen logger Logger logger public com stc codegen alerter Alerter alerter public com stc codegen util CollaborationContext collabContext public com stc codegen util TypeConverter typeConverter public void receive com stc connector appconn file FileTextMessage input com stc connector appconn file FileApplication FileClient_1 com stc connector appconn ldap LDAPClientApplication LDAPClient_1 ldapsearch Ldapsearch ldapsearch_ldapsearch_1 throws Throwable map Copy Logger SearchCollab to logger logger info SearchCollab map java lang String output new String String output new String map ldapsearch _ldapsearch_1 unmarshalFromString Text ldapsearch_ldapsearch_1 unmarshalFromString input getText map Copy Entryname to ContextName LDAPClient_1 getSearch getSearchOptions setContextName ldapsearch_ldapsearch_1 getEn
67. lease specify the operation RCFUtil Interactive command line utility for creating and managing file s containing credentials information to follow LDAP referrals File s generated can be used by the Java LDAP eWay for following referrals that required credentials different from those used to create the connection to the initial LDAP server Usage java com stc connector ldapadapter utils RCFUtilOPTIONS lt filename gt OPTIONS create Create a new referral credentials file add Add an entry to the referral credentials file list Print a list of entries in the referral credentials file remove Remove an entry from the referral credentials file modify Modify an entry in the referral credentials file decrypt When displaying credentials decrypt the credentials username lt username gt Specify the username if not specified it ll be prompted password lt password gt Specify the password if not specified it ll be prompted help Print this usage filename The full path to the referral credentials file 3 To create a new referral file called samplercf txt enter the following parameters on the command line lt edesigner_home gt jdk bin java cp stcldap13 jar com stc connector ldapadapter utils RCFUtil create samplercf txt Sun SeeBeyond eWay LDAP Adapter User s Guide 29 Sun Microsystems Inc Chapter 3 Section 3 4 Setting LDAP eWay Proper
68. ll as high level information about this document Chapter 2 Installing the LDAP eWay Describes the system requirements and provides instructions for installing the LDAP eWay Chapter 3 Setting LDAP eWay Properties Provides instructions for configuring the eWay to communicate with LDAP Chapter 4 Using the LDAP OTD Provides instructions for creating Object Type Definitions to be used with the LDAP eWay Chapter 5 Reviewing the Sample Project Provides instructions on using LDAP eWay operations in the Java Collaboration Definition JCD 141 Scope This document describes the process of installing configuring and running the LDAP eWay Sun SeeBeyond eWay LDAP Adapter User s Guide 11 Sun Microsystems Inc Chapter 1 Section 1 5 Introducing the LDAP eWay Sun Microsystems Inc Web Site This document does not cover the Java methods exposed by this eWay For information on the Java methods download and view the LDAP eWay Javadoc files from the Enterprise Manager 142 Intended Audience This guide is intended for experienced computer users who have the responsibility of helping to set up and maintain a fully functioning Java Composite Application Platform Suite system This person must also understand any operating systems on which the Java Composite Application Platform Suite will be installed Windows and UNIX and must be thoroughly familiar with Windows style GUI operations 143 Text Conven
69. ll from Repository sub tab and connect to your Repository 3 Select the application plug ins you require and click Install The application plug ins are installed and deployed Alternately you can install eWay plug ins using the following steps 1 From the Suite Installer s Download tab select the Plug Ins you require and save them to a temporary directory 2 From the Enterprise Manager s Explorer toolbar click the Configuration icon 3 Click the Web Applications Manager tab and go to the Manage Applications sub tab 4 Browse for and select the WAR file for the application plug in that you downloaded and click Deploy The plug in is installed and deployed Viewing Alert Codes You can view and delete alerts using the Enterprise Manager An Alert is triggered when a specified condition occurs in a Project component The purpose of the Alert is to warn the administrator or user that a condition has occurred To View the eWay Alert Codes 1 Add the eWay Enterprise Manager plug in for this eWay 2 From the Enterprise Manager s Explorer toolbar click the Configuration icon 3 Click the Web Applications Manager tab and go to the Manage Alert Codes sub tab Your installed eWay alert codes display under the Results section Sun SeeBeyond eWay LDAP Adapter User s Guide 20 Sun Microsystems Inc Chapter 2 Section 2 4 Installing the LDAP eWay Installing Enterprise Manager eWay Plug Ins For information on Managing and M
70. ml input_Idapadd_OL xml input_Idapadd_SO xml Idapadd dtd CompareEntry Operations Folder input_Idapcompare_AD xml input_Idapcompare_OL xml input_Idapcompare_SO xml Idapcompare dtd LDIF gt Active Directory Directory structure folder Idap_AD ldif Idap_AD_adduser ldif LDIF gt OpenLDAP Directory structure folder Idap_openldap ldif LDIF gt SunOne Directory structure folder Idap_sunone ldif ModifyEntry Operations Folder input_Idapmodify_addattr_AD xml input_Idapmodify_addattr_OL xml input_Idapmodify_addattr_SO xml input_Idapmodify_removeattr_AD xml input_Idapmodify_removeattr_OL xml input_Idapmodify_removeattr_SO xml input_Idapmodify_replaceattr_AD xml input_Idapmodify_replaceattr_OL xml input_Idapmodify_replaceattr_SO xml PersistentSearch Operations Folder input_Idappersistentsearch_SO xml Idappersistentsearch dtd RemoveEntry Operations Folder input_Idapremove_AD xml input_Idapremove_OL xml input_Idapremove_SO xml Idapremove dtd RenameEntry Operations Folder input_Idaprename_AD xml input_Idaprename_OL xml input_Idaprename_SO xml Idaprename dtd SearchEntry Operations Folder input_Idapsearch_AD xml input_Idapsearch_OL xml input_Idapsearch_SO xml Idapsearch dtd TimestampSearch Operations Folder input_timestampsearch_SO xml Idaptimestampsearch dtd Sun SeeBeyond eWay LDAP Adapter User s Guide 67 Sun Microsystems Inc Section 5 1 Chapter 5 Sample Project Description
71. n 3 provides ways of extending functionality via controls special operations like Persistent Search control or LDAP extensions that is a user specified extended functionality Not all LDAP servers support these features Earlier versions do not support them at all and version 3 only supports a given control or extension if it has been implemented Before using a control or extension be sure to find out whether the LDAP server supports the control or extension being used In addition do not enable a particular control extension if the LDAP server does not support it Doing so causes the eWay to fail with an LDAPApplicationException exception When you specify any control or extension the LDAP eWay first checks whether the server supports the specified feature If the server supports that control or extension the requested operation is executed If the control or extension is not supported the eWay throws the exception along with a message specifying that the specified control or extension is not supported Using Persistent Search To use Persistent Search right click on the PersistentSearch node and select the search method from the pop up box Calling this method initiates a Persistent Search operation The search method registers a listener on the LDAP server and keeps listening to events occurring on the server These events are modifications for example adding an object removing an object renaming an object or changing an object
72. n Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Note Not all LDAP servers support specific controls or extensions See LD AP Version 3 Controls and Extensions on page 52 for details Table 18 explains the fields exposed on the LD APSearchControls node Table 18 LDAPSearchControls Node Field Name Description Controls Contains a collection of controls that have been set PageControlCriticality Used to set the criticality of the PagedResultsControl The control can be set to true critical or false noncritical A critical control cannot be ignored by the server In other words if the server receives a critical control that it does not support regardless of whether the control makes sense for the operation if the operation is not performed an OperationNotSupportedException is thrown PageSize Allows you to specify the number of entries to return in a page SortAttributes Allows you to request that the results returned be sorted according to the attributes specified To use sort control set the SortAttributes field with a string consisting of attributes each separated by a pipe character Example To sort entries returned by the attribute cn followed by the attribute mail set SortAttributes with the string cn mail SortControlCriticality Allows you to set the criticality of the SortControl The control can be set to true critical or false noncritical
73. n object 415 CompareEntry Node You can use the CompareEntry to check for any existing attribute that has one or more specified values To compare an entry you specify the RDN of the entry to compare and the search filter for the comparison You can then invoke the performCompare method that returns true if the specified entry has any matching attribute with the values specified in the filter Figure 9 shows the CompareEntry node in its expanded form Sun SeeBeyond eWay LDAP Adapter User s Guide 46 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Figure9 CompareEntry Node ETS Collaboration_1 input LDAPClient_1 cS AddEntry CompareEntryOptions CompareFilter E EntryName TimeLimit E ModifyEntry mi PersistentSearch o mi RemoveEntry o i RenameEntry 2 Mapper Table 14 explains the nodes and fields exposed on the CompareEntry node Table 14 CompareEntry Node Name Description CompareEntryOptions node Used to check for the existence of any attribute that has any value CompareFilter field Consists of the attribute s and value s to search Example If EntryName is cn John Doe ou People dc acme dc com and the CompareFilter is password jdoepassword then performCompare returns true if the specified entry cn John Doe ou People dc acme dc com has an attribute called p
74. n the Project Saved parameters are shared by all eWays in the LDAP External System Properties window Note In version 5 1 2 the Connection and Security sections have been copied to the LDAP External System Environment properties window If you are upgrading a 5 1 0 or 5 1 1 project then refer to Java CAPS 5 1 0 and 5 1 1 Upgrade Procedures on page 18 for additional upgrade procedures Before setting your configurations also refer to Configuration Precedence on page 19 Note Properties set from the Collaboration will override the corresponding properties in the Connectivity Map configuration Any properties that are not overridden retain their configured default settings Sun SeeBeyond eWay LDAP Adapter User s Guide 22 Sun Microsystems Inc Chapter 3 Section 3 2 Setting LDAP eWay Properties Configuring the eWay Connectivity Map Properties 32 Configuring the eWay Connectivity Map Properties When you connect an External Application to a Collaboration Enterprise Designer automatically assigns the appropriate eWay to the link Each eWay is supplied with a template containing default configuration properties that are accessible on the Connectivity Map To configure the eWay properties 1 On the Enterprise Designer s Connectivity Map see Figure 4 double click the LDAP eWay icon The Templates window appears Figure 4 Connectivity Map with Components LDAP eWay eaLDAP G a FileClientIN cmLDAP a FileClient
75. ndard manner The JNDI is included in the Java 2 Software Developer s Kit SDK version 1 4 installed as part of eGate 123 Third Party License File Agreement A disclaimer readme file is available for review when you install the LDAP eWay The disclaimer is applicable to the jCookie Library a robust and easy to use library for client side HTTP state management in Java applications After successful installation you can view the following third party file using any text file viewer LDAPeWay_THIRDPARTYLICENSEREA DME txt Third party license files are located at repository ThirdPartyLicenses where repository indicates the folder where the eGate Repository is installed 13 What s New in This Release The eWay LDAP Adapter includes the following new features What s New in Version 5 1 2 In version 5 1 2 the Connection and Security sections have been copied to the LDAP External System Environment properties window Certain ERROR messages are now logged as DEBUG messages in server log file These errors are user data related for example LDAP error code 32 No Such Object You can review these messages by setting the Module Log Level to FINE or higher for the LDAP eWay in the Integration Server Administration console You can catch and handle LDAPApplicationException messages in your code ReturningObjFlag is added as part of SearchOptions Please refer to the Javadoc for details Sun SeeBeyond eWay LDA
76. ns For example you cannot use the stopTLS method when connecting to a Sun ONE Directory server For details see the appropriate documentation for the LDAP server For information on how to use this feature with the LDAP OTD see TlsExtension Node on page 64 Verify Hostname Under some circumstances you can get different Java exceptions depending on whether you set this property to True or False This section explains what causes these exceptions For example suppose the host name in the URL is localhost and the host name in the server certificate is localhost stc com Then the following conditions apply Note Note If Verify hostname is set to False Host name checking between the requested URL and the server certificate is turned off You can use an incomplete domain host name for example https localhost 444 or a complete domain host name for example https localhost stc com 444 and get a positive response in each case If Verify hostname is set to True Host name checking between the requested URL and the server certificate is turned on If you use an incomplete domain host name for example https localhost 444 you can get the exception java io IOException HTTPS hostname wrong You must use a complete domain host name for example https localhost stc com 444 If the Java SDK version used by the Logical Host and the corresponding Logical Host property setting do not match you can get the ex
77. ns 69 Sun Microsystems Inc
78. o LDAPClient_1 Search LDAPSearchControls PageControlCriticality H 3 Search pertormSearch lt gt LDAPClient_1 Search performSearch L G logger debug Done with Search Operation lt gt logger debugt Done with Search Operation ty amp try rules pese amp condition LDAPClient_1 Search SearchResults nextResult rules L G java lang String entryName j TAR Create uninitialized variable entryName of type String LD java lang String attributeName T El T WIsl Create uninitialized variable attributeName of type String com ste connector appconn ldap STCAttributes attributes Create uninitialized variable attributes of type STCAttributes com ste connector appconn ldap STCAttribute attribute Create uninitialized variable attribute of type STCAttribute com ste connector appconn Idap STCValues values Create uninitialized variable values of type STCValues T A El T Ol T A B T Rol T e f T wl comste connector appconn ldap STCValue value TE Create uninitialized variable value of type STCValue T A 5 f H E copy Name to entyName H lt gt Copy LDAPClient_1 Search SearchResults Result Name to entryName HA map F For Loop i1 is less than count of LDAPClient_1 Search SearchResults Result STCAttributes STCAttribute Catch Exception e rules D iogger debug Exception thrown while fetching results e lt gt logger debug Exception thrown wh
79. o a fully qualified path of names that trace the entry back to the root of the tree For example the distinguished name of the John Doe entry is cn John Doe ou People dc sun com A relative distinguished name RDN is a component of the distinguished name For example cn John Doe ou People is a RDN relative to the root RDN dc sun com DNs are used to describe the fully qualified path to an entry while an RDN is used to describe the partial path to the entry relative to another entry in the tree Figure 1 illustrates an example of an LDAP directory structure with distinguished names and relative distinguished names Sun SeeBeyond eWay LDAP Adapter User s Guide 7 Sun Microsystems Inc Chapter 1 Section 1 1 Introducing the LDAP eWay About LDAP Figure 1 LDAP Directory Structure Root dc sun com ou Groups cn John Doe cn Jane Doe Wherever necessary the LDAP OTD mimics this same directory structure 114 LDAP Service and LDAP Client A directory service is a distributed database application designed to manage the entries and attributes in a directory A directory service also makes the entries and attributes available to users and other applications OpenLDAP server is an example of a directory service Other directory services include Sun One Directory Service Sun Microsystems and Microsoft Active Directory A directory client accesses a directory service using the LDAP protocol A directory client may use
80. o be used for creating the initial context for the LDAP server By default the LDAP service provider provided by Sun as part of the Java Software Developers Kit SDK is used Sun SeeBeyond eWay LDAP Adapter User s Guide 26 A valid Java factory name the default is com sun jndi ldap LdapCtxFac tory It is recommended that you do not change this value unless you want to use an LDAP service provider other than the one provided by Sun Sun Microsystems Inc Chapter 3 Section 3 4 Setting LDAP eWay Properties eWay Connectivity Map Properties Table 4 LDAP eWay Connection Settings Name Description Required Value Principal Allows you to specify the principal The fully qualified needed when using an authentication Distinguished Name DN of mechanism other than anonymous log in the user for example authentication none CN Administrator CN Use rs DC stc dc com ProviderURL Allows you to specify the URL of the LDAP A valid URL with the protocol Server as Idap 343 Configuring the Referrals Section Properties The LDAP eWay Referrals Section Properties allow you to enter LDAP referral information Table 5 LDAP eWay Referrals Settings Name Description Required Value Credentials Allows you to specify the credentials file A valid file and path name to be used when following any referrals in available to eGate the directory The credentials file is created using the RCF
81. ode 53 RenameEntry node 53 root node 44 STCEntry subnode 45 STCNotificationEvent nodes 65 Sun Microsystems Inc Index timestamp search limitations 63 TimestampSearch node 63 TlsExtension method 64 using persistent search 52 using timestamp search 64 outbound eWay properties 26 36 outbound XA properties 31 37 P PersistentSearch node 50 Project importing 71 R Referrals Section Notes 27 RemoveEntry node 53 RenameEntry node 53 root node 44 S sample Project Active Directory folder 67 AddEntry folder 67 CompareEntry folder 67 input_data Folder 66 ModifyEntry folder 67 OpenLDAP folder 67 PersistentSearch folder 67 RemoveEntry folder 67 RenameEntry folder 67 SearchEntry folder 67 SunOne folder 67 TimestampSearch folder 67 sample Projects 16 71 sample projects installing 16 scope 11 Search node 54 SearchOptions 56 SearchResults 61 Security SSL 34 40 Setting Properties configuring LDAP eWay 22 eWay Connectivity Map 23 25 eWay environment properties 24 eWay external 36 outbound eWay 26 36 outbound XA properties 31 37 SSL Connection Type 34 40 Sybase eWay Project creating and starting a domain domain creating Sun SeeBeyond eWay LDAP Adapter User s Guide 85 and starting 82 Importing 71 running sample projects 83 Steps to run sample projects 71 T text conventions 12 TimestampSearch node 63 TlsExtension node 64 V Verify Hostname 35 41 X XML file naming conventio
82. ofile is used to assign services and message destinations to the integration server and message server Deployment profiles are created using the Deployment Editor Steps required to create the Deployment Profile 1 From the Enterprise Explorer s Project Explorer right click the LDAP_SampleProject_510 Project and select New gt Deployment Profile 2 Enter a name for the Deployment Profile for this sample dpLDAP Select envLDAPProj as the Environment and click OK 3 From the Deployment Editor toolbar click the Automap icon The Project s components are automatically mapped to their system windows as seen in Sun SeeBeyond eWay LDAP Adapter User s Guide 81 Sun Microsystems Inc Chapter 5 Section 5 4 Reviewing the Sample Project Building Deploying and Running the Sample Project Figure 25 Deployment Profile Environment envLDAPPro G Map Variables Mf Build f Deploy a Automap 5 410 Creating and Starting the Domain A domain is an instance of a Logical Host After the domain is created the Project is built and then deployed Note You are only required to create a domain once when you install the Java Composite Application Platform Suite Steps required to create and start the domain 1 Navigate to your lt JavaCAPS51 gt logicalhost directory where lt JavaCAPS51 gt is the location of your Java Composite Application Platform Suite installation 2 Double click the domainmgr bat file The Dom
83. onitoring alert codes and logs as well as how to view the alert generated by the project component during runtime see the Sun SeeBeyond eGate Integrator System Administration Guide Table 2 Alert Codes for the LDAP eWay Alert Code Description Description Details User Actions LDAP Unable to establish a LDAP server is down start CONNECTIONFAILED Failed connection to the LDAP your server to establish connection to LDAP server You have reached External configuration server on server the maximum connection information is invalid You retry limit may need to verify the following Authentication Credentials Principal Provider URL LDAP Unable to close the LDAP server is down start DISCONNECTIONFAILED Faile external system your server d to disconnect from LDAP connector and release server resources LDAP CLEANUPFAILED Failed Failed to clean up any Contact Support to clean up LDAP eWay resources or reset any connection handler state held by the LDAP eWay Connection instance LDAP INITIALIZEFAILED Failed Unable to initialize a This is a general exception to initialize LDAP eWay connection to the LDAP when a connection to LDAP connection server server is failed to initialized You may need to verify the following Connection Retry Connection Retry Interval Number of Retries External configuration information Authentication Credentials Principal and Provider URL
84. onment Properties eWay Connectivity Map Properties Configuring the Connector Section Properties Configuring Connection Section Properties Configuring the Referrals Section Properties Additional Referrals Section Notes Handling Search Referrals Configuring the Security SSL Section Properties Additional Security SSL Property Notes SSL Connection Type Verify Hostname eWay External Properties Configuring Connection Section Properties Configuring the Security SSL Section Properties Additional Security SSL Property Notes SSL Connection Type Verify Hostname Configuring the Connection Retry Settings Configuring the Connection Pool Settings Chapter 4 Using the LDAP OTD LDAP OTD Node Structure Node Structure Overview LDAP Root Node AddEntry Node STCEntry Subnode CompareEntry Node ModifyEntry Node PersistentSearch Node Persistent Search Limitations LDAP Version 3 Controls and Extensions Using Persistent Search RemoveEntry Node RenameEntry Node Search Node LDAPSearchControls SearchOptions SearchResults Sun SeeBeyond eWay LDAP Adapter User s Guide 4 22 22 23 24 25 25 26 27 27 27 31 34 34 35 36 36 37 40 40 41 42 42 43 43 44 44 44 45 46 47 50 51 52 52 53 53 54 55 56 61 Sun Microsystems Inc Contents TimestampSearch Node Timestamp Search Limitations Using Timestamp Search TisExtension Node STCNotificationEvent Nodes Chapter 5 Reviewing the Sample P
85. order of the values The default value is false STCEntry node See Table 13 performAddAttributesValues Adds attributes and or values See AddAttributesValues method node To access right click on the AddAttributesValues node and select this method from the pop up box performRemoveAttributesValues Removes attributes and or values See method RemoveAttributesValues node To access right click on the RemoveAttributesValues node and select the method from the pop up box performReplaceValuesmethod Replaces values of an attribute See ReplaceValues node To access right click on the ReplaceValues node and select the method from the pop up box 417 PersistentSearch Node The PersistentSearch node allows you to use the LDAP Persistent Search feature Persistent Search is a control supported by LDAP version 3 This control lets you track updates on the LDAP server Note For an explanation of how to use the eWay to track LDAP updates using versions without Persistent Search see TimestampSearch Node on page 63 Sun SeeBeyond eWay LDAP Adapter User s Guide 50 Sun Microsystems Inc Chapter 4 ection 4 1 Using the LDAP OTD S LDAP OTD Node Structure Figure 11 shows the PersistentSearch node in its expanded form Figure 11 PersistentSearch Node mS input IS LDAPClient_1 E AddEntry 9 E CompareEntry GE ModityEntry O a PersistentSearch ContextName EntryName
86. ors that can be used in a filter expression are listed in Table 22 Sun SeeBeyond eWay LDAP Adapter User s Guide 60 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Table 22 Search Filter Boolean Operators Operator Comments Example amp Retrieves all entries that match all amp sn Smith telephoneNumber 444 4444 the search filter criteria retrieves entries with sn equal to Smith and telephoneNumber equal to 444 4444 Retrieves entries that match one sn Smith sn Doe retrieves entries with sn or more of the search filter equal to Smith or sn equal to Doe criteria Retrieves entries that do not sn Smith retrieves all entries with the match the search filter criteria attribute sn not equal to Smith Only one search filter can be specified that is filter is allowed but filter filter is not allowed Important If AddAttributesSelection is not used all attributes are returned by default SearchResults The SearchResults node enables you to retrieve the results returned by the search This node has the following methods nextResult hasResults hasMoreResults getNextResult After performSearch has been called the resultant entries are stored internally for retrieval in SearchResults To determine whether results were returned from a search 1 Call the hasResults method which returns true if any results are ret
87. pe of SSL connection to be used Select None Enable SSL or TLS On Demand Enter the desired value as follows None No SSL simple plain connection Enable SSL SSL is enabled All communication to the LDAP server uses a secure Communication channel Note If you are using the Enable SSL option the ProviderURL property must point to a secure LDAP port the default is 636 For additional information on required values for this property see SSL Connection Type on page 34 SSL Protocol The SSL protocol to use when establishing an SSL connection with the LDAP server See your JSSE documentation for information on your Logical Host s platform Select TLS TLSv1 SSLv3 SSLv2 or SSL TrustStore Specifies the default TrustStore The TrustStore is used for CA certificate management when establishing SSL connections A valid TrustStore password there is no default TrustStore password Allows you to specify the default TrustStore password The password is for accessing the TrustStore used for CA certificate management when establishing SSL connections A valid TrustStore password there is no default TrustStore type Allows you to specify the TrustStore type of the TrustStore used for CA certificate management when establishing an SSL connection If the TrustStore type is not specified the default TrustStore type JKS is used A valid TrustStore type Sun SeeBeyond eWay
88. priate system administrator s guide for the current directory server For more information on the directory servers see the Web sites for Active Directory OpenLDAP and Sun ONE Additional Information The data and directory structure in an LDIF file provides only the basic database skeleton This structure does not include the data entry for the sample Project You must provide the appropriate input data because the result depends on the data in the LDAP database If data that does not match the LDAP database is included in or requested by the input data file the current Collaboration may fail For example if you run a search operation without running an add operation first this omission can cause the search operation to fail This failure happens because the data being searched for does not exist in the LDAP database When you are preparing an input file for a particular action you need to open the file and compare the data in the file with the data in the current LDAP database to make sure you are performing a valid operation for example Before doing an add operation make sure the desired addition has not already been done Before doing a search make sure the entry in the input file exists in the database Before doing a remove operation make sure there is a matching entry in the database to be removed Sun SeeBeyond eWay LDAP Adapter User s Guide 70 Sun Microsystems Inc Chapter 5 Section 5 2 Reviewing the
89. ract the Javadoc include 1 Click the Documentation tab of the Suite Installer then click the Add ons tab 2 Click the Sun SeeBeyond eWay LDAP Adapter link Documentation for the LDAP eWay appears in the right pane 3 Click the icon next to Javadoc and extract the ZIP file 4 Open the index html file to view the Javadoc Steps to extract the Sample Projects include 1 Click the Documentation tab of the Suite Installer then click the Add ons tab 2 Click the Sun SeeBeyond eWay LDAP Adapter link Documentation for the LDAP eWay appears in the right pane 3 Click the icon next to Sample Projects and extract the ZIP file Refer to Importing a Sample Project on page 71 for instructions on importing the sample Project into your repository via the Enterprise Designer 22 ICAN 5 0 Project Migration Procedures This section describes how to transfer your current ICAN 5 0 Projects to Sun Java Composite Application Platform Suite version 5 1 2 Only Projects developed on ICAN version 5 0 2 and above can be migrated successfully to the Sun Java Composite Application Platform Suite To migrate your ICAN 5 0 Projects do the following Export the Project 1 Before you export your Projects save your current ICAN 5 0 Projects to your Repository 2 From the Project Explorer right click your Project and select Export from the shortcut menu The Export Manager appears 3 Select the Project that you want to export in the left pane of the Export Mana
90. rchScope field The scope or boundary of the search See SearchOptions Scopes on page 58 for details 418 RemoveEntry Node The RemoveEntry node can be used to remove an entry from the directory To remove an entry specify the RDN of the entry to remove and call the performRemove method Figure 12 shows the RemoveEntry node in its expanded form Figure 12 RemoveEntry Node irs RenameEntry a Search TimestampSearch TisExtension Mapper The RemoveEntry node has the Name field You can set the name of the entry to remove in the Name field Once the name is set call the performRemove method using the pop up box to remove the specified entry from the directory If the specified entry does not exist in the directory a NameNotFoundException is thrown An exception also occurs if any other internal error happens 419 RenameEntry Node The RenameEntry node can be used to rename an existing entry with a new name To rename an entry the user specifies the RDN of the entry to rename the new RDN of the entry and call the performRename method The parent context specified by the new RDN must already exist For example if the old RDN is cn John Doe ou People and the new RDN is cn John Doe ou Staff then the parent context ou Staff must already exist in the directory or else performRename fails with an exception Figure 13 shows the RenameEntry node in its expanded form Sun SeeBeyond eWay LDAP A
91. re not installed on the Sun Java Composite Application Platform Suite Repository These APIs may or may not apply to your Projects You can ignore this message if you have already installed all of the components that correspond to your Projects Click Continue to resume the Project import 12 Close the Import Manager after the Project is successfully imported Deploy the Project 13 Anew Deployment Profile must be created for each of your imported Projects When a Project is exported the Project s components are automatically checked in to Version Control to write protected each component These protected components appear in the Explorer tree with a red padlock in the bottom left corner of each icon Before you can deploy the imported Project the Project s components must first be checked out of Version Control from both the Project Explorer and the Environment Explorer To check out all of the Project s components do the following A From the Project Explorer right click the Project and select Version Control gt Check Out from the shortcut menu The Version Control Check Out dialog box appears B Select Recurse Project to specify all components and click OK C Select the Environment Explorer tab and from the Environment Explorer right click the Project s Environment and select Version Control gt Check Out from the shortcut menu D Select Recurse Environment to specify all components and click OK S
92. roject Sample Project Description input_data Folder LDAP_SampleProject_510 zip Sample Project Components Sample Project Operation XML File Naming Conventions Sample Project Directory Structure Steps Required to Run the Sample Project Importing a Sample Project Building Deploying and Running the Sample Project Creating a Project Creating the OTDs Creating the Collaboration Definitions Java Create the Collaboration Business Rules Creating a Connectivity Map Populating the Connectivity Map Binding the eWay Components Creating an Environment Configuring the eWays Configuring the eWay Properties Creating the Deployment Profile Creating and Starting the Domain Building and Deploying the Project Running the Sample Index Sun SeeBeyond eWay LDAP Adapter User s Guide 5 63 63 64 64 65 66 66 66 68 68 69 69 70 71 71 72 72 72 73 73 77 77 78 79 80 81 81 82 83 84 Sun Microsystems Inc Chapter 1 Introducing the LDAP eWay This guide explains how to use set properties for and operate the Sun SeeBeyond eWay LDAP Adapter referred to as the LDAP eWay throughout this guide This chapter provides a brief overview of operations components general features and system requirements of the eWay What s in This Chapter About LDAP on page 6 About the LDAP eWay on page 9 What s New in This Release on page 10 What s In this Document on page 11 Sun Mic
93. rosystems Inc Web Site on page 12 Documentation Feedback on page 13 11 About LDAP LDAP Lightweight Directory Access Protocol is an Internet protocol for accessing information directories A directory service is a distributed database application designed to manage the entries and attributes in a directory LDAP runs over TCP IP LDAP allows clients to access different directory services based on entries It makes the entries along with their attributes and values available to users and other applications on a controlled access basis The LDAP OTD provides access to the operations available via the LDAP protocol To give you a better understanding of these operations and how they are implemented in the OTD this section briefly summarizes how LDAP works 111 Entries Attributes and Values An LDAP directory has entries that contain information pertaining to some entity Each of the entry s attributes has a name and one or more values The names of attributes are most often mnemonic strings such as cn for common name or mail for e mail address Sun SeeBeyond eWay LDAP Adapter User s Guide 6 Sun Microsystems Inc Chapter 1 Section 1 1 Introducing the LDAP eWay About LDAP For example a company may have an employee directory Each entry in the employee directory represents an employee The employee entry contains such information as the name e mail address and phone number as shown in the following example
94. rustStore is used for CA certificate management when establishing SSL connections A valid TrustStore password there is no default TrustStore password Allows you to specify the default TrustStore password The password is for accessing the TrustStore used for CA certificate management when establishing SSL connections A valid TrustStore password there is no default TrustStore type Allows you to specify the TrustStore type of the TrustStore used for CA certificate management when establishing an SSL connection If the TrustStore type is not specified the default TrustStore type JKS is used A valid TrustStore type Sun SeeBeyond eWay LDAP Adapter User s Guide 33 Sun Microsystems Inc Chapter 3 Section 3 4 Setting LDAP eWay Properties eWay Connectivity Map Properties Table 7 LDAP eWay Security SSL Settings Name Description Required Value Verify hostname Determines whether the host True or False the default is False name verification is done on the server certificate during the SSL For additional information on required handshake values for this property see Verify Hostname on page 35 You can use this property to enforce strict checking of the server host name in the request URL and the host name in the received server certificate X509 Algorithm Specifies the X509 algorithm The name of a valid X509 algorithm the Name name to use for the trust and key default
95. ry It is recommended that you do not change this value unless you want to use an LDAP service provider other than the one provided by Sun Principal Allows you to specify the principal needed when using an authentication mechanism other than anonymous log in authentication none The fully qualified Distinguished Name DN of the user for example CN Administrator CN Use rs DC stc dc com ProviderURL Allows you to specify the URL of the LDAP Server A valid URL with the protocol as Idap 35 2 Configuring the Security SSL Section Properties The LDAP eWay Security SSL Section Properties are used to set the basic security features for SSL Note The Security SSL section is new in LDAP version 5 1 2 If you are upgrading a project from version 5 1 0 or 5 1 1 please refer to the 5 1 0 or 5 1 1 to 5 1 2 Upgrade Procedures on page 18 Table 9 LDAP eWay Security SSL Settings Name Description Required Value JSSE Provider Class Specifies the fully qualified name of the JSSE provider class For more information see the Sun Microsystems Java site at http java sun com The name of a valid JSSE provider class the default is com sun net ssl internal ssl Provider If you are running the Integration Server on AIX specify com ibm jsse IBMJSSEProvider KeyStore Specifies the default KeyStore A valid package location there is no file The keystore is used for ke
96. size to PageSize LDAPClient_1 getSearch getLDAPSearchControls setPageSize Integer parsetInt ldapsearch_ldapsearch_1 getSearchcontrols getPagecontrol getPa gesize map Copy new Boolean Pagecriticality to PageControlCriticality LDAPClient_1 getSearch getLDAPSearchControls setPageControlCri ticality new Boolean ldapsearch_ldapsearch_1 getSearchcontrols getPagecontrol getPa gecriticality booleanValue map Search performSearch LDAPClient_1 getSearch performSearch map logger debug Done with Search Operation logger debug Done with Search Operation map try try map while LDAPClient_1 getSearch getSearchResults nextResult map java lang String entryName String entryName map java lang String attributeName String attributeName map com stc connector appconn ldap STCAttributes attributes com stc connector appconn ldap STCAttributes attributes map com stc connector appconn ldap STCAttribute attribute com stc connector appconn ldap STCAttribute attribute map com stc connector appconn ldap STCValues values com stc connector appconn ldap STCValues values map com stc connector appconn ldap STCValue value com stc connector appconn ldap STCValue value map Copy Name to entryName entryName iDAPClient_1 getSearch getSearchResults getResult getName map for int il 0 il
97. st The connection to the initial server is configured to throw LdapReferralException when a referral is encountered which is subsequently caught by the eWay The eWay then establishes the connection to the referred system using an anonymous login The connection may fail if the referred system does not allow an anonymous log in Follow is set to No There is no credentials file Referrals are not followed that is the eWay ignores any referral To create a credentials file you can use the Referral Credentials File RCF command line utility Sun SeeBeyond eWay LDAP Adapter User s Guide 28 Sun Microsystems Inc Chapter 3 Section 3 4 Setting LDAP eWay Properties eWay Connectivity Map Properties Note Running the RCF utility on the command line without any parameters displays how to use the utility To create a credentials file using the RCF utility 1 The file to be used for the RCF utility are located at the following locations lt edesigner_home gt usrdir modules ext ldapadapter stcldap13 jar or lt edesigner_home gt usrdir modules ext ldapadapter stcldap14 jar 2 Copy and paste one of the above files to a folder and run the utility from this folder as follows lt edesigner_home gt jdk bin java cp stcldap13 jar com stc connector ldapadapter utils RCFUtil The following menu displays C temp gt java cp stcldap13 jar com stc connector ldapadapter utils RCFUtil P
98. t from version 5 1 0 or 5 1 1 please refer to the 5 1 0 or 5 1 1 to 5 1 2 Upgrade Procedures on page 18 Table 8 LDAP eWay Connection Settings Name Description Required Value Authentication Allows you to select the authentication to Select none or simple the be used none or simple Select the default is none desired authentication as follows None No authentication that is an anonymous log on If you use this setting ensure that the LDAP server supports anonymous log ons Simple Authentication is based on a user name and password You must provide the user name and password in the appropriate fields Principal and Credentials Credentials Allows you to enter the credentials The appropriate credentials needed when using an authentication in the form of a valid mechanism other than anonymous log in password authentication none Sun SeeBeyond eWay LDAP Adapter User s Guide 36 Sun Microsystems Inc Chapter 3 Setting LDAP eWay Properties Section 3 5 eWay External Properties Table 8 LDAP eWay Connection Settings Name Description Required Value InitialContextFactory Allows you to enter the factory to be used for creating the initial context for the LDAP server By default the LDAP service provider provided by Sun as part of the Java Software Developers Kit SDK is used A valid Java factory name the default is com sun jndi ldap LdapCtxFac to
99. tResult getSTCAttribute i getSTCValue j getStringValue 41 11 TimestampSearch Node The TimestampSearch node allows you to track updates on an LDAP server that does not support Persistent Search control see PersistentSearch Node on page 50 The node s operation uses the timestamp of the entries to track the updates Figure 19 shows the TimestampSearch node in its expanded form Figure 19 TimestampSearch Node mja input IS LDAPClient_1 E AddEntry a CompareEntry ModifyEntry a PersistentSearch RemoveEntry a RenameEntry a Search a TimestampSearch ContextName Ge EventQueue 2 Events BR STCNotificationEvent amp EventType E Newsttributes O BR STCAttribute NewName E oldattributes O BR STCAttribute OldName E L SearchScope TisExtension oa javaCollabDefLDAP javaCollabDefLDAP Timestamp Search Limitations The Timestamp Search feature has the following limitations Does not notify about the removal of objects because this mechanism depends on the timestamp of the entry Does not work against Active Directory because Active Directory uses the local time zone instead of the standard GMT time zone Sun SeeBeyond eWay LDAP Adapter User s Guide 63 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Does not work on the OpenLDAP server because newly created objects are visible only after restar
100. ter 2 Installing the LDAP eWay This chapter explains how to install the LDAP eWay access the accompanying documentation and sample Projects What s in This Chapter Installing the LDAP eWay on page 14 ICAN 5 0 Project Migration Procedures on page 16 Java CAPS 5 1 0 and 5 1 1 Upgrade Procedures on page 18 Installing Enterprise Manager eWay Plug Ins on page 19 21 Installing the LDAP eWay The Java Composite Application Platform Suite Installer referred to throughout this guide as the Suite Installer is a web based application that is used to select and upload core products composite applications and add on files eWays The following section describes how to install the components required for this eWay Refer to the readme for the latest information on Supported Operating Systems System Requirements External System Requirements Note When the Repository is running on a UNIX operating system the eWays are loaded from the Enterprise Manager running on a Windows platform connected to the Repository server using Internet Explorer 211 Installing the LDAP eWay on a Java CAPS system Follow the directions for installing the Java Composite Application Platform Suite Java CAPS in the Composite Application Platform Suite Installation Guide After you have installed eGate do the following 1 From the Suite Installer click the Administration tab and then click the link to install additional products
101. ties eWay Connectivity Map Properties This action requests a user name and password Enter the user name and password This user name and password is for protecting the file itself because the file contains sensitive credential information about other LDAP servers For example C temp gt c ICAN510 edesigner jdk bin java cp stcldap13 jar com stc connector ldapadapter utils RCFUtil create samplercf txt Creating file samplercf txt Enter username gt gt test Enter password gt gt test File created A message File created appears The file name here is samplercf txt The extension does not matter To add credentials information to the file 1 To add LDAP Server connection info to a referral file called samplercf txt enter the following parameters on the command line lt edesigner_home gt jdk bin java cp stcldap13 jar com stc connector ldapadapter utils RCFUtil add samplercf txt 2 Username and password are required to access the file Provide the user name and password given for creating the file previously 3 When the following prompts appear enter the following information as indicated Prompts for the host name Enter the host name Prompts for the port number Enter the LDAP port number Prompts for the principal Enter the fully qualified DN of the user Prompts for the password Enter the password for the DN specified previously For example C temp gt c ICA
102. ting the server This problem is a shortcoming in the server Using Timestamp Search To use Timestamp Search right click on the TimestampSearch node and select the search method from the pop up box from within an infinite loop The resulting search records the current time and begins comparing the timestamps of all the entries in the directory Any entry whose timestamp is greater than the recorded timestamp is returned as a result The results are stored in a queue you can access using the EventQueue node This node contains the results of the current search as an STCNotificationEvent node object See STCNotificationEvent Nodes on page 65 for details on this node The TimestampSearch node consists of subnodes as shown in Table 23 Table 23 TimestampSearch Node Name Description ContextName field Used to set the root of the search in the directory The context name is relative to the context specified in the eWay s ProviderURL property If the context name is not set correctly the eWay is not able to properly resolve the context name relative to the initial eWay connection Example of a context name ou MyOrg where ou MyOrg is relative to Idap myldapserver1 389 dc acme dc com In this case ou MyOrg dc acme dc com is the DN SearchScope The scope or boundary of the search See SearchOptions Scopes on page 58 for details EventQueue node This node contains the results returned as an STCNotificationEvent obje
103. tions The following conventions are observed throughout this document Table 1 Text Conventions Text Convention Used For Examples Bold Names of buttons files icons Click OK parameters variables methods On the File menu click Exit menus and objects Select the eGate sar file Monospaced Command line arguments code java jar filename jar samples variables are shown in bold italic Blue bold Hypertext links within See Text Conventions on page 12 document Blue underlined Hypertext links for Web http www sun com addresses URLs or email addresses 144 Related Documents The following Sun documents provide additional information about the Java Composite Application Platform Suite product Sun SeeBeyond eGate Integrator User s Guide Composite Application Platform Suite Installation Guide 15 Sun Microsystems Inc Web Site The Sun Microsystems web site is your best source for up to the minute product news and technical support information The site s URL is http www sun com Sun SeeBeyond eWay LDAP Adapter User s Guide 12 Sun Microsystems Inc Chapter 1 Section 1 6 Introducing the LDAP eWay Documentation Feedback 16 Documentation Feedback We appreciate your feedback Please send any comments or suggestions regarding this document to CAPS docsfeedback sun com Sun SeeBeyond eWay LDAP Adapter User s Guide 13 Sun Microsystems Inc Chap
104. tryname map Copy Searchfilter to SearchFilter LDAPClient_1 getSearch getSearchOptions setSearchFilter ldapsearch_ldapsearch_1 getSearchoptions getSearchfilter map logger debug Count Limit is Countlimit logger debug Count Limit is ldapsearch_ldapsearch_1 getSearchoptions getCountlimit Ne map if ldapsearch_ldapsearch_1 getSearchoptions getCountlimit null map Copy Integer parseInt Countlimit to CountLimit LDAPClient_1 getSearch getSearchOptions setCountLimit Integer parsetInt ldapsearch_ldapsearch_1 getSearchoptions getCountlimit map logger debug Time Limit is Timelimit logger debug Time Limit is ldapsearch_ldapsearch_1 getSearchoptions getTimelimit map if ldapsearch_ldapsearch_1 getSearchoptions getTimelimit null map Copy Integer parseInt Timelimit to TimeLimit LDAPClient_1 getSearch getSearchOptions setTimeLimit Integer parsetInt ldapsearch_ldapsearch_1 getSearchoptions getTimelimit map logger debug Scope Limit is Scope logger debug Scope Limit is ldapsearch_ldapsearch_1 getSearchoptions getScope map if ldapsearch_ldapsearch_1 getSearchoptions getScope null map Copy Integer parseInt Scope to SearchScope LDAPClient_1 getSearch getSearchOptions setSearchScope Integer parsetInt
105. tting LDAP eWay Properties eWay Connectivity Map Properties Figure 6 LDAP eWay Environment Configuration Environment Configuration p m e Connection Security InitialContextF actory com sun jndi ldap LdapCtxF actory Connection Retry Settings ProviderURL Connection Pool Settings Authentication none Principal Credentials Description Connection Connection Comments Connection Properties ox _ 4 Click on any folder to display the default configuration properties for that section 5 Click on any property field to make it editable After modifying the configuration properties click OK to save the changes 34 eWay Connectivity Map Properties The eWay Connectivity Map consists of the following properties categories Outbound eWay Configuration Sections Include Configuring the Connector Section Properties on page 25 Configuring Connection Section Properties on page 26 Configuring the Referrals Section Properties on page 27 Configuring the Security SSL Section Properties on page 31 341 Configuring the Connector Section Properties The LDAP eWay Connector Section Properties include the following parameters Sun SeeBeyond eWay LDAP Adapter User s Guide 25 Sun Microsystems Inc Chapter 3 Setting LDAP eWay Properties Section 3 4 eWay Connectivity Map Properties Table 3 LDAP eWay Connector Settings Name Description Required V
106. ttribute and then call the performAddEntry method Figure 8 shows the AddEntry node in its expanded form Sun SeeBeyond eWay LDAP Adapter User s Guide 44 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Figure 8 AddEntry Node 5 input IS LDAPClient_1 O E AddEntry E AddEntryOptions IgnoreAlreadyBound IgnoreAttributelDCase OrderAttributeValues E stcentry O Ge Attributes O Bab STCAttribute Name E stcvalues B STCValue a ByteValue E amp length E J StringValue Value pi javaCollabDefLDAP L Name Table 12 explains the nodes and fields exposed on the AddEntry Node Table 12 AddEntry Node Name Description AddEntryOptions node Used to add entries to a directory and contains options used when adding an entry IgnoreAlreadyBound field Set to true to ignore an AlreadyBoundException exception to be thrown if the entry to be added already exists in the directory Set this field to false to force the eWay to throw an LDAPApplicationException when adding an existing entry The same exception is thrown if any other internal errors have occurred IgnoreAttributelDCase field Tells the eWay to ignore the case sensitivity of the attribute IDs names that are defined This field is of type Boolean set this field to true to ignore case sensitivity or false to not ignore case sensitivity The default is true
107. ult IS LDAPClient_1 3 nextResult l ier AddEntry SearchResults 9 a CompareEntry result boolean E ModifyEntry 9 er PersistentSearch RemoveEntry ies RenameEntry Search ies LDAPSearchControls a SearchOptions 2 MoreResults a Result Name E stcattibutes 2 Results SearchCollab The following sample code displays the name of the result with the Java code System out println Entry gt gt gt gt LDAPClient_1 getSearch getSea rchResults getResult getName Result As already explained calling nextResult populates Result with the next result The Result node has the Name field of type java lang String which holds the DN of the entry Result has the STCAttributes node which is a collection of attributes To determine the number of STCAttribute nodes call the countSTCAttribute method which returns an integer STCAttribute and STCValue See Table 13 for details on these subnodes Retrieving Values for Attributes Use the methods shown in the following lines of Java code to retrieve a value for an attribute if LDAPClient_1 getSearch getSearchResults getResult getSTCA ttribute i getSTCValue j isString Sun SeeBeyond eWay LDAP Adapter User s Guide 62 Sun Microsystems Inc Chapter 4 p ection 4 1 Using the LDAP OTD S LDAP OTD Node Structure System out printlin Value String getLDAP getSearch getSearchResults ge
108. un SeeBeyond eWay LDAP Adapter User s Guide 17 Sun Microsystems Inc Chapter 2 Section 2 3 p Installing the LDAP eWay Java CAPS 5 1 0 and 5 1 1 Upgrade Procedures 14 If your imported Project includes File eWays these must be reconfigured in your Environment prior to deploying the Project To reconfigure File eWays do the following 15 A The Environment File External System properties can now accommodate both inbound and outbound eWays If your previous Environment includes both inbound and outbound File External Systems delete one of these for example the outbound File External System From the Environment Explorer tree right click your remaining File External System and select Properties from the shortcut menu The Properties Editor appears The Directory property has been relocated from the Connectivity Map Properties to the Environment Properties Set the inbound and outbound Directory values and click OK If your imported Project includes LDAP eWays these must be reconfigured in your Environment prior to deploying the Project To reconfigure LDAP eWays do the following A From the Environment Explorer tree right click your remaining LDAP External System and select Properties from the shortcut menu The Properties Editor appears Please refer to Configuring the eWay Environment Properties on page 24 for configuration details Click OK to finish 23 Java CAPS 5 1 0 and 5 1 1 Upgrade Procedures 5
109. ure communication on the same connection However some LDAP servers are required to start on a configured nonsecure port and cannot start on a secure port For details see the appropriate documentation for the LDAP server TLS on Demand A feature of LDAP version 3 StartTLS extended operation which is supported in Java SDK version 1 4 and later Selecting this option allows you to establish an SSL connection on demand programmatically Note Ifyou are using the TLS on Demand option the ProviderURL property must point to a nonsecure LDAP port the default is 389 After selecting this option whenever secure communication is required you must place any method call to the LDAP server between startTLS and stopTLS calls which can be accessed via the LDAP OTD Sun SeeBeyond eWay LDAP Adapter User s Guide 40 Sun Microsystems Inc Chapter 3 Section 3 5 Setting LDAP eWay Properties eWay External Properties In the following example the call to performAddEntry goes through a secure communication channel but the call to performRename goes through a nonsecure plain communication channel startTLS performAddEntry stopTLS performRename Make sure that the TLS settings in addition to the SSL settings are configured correctly for the current LDAP server Note Using the stopTLS method may cause unexpected behavior with some LDAP servers You may need to remove the use of this method in your Collaboration Definitio
110. urned or false otherwise 2 To iterate through all the entries call hasMoreResults and nextResult within a while loop SearchResults operates as follows The call to hasResults determines whether there are results and uses hasMoreResults as the condition for a while loop Within the while loop a call to nextResult populates the Result node with the next resultant entry Once nextResult is called the Result object is accessed See Figure 18 for a Java based Collaboration Definition from a Project sample that illustrates the use of the SearchResults operation Sun SeeBeyond eWay LDAP Adapter User s Guide 61 Sun Microsystems Inc Chapter 4 Section 4 1 Using the LDAP OTD LDAP OTD Node Structure Figure 18 SearchResults Operation in Collaboration Editor Java IP g xy oB Business Rules gt p bosdm OLS x E try gt amp Tr rules A mar nf While condition LDAPClient1 Search SearehResultsnedResult rules B java lang String entryName YAR Create uninitialized variable entryName of type String B java lang String attributeName Yar Create uninitialized variable attributeName of type String B com ste connector appconn ldap STCAttributes attributes Yar Create uninitialized variable attributes of type STCAttributes Business Rules Designer 80 48 X pociean Comparisons Elmath object A String Hilaray fOperators Assignment While LDAPClient_1 Search SearchResults nextRes
111. y default certificate management when establishing SSL connections Sun SeeBeyond eWay LDAP Adapter User s Guide 37 Sun Microsystems Inc Chapter 3 Section 3 5 Setting LDAP eWay Properties eWay External Properties Table 9 LDAP eWay Security SSL Settings Name Description Required Value KeyStore password Specifies the default KeyStore password The password is used to access the KeyStore used for key certificate management when establishing SSL connections there is no default KeyStore type Allows you to specify the default KeyStore type The keystore type is used for key certificate management when establishing SSL connections If the KeyStore type is not specified the default KeyStore type JKS is used KeyStore username The user name for accessing the keystore used for key certificate management when establishing SSL connections Note If the keystore type is PKCS12 or JKS the keystore user name property is not used PKCS12 and JKS keystore types require passwords for access but do not require user names If you enter a value for this property it is ignored for PKCS12 and JKS Sun SeeBeyond eWay LDAP Adapter User s Guide 38 Sun Microsystems Inc Chapter 3 Setting LDAP eWay Properties Section 3 5 eWay External Properties Table 9 LDAP eWay Security SSL Settings Name Description Required Value SSL Connection Type Allows you to specify the ty
112. y the Project 1 From the Deployment Editor toolbar click the Deploy icon Click Yes when the Deploy prompt appears 2 A message appears when the project is successfully deployed You can now test your sample Note There are several ways to deploy a project for additional information see the Sun SeeBeyond eGate Integrator System Administration Guide 5 412 Running the Sample Additional steps are required to run the deployed sample Project Steps required to run the sample Project 1 Rename one of the trigger files included in the sample Project from lt filename gt xml to lt filename gt fin to run the corresponding operation The File eWay polls the directory every five seconds for the input file name as defined in the Inbound File eWay Properties window The JCD then transforms the data and the File eWay sends the output to an Output file name as defined in the outbound File eWay Properties window Note The type of XML file you choose depends on the type of directory server being used For details see XML File Naming Conventions on page 69 2 Verify the output data by viewing the sample output files See for more details on the types of output files used in this sample Project The output files may change depending on the number of times you execute the sample Project the input file and also the content of your database table Sun SeeBeyond eWay LDAP Adapter User s Guide 83 Sun Microsystems Inc Index In
Download Pdf Manuals
Related Search