Sie sind auf Seite 1von 630

directory and database

integration using
DirXML 

COURSE 992 Novell Education w w w. n o v e l l . c o m

STUDENT MANUAL

100-004697-001
Revision 1 0
Proprietary Statement Novell Certificate Server is a trademark of Novell, Inc.
Copyright © Novell, Inc. 2001. All rights reserved. Novell Client is a trademark of Novell, Inc.
No part of this publication may be reproduced, photocopied, stored on a retrieval Novell Quick Classroom is a trademark of Novell, Inc.
system, or transmitted without the express prior consent of the publisher. This
manual, and any portion thereof, may not be copied without the express written Other Trademarks
permission of Novell, Inc. Active Directory is a trademark of Microsoft, Inc.
Novell, Inc. cc:Mail is a trademark of cc:Mail, Inc., a wholly owned subsidiary of Lotus
1800 South Novell Place Development Corporation.
Provo, UT 84606-2399
Java is a trademark or registered trademark of Sun Microsystems, Inc. in the
United States and other countries.
Disclaimer iPlanet is a trademark of Sun Microsystems, Inc.
Novell, Inc. makes no representations or warranties with respect to the contents Linux is a registered trademark of Linus Torvalds.
or use of this manual, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Lotus Notes is a registered trademark of Lotus Development Corporation.

Further, Novell, Inc. reserves the right to revise this publication and to make Netscape Directory Server is a trademark of Netscape Communications
changes in its content at any time, without obligation to notify any person or Corporation.
entity of such revisions or changes. Oracle is a registered trademark of Oracle Corporation.
Further, Novell, Inc. makes no representations or warranties with respect to any Outlook is a trademark of Microsoft Corporation.
NetWare software, and specifically disclaims any express or implied warranties
of merchantability or fitness for any particular purpose. Pentium is a registered trademark of Intel Corporation.

Further, Novell, Inc. reserves the right to make changes to any and all parts of PeopleSoft is a registered trademark of PeopleSoft, Inc.
NetWare software at any time, without obligation to notify any person or entity PowerPoint is a registered trademark of Microsoft Corporation.
of such changes.
Solaris is a registered trademark of Sun Microsystems, Inc.
This Novell Training Manual is published solely to instruct students in the use of
Novell networking software. Although third-party application software packages SPARC is a registered trademark of SPARC International, Inc.
are used in Novell training courses, this is for demonstration purposes only and SQL Server is a trademark of Sybase, Inc.
shall not constitute an endorsement of any of these software applications.
Tru64 is a trademark of Digital Equipment Corp.
Further, Novell, Inc. does not represent itself as having any particular expertise
in these application software packages and any use by students of the same shall Tuxedo is a registered trademark of BEA Systems, Inc.
be done at the students’ own risk. UNIX is a registered trademark in the United States and other countries, licensed
exclusively through X/Open Company, Ltd.
Visual Basic is a registered trademark of Microsoft Corporation.
Software Piracy
Throughout the world, unauthorized duplication of software is subject to both VMWare is a trademark of VMWare, Inc.
criminal and civil penalties. Windows and Windows NT are registered trademarks of Microsoft Corporation.
If you know of illegal copying of software, contact your local Software
Antipiracy Hotline.
For the Hotline number for your area, access Novell’s World Wide Web page at
http://www.novell.com and look for the piracy page under “Programs.”
Or, contact Novell’s anti-piracy headquarters in the U.S. at 800-PIRATES (747-
2837) or 801-861-7101.

Trademarks
Novell, Inc. has attempted to supply trademark information about company
names, products, and services mentioned in this manual. The following list of
trademarks was derived from various sources.

Novell, Inc. Trademarks


GroupWise, NDS, NetWare, the N-Design, and Novell are registered trademarks
of Novell, Inc. in the United States and other countries.
CDE, Certified Directory Engineer, CNA, CNI, NAEC, and Novell Authorized
Education Center are service marks of Novell, Inc.
NetWire and CNE are registered service marks of Novell, Inc. in the United
States and other countries.
ConsoleOne is a trademark of Novell, Inc.
DirXML is a trademark of Novell, Inc.
eDirectory is a trademark of Novell, Inc.
IPX is a trademark of Novell, Inc.
Table of Contents

Introduction
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-1
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-1
Certification Tests. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Novell’s Place in the Evolving Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-3
The Novell Vision—One Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-3
Net Services Software—Simplify, Secure, and Accelerate the Net . . . . . . . . . Intro-4
What DirXML Is and How it Works with the One Net Strategy . . . . . . . . . . . Intro-5

SECTION 1 How DirXML Synchronizes Data


Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Objective 1 Identify the Purpose of DirXML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Objective 2 Identify DirXML Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
The DirXML Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6
The DirXML Driver Set Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
The DirXML Driver Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
The DirXML Publisher and Subscriber Channel Objects . . . . . . . . . . . . . . . . . . . . 1-8
The Channel Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-9
The DirXML Rule Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-10
Exercise 1-1 DirXML Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-17
Objective 3 How DirXML Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
How DirXML Transforms Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-21
Exercise 1-2 Identify XML Tags and Well-formed XML Documents . . . . . . . . . . . . . . . . . . . . . . . 1-27
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28
How DirXML Uses Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-28
DirXML Authoritative Data Sources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-32

Revision 1.0 This document should only be used by a Novell-certified instructor. TOC-i
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 4 Install DirXML and Test a DirXML Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-34


Meet Installation Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-34
Install DirXML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-35
Exercise 1-3 Install DirXML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-36
Understand VRTest and the VRTest Preconfigured Driver . . . . . . . . . . . . . . . . . 1-38
Configure and Start DSTrace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-40
Exercise 1-4 Import and Test a DirXML Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-42
Exercise 1-5 Play the DirXML Challenge Me Game . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-54
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-55

SECTION 2 Design and Implement a DirXML Deployment


Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Objective 1 Prepare for the Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
Learn How to Design Solutions Using eDirectory and DirXML . . . . . . . . . . . . . . 2-5
Understand How Business Processes Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Understand the Company’s Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Understand the Company’s Political Climate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
Keep Current on the Latest Drivers and Stylesheets . . . . . . . . . . . . . . . . . . . . . . . . 2-8
Objective 2 Design the Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Documenting a DirXML Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
How to Create a Business Process Review Document (BPRD) . . . . . . . . . . . . . . 2-11
How to Create a Business Requirements Document (BRD) . . . . . . . . . . . . . . . . . 2-23
How to Create a Project Requirements Document (PRD). . . . . . . . . . . . . . . . . . . 2-30
Exercise 2-1 Prepare Interview Questions for the Digital Airlines Business Process Analysis. . . . . 2-32
Exercise 2-2 Analyze the Business Requirements for the Digital Airlines BRD . . . . . . . . . . . . . . . 2-43
Objective 3 Implement the Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-54
Assemble a Deployment Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-54
Deploy a Proof of Concept Pilot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-55
Deploy a Production Pilot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-58
Deploy the DirXML System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-60
Exercise 2-3 Test the Digital Airlines POC Pilot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-61

TOC-ii This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Table of Contents

Objective 4 Manage and Troubleshoot the Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-71


Don’t Panic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-71
Think Through What You’ve Done. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-72
Check the Trace Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-72
Follow Standard Troubleshooting Procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-73
Focus on Configuration Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-73
Stick to Your Deployment Plan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-74
Don’t Let the Customer Manage the Deployment. . . . . . . . . . . . . . . . . . . . . . . . . 2-74
Apply the Factors of Success. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-74
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-78

SECTION 3 Synchronize Microsoft Exchange and eDirectory Using DirXML


Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Objective 1 Identify How Microsoft Exchange Server Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
Exchange Server Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Exchange Server Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Exchange Server Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Exchange Server Recipient Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
Exchange Server Email Client Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Exchange Server and the DirXML Driver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
Objective 2 Use Exchange Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14
Start the Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15
Display Objects in the Administrator Window . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16
Create a Mailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18
Modify Mailbox Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Delete a Mailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
Exercise 3-1 Perform Basic Administrative Tasks Using Exchange Administrator . . . . . . . . . . . . . 3-24
Objective 3 Import the Exchange Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29
Check the Exchange Driver System Requirements . . . . . . . . . . . . . . . . . . . . . . . . 3-29
Gather the Exchange Driver Import Information . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
Import the Exchange Driver Using the Application Driver Creation Wizard . . . . 3-33
Configure eDirectory for the Exchange Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
Exercise 3-2 Import the Exchange Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Revision 1.0 This document should only be used by a Novell-certified instructor. TOC-iii
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 4 Identify How the Exchange Driver Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48


The Exchange Driver Schema Mapping Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49
The Exchange Driver Publisher Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56
The Exchange Driver Subscriber Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71
Exercise 3-3 Test the Preconfigured Exchange Driver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79
Objective 5 Modify and Test the Exchange Driver for a DirXML Deployment . . . . . . . . . . . . . . . 3-94
Prepare for the Exchange Driver Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94
Configure and Test the Exchange Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96
Exercise 3-4 Prepare for the Exchange Phase of the Digital Airlines POC Pilot . . . . . . . . . . . . . . . 3-97
Exercise 3-5 Configure and Test the Exchange Driver for the Digital Airlines POC Pilot . . . . . . . 3-108
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129

SECTION 4 Synchronize Netscape Directory Server and eDirectory Using DirXML


Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Objective 1 Describe Netscape Directory Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
The Purpose of Netscape Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
The Features of Netscape Directory Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
The Components of Netscape Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
The Schema Structure of Netscape Directory Server . . . . . . . . . . . . . . . . . . . . . . . 4-9
Objective 2 Use the Netscape Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Manage the Netscape Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
Create Objects in the Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
Manage Objects in the Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
Exercise 4-1 Use the Netscape Console to Create, Manage, and Remove a User Object from Netscape
Directory4-20
Objective 3 Explain How the Netscape/LDAP DirXML Driver Works . . . . . . . . . . . . . . . . . . . . . 4-23
What the Netscape/LDAP Driver Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
The Netscape/LDAP Driver Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
The Schema Mapper Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
How the Netscape/LDAP Driver Publisher Channel Works. . . . . . . . . . . . . . . . . 4-32
How the Netscape/LDAP Driver Subscriber Channel Works. . . . . . . . . . . . . . . . 4-33
Netscape/LDAP Driver Specifics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
Netscape/LDAP Driver System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
Objective 4 Install and Configure the Netscape/LDAP Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
Plan an Implementation Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
Exercise 4-2 Plan an Implementation Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
Configure Netscape Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42

TOC-iv This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Table of Contents

Exercise 4-3 Configure Netscape Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45


Install the DirXML Engine and the Netscape/LDAP Driver. . . . . . . . . . . . . . . . . 4-49
Exercise 4-4 Install the DirXML Engine and the Netscape/LDAP Driver . . . . . . . . . . . . . . . . . . . . 4-50
Configure the Netscape/LDAP Driver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-53
Exercise 4-5 Configure the Netscape/LDAP Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
Exercise 4-6 Customize the Netscape/LDAP Driver Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 4-64
Exercise 4-7 Test the Functionality of the Netscape/LDAP DirXML Driver . . . . . . . . . . . . . . . . . . 4-69
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-75

SECTION 5 Synchronize eDirectory Trees Using the eDirectory-to-eDirectory


DirXML Driver
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
Objective 1 Identify the Purpose and Structure of eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
The Purpose of eDirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
The eDirectory Data Schema Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Objective 2 Identify How the eDirectory-to-eDirectory DirXML Driver Works . . . . . . . . . . . . . . . 5-5
The Purpose of the eDirectory-to-eDirectory Driver. . . . . . . . . . . . . . . . . . . . . . . . 5-5
What the eDirectory-to-eDirectory DirXML Is. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
How the eDirectory-to-eDirectory Publisher Channel Works. . . . . . . . . . . . . . . . 5-10
How the eDirectory-to-eDirectory Subscriber Channel Works. . . . . . . . . . . . . . . 5-11
eDirectory-to-eDirectory Driver Specifics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-12
eDirectory-to-eDirectory Driver Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14
Objective 3 Install and Configure the eDirectory-to-eDirectory Driver . . . . . . . . . . . . . . . . . . . . . 5-18
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-18
Installation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-19
Exercise 5-1 Install and Configure the eDirectory-to-eDirectory Driver. . . . . . . . . . . . . . . . . . . . . . 5-24
Exercise 5-2 Test the Functionality of the eDirectory-to-eDirectory DirXML Driver . . . . . . . . . . . 5-37
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-48

SECTION 6 Synchronize PeopleSoft and eDirectory Using DirXML


Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Objective 1 Identify How PeopleSoft is Used and How Its Database is Structured . . . . . . . . . . . . . 6-3
How the PeopleSoft Application is Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
The PeopleSoft Database Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-4

Revision 1.0 This document should only be used by a Novell-certified instructor. TOC-v
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 2 Identify How the DirXML PeopleSoft Driver Works . . . . . . . . . . . . . . . . . . . . . . . . . 6-11


The PeopleSoft Driver Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
How the PeopleSoft Driver Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-13
Objective 3 Configure PeopleSoft to Use DirXML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-20
Prerequisites for Implementing the DirXML PeopleSoft Driver . . . . . . . . . . . . . 6-21
How to Install the NDS4PS PeopleSoft Project . . . . . . . . . . . . . . . . . . . . . . . . . . 6-22
How to Configure the Event Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-23
How to Test the PSA Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-25
Exercise 6-1 Configure the Event Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27
Objective 4 Install and Configure the PeopleSoft Driver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30
Install the PeopleSoft Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30
Configure the PeopleSoft Driver Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-37
Use Default PeopleSoft Driver Rules and Filters . . . . . . . . . . . . . . . . . . . . . . . . . 6-46
Build Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-55
Exercise 6-2 Integrating PeopleSoft and eDirectory Using DirXML . . . . . . . . . . . . . . . . . . . . . . . . 6-56
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-69

SECTION 7 Read XDS Documents and XSLT Stylesheets


Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Objective 1 Identify XML Attributes and Text Nodes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
How to Identify XML Attribute Names and Values . . . . . . . . . . . . . . . . . . . . . . . . 7-3
How to Identify XML Text Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Exercise 7-1 Identify XML Attributes and Text Node Children . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Objective 2 Create an XDS Document Based on NDS.DTD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-9
XDS Documents and the DirXML Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-10
The Purpose of a Document Type Definition (DTD) . . . . . . . . . . . . . . . . . . . . . . 7-11
The Purpose and Basic Structure of NDS.DTD . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11
How to Create a Simple XDS Document Based on NDS.DTD . . . . . . . . . . . . . . 7-17
Exercise 7-2 Construct a <delete> and an <add> Command XDS Document . . . . . . . . . . . . . . . . . 7-21
Objective 3 Import and Test the PBX Driver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-30
Exercise 7-3 Import and Test the PBX Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-32

TOC-vi This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Table of Contents

Objective 4 Create a Simple XSLT Stylesheet for the PBX Driver. . . . . . . . . . . . . . . . . . . . . . . . . 7-42
Rules and XDS Event Documents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-42
Stylesheets and the DirXML Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-43
XSLT Stylesheet Processing of an XDS Document . . . . . . . . . . . . . . . . . . . . . . . 7-45
How DirXML Applies XSLT Stylesheet Rules to an XDS Document. . . . . . . . . 7-46
The Purpose and Structure of a Simple Input Transformation Stylesheet. . . . . . . 7-49
Exercise 7-4 Create an Input Transformation Stylesheet for the PBX Driver . . . . . . . . . . . . . . . . . . 7-52
Objective 5 Modify and Test the PBX Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-67
Review the Digital Airlines Business Requirements. . . . . . . . . . . . . . . . . . . . . . . 7-67
Create an Event Transformation Stylesheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-68
Exercise 7-5 Create and Test an Event Transformation Stylesheet for the PBX Publisher Channel. 7-70
Modify the Publisher and Subscriber Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-81
Exercise 7-6 Modify the PBX Driver Publisher and Subscriber Filters . . . . . . . . . . . . . . . . . . . . . . 7-82
Test Object Placement on the Subscriber Channel . . . . . . . . . . . . . . . . . . . . . . . . 7-87
Exercise 7-7 Test Placement of Employee Accounts on the Subscriber Channel . . . . . . . . . . . . . . . 7-89
Test the Integration of the PBX Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-92
Exercise 7-8 Test and Troubleshoot the PBX Driver in the Production Environment. . . . . . . . . . . . 7-94
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-107

SECTION 8 Implement New Business Requirements into the Digital Airlines


DirXML Solution
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Objective 1 Identify New Business Requirements for Digital Airlines . . . . . . . . . . . . . . . . . . . . . . . 8-2
Objective 2 Install and Configure the NT Domain DirXML Driver . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-3
Installation Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-4
NT Domain Driver Configuration Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-5
NT Domain Driver Customization Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . 8-11
Objective 3 Implement the New Business Requirements in the Digital Airlines DirXML Solution 8-13
Exercise 8-1 Use DirXML to Synchronize the DigitalAir Network . . . . . . . . . . . . . . . . . . . . . . . . . 8-14
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-16

APPENDIX A Answers to Exercise 8-1

APPENDIX B Common Schema Structure of Select DirXML Drivers

Revision 1.0 This document should only be used by a Novell-certified instructor. TOC-vii
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

TOC-viii This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Introduction

In this course you learn the fundamentals of DirXMLTM so you can use it
to coordinate information between different directories.

This course also helps you prepare for the Certified Directory Engineer SM
(CDESM)certification.

This course gives you a strong foundation for deploying DirXML at a


basic level. However, to become certified to deploy DirXML, you must
take the DirXML Advanced course, which covers XSLT in more depth.

Audience
■ In-house technical experts
■ System integrators (e.g., Reseller)
■ CSI (e.g., Consulting)
■ Students seeking a CDE requirement

Prerequisites

You should be a CNE® or have equivalent knowledge.

Revision 1.0 This document should only be used by a Novell-certified instructor. Intro-1
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Certification Tests

This course helps you prepare for the following:


■ CDE 050-668
■ CNISM 050-868

Arrange to take the certification test for this course within 6 weeks of
acquiring the course materials. Thereafter, the test can be replaced by one
based on an updated version of the course.

Agenda

Objective Duration (hrs:mins)

Day 1 Introduction 30 minutes

SECTION 1: How DirXML Synchronizes Data 3 hours

SECTION 2: Design and Implement a DirXML 2.5 hours


Deployment

Day 2 SECTION 2: Design and Implement a DirXML 1.5 hour


Deployment (continued)

SECTION 3: Synchronize Microsoft Exchange and 5 hours


eDirectory Using DirXML

SECTION 4: Synchronize Netscape Directory 1 hour


Server and eDirectory Using DirXML

Day 3 SECTION 4: Synchronize Netscape Directory 2.5 hour


Server and eDirectory Using DirXML (continued)

SECTION 5: Synchronize eDirectory Trees Using 3.5 hours


the eDirectory-to-eDirectory DirXML Driver

SECTION 6: Synchronize PeopleSoft and 30 minutes


eDirectory Using DirXML

Day 4 SECTION 6: Synchronize PeopleSoft and 3 hour


eDirectory Using DirXML (continued)

SECTION 7: Read XDS Documents and XSLT 3.5 hours


Stylesheets

Intro-2 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Introduction

Objective Duration (hrs:mins)

Day 5 SECTION 7: Read XDS Documents and XSLT 4 Hours


Stylesheets (continued)

SECTION 8: Implement New Business 2 - 4 Hours


Requirements into the Digital Airlines DirXML
Solution

Novell’s Place in the Evolving Network

The complexity of today’s network environments is preventing


organizations from realizing their goals. Multiple platforms, legacy
systems, internal and external networks, and an endless stream of new
technology make managing networks more difficult than ever.

At the same time, the network is evolving from a medium that provides
connectivity and information sharing to one that will serve as the new
strategic platform for your business.

Novell is helping organizations simplify the management of this


complexity.

The Novell Vision—One Network

Novell is creating an environment in which all types of networks work


together as one to provide the power and flexibility organizations need to
succeed.

Novell’s net services software is fulfilling this vision. Net services


software is a new category of software that secures and powers all types
of networks—intranets, extranets, and the Internet; corporate and public;
wired to wireless—as one network, across all leading operating systems.

With net services software, every part of your company’s extended


enterprise, including employees, partners, and customers, can work
together.

Revision 1.0 This document should only be used by a Novell-certified instructor. Intro-3
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Net Services Software—Simplify, Secure, and Accelerate the Net

Using Net services software, you can do the following:


■ Simplify the Complexities of the Net. Net services software simplifies
how networks and digital resources are used and managed.
You have a single point of manageability and control, whether you’re
monitoring the security of your intranet, managing collaborative
applications on your extranet, or improving the server performance
of your web site.
By enabling multiple platforms, networks, and vendor products to
work together, net services software delivers the predictability your
organization needs in the face of rapidly changing technology
environments.
■ Securely Extend and Integrate Networks and Applications. With net
services software, you can control the policies and privileges for all
networked resources while using best-of-breed security components
from a variety of vendors.
You get a secure e-business platform that enables all
users—customers, employees, and business partners—to safely
connect, communicate, and collaborate from anywhere.
■ Accelerate E-Business Transformation. By simplifying the
complexities of the net, Novell’s net services software brings new
flexibility to your organization.
You can rapidly transform your company into an e-business while
using your existing hardware and software. There’s no need to
abandon your current IT investments. And net services software will
keep your e-business flexible.
As the technology environment evolves and changes, your e-business
can quickly adapt so you can capitalize on new opportunities.

Intro-4 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Introduction

What DirXML Is and How it Works with the One Net Strategy

DirXML is Novell software that is able to connect multiple, disparate


directories and databases systems together into an enterprise system in
which each application shares common data with every other system.

Because of its ability to connect multiple systems together, it plays a


large role in Novell’s One Net Strategy.

Many disparate systems and databases exist in a typical company


environment and are not connected together, creating much duplicate
work and risk for error.

With DirXML, you do not need to standardize on one type of platform or


database: you can use DirXML to link them altogether.

Revision 1.0 This document should only be used by a Novell-certified instructor. Intro-5
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Intro-6 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
SECTION 1 How DirXML Synchronizes Data

In this section you learn how DirXML synchronizes data among different
applications, databases, and directories. You also learn how to install and
configure DirXML.

Objectives
1. Identify the Purpose of DirXML

2. Identify DirXML Components

3. How DirXML Works

4. Install DirXML and Test a DirXML Driver

Introduction

This section helps you understand the need for DirXML and gives you an
overview of DirXML, which helps you during the course.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-1
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 1 Identify the Purpose of DirXML

The purpose of DirXML is to connect multiple, disparate directory and


database systems into an enterprise system in which each application
shares common data with every other system.

Many types of disparate databases, applications, and directories can be


found in a typical company environment (Figure 1-1).

Internet e-service
0nline
Application Customer
Leasing Profiling
Billing
Mail Application
Directory

HR Corporate
Address
Book
Internal Infrastructure

ERP
OS
DR DEN

Figure 1-1 Silos of Data

These applications and systems most likely have their own set of rules to
represent data.

This creates a few problems, one of which is that each system probably
contains data that exists on one or more other systems, requiring that this
data be entered multiple times in multiple databases.

There is the potential for error or corruption by having data entered


multiple times, often by multiple individuals. Synchronization of this
data could take several days or weeks.

1-2 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

DirXML solves these problems by allowing data to be shared


automatically. DirXML and eDirectory act as the hub for the interchange
of data (Figure 1-2).

HR ERP

DB
OS
eDirectory

Mail
Directory
DEN

Figure 1-2 DirXML Solution

As common data in an application is changed, the updated data is


received by DirXML, stored in the enterprise directory (eDirectory) and
distributed to all other applications that have an interest in the data.

DirXML enables enterprise management of data, which significantly


reduces the costs of managing the various databases and directories used
in a company.

This dynamic sharing of information enables much more accurate data to


exist in the enterprise network because data can be entered once; then all
other databases are populated with the data.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-3
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

For example, an email system at a company contains information about


employees. That company also uses a payroll system that stores
information about the employees. The payroll system includes
information that is already present in the email system.

If the information common to both the email and payroll systems


changes, in a typical company environment scenario, the common data
must be changed wherever the data is stored.

This update requires multiple operations, is generally performed by


different system administrators, and leaves much room for error.

By using DirXML, it can be synchronized to share desired data


automatically. This means that the data used by the email and payroll
systems is only changed once.

Using DirXML you can accomplish the following tasks:


■ Centralize or distribute data management by acting as a central
storage location for data.
■ Expose directory data in XML format, allowing it to be used and
shared by XML applications or applications integrated through
DirXML drivers.
■ Control the flow of data using specific filters that govern data
elements defined in the system.
■ Enforce authoritative data sources by using filters.
■ Apply rules to directory data in XML format. These rules govern the
interpretation and transformation of the data as changes flow through
DirXML.
■ Transform the data from XML into virtually any data format. This
allows DirXML to share data with any application.
Because the data and the movement of data is governed by XML, the
DirXML application drivers are flexible enough to accommodate any
need.
■ Carefully maintain associations between eDirectoryTM objects and
objects within all other integrated systems to ensure that data
changes are appropriately reflected across all integrated systems.

1-4 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

Objective 2 Identify DirXML Components

To fully understand DirXML and its process for synchronization, you


must be able to identify the DirXML objects and the roles they perform.

The various DirXML components operate together to transfer


information, and subsequent changes, from eDirectory to the DirXML
application driver and vice versa.

The following information helps you understand DirXML components


and their roles.

The list of DirXML eDirectory objects includes:


■ The DirXML Architecture
■ The DirXML Driver Set Object
■ The DirXML Driver Object
■ The DirXML Publisher and Subscriber Channel Objects
■ The Channel Filters
■ The DirXML Rule Objects

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-5
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The DirXML Architecture

The DirXML architecture can be described as the following high-level


components: NDS® eDirectory, a DirXML engine, an application driver,
rules and stylesheets, and publisher and subscriber channels (Figure 1-3):
Rules & Stylesheets

Subscriber
Subscriber Channel
Filter

NDS DirXML Application Application


eDirectory Engine Drver

Publisher
Publisher Channel
Filter

DirXML

Rules & Stylesheets

NDS eDirectory Server


Animation 1-1 Converting Figure 1-3 DirXML Architecture
Between eDirectory and an
Application Format With DirXML
Each component shown in Figure 1-3 is represented as a DirXML object
in eDirectory except the DirXML engine, which drives synchronization
and ensures communication between applications and directories.

It does this by referencing the DirXML objects stored in eDirectory and


using the object’s information to generate XML documents that are sent
to the appropriate DirXML driver.

1-6 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

The following shows how the DirXML objects appear in NDS:

Figure 1-4 DirXML Objects

The DirXML Driver Set Object

The DirXML driver set object holds all DirXML drivers.

Though it is not necessary to activate all drivers in a driver set, it is


important to group all drivers that are active on a selected eDirectory
server into the same DirXML driver set.

This is important because an eDirectory server can only start and stop
drivers from a single driver set and you can only have 1 driver set object
per server.

A DirXML driver set object must exist on a server containing a master


replica.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-7
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The DirXML Driver Object

DirXML driver objects are created as children of the DirXML driver set
object. The DirXML driver object contains the application driver (or
shim) that actually communicates with the supported application.

You can think of the DirXML driver as a combination of the DLL or JAR
file and the XML file containing your rules.

These drivers are specific to an application or directory. They convert the


event or command, represented as XML data (discussed later), from
eDirectory into the appropriate application format and vice versa.

The driver allows communication to happen with the application’s native


interface so the application does not need to change.

Using the publisher and the subscriber channels (discussed next), the
driver reports any change that occurs in the application or in eDirectory
and constructs an XML document the application can understand.

Because each application or directory reports those changes differently,


each application or directory has its own driver and is configured
differently.

The DirXML Publisher and Subscriber Channel Objects

With DirXML, there are 2 flows, or channels, of data: the publisher


channel and the subscriber channel. These channels represent how
information moves between eDirectory and applications and other
directories.

The publisher channel is used to publish information from an application


to eDirectory.

1-8 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

The subscriber channel works in the opposite direction; eDirectory sends


changes to the applications and directories that have subscribed to them
(Figure 1-5):

Rules & Stylesheets

Subscriber
Subscriber Channel
Filter

NDS DirXML Application Application


eDirectory Engine Drver

Publisher
Publisher Channel
Filter

DirXML

Rules & Stylesheets

NDS eDirectory Server


Figure 1-5 The Publisher and Subscriber Channels

The Channel Filters

The publisher and subscriber channels also contain filters. Filters let you
control what data is allowed to flow from one system to another. These
filters contain the set of classes and attributes whose updates can be sent
to eDirectory or an application.

For example, it is possible, using filters, to determine that events can be


sent through the subscriber channel to a particular application but that
same application cannot send events back through the publisher channel.

You learn more about filters when performing exercises in Section 7.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-9
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The DirXML Rule Objects

Rule objects contain XML documents that define a rule and how it
applies to eDirectory and how information is communicated through the
DirXML engine.

Rule objects are children of the publisher, subscriber, and driver objects
depending on the rule’s function.

DirXML rules serve many purposes, including transforming information


from one system to another, mapping classes and attributes, blocking or
allowing creation of objects, changing event types, and dictating where
objects get created.

Rule objects (or rules) are what makes DirXML flexible. With rules, you
can configure or customize DirXML to specify whatever an individual
installation requires.

Animation 1-2 How an External The following are DirXML rules:


System Communicates with
eDirectory over DirXML ■ The Input and Output Transformation Rules
■ The Event Transformation Rule
■ The Schema Mapping Rule
■ The Create Rule
■ The Placement Rule
■ The Matching Rule

1-10 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

The Input and Output Transformation Rules

Use transformation rules to translate data into a format eDirectory


understands or to convert data, when it passes on to a connecting
application, to a format the application understands.

There are 2 types of transformation rules: output and input.

Rules Description

Output Transformation Rule Use to convert information into the


application format as information is
passed from eDirectory to the
application.

Input Transformation Rule Use to transform data into the


eDirectory format as information is
passed from the application to
eDirectory.

Table 1-1 Transformation Rules

These rules require an XSLT stylesheet and provide maximum flexibility.


(XSLT stylesheets are discussed in Section 7.)

You typically use input and output transformation rules to transform the
format of data to match the format of the receiving application.

For example, 3 different systems represent the same data in 3 ways:

IS&T eDirectory Human Resources

4-3-1963 March 4, 1963 3/4/1963

Table 1-2 Transformation Demonstration

To enable the information to be used by all applications, you can use a


transformation rule to transform the data so it can be understood by other
receiving applications.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-11
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The following shows where the Input and Output transformation rules
process the event data as it flows through the publisher and subscriber
channels:

Output Transformation Rule

Subscriber
Subscriber Channel
Filter

NDS DirXML Application Application


eDirectory Engine Drver

Publisher
Publisher Channel
Filter

DirXML

Input Transformation Rule

Figure 1-6 Transformation Rules

The Event Transformation Rule

Use an event transformation rule to convert or transform events, such as


deleting a user object, into other types of events, such as disabling a user
object.

For example, your company might have a business policy which dictates
that when an employee is terminated, their user object in eDirectory is
disabled instead of deleted. You can use this rule to transform the delete
event into disabling the user account in eDirectory.

1-12 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

The Schema Mapping Rule

Use a schema mapping rule to specify how eDirectory objects and


attributes are mapped to external database records and fields.

A key problem when integrating different applications is that each


application has its own schema, which can be represented differently in
another system, even if the data is the same.

Here is an example of schema mappings between 3 different systems:

IS&T eDirectory Human Resources

Last_Name Surname Lastname

Table 1-3 Schema Mapping Demonstration

Here’s how a schema mapping rule works:

1. The rules define the schema mappings between eDirectory and an


application.

2. The eDirectory schema is read from eDirectory.

3. The DirXML driver for a target application schema is then responsible


for supplying DirXML with an updated view of the existing schema.

4. After the schemas are identified, a mapping is created between


eDirectory and the target application.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-13
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The schema mapping rule is the next to the last rule applied through the
subscriber channel; on the publisher channel, it is the second rule applied
(Figure 1-7):

Schema Mapping Rule

Subscriber
Subscriber Channel
Filter

NDS DirXML Application Application


eDirectory Engine Drver

Publisher
Publisher Channel
Filter

DirXML

Schema Mapping Rule

Figure 1-7 Schema Mapping Rules

The reason for the position of the schema mapping and the
transformation rules is that DirXML and eDirectory do most of their
work in eDirectory.

In other words, if data is processed through the subscriber channel,


DirXML does most of its data processing in eDirectory and then
transforms the data into the application format.

If data is processed through the publisher channel, DirXML converts the


XML text into eDirectory format and then does the processing.

1-14 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

The Create Rule

Use the create rule to specify the minimum information the driver must
have to create an object or record.

You can specify in this rule that the following values must be supplied to
create an object: last name, first name, phone number, and login name.

To understand how this works, suppose you create a user object in


eDirectory, but you only give the user object a name and surname.

This creation is mirrored in the eDirectory tree, but the addition is not
immediately reflected in applications connected to eDirectory because
you have a create rule specifying that only user objects with a complete
definition are allowed.

As you learn later, DirXML puts the object into a pending state until all
criteria are met. As the complete data is added to the object definition,
eventually the Create rule allows the object to be created.

As you define the flows of data in your company, you can use the create
rule to enforce that flow on the subscriber and publisher channels. In
other words, you can require more information or even block the creation
of an object using this rule.

If you do not use a create rule, DirXML allows the object to be created.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-15
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The Placement Rule

Use the placement rule to specify where objects can be created in


eDirectory or in an external application.

The criteria can be class, attribute, or path.

Each driver uses 2 placement rules when adding objects bidirectionally:


one in the publisher object, and one in the subscriber object. This is
especially useful when dealing with a hierarchical (not a flat) database.

For example, eDirectory is hierarchical and users with email addresses


might be created under different organizational units and groups;
however, any email address added to a user in the hierarchical structure
goes to the same mailbox in an email application.

The Matching Rule

Use a matching rule to specify the minimum criteria that 2 objects must
meet to be considered the same.

If there is a match, instead of creating an object, DirXML creates an


association between objects. If there is no match, DirXML creates an
object.

You must make the criteria in a matching rule specific enough that it can
only find 1 match if a match exists. If an error occurs from a matching
rule, it most likely will indicate that the criteria must be more specific.

For example, you can set up the rule so that a user’s surname, given
name, and telephone number attributes must match a record’s last name,
first name, and phone fields for DirXML to create an association between
existing objects.

1-16 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

Exercise 1-1 DirXML Review

In this exercise, you complete the following tasks:


■ Part I: Identify the Role of Each DirXML Component
■ Part II: Identify the Characteristics of Rules

Part I: Identify the Role of Each DirXML Component

1 4 3 2

Figure 1-8 Component Roles

Complete the following:

Component Component Role

1.

2.

3.

4.

5.

6.

7.

Table 1-4 DirXML Component Identification and Definition

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-17
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part II: Identify the Characteristics of Rules

Complete the following:

Rule Characteristics

Allows you to specify the information


the driver must have before creating a
new object or record.

Allows you to transform data that is


passing from an application to
eDirectory.

Allows you to specify how eDirectory


objects and attributes are mapped to
external database records and fields.

Allows you to define the transform


action used to convert from one event
type to another.

Allows you to specify how objects in


eDirectory are associated with records
in an external application database
when an association has not already
been established.

Allows you to define the transform


action that should be used as
information is passed from eDirectory
to the application.

Allows you to specify where new


objects are created in eDirectory or in
an external application.
The criteria can be placed on class,
attribute, or path.

Table 1-5 Definitions of Rules and Stylesheets

1-18 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

Answers

Part I: Identify the Role of Each DirXML Component

Answers for Part I.

Component Component Role

1.eDirectory The repository of data for DirXML.

2.Application or Directory The synchronized entity.

3.Application Driver An XML interface that communicates with an


application’s native interface so the
application does not need to change.

4.DirXML Engine Drives synchronization and ensures


communication between applications and
directories.

5.Subscriber Channel Receives modifications from eDirectory and


synchronizes these changes with your
application.

6.Publisher Channel Retrieves changes from your application,


formats them into XML, and sends them to
the DirXML engine to eDirectory.

7.Rules and Stylesheets Allows you to configure or customize DirXML


to dictate data flow and to transform data into
an interpretable format.

Table 1-6 DirXML Component Identification and Definition

Part II: Identify the Characteristics of Rules and Stylesheets

Answers for Part II.

Rule Characteristics

Create Rule Allows you to specify the information the driver


must have before creating a new object or
record.

Input Transformation Rule Allows you to transform data that is passing


from an application to eDirectory.

Table 1-7 Definitions of Rules and Stylesheets

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-19
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Rule Characteristics

Mapping Rule Allows you to specify how eDirectory objects


and attributes are mapped to external
database records and fields.

Event Transformation Allows you to define the transform action used


to convert from one event type to another.

Matching Rule Allows you to specify how objects in


eDirectory are associated with records in an
external application database when an
association has not already been established.

Output Transformation Rule Allows you to define the transform action that
should be used as information is passed from
eDirectory to the application.

Placement Rule Allows you to specify where new objects are


created in eDirectory or in an external
application.
The criteria can be placed on class, attribute,
or path.

Table 1-7 Definitions of Rules and Stylesheets

(End of Exercise)

1-20 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

Objective 3 How DirXML Works

To understand how DirXML works, you must understand the following:


■ How DirXML Transforms Data
■ How DirXML Uses Associations
■ DirXML Authoritative Data Sources

How DirXML Transforms Data

DirXML uses a meta-language (a language used to describe other


languages) called XML (Extensible Markup Language) as the primary
language to communicate with other systems.

XML is similar to HTML, but there are differences. The main difference
is that XML can be defined from different XML vocabularies. DirXML
uses an XML vocabulary called XDS, discussed in Section 7.

To read XML, you must be able to identify the following:


■ XML Tags
■ XML Elements

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-21
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

XML Tags

XML Tags are identified by left (<) and right (>) angle brackets:
<nds dtdversion=”1.0” ndsversion=”8.5”>
<source>
<product version=”1.0”>PBXSimulator</product>
<contact>PBXsRUs</contact>
</source>
<input>
<delete class-name=”User” src-dn=”DigitalAir”>
<association>45</association>
</delete>
</input>
</nds>

The tags look much like those in HTML with these differences:
■ XML tags are case-sensitive.
■ XML start and end tags must always be balanced—no overlapping
tags are allowed.
Every start tag in XML must have an end tag to terminate it. The end
tag must be at the same level as the start tag or the document is not
considered well-formed and XML parsers reject it.

1-22 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

XML Elements

An element is the basic component of XML documents. To understand


XML elements, you need to know about the following:
■ Element Start and End Tags
■ Element Characteristics
■ XML Elements with No Content
■ Element Node Tree Diagrams

Element Start and End Tags

Elements are defined by their start tags and their end tags.

Figure 1-9 shows the start tags for an XML document:

<nds dtdversion="1.0" ndsversion="8.5">


<source>
<product version ="1.0">PBXSimulator</product>
<contact>PBXsRUs</contact>
</source>
<input>
<delete class-name="User" src-dn="45">
<association>45</association>
</delete>
</input>
</nds>
Figure 1-9 Start Tags for an XML Document

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-23
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

This figure shows the end tags of an XML document.

<nds dtdversion="1.0" ndsversion="8.5">


<source>
<product version ="1.0">PBXSimulator</product>
<contact>PBXsRUs</contact>
</source>
<input>
<delete class-name="User" src-dn="45">
<association>45</association>
</delete>
</input>
</nds>

Figure 1-10 End Tags for an XML Document

There is an end tag for every start tag. Each end tag is at the same level
as its start tag. This is part of what makes the document well-formed.

Element Characteristics

The following are basic characteristics of an element:


■ Element names must be a single word. The name of the element must
be a single word consisting of all characters beginning with the tag’s
< character and ending with the first white-space character or the >
character.
■ Elements can have children. The <phone> element in the following
example has a single child, the <number> element:
<phone>
<number>555-1234</number>
</phone>

■ Elements can have content. The <input> element in the previous


example has a single text child, the characters 555-1234.

1-24 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

XML Elements with No Content

An XML element with no content can be expressed in 2 ways:


■ An element with no content can be expressed like <phone>:
<phone>
<number></number>
</phone>

There is nothing between the <number> element’s beginning and


ending tag, not even white space (e.g., spaces, tabs, carriage returns,
etc.).
White space is valid data in XML. If there was white space between
the <input> element’s begin and end tags, it wouldn’t be empty. It
would contain text consisting of white space.
■ An element with no content can also be equivalent to a start and end
tag in the same line, like the <number/> tag:
<phone>
<number/>
</phone>

An element like the <number/> element is referred to as an empty


element because there are no start and end tags, so the element
cannot contain text or child elements.

These elements are read the same way and mean the same thing.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-25
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Element Node Tree Diagrams

Tags are actually a textual way of defining information nodes in a tree, as


shown in the following figure. In other words, all elements you see in the
figure are nodes.

nds

source input

delete
product contact
association
PBXSimulator PBXsRUs
45

Figure 1-11 Node Tree for the Example <delete> Command

Drawing an XML document in a node tree diagram can sometimes make


it easier to understand its construction.

Also, DirXML processes data in this format to speed up synchronization


between differing applications.

1-26 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

Exercise 1-2 Identify XML Tags and Well-formed XML Documents

In this exercise you analyze the following sample XML document:


<nds dtdversion=”1.0” ndsversion=”8.5”>
<source>
<product version=”1.0”>
PBXSimulator
</product>
<contact>PBXsRUs</contact>
</source>
<input>
<modify class-name=”User” src-dn=”DigitalAir”>
<modify-attr attr-name=”Telephone Number”
src-dn=”DigitalAir”>
<remove-all-values/>
</modify-attr>
</modify>
</input>
</nds>

1. List the names of all start tags in the sample document.


1.

2.

3.

4.

5.

6.

7.

8.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-27
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Answers

1. nds

2. source

3. product

4. contact

5. input

6. modify

7. modify-attr

8. remove-all-values

(End of Exercise)

How DirXML Uses Associations

DirXML uses associations to match objects in eDirectory with objects


residing in connected systems. The DirXML association table is a list of
identifiers contained by an object in the central directory.

Each identifier contains 2 values: a reference to a connected application,


and a value that identifies the object or record in the connected
application associated with the directory object.

1-28 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

The value in the DirXML association is unique to the application and is


supplied by the application. No modification of the application is
required, and no foreign key values are introduced into the application.

The list nature of the DirXML association attribute means that a


directory object can be associated with a corresponding object in any
number of connected applications. In addition, DirXML does not limit
the types of objects that can be associated.

Existing associations are found in an association table. This table keeps


track of all external application objects an eDirectory object is linked to.

(Most competitive products require the connected application to store an


identifier of some sort to map objects from an application to the
directory.)

With DirXML, no changes are required of the application. Each DirXML


object in eDirectory contains an association table that maps the
eDirectory object with a unique identifier in the connected directories
and applications.

This table is built and maintained by the DirXML engine, so there is


never a reason to edit this information manually, although it is often
helpful to view this information.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-29
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The following shows a list of DirXML associations:

Figure 1-12 Association Table

In the association table, notice the following:


■ The driver object identifies the driver the associated object resides
in.
■ The associated object ID provides the specific ID for objects shared
between eDirectory and connected applications.
■ The state indicates whether the associated objects are completed and
processed or pending to be completed later.

The creation of an association between objects occurs when an event


occurs for an object that is not associated with another object in the
connected data source.

1-30 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

In other words, if the event is an add event, as shown in the following


figure, it would have to go through the process of creating an object or
creating an association:
The DirXML Engine
Subscriber
Filter Event Association Add Schema
to XML Processor Event? Mapper
no
yes

Output Event
Transformation Transformation

Matching Create Placement


Publisher Rule Rule Rule
Add Processor
Subscriber
Add Processor

Placement Create Matching Publisher


Filter Schema
Rule Rule Rule
Mapper
yes
no
XML Add Association
to NDS Event? Processor Event Input
Transformation Transformation

Figure 1-13 Association Process

Notice the dotted box around the matching, create, and placement rules.
This is where associations of objects take place.

This only happens if the event is an add event. After an association is


established, the system bypasses the matching, create, and placement
rules.

If there is no association or if the event is an add event, DirXML does the


following:
■ Matching rules define the criteria for determining if 2 objects are the
same. If there is a match, an association is created.
■ If there is no match, the create and placement rules are applied and
an object is created and associated.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-31
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

After an association is formed, this association remains in effect until the


associated objects or driver objects are deleted, or until the association is
deleted by an eDirectory administrator.

DirXML Authoritative Data Sources

DirXML authoritative data sources define the owner of data.

DirXML allows any application to be configured as the authoritative data


source for a particular piece of data. Objects can consist of data from
multiple authoritative sources.

For example, email address data could be owned by the Exchange email
application, so this application is the authoritative data source for email.
All other applications are consumers of the data.

You create authoritative data sources by configuring the filters on the


publisher and subscriber channels. You can set them to allow only those
attributes and classes the business dictates.

As an example, the human resources application might be the


authoritative source for an employee’s name, identification number, and
home telephone number.

The PBX system might be the authoritative source for an employee’s


office telephone number, and the security system might be the
authoritative source for an employee’s photograph.

The enterprise directory holds all common data items and distributes
them to consumers of the items, but DirXML only allows the
authoritative data source to update a particular data item.

In this case, eDirectory becomes a repository of information it does not


need, but which other applications can use. Even though eDirectory
stores information it does not need, it is not necessarily the source of that
information.

As such, DirXML allows any application to be configured as the


authoritative data source for a particular piece of data.

1-32 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

The following illustrates how authoritative data sources work:

Tree CN Bobby
Department Marketing
Empid 003456
E-mail bdoe@ab.com
Date of Birth 2/15/1965
Assoc. E-mail bdoe@ab.com Subscriber
Publisher
Assoc. HR 003456

Subscriber
Publisher Address bdoe@ab.com
Empid 003456
Dept Marketing
Dept Marketing
HR changes Birthdate 2/15/65
DOB 15.2.1965
Dept. Title
Server Email
Server HR

HR Manager Email Manager


Figure 1-14 Authoritative Data Source

In Figure 1-14, HR changes the Dept title to Marketing, and because HR


is the authoritative source, the change is allowed and is made in the other
databases.

If the email personnel changed the Department title, it would not happen
because the subscriber channels are set to block that change.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-33
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 4 Install DirXML and Test a DirXML Driver

To install DirXML and test a DirXML driver, you must complete the
following:
■ Meet Installation Requirements
■ Install DirXML
■ Understand VRTest and the VRTest Preconfigured Driver
■ Configure and Start DSTrace
■ Import and Test a DirXML Driver

Meet Installation Requirements

To install DirXML you must meet the following hardware and software
installation requirements for eDirectory and DirXML:

Component Minimum Requirement

Operating System NetWare®, Windows NT/2000, Linux®,


Solaris®, or Tru64TM.

Computer A Pentium 200 with a minimum of 64 MB


RAM. (For optimal performance, use 256
MB or more of RAM).

Software eDirectory 8.5 and ConsoleOne.

Optional Software Novell Client for Windows NT 4.5 or later.


NT client.

Rights Administrative rights to the NT server


and to all portions of the eDirectory tree
that contain domain-enabled user
objects.
For an installation into an existing tree,
you need administrative rights to the tree
object so you can extend the schema
and create objects.

Table 1-8 DirXML Installation Requirements

1-34 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

Install DirXML

You install DirXML in the accompanying exercise. The DirXML


installation program installs the following components:

The DirXML Engine. The DirXML engine is what powers directory and
application synchronization. It ensures proper communication between
eDirectory and the various directory and application drivers.

Selected DirXML Drivers. When installing DirXML, you can select any
of the following drivers. They enable eDirectory to synchronize with the
corresponding applications:
■ Active DirectoryTM Driver
■ Microsoft Exchange Driver
■ Lotus Notes Driver
■ Netscape Directory Server Driver
■ NDS eDirectory to eDirectory Driver
■ Custom Driver

These drivers are templates containing drivers, filters, and rules. You
must customize the drivers before they can be implemented.

After DirXML installation, ConsoleOneTM launches with the option to run


either the Application Driver Creation Wizard or the Filtered Replica
Configuration Wizard. These wizards allow you to customize the drivers
you install.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-35
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise 1-3 Install DirXML

1. From the DirXML\NT directory on the DirXML CD, run


INSTALL.EXE on the DA1 server.
This program installs the DirXML engine.
If the directories or files on your Student CD appear to be missing or
are in the incorrect location, refresh the connection to your CD drive:
a. From the session window, select Devices > ide1:0 -> auto detect
> Disconnect.
b. After the CD drive is disconnected, select Devices > ide1:0 ->
auto detect > Connect to reconnect the CD drive.

2. When the DirXML Product Installation window appears, click Next.

3. Read the License Agreement and click Accept.

4. In the Select Drivers window, click Select All, and deselect Custom
Driver.
By selecting all drivers (Figure 1-15), you install the Active
Directory, Microsoft Exchange, Lotus Notes®, Netscape Directory
ServerTM, and NDS eDirectory-to-eDirectory drivers.

Figure 1-15 DirXML Driver Installation

1-36 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

5. Click Next.

6. When warned about potential port conflicts between LDAP and


Exchange, click OK.
For classroom purposes, the eDirectory port was changed to 390 to
not conflict with port 389 of LDAP.

7. Read the Summary screen indicating the drivers you chose to install;
then click Finish.

8. When prompted that the installation is complete, click Close.


After the installation finishes, ConsoleOne launches with the option
to run either the Application Driver Creation Wizard or the Filtered
Replica Configuration wizard.

9. Log in to the Digital-Air-Workforce as admin and enter novell for the


password.

10. Click Cancel.

x If you use Novell Quick ClassroomTM Exercise Launcher for exercises and
you plan on using the Exercise 1-3 session (Digital-Air-1) from this exercise
for the rest of the exercises in this section, increase the size of the virtual
memory setting for the Digital-Air-1 NT server.

In the Exercise 1-3 window, right-click My Computer and select Properties.


Select Performance > Change, enter 300 for the initial size, enter 450 for the
maximum size; then select Set > OK.

(End of Exercise)

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-37
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Understand VRTest and the VRTest Preconfigured Driver

To help you understand and use DirXML, you have been provided with
the VRTest application.

VRTest is a simple application that mimics a directory or application,


maintains a concept of objects, uses all the same data as an application,
and operates DirXML rules.

The VRTest driver is a sample DirXML driver that helps you understand
the basic DirXML components more fully.

x The VRTest driver only runs on Windows NT.

VRtest application uses an executable called VRTest that does not share
code with eDirectory.

The VRTest driver interacts with a VRTest application that can be


configured for either a flat or hierarchal directory.

The VRTest Preconfigured Driver

The VRTest driver is a preconfigured driver, which means that when you
install it, it is already configured to do specific tasks.

Most drivers you install are preconfigured; however, to implement


DirXML, you must configure the drivers to match your business
requirements.

The VRtest driver was written in C++ and has a DLL extension. Some
drivers are written in Java® and have a JAR extension, such as
NDSTONDS.JAR.

The VRTest driver is configured in the following ways:


■ The publisher and subscriber filters are configured to share country,
group, organization, organization unit, and user objects.
Many attributes are also listed under the properties of the publisher
and subscriber objects.

1-38 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

■ The schema mapping rule on the DirXML driver object specifies that
the XML document needs to map organization, organizational unit,
and user objects between the VRTest driver and eDirectory.
■ The matching rule for the DirXML driver object specifies that a user
in VRTest and eDirectory match if users possess the same surname
and given name attributes.
■ The organizational objects match if the objects have the same O
attribute, and the organizational unit objects match if the objects
have the same OU attribute.
■ The creation rule for the publisher channel requires that a given
name and a surname must be specified before a user can be created
and shared between the VRTest application and eDirectory.
■ The placement rule for the publisher channel specifies the matching
path prefix that is allowed between the hierarchical structures for the
VRTest application and eDirectory.
■ The following displays the VRTest rule objects:

Figure 1-16 VRTest Rules

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-39
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

x Preconfigured drivers are never meant to be used as they are. They must be
configured to meet the needs of your organization.

Starting and Stopping the VRTest Driver

To start and stop the VRTest driver, open the Driver Set properties dialog.
The VRTest driver has 3 possible starting states:
■ Disabled, which means the driver will not run
■ Automatic, which means the driver starts when eDirectory and
DirXML are launched
■ Manual, which allows the administrator to start the driver

Configure and Start DSTrace

You configure and start DSTrace so you can observe the activity of the
driver as you perform functions.

Green text indicates that an XML function has succeeded, red text
indicates that a function has failed. Yellow text indicates that the
correction of an error will enable the function to work. Blue text provides
information in XML format.

1-40 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

The following shows an example of a DSTrace screen:

Figure 1-17 DSTrace Text

DSTrace is very valuable for troubleshooting DirXML and is discussed


in Section 7.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-41
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise 1-4 Import and Test a DirXML Driver

To test a DirXML driver using VRTest, you must perform the following:
■ Part I: Create a DirXML Admin Object
■ Part II: Create a Driver Set Object
■ Part III: Import the VRTest Driver
■ Part IV: Start DSTrace
■ Part V: Set the Driver Trace Level and Start the VRTest Driver
■ Part VI: Start the VRTest Driver
■ Part VII: Migrate Users from the VRTest Driver to eDirectory
■ Part VIII: Stop the VRTest Driver

Part I: Create a DirXML Admin Object

When you import drivers, you are asked to give rights to the driver object
through making the driver object security equivalent to another object.

To create an object that has the necessary rights, do the following:

1. In ConsoleOne, highlight the DigitalAir organization object.

2. Click File > New > User.

3. In the New User dialog, enter the following:


a. In the Name field, enter DirXMLAdmin.
b. In the Surname field, enter DirXMLAdmin.
c. Make sure Assign NDS Password is selected.
d. Select Prompt during creation.
e. Click OK.

4. In the Set Password dialog, enter novell twice; then click Set
Password.

5. Select the Digital-Air-Workforce tree.

1-42 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

6. Right click and select Trustees of this object.


The Properties of Digital-Air-Workforce appear.

7. Select Add Trustee.

8. Browse to and select the DirXMLAdmin object; then click OK.

9. In the Property window, select Entry Rights; then in the Rights


window, select Supervisor.

10. Select All Attribute Rights; then select Supervisor.

11. Click OK.

12. In the Properties of Digital-Air-Workforce screen, click OK.

Part II: Create a Driver Set Object

Now that you have a DirXMLAdmin object created, you create a driver
set object. Do the following:

1. Right click the DigitalAir container; then select New > Object.

2. In the New Object dialog, select DirXML-Driver Set; then click OK.

3. For the name of the object, enter Driver Set.


Notice that you can make this object its own partition. For DirXML
to run, it needs to be in a nonfiltered replica.

4. Click OK.
The driver set object is created.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-43
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part III: Import the VRTest Driver

The VRTest driver is not necessary to use DirXML. It mimics a


preconfigured driver so you can understand how a driver works.

The VRTest server and client are loaded through a batch file from the
program directory. To load the VRTest server and client with the sample
flat schema, perform the following:

1. Copy the C:\Novell\NDS\msvcp60.dll file to C:\winnt\system32.

2. From your student CD in the DirXML drivers directory, copy the


vrtest directory to C.
When you copy files from a CD, they copy as read only files.

3. To make the files writable, open the command prompt and enter the
following:
Attrib -R C:\vrtest\*.* /s

4. At the command prompt window, enter cd \vrtest\programs.

5. Enter vrtest server 02 load.

6. Enter vrtest client 02.


The VRTest client reveals the hierarchical content structure of the
VRTest driver. Evaluate this list to ensure the changes you make in
eDirectory hierarchy are also made in the VRTest driver when you
synchronize the drivers.

7. From C:\vrtest\programs, copy VRTEST_DRIVER.DLL and


VRTESTAPI.DLL and paste into the C:\Novell\NDS directory.

8. In ConsoleOne, select the DirXML Driver Set object; then click


Wizards > Create a New Application Driver.

9. In the Welcome screen, select In an Existing Driver Set; then click


Next.

10. In the Select Server screen, browse to and select the


Digital-Air-1-NDS server object and click OK; then click Next.

1-44 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

11. When prompted to import or create a new application driver, browse


to C:\VRTEST\02\RULES and import the VRTEST_02.XML file;
then click Next.

Figure 1-18 VRTest XML File

12. When prompted to provide the name of your tree, enter


\Digital-Air-Workforce; then click Accept.
A dialog appears recommending you define security equivalence for
the driver object and to exclude objects that represent administrative
roles.

13. Click Yes.

14. On the Memberships Security Equal to tab, click Add.

15. To grant normal eDirectory security rights equivalents from the


Memberships-Security Equal To screen, browse to and select
DirXMLAdmin; then click OK.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-45
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

16. Select the DirXML tab and Excluded Users.

17. In the DirXML-Excluded Users screen, click Add.

18. To exclude DirXMLAdmin from being a user that is updated and


migrated with all other users, browse to and select DirXMLAdmin;
then click OK.

19. Repeat step 18 to also exclude the Admin object.


You do this because if you synchronize all users in a tree to some
other application, someone can delete Admin. In addition, Admin is
probably meaningless in the other application.

20. Click OK.


The Summary screen appears.

21. Click Finish.


The VR Test Driver is imported.

22. Expand the Driver Set object to verify the driver object is imported.

The VRTest client reveals the hierarchical content structure of the VRTest
driver. You can evaluate this list to ensure the changes you make in the
eDirectory hierarchy are also made in the VRTest driver when you
synchronize the drivers.

After you install the VRTest driver, you can view the parameters of the
rules and filters if you right-click a selected object and select Properties.

Part IV: Start DSTrace

Starting DSTrace can help you troubleshoot if there are problems. Do the
following:

1. From the Start Menu, select Settings > Control Panel.

2. Double-click NDS Services.

3. Highlight dstrace.dlm; then select Startup.

1-46 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

4. For the startup type, select Automatic; then click OK.

5. Start DSTrace by clicking Start.

6. In the NDS Server Trace Utility screen, select Edit > Options.

7. In the NDS Trace Options screen, select Clear All.

8. Select the DirXML Drivers box; then click Save Default.

Figure 1-19 DirXML Driver Settings

9. Click OK.

10. Close the NDS Services and Control Panel windows.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-47
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part V: Set the Driver Trace Level and Start the VRTest Driver

In this part, you set the driver trace level to view the XML data in the
DSTrace screen. Do the following:

1. In ConsoleOne, right-click the Driver Set Object and select


Properties.

2. In the Properties of Driver Set screen, select the Other tab.

3. In the screen that displays leftover attributes not handled by custom


pages, click Add.

4. Select DirXML-DriverTraceLevel > OK.

5. Enter 3 as the trace level.


The different levels allow you to view different amounts of detail in
DSTrace. By selecting “3,” you can view most of the details. By
selecting “1” or “2,” you view fewer details.

Figure 1-20 The DirXML Driver Trace Level Settings

6. Click OK.

1-48 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

You are adding an attribute that sets a specific trace level so you can
observe the DirXML driver set activity in DSTrace.

Part VI: Start the VRTest Driver

Now you can start the driver:

1. Right click the Driver Set object; then select Properties.

2. In the Properties of Driver Set screen, select DirXML > Drivers.

3. In the screen that displays the drivers that exist in the driver set, select
the VRTest Driver:

Figure 1-21 Start the VRTest Driver

4. Click Start.
The status should now appear as Running.

5. Close the Properties window.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-49
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part VII: Migrate Users from the VRTest Driver to eDirectory

Some users exist in the VRTest server to simulate the hierarchical


structure of an actual eDirectory tree.

To view the contents of the tree, explore the VRTest client that lists all
organizational units and users on the server.

To migrate the objects you see on the VRTest client to the eDirectory
tree, perform the following:

1. Right-click the DriverSet object; then select Properties.

2. Select the VR Test Driver, which should be running.

3. Click Migrate Into NDS.

4. In the Migrate data into NDS window, click Edit List:

Figure 1-22 Data Migration Into eDirectory

1-50 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

5. Select the following filters in the Filter window:


❑ Organization
❑ Organizational Unit
❑ User
Because you are migrating the Organization, Organizational Unit,
and User objects and their names, you do not need to select
attributes.

6. Click OK.

7. In the migrate data into NDS screen, click Migrate.


This causes the eDirectory driver to read the objects of the selected
classes in the VRTest driver then simulate the same hierarchy of
objects in eDirectory.
You should also see success (in green) in the DSTrace screen.

8. Close the Driver Set Properties box.

9. Refresh ConsoleOne and make sure that the Organization,


Organizational Unit, and User objects in the VRTest client also appear
in eDirectory.

10. In the DigitalAir container, select the Airports container.

11. Click the New User icon on the tool bar.

12. Enter information in the specified fields, including cn and surname.

13. Select Prompt User on First Login.

14. Click OK.


Evaluate your success in DSTrace.
The yellow text indicates that the user you created was vetoed
because you did not specify the given name of the user as required
by the create rule. To meet the requirement, you must perform the
following:
a. Right-click the user you just created; then select Properties.
b. Click the General > Identification tab.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-51
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

c. Enter a Given Name for the user.


d. Click OK.
e. Evaluate your success in DSTrace again.
Green text should appear to indicate you created the user
successfully.
f. Check the VRTest client to ensure the new user is also displayed
on the VRTest driver.

Part VIII: Stop the VRTest Driver

Because this application is not used in other sections, stop the driver by
completing the following:

1. Right click the Driver Set object; then select Properties.

2. Highlight the VR Test Driver and click Stop.


The VRTest Driver should display as stopped.

(End of Exercise)

1-52 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

Exercise 1-5 Play the DirXML Challenge Me Game

You can review the basics of DirXML and the DirXML components by
playing the Challenge Me game located on the 992 student CD. To play
the game, perform the following:

1. Group into teams of 3.

2. Locate the game on the 992 student CD at


LABFILES/SECTION1/CHALLENGEME\992CHALLENGEME.

(End of Exercise)

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-53
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Summary

Objectives What You Learned

1. Identify the Purpose of DirXML DirXML enables various applications to share common data through eDirectory.
The applications transfer data to eDirectory using XML, which allows the
applications to store data in native API format.

2. Identify DirXML Components ■ DirXML components operate together to transfer information, and
subsequent changes, from eDirectory to the DirXML application driver and
vice versa.
■ A driver set is a container that stores all drivers. The drivers can be started
and stopped in the driver set.
■ The DirXML driver object defines all components of a driver, including rules,
stylesheets, and the application driver name.
■ The application/shim driver is where data is transformed to XML rules and
stylesheets.
■ Publisher and subscriber channels manage the flow of data between
eDirectory and other applications. Publisher channels submit information
from other applications to eDirectory, and subscriber channels submit
information from eDirectory to other applications.
■ DirXML rules contain an XML document that defines a rule that is applied to
the eDirectory event stream as it flows through the DirXML engine. These
rules include the following:
a. Event Transformation Rule
b. Mapping Rule
c. Matching Rule
d. Create Rule
e. Placement Rule
f. Input Transformation Rule
g. Output Transformation Rule

3. How DirXML Works ■ DirXML uses a meta-language (a language used to describe other
languages) called XML (Extensible Markup Language) as the primary
language to communicate with other systems.
■ DirXML uses associations to link objects from eDirectory to application
objects. DirXML associations are created one time. The association table is
an attribute that records the schema mapping between eDirectory and
other applications.
■ DirXML allows any application to be configured as the authoritative data
source for a particular piece of data. This type of configuration allows
objects to consist of data from multiple authoritative sources.

1-54 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
How DirXML Synchronizes Data

Objectives What You Learned

4. Install DirXML and Test a ■ To install DirXML, you must first complete the following:
DirXML Driver
■ Meet prerequisite requirements.
■ Install Novell eDirectory 8.5.
■ Install ConsoleOne.
■ Install DirXML.
■ The VRTest driver is a preconfigured driver, which means that when you
install it, it is already configured to do certain things. Most drivers you install
are preconfigured; however, in a real implementation, you must configure
them to match your organization needs.
■ Preconfigured drivers are meant to be customized. They are generally not
meant to be used as provided.
■ DSTrace allows you to monitor the success of operations performed in
DirXML.

Revision 1.0 This document should only be used by a Novell-certified instructor. 1-55
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

1-56 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
SECTION 2 Design and Implement a DirXML
Deployment

In this section you learn the basic principles of how to design and
implement a DirXML deployment that meets a customer’s business
requirements.

Objectives
1. Prepare for the Deployment

2. Design the Deployment

3. Implement the Deployment

4. Manage and Troubleshoot the Deployment

Introduction

DirXML provides the flexibility needed to enable e-commerce and


e-business. That flexibility comes with some complexity regarding rules,
stylesheets, and XML.

Because of that complexity, handling a DirXML deployment can be


fairly difficult. To help you understand the complexity, this section
covers the basic steps and documents that significantly improve the
chances of a successful deployment.

This section focuses on designing and implementing a DirXML


deployment from a consultant’s viewpoint to help you understand the
complexity of deploying DirXML and what to expect when working with
a DirXML consultant.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-1
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

However, designing and implementing a DirXML deployment requires


advanced training (available from Novell), guidance from experienced
consultants, and keeping updated on the latest DirXML developments
from Novell.

Scenario

Digital Airlines is a regional carrier based in Los Angeles. Established 3


years ago, Digital Airlines’ mission is to provide quality, personalized
airline service for business executives.

As part of that service, Digital Airlines provides online reservation


accounts for each of its customers. By logging in to a reservation account
on the Digital Airlines web site, a customer can view a list of scheduled
flights, reserve a flight, or charter a flight.

Customers can also request specialized meals, reading materials,


transportation to the airport, and other travel-related services.

The QuickStart Plan

Digital Airlines started with 3 corporate-style jets in the first year, added
3 more the second year; then added 4 jets this year.

They are negotiating to purchase 10 new short-range, luxury airliners to


be placed in service within the next 12 months.

This purchase will effectively double the flight capacity of the company.

Although this is good news for the company’s growth, management is


worried about finding enough qualified people to fill new positions in the
company.

As part of the recruiting effort, company executives plan to roll out a new
package of benefits that includes the same type of web access to flight
reservations that customers enjoy. Flights are free to employees, but on a
standby basis.

2-2 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

They also want to significantly improve a new employee’s experience


with the company by introducing a QuickStart e-provisioning program
that guarantees a computer, email account, and reservation account are
ready to use the first day an employee begins work.

By providing this quality experience, they hope to retain employees


longer and prevent costly turnovers.

The Problem

With the number of new hires the company is required to enlist over the
next year, and with the addition of reservation accounts for the new
employees, the current business process is totally inadequate.

The IS&T manager approaches the CIO with this concern. If something
isn’t done, employees could be left stranded for a month or more without
an email account or a computer, and it might take even longer for a
reservation account on the web server to be set up and activated for the
employee.

The CIO gives the IS&T manager the responsibility to provide a solution
that will ensure the success of the QuickStart program.

The Solution

As a NetWare consultant, you have previously helped Digital Airlines


establish a networking environment. The IS&T manager calls you for
help solving the technical issues surrounding the QuickStart program.

Because of your training and experience with DirXML, you recommend


using DirXML as a solution for synchronizing events and data associated
with the QuickStart program.

You set up a meeting with the IS&T manager to begin the process of
evaluating the QuickStart business process and determining how
DirXML can help.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-3
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Class Discussion

Using your existing knowledge of DirXML, how would you design and
implement a DirXML deployment for the Digital Airlines QuickStart
e-provisioning process presented in the scenario?

2-4 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Objective 1 Prepare for the Deployment

Preparing for a DirXML deployment requires more than just learning


how to install and configure DirXML. You need to
■ Learn How to Design Solutions Using eDirectory and DirXML
■ Understand How Business Processes Work
■ Understand the Company’s Applications
■ Understand the Company’s Political Climate
■ Keep Current on the Latest Drivers and Stylesheets

x Though these topics are critical to review when preparing for a DirXML
deployment, you also need to make sure you keep informed about these topics
through each phase of the deployment.

For example, you can save hours or days configuring rules and stylesheets for
a Microsoft Exchange driver by checking Novell’s DirXML web site for
information on the latest driver.

Learn How to Design Solutions Using eDirectory and DirXML

To understand how solutions can be built around DirXML and


eDirectory, you need to understand what you can (and cannot)
accomplish using components such as rules, stylesheets, and the XML
and XSLT markup languages.

You should also find out about similar DirXML deployments. For
example, if you find out that a customer requires a PeopleSoft driver or
Notes integration, check with another consultant or the DirXML web site
to find out more about implementing this kind of solution.

The more you find out about experiences with similar deployments, the
more you are prepared to effectively implement DirXML in your own
deployment.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-5
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Understand How Business Processes Work

Before interviewing a customer to assess a company’s needs, you need to


understand general business processes and as much as possible about the
company’s business processes.

This knowledge helps you anticipate and prepare the questions you need
to ask the customer and analyze the specific process a customer is
describing.

For example, find out how many paper directories (such as printed
department employee directories) the company maintains, how often
IS&T receives requests for a new account, and how much time it takes to
remove an employee account from the system.

With this information, and an understanding of general business


processes, you will have an easier time convincing top management of
the viability of implementing DirXML to improve their business
processes.

x A consultant’s thorough questioning and analysis of a company’s current business


process will probably result in a list of employee complaints and inherent
weaknesses in the process.

Although you should report the results and provide suggested solutions, you
should never attempt to force a solution on the customer because it is better than
an existing method.

Understand the Company’s Applications

An important part of planning for a DirXML deployment is


understanding what is possible (and not possible) when integrating a
company’s application into a DirXML solution.

For example, if a company wants to integrate data synchronization


between their PeopleSoft system and their Oracle® financial system, it is
important to understand how a business process involving these types of
applications is going to work.

2-6 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Understand the Company’s Political Climate

The political climate of a company can significantly impact the


effectiveness and complexity of a DirXML deployment.

To increase the likelihood of a successful deployment, you need to


understand the concerns and enlist the support of
■ System Administrators
■ The Corporate Sponsor

System Administrators

When researching the business processes of a company, you interview


administrators responsible for managing and administering various
systems. Each system includes a directory or repository of data you
might need to access.

The administrator responsible for that system and data often has strong
feelings about attempts to access the application APIs—especially by
another department (such as Human Resources) that will control the
creation, modification, and deletion of that data.

Make sure you include the administrator as part of the DirXML


deployment effort. By including administrators, you involve them in the
design of the deployment, and help them understand the nonintrusive
nature of DirXML.

The Corporate Sponsor

Because you often cross several boundaries in the company, technically


and politically, it’s important that your deployment has support all the
way up the management chain.

It’s especially critical to find a sponsor in the organization that


understands and is able to promote the benefits and return on investment
(ROI) of DirXML.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-7
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

In addition, the sponsor needs to be high enough in the organization to


break down political barriers and influence the decisions of the people
who own the data affected by the deployment.

For example, the PeopleSoft team might be eager to synchronize with


eDirectory and automate the creation of an employee account in the NT
domain. However, the Windows NT domain administrators might not
want you making API calls into their domain.

Although you can technically explain to the NT administrators how the


system works, how the driver behaves, what you’re doing with DirXML,
and how they can secure themselves, they might still refuse to fully
cooperate.

In this case, it helps to have a sponsor such as the IS&T vice president to
negotiate, or dictate, the integration of the system or application.

Keep Current on the Latest Drivers and Stylesheets

You need to keep current with the latest DirXML driver developments.
You can do this by checking Novell’s DirXML web site at
http://www.novell.com/products/nds/dirxml.

The web sites include valuable information about implementing DirXML


and updates on product enhancements and development.

2-8 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Objective 2 Design the Deployment

Designing a deployment requires a careful, systematic approach that


involves documenting each step of the design process.

Each document builds on the next until you have a final deployment plan
that not only serves as a blueprint for the DirXML solution, but provides
the opportunity for you and the customer to commit (by signature) to the
new business process and supporting DirXML implementation.

This section covers the following topics to help you design a


deployment:
■ Documenting a DirXML Deployment
■ How to Create a Business Process Review Document (BPRD)
■ How to Create a Business Requirements Document (BRD)
■ How to Create a Project Requirements Document (PRD)

Documenting a DirXML Deployment

When designing a DirXML deployment for a customer, you might be


tempted to create a simple, high-level, executive briefing for your
implementation, explain it to the customer, and then immediately start
implementing the solution.

However, the most successful DirXML consultants do the following:


■ Understand the Benefits of Thorough Documentation
■ Get Document Signatures
■ Use Documentation to Resolve Issues

Understand the Benefits of Thorough Documentation

Documenting the design of your DirXML deployment provides the


customer with a clear picture of the new business process, the
requirements for implementing DirXML to support the process, and
ownership of the common data to be synchronized across the DirXML
system.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-9
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Get Document Signatures

Signatures on all documents by a representative from each affected


system are an essential part of the design process. This ensures the
customer has a chance to review the design and make a commitment to
the deployment.

Use Documentation to Resolve Issues

Clearly written, detailed documentation signed by the proper customer


representatives provides a way to quickly resolve issues that arise from a
DirXML deployment.

For example, during an engagement on the East coast of the United


States, the customer failed to tell the consultant about a status that
belonged to the employee status field in PeopleSoft.

As the DirXML driver finished processing add, delete, and modify events
from PeopleSoft, 400 of these “unknown” values came through. Because
the value was not recognized by the driver, 400 employees were
terminated and unable to access the network or email.

The customer called the consultant and immediately blamed the


consultant and the DirXML implementation. To resolve the situation, the
consultant and customer reviewed the documentation signed by the
customer.

The DirXML driver was performing as described in the document. The


consultant stated, “These are the values you said were associated with the
employee status field. However, you didn’t disclose this additional value.
Because of that, you just fired 400 of your people.”

When the issue was brought to the attention of the Human Resources
people, they admitted forgetting to tell the consultant about the value.

This example is a common experience when deploying a DirXML


system. To avoid costly mistakes, try to be as meticulous as possible
when gathering information and documenting requirements.

Always have a representative from each affected group review and sign
the requirements document.

2-10 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

How to Create a Business Process Review Document (BPRD)

Before creating a detailed view of a DirXML solution in a requirements


document, you need to record the company’s current business process
and recommended changes to that process. This is the purpose of the
Business Process Review Document (BPRD).

The BPRD provides a picture of the business process and a


recommended role for DirXML in supporting that process.

For many organizations, this might be the first time anyone has analyzed
and documented a cross-departmental business process (such as
e-provisioning for new employees).

The following are some basic tasks related to creating a BPRD:


■ Define the Deployment Scope
■ Analyze the Business Processes
■ Define the Business Requirements
■ Create a Data Flow Diagram (DFD)
■ Describe the Advantages of Using DirXML
■ Manage the Customer’s Expectations

Define the Deployment Scope

The most important question you need to keep in mind when creating a
BPRD is “What is the deployment scope?”

Although the customer might want you to solve a data synchronization


problem between Human Resources (PeopleSoft) and IS&T (NT
domains), the solution might also need to include the PBX and email
systems.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-11
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The following is a description of an actual DirXML deployment in a


BPRD:

“To provide a set of streamlined business processes that ensure all


services and information applicable to a new employee are granted,
based on who they are in the HR System of Record, and are available
upon the employee’s arrival at the company.”

Whether this is an easy deployment or a difficult one depends on the


company, the number of employees in the company, and the turnover
rate. It also depends on the type and number of systems involved in
delivering services to the new employee.

For example, if a new employee needs to have access to everything on


the first day of work, the DirXML solution could become very extensive
and expensive.

You need to define the scope from the very beginning. Otherwise, your
deployment will continue through a never-ending cycle of major
changes, even after you implement the DirXML system.

Analyze the Business Processes

After defining the scope of the DirXML deployment, you need to review
and analyze the customer’s business process to help you understand the
processes politically and technically.

With this information, you can build a DirXML system that supports the
process and meets the company’s technology, data flow, security, and
ownership of data requirements.

The following basic tasks are related to analyzing the business process:
■ Interview Key Personnel About Individual Processes
■ Interview Key Personnel About the Entire Process
■ Track the Business Process Throughout the Company

2-12 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Interview Key Personnel About Individual Processes

You start the analysis by interviewing key individuals such as managers,


administrators, and employees that actually use the application or
system. Ask questions such as these:
■ Where does the data originate?
■ Where does it go?
■ Who owns it?
■ Who do you need to contact to change it?
■ Who will be very angry if you do change it?
■ What types of operations take place?
■ Where do the systems live (on what servers, in which departments)?

For example, if you are interviewing the administrator for the PeopleSoft
system in Human Resources, you can ask questions such as these:
■ What data is stored in the PeopleSoft database?
■ What appears in the various panels for an employee account?
■ What actions are required to be reflected across the DirXML
integration (such as add, modify, or delete)?
■ Which of these are required? Which are optional?
■ What actions need to be triggered based on actions taken in
PeopleSoft?

x It is important to interview the employees that use an application or system in


a business process.

Though a manager might outline how the business process is supposed to


work, the employee performing the tasks can give you personal insights into
the problems of working with the application and other employees and
managers.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-13
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Interview Key Personnel About the Entire Process

You should also interview one or more people in the company who
understand the entire business process.

For example, if you are implementing DirXML to support an


e-provisioning process that provides a new employee with a complete set
of services, ask questions such as the following:
■ After a person is hired, and the information is entered in PeopleSoft,
where does that data go?
■ How does the new employee get a phone?
■ How does the new employee get an NT or NetWare account?
■ How does the new employee get a GroupWise®, Exchange, or Notes
email account? And which email system will handle the account?

Track the Business Process Throughout the Company

Interviewing key people can lead you to conversations with other areas of
the organization. You need to follow up on these leads to get a clear
picture of the entire process.

For example, the PeopleSoft administrator might tell you that she sends
an email message to the NT domain administrator to inform him that a
network account needs to be created for a new employee.

You next talk to the NT domain administrator and find out what
information he receives and what actions he takes.

This can lead you to the email administrator who can tell you what action
initiates the creation (or deletion) of an email account and what
information the administrator feels she owns.

By tracking the current business process throughout the company, you


begin to understand the current model of the business process and the
data flow and workflow of the process.

2-14 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Define the Business Requirements

When interviewing key individuals about the company’s business


process, you also gather information about the business requirements that
define the business process.

For example, a business requirement for terminating an employee might


be that the employee’s network and email accounts must be removed or
archived the same day the employee is terminated.

Additional requirements might include terminating cell phone accounts


and recovering laptop computers.

Although current business practices in the company might not support


this requirement (it can actually take 2 or 3 days to remove the email
account), it is still a business requirement that must be considered in your
DirXML deployment.

The following basic tasks are related to defining the business


requirements:
■ Review the Process Flows, Data Mapping Relationships, and Process
Triggers. When reviewing your interview notes, sort out the process
flows, process triggers, and data mapping relationships. This can
involve working with an expert in business processes.
For example, if something is going to happen in a certain process,
what’s going to happen as a result of that process? What other
processes are triggered?
You can also begin to form a picture of what data from one
application needs to be mapped to another for the entire business
process to operate properly. List data transformations that need to
take place from one format to another (such as 2/25/2002 to 25 Feb
2002).
■ Document the Dependencies. Listing dependencies is critical to the
development of an effective DirXML solution.
If you change a certain value, you need to know if there is a
dependency on that value. If you change a particular process, you
need to know if there is a dependency on that process.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-15
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

For example, selecting a “temporary” employee status value in a


Human Resources system means that IS&T needs to create a user
object in eDirectory with restricted rights and access to the network
during certain hours.
If you do not know about the temporary employee status, you build a
DirXML solution that handles the unknown status incorrectly—such
as creating a user object with full rights and 24x7 access.
■ List the Priorities. Because you can’t always fulfill every
requirement, wish, or desire of a customer immediately, you need to
list priorities for designing and deploying the DirXML system.
Make sure you divide the deployment into phases that let you
implement a portion of the deployment early and other portions of
the deployment later on.
■ Define the Prerequisites. You must document the prerequisites
required for implementing a particular phase of the deployment.
For example, before sychronizing data between PeopleSoft and
Microsoft Exchange, you might need to install eDirectory and create
department containers in the eDirectory tree for storing user objects
that represent employees.
■ Identify Authoritative Data Sources. When interviewing system
administrators and managers, find out what items of information they
feel belong to them.
For example, the email administrator might want ownership over the
email address for an employee. This means the DirXML deployment
needs to implement the email system as the authoritative data source
for employee email addresses.

2-16 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Create a Data Flow Diagram (DFD)

After you’ve defined the business requirements for sharing data in a


business process, you should design a data flow diagram (DFD) that
reflects the current business process.

The DFD illustrates where the data originates, where it moves to, and
where it can’t move to. It should also account for how certain events
affect the data flow.

For example, the following shows the applications and systems in EMA
Corporation, but does not show data flow:

FS1 Server FS2 Server

PeopleSoft
eDirectory Email Server
PBX Server
Corporate Tree

Figure 2-1 Applications and Systems in the EMA Corporation Network

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-17
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The following DFD provides information about the data flow in EMA’s
current e-provisioning process for new employees:

● Sends letter of acceptance to Human Resources


● Sends email to eDirectory admin to create user account
Manager ● Calls telephone service for phone and phone number
● Sends email to email server admin to create mailbox

Human
Resources
● Receives letter of acceptance
● Creates employee record
in PeopleSoft Email Admin
PBX Admin
eDirectory ● Receives email
Admin ● Receives phone call ● Creates mailbox
● Creates voicemail account on email server
● Receives email on PBX Server
● Creates user account
in eDirectory

FS1 Server FS2 Server

PeopleSoft
eDirectory Email Server
PBX Server
Corporate Tree

Figure 2-2 Data Flow for EMA’s Employee Provisioning

In addition to creating a DFD that illustrates the current business process,


you should also provide a DFD that illustrates the proposed business
process and the advantages of implementing DirXML in that process.

2-18 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

For example, the following is a proposed e-provisioning DFD for EMA


Enterprises implementing DirXML to synchronize data:

Human Manager ● Sends letter of acceptance to Human Resources


Resources
● Receives letter of acceptance
● Creates employee record in PeopleSoft

FS1 Server FS2 Server

Email
Server
Email
PeopleSoft NDS
PeopleSoft Driver
Driver to ● Receives employee
NDS accounts and enterprise
eDirectory Driver eDirectory attributes (except email)
● Creates employee accounts from eDirectory
● Replicates employee accounts
● Publishes email attribute
to eDirectory Corporate Tree Services Tree to eDirectory
● Creates enterprise attributes
(except email and phone) PBX
● Replicates enterprise attributes Driver
(except email and phone) to ● Receives employee accounts ● Receives employee accounts
eDirectory from PeopleSoft from eDirectory PBX
Receives email and phone ● Replicates employee accounts ● Replicates employee accounts

to eDirectory to email and PBX servers
Server
attributes from eDirectory
● Receives enterprise attributes ● Receives enterprise attributes
(except email and phone) (except email and phone)
from PeopleSoft from eDirectory ● Receives employee
● Replicates enterprise attributes ● Replicates enterprise attributes accounts and enterprise
(except email and phone) (except email and phone) attributes (except phone)
to eDirectory to email and PBX servers from eDirectory
● Receives email and phone ● Receives email and phone ● Publishes phone attribute
attributes from eDirectory attributes from email to eDirectory
● Replicates email and phone and PBX servers
attributes to PeopleSoft ● Replicates email and phone
attributes to eDirectory

Animation 2-1 How DirXML Figure 2-3 DirXML e-provisioning Solution for EMA Corporation
Provides a Business Process
Solution

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-19
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Describe the Advantages of Using DirXML

After you review and understand the customer’s business processes and
document their business requirements, you need to describe what the
company can gain by revising the process and implementing DirXML.

Although the proposed DFD is an important tool for illustrating those


advantages, you should also list the advantages.

The following are some advantages to implementing a DirXML solution


that you might want to consider listing in the BPRD:
■ More Efficient Business Processes
■ More Accurate Data
■ Reduction in Administrative Costs
■ Directory Support for Applications
■ Data Sharing Through a Directory

More Efficient Business Processes

When you analyze a company’s business processes, you often find the
existing processes are not economical or efficient. Some of these issues
can be solved with DirXML technology; others require intervention by
managers.

Be honest with the customer. Use the DFD to point out problems in the
current business processes; then identify those problems that are political
and those that can be solved with DirXML technology.

More Accurate Data

Sometimes the data synchronization is completely off and needs to be


reconfigured.

For example, a company might be using InfoSource (a relational


database) as a hub between PeopleSoft (Human Resources) and
eDirectory. The data travels in one direction from PeopleSoft through
InfoSource to eDirectory.

2-20 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

If anyone can access and update the data at those 3 points in the system,
the data can be out of synchronization in all 3 repositories.

Before you implement DirXML in this situation, you either need to


synchronize all the data or define authoritative data sources for the data
and have the drivers perform the synchronization.

Whatever method you choose, emphasize to the customer that DirXML


is an excellent technology for ensuring that all data is quickly
synchronized across the system by those who have the authority to add,
modify, or delete the data.

Reduction in Administrative Costs

Reducing employee and data administration costs is a huge benefit to


customers. Evaluate the costs associated with what the company is doing
now versus implementing a DirXML solution.

Remember that top management might not be as interested in data


synchronization as the return on investment (ROI) for implementing
DirXML.

The following are some benefits you might want to address:


■ Improved Timeliness of Account Administration Activities. This is a
significant benefit for a company. It can be hard to put a price tag on
data finally being synchronized throughout the company.
However, you can help top management understand the significance
by pointing out the loss of production due to something as simple as
an inaccurate phone number.
■ Employee Focus on Strategic Processes and Procedures. A DirXML
deployment lets employees focus on more strategic business
processes and procedures.
The Human Resources representative does not need to spend time
calling an NT domain administrator to create, update, or delete a user
account.
The NT domain administrator is free to pursue more important issues
that deal with upgrading or configuring the NT system.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-21
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

■ Increased Integrity, Availability, and Reliability of Data. The integrity,


availability, and reliability of the data is increased, while the efforts
to manage that data are significantly decreased.

Directory Support for Applications

Companies often have applications that are totally independent from


each other. The applications do not look the same, have the same schema,
or have the same architecture.

A significant advantage to using DirXML is that applications do not have


to be modified to synchronize data between them. By eliminating
application customization, a company can save thousands of dollars and
hours.

In other words, DirXML brings the directory to the application; the


application does not need to conform to the directory.

Data Sharing Through a Directory

Because eDirectory serves as a metadirectory for storing data


synchronized by DirXML, all shared data can be brought together into a
common data format.

Accessing that data, regardless of how it’s stored in an NT domain or


Microsoft Exchange, provides a significant advantage when supporting a
business process.

Manage the Customer’s Expectations

Be careful about the way you handle the customer’s expectations. Do not
sit down with the customer during an initial meeting and promise that
you can synchronize all employee data for a certain fee and have the
deployment completed in 2 months.

You need to explain that the first deliverable is a BPRD from which you
and the customer can begin to document what needs to be installed and
configured, how long it will take, and what the deployment will cost.

2-22 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

For example, a great deal of money was lost on a large DirXML


deployment where the consultant listened to the customer for an hour or
two, did a quick analysis; then promised the deployment would only take
a month.

Six months later, the deployment was still being implemented.

By delivering a thoroughly documented BPRD first, you and your


customer save time and expense.

How to Create a Business Requirements Document (BRD)

After the customer signs off on the BPRD, you can begin creating a
business requirements document (BRD). This is the technical description
of the DirXML solution.

The BRD is a detailed description of the business requirements related to


the DirXML portion of the new business process, and how DirXML will
be implemented to support those requirements.

The BRD helps you decide what you need to do and gives you the
information needed to determine how long the deployment will take,
what it will cost, and what the support costs might be after the initial
implementation.

You begin creating a BRD by extracting those business requirements


from the BPRD that directly relate to the DirXML deployment; then
perform an analysis of those requirements.

The following are some basic tasks related to analyzing and documenting
the DirXML-specific business requirements:
■ Define Data Flow and Relationships
■ Define the Enterprise Schema
■ List Required Data Transformations
■ List Value Relationships
■ Identify Authoritative Data Sources
■ Enforce Authoritative Data Sources

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-23
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

■ Define Termination Processes


■ Strengthen the Authentication Process
■ List Additional Software Needed
■ List the Constraints

Define Data Flow and Relationships

You need to document what data you are moving between systems and
what tasks need to be accomplished. Ask questions such as these:
■ Am I moving user objects?
■ Am I synchronizing groups in different directories?
■ Am I synchronizing email accounts?
■ What objects and what attributes am I synchronizing so that I can
determine my enterprise schema?

To understand data flow for a particular integration such as Netscape and


eDirectory, you also need to ask questions such as these:
■ How does Netscape communicate with eDirectory?
■ What’s the directory schema for the Netscape directory?
■ What attributes need to be synchronized between Netscape’s schema
and eDirectory?

The focus of these questions should be to understand each directory


schema, how the schemas relate, and what objects and attributes need to
be synchronized across the system.

After you have this information, you can begin documenting the
enterprise schema that will support the DirXML solution.

2-24 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Define the Enterprise Schema

The enterprise schema consists of a list of all shared values across the
DirXML system that reside in eDirectory, with the attribute name in each
system for each value, and classes that must be synchronized.

In addition, the schema includes all actions and triggers in the DirXML
system defined by the business requirements.

List Required Data Transformations

You need to think about what the data looks like in a system such as
Microsoft Exchange and what the same data looks like in another system
such as PeopleSoft.

For example, a phone number in Microsoft Exchange might be formatted


to look like “801.222.1234” while the same phone number might need to
look like “(801) 222-1234” in PeopleSoft.

List Value Relationships

You need to consider how different values interrelate between systems.

For example, an employee status field in PeopleSoft might have 3 set


values: employee, contractor, and intern. However, the Netscape
Directory system might have only 2 values: permanent and temporary.

In this case, you need to determine how a value such as the “contractor”
status in PeopleSoft relates to the “permanent” and “temporary” values in
Netscape Directory.

As you analyze the business requirements and begin designing a


DirXML solution, ask questions such as these:
■ Why is this data in eDirectory?
■ Who needs to access and use the data?
■ How do they need to use it?

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-25
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

By asking questions such as these, you can design a solution that allows
the data to be meaningful to each system and useful for triggering other
business processes.

Identify Authoritative Data Sources

The business processes in a company often give the administrator of each


system or directory complete control over the data in that system.

Though the administrator might rely on other sources for information, he


or she completes all the tasks of adding, modifying, and deleting data.

These isolated systems and directories are often called data silos. For
example, the following illustrates the data silos that might exist in a
typical company:

FS1 Server FS2 Server

PeopleSoft
eDirectory Email Server
PBX Server
Corporate Tree

Figure 2-4 Data Silos in a Typical Company

When you propose synchronizing data across systems with DirXML you
are asking system administrators to give up some control and allow the
outside world into their data silos.

2-26 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

This can lead to protests, especially if there are items of information an


administrator wants to control exclusively.

For example, if an email address is generated for an employee in


Microsoft Exchange, the email administrator will probably want to own
that piece of data.

The ownership of data is often called authoritative data source.

When designing a DirXML solution, be aware of which directory or


system is the authoritative data source for which attribute or class in the
enterprise schema (where unique data originates), and how to prevent
changes being synchronized from a nonauthoritative data source.

Enforce Authoritative Data Sources

You can configure filters, rules, stylesheets, and object security to prevent
changes from being synchronized from a nonauthoritative data source.
■ Filters. You can enforce authoritative data source with filters. For
example, you can configure the subscriber filter on the PeopleSoft
driver to not allow an employee ID to flow into PeopleSoft.
Or you can configure the subscriber filter on the Microsoft Exchange
driver to not allow an email address to flow into the Microsoft
Exchange directory store.
■ Rules and Stylesheets. You can also use rules and stylesheets to
enforce authoritative data source.
For example, if NT is the authoritative data source for certain
attribute values, you can enforce that requirement in the create rule.
You can also let data from a new user object created in eDirectory by
the PeopleSoft driver flow to NT where a new account is created.
■ Object Security. Another possibility for enforcing authoritative data
source is to use eDirectory object security and configure the driver
object with rights to, or no rights to, certain objects, containers, or
attributes in the tree.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-27
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The same is true of a system outside eDirectory (sometimes called a


foreign system in a DirXML deployment). For example, if Notes
includes access control lists (ACLs), you can use that feature to
protect data in the Notes environment.

Define Termination Processes

When designing a DirXML solution, make sure you also define


processes for deleting, disabling, or terminating objects for all
applications that are part of the DirXML system.

Many customers can accept the fact that it takes 2 or 3 days to get an
employee a new account. However, they can’t accept an employee’s
account remaining in the system for a month, or even 2 or 3 days, after
the employee is terminated.

Termination procedures are critical to customers because there’s often


valuable data within the company, and the company can become very
vulnerable if access to that information is still available to people who
shouldn’t have it.

Strengthen the Authentication Process

By using eDirectory as a synchronization process between applications,


you also strengthen the authentication process.

To take full advantage of this for the customer, you need to understand a
little about authentication processes.

There are 2 types of authentication processes:


■ Single Sign On. Single sign on lets you sign on to as many
applications as you want, always using the same identity.
■ Single Identity. Single identity means you have one identity; after
you’re authenticated with that identity, you do not need to enter it
again as you move from one application to another.

When designing a DirXML system that includes synchronizing user


objects between multiple systems, find out if they want single identity
management or single identity management with single sign on.

2-28 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

After you understand what the customer wants, you can implement the
authentication appropriately to achieve the desired results.

List Additional Software Needed

Providing a DirXML business solution is not as simple as installing a


product, configuring a few parameters, and leaving.

DirXML and eDirectory might not provide all the functionality you need
to implement a particular DirXML deployment. You need to determine
what other components might be necessary; then assess the products the
company already owns.

If these products do not provide the features you need, determine which
products provide that functionality and include a list of additional
software with associated costs.

List the Constraints

After you understand the business processes and logic, and the tasks that
need to be accomplished with the data, you need to define the
constraints.

Some obvious constraints slip past many consultants as they develop a


deployment plan. Of these, the most important constraint to consider is
“Which platform can I run a DirXML driver on?”

Although DirXML runs on NetWare, NT, Solaris, and Linux (including


true 64 bit processing), the drivers might not. The drivers are bound by
the systems they are designed to communicate with.

For example, you cannot install the NT domain driver (a Win32 driver)
on a Solaris platform. For the same reason, you cannot install the
Microsoft Exchange driver on Solaris.

In addition, in some situations you must have the directory and the
DirXML system on the same computer because there is no remote
protocol. The NT 4 driver calls Win32 APIs, which do not exist on
NetWare, Solaris, or Linux.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-29
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

However, if the customer wants to do that, it requires at least one


eDirectory server running NT with the NT 4 driver (until Novell
develops remote drivers).

Whether the constraints are technical (such as remote protocols) or


political (such as authoritative data source), you need to document the
rules that enforce those constraints.

How to Create a Project Requirements Document (PRD)

The project requirements document (PRD) is a finalized version of the


BRD with the addition of elements such as time lines, goals, and
milestones you want to achieve when implementing the deployment.

Make sure you clearly define each goal and milestone for the customer.

For example, the following are general milestones for a deployment that
synchronizes data between PeopleSoft in Human Resources and the
Microsoft Exchange email system.

When defining these milestones, you might ask questions such as the
following:
■ For a single workforce ID system for all employees, contractors,
interns, and temporaries:
❑ What is the goal of the milestone?
The overall goal is that every piece of information in the
workforce has commonality. In other words, if the company has
a workforce that includes several categories, the workforce is
united under one system of workforce IDs.
■ For a single process for managing all employee, contractor, intern,
and temporary accounts:
❑ Does the entire workforce go through the Human Resources
system?
❑ Do some of them go through the Human Resources system and
some go through another system?
Maybe some of them aren’t being tracked at all. Their first entry
point might be strictly getting a network account from IS&T.

2-30 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

If this is the case, you need to move the customer towards


following the same processes for each person in the workforce to
reduce the complexity of the business process and the DirXML
solution.
■ For a 50% reduction in management of all application systems
except PeopleSoft:
❑ What is the customer is trying to achieve in automating and
synchronizing their business processes and data?
❑ What do they hope to achieve in maintaining their email system?
❑ What is the percentage level the customer wants to achieve in
reducing application management costs?
Gather this information from the customer and include it as part of
this milestone definition. This type of information lets you
appropriately configure the DirXML system.
■ For approval and ownership for each organization affected by the
DirXML system:
❑ Who are the owners of each application involved in the DirXML
system?
❑ In addition to system administrators, which individuals need to
sign the BPRD, BRD, and PRD to approve the DirXML system?
A DirXML solution is not just an IT solution. It is an enterprise
solution that requires approval at the highest level for every
organization that’s involved.
You need that approval for the organization to take ownership of the
deployment in their specific area. After you have that approval, it
becomes much easier for the organizations to work together to
implement this cross-enterprise solution.

After you complete the PRD, and have all your design documents
(BPRD, BRD, and PRD) signed, you can assemble your deployment
team and begin configuring and testing the DirXML deployment.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-31
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise 2-1 Prepare Interview Questions for the Digital Airlines Business
Process Analysis

As a DirXML consultant, the IS&T manager of Digital Airlines has


approached you about implementing a DirXML solution to support the
company’s new QuickStart e-provisioning program for company
employees.

During your initial meeting with the IS&T manager, you are able to
gather some general information about the current process for providing
new employees with an email account and network access.

You also find out that all new employees need to have a customer
account set up for them in the company reservations system.

You recommend analyzing the current business process and producing a


BPRD by interviewing key individuals in the company. The IS&T
manager offers to help you set up appointments with as many individuals
as you want to interview.

In this exercise, you do the following:


■ Part I: Review the Meeting Notes
■ Part II: Identify the Key Personnel to Interview
■ Part III: List the Questions You Need to Ask Each Person

Part I: Review the Meeting Notes

The following are notes from your meeting with the IS&T manager.
Read through them to refresh your memory about the current business
process at Digital Airlines.
■ The CIO and company president want each new hire at Digital
Airlines to have network access, an email account, and an airline
reservation account the first working day as part of the QuickStart
program.
■ With all the new hires expected, the IS&T manager knows there will
be significant problems supporting the QuickStart program with the
existing business processes and network system.

2-32 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

■ Human Resources creates a new employee record in PeopleSoft


whenever they receive a job offer from a manager signed by both the
new hire and the manager.
■ A third-party PeopleSoft expert contracts with Human Resources to
maintain the PeopleSoft system.
■ The IS&T manager waits for an email from the employee’s manager
to authorize setting up an employee user account in eDirectory.
■ Two eDirectory trees store employee user accounts.
Digital-Air-Ecommerce (on the Digital-Air-2 server) stores
Reservation user accounts; the rest are stored in the
Digital-Air-Workforce tree (on the Digital-Air-1 server). Each tree
has a different system administrator.

x Although you have recommended merging the trees for more effective
management of the Digital Airlines network, the IS&T manager insists the
QuickStart program has a much higher priority at the moment for company
executives.

In addition, there are political hurdles to overcome before any work can be
done on merging trees. You both decide to wait until after deploying DirXML
to address the eDirectory tree issue.

■ The IS&T manager contacts the appropriate system administrator to


set up the user account. User account information for the employee
(such as work phone and department) can be difficult to obtain and is
often missing from the user account.
■ The Microsoft Exchange administrator also waits for an email from
the new employee’s manager (when he or she remembers) to set up a
mailbox for the employee.
■ The Microsoft Exchange system is located on the Digital-Air-1
server.
■ The Microsoft Exchange administrator usually calls the
Digital-Air-Workforce or Digital-Air-Ecommerce administrator for
employee information (they’re good friends), but often ends up
waiting for the administrator to collect the needed information.
■ After a mailbox is set up, the Microsoft Exchange administrator
sends an email message to the manager with the new email ID and
default password.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-33
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

■ A web application on the Digital-Air-2 server provides the


reservation system for the Digital Airlines web site. This application
is maintained and administered by the company’s web master.
■ The Reservations Department manager is responsible for the
successful operation of the web site reservation system and customer
satisfaction with the system.
■ Customer accounts for the reservation system are stored in Netscape
Directory on the Digital-Air-2 server. The system administrator for
Netscape Directory is the same administrator that manages the
Digital-Air-Ecommerce tree.

Part II: Identify the Key Personnel to Interview

After reviewing the meeting notes, list the key personnel you might need
to interview. List the application or system the individual might own.

Key Individual Application or System Ownership

Table 2-1 Key Individuals to Interview

Several rows are provided in the table for your convenience. You might
not need to use all of them.

2-34 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Part III: List the Questions You Need to Ask Each Person

After you’ve identified the key personnel to interview for your business
process analysis, you should prepare a few questions ahead of time to
make sure you gather the information you need.

In the following, list questions you might want to ask each person during
the interview:

Application or System
Key People Ownership Questions to Ask

CIO ■ All computer systems ■

Human ■ Human Resources ■

Resources PeopleSoft system


Manager

PeopleSoft ■ PeopleSoft system ■

Contract Expert maintenance

Employee ■ None ■

Manager

IS&T Manager ■ Corporate network ■

■ Corporate DirXML
system

Table 2-2 Interview Questions for Each Key Person

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-35
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Application or System
Key People Ownership Questions to Ask

Digital-Air- ■ eDirectory on the ■

Workforce Digital-Air-1 server


System
Administrator ■

Digital-Air- ■ eDirectory on the ■

Ecommerce Digital-Air-2 server


Administrator ■ Netscape Directory on
the Digital-Air-2 server ■

Microsoft ■ Microsoft Exchange ■

Exchange on the Digital-Air-1


Administrator server

Web Master ■ Web application for ■

the reservations
system

Reservations ■ Web site reservations ■

Department system
Manager

Table 2-2 Interview Questions for Each Key Person (continued)

2-36 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Exercise Summary

Completing this exercise gives you an idea of the depth of questioning


necessary to analyze a business process and create a valuable BPRD.

Specifically, you accomplished the following:


■ Identified key Digital Airlines personnel to interview and the
systems or applications they own.
It’s important you identify the key personnel that have an impact
designing and deploying a DirXML solution. You should also know
what systems or applications they own that are impacted by such a
solution.
■ Prepared for interviews by listing questions to ask key individuals.
During the initial meeting with a company contact, take notes about
each person you might interview. These notes are critical to forming
the kinds of questions you must ask during the interview.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-37
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise Answers

If you are in a classroom setting, the instructor will conduct a group


discussion about the key personnel to interview and the questions to ask
each person.

In a self-study environment, compare the following lists to your own:

Part II: Identify the Key Personnel to Interview

The following are key personnel to interview:

Key Individual Application or System Ownership

CIO ■ All computer systems


Although this might be an optional interview, it helps
to hear what top management expects from the
new business process.
In addition, it can help to re-enforce the role of the
IS&T manager as corporate sponsor for the
deployment.

Human Resources ■ Human Resources PeopleSoft system


Manager

PeopleSoft® Contract ■ PeopleSoft system maintenancee


Expert Although you might not want to interview this
individual until you create the BRD, it might be
helpful to understand some of the technical
business process issues from the expert’s point of
view.

Employee Manager ■ None


Even though they do not own an application or
system, employee managers play a vital role in the
business process.

IS&T Manager ■ Corporate network


In the business process the IS&T manager is
responsible for assigning creation of user accounts.
■ Corporate DirXML system
You might want to interview the IS&T manager
again (after everyone else) for final information
about the overall business process.

Table 2-3 Answer to Part II of Exercise 2-1

2-38 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Key Individual Application or System Ownership

Digital-Air-Workforce ■ eDirectory on the Digital-Air-1 serverr


System Administrator

Digital-Air-Ecommerce ■ eDirectory on the Digital-Air-2 server


Administrator ■ Netscape Directory on the Digital-Air-2 server

Microsoft Exchange ■ Microsoft Exchange on the Digital-Air-1 server


Administrator

Web Master ■ Web application for the reservations system

Reservations Department ■ Web site reservations system


Manager

Table 2-3 Answer to Part II of Exercise 2-1 (continued)

Part III: List the Questions You Need to Ask Each Person

The following are the questions you might ask each individual:

Application or System
Key Individual Ownership Questions to Ask

CIO ■ All computer systems ■ What are your expectations for the new QuickStart program?
■ How soon do you expect to implement the program?
■ If the program could be implemented in phases, what would be
the priority of each phase?

Human ■ Human Resources ■ Where do you get the information you need for the employee
Resources PeopleSoft system record?
Manager ■ What employee information appears on each panel of the
employee record?
■ Is there employee information you feel Human Resources should
own?
■ After you create an employee record, what happens next?
■ Are there other tasks in addition to creating employee records
you perform with PeopleSoft?
■ Who authorizes changes to the employee record information?

Table 2-4 Answer to Part III of Exercise 2-1

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-39
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Application or System
Key Individual Ownership Questions to Ask

PeopleSoft ■ PeopleSoft system ■ What version of PeopleSoft are you running?


Contract Expert maintenance ■ Are there plans to upgrade the PeopleSoft system in the next few
weeks or months? If so, what changes are planned?
■ Are there events in PeopleSoft that trigger additional events in
the system or other systems?

Employee ■ None ■ What do you need to provide each employee you hire?
Manager ■ Who do you contact to provide these items (such as a computer
or email account)?
■ What information does each contact need from you to provide
the item?
■ Do you need additional authorization to provide an item?

IS&T Manager ■ Corporate network ■ Which applications or systems will play a role supporting the
■ Corporate DirXML QuickStart program?
system ■ On which servers are the applications or systems located?
■ Which version of each application or system are you running?
■ Are there application or system dependencies?
■ Who administers each system?
■ Are there political issues that might affect the integration of an
application or system into a DirXML deployment?

Digital-Air- ■ eDirectory on the ■ Where are user accounts stored in the eDirectory tree (in one or
Workforce Digital-Air-1 server several containers)?
System ■ In which user object fields do you normally enter information?
Administrator Where do you get the information?
■ Is there employee information you feel you own?
■ After you create an employee user object, what happens next?
■ Are there other tasks in addition to creating user objects you
perform for employees?
■ Who has access to user objects? What rights do they have?
■ Who authorizes changes to employee information in a user
object?

Table 2-4 Answer to Part III of Exercise 2-1 (continued)

2-40 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Application or System
Key Individual Ownership Questions to Ask

Digital-Air- ■ eDirectory on the In addition to asking the same questions you would for the
Ecommerce Digital-Air-2 server Digital-Air-Workforce administrator, you might also want to ask the
Administrator ■ Netscape Directory on following:
the Digital-Air-2 server ■ Are there dependencies between Netscape Directory and
eDirectory? Between the Web application and eDirectory?
■ Who owns the data in employee user objects for the
Reservations department?
■ Who owns reservation data customers enter into the web
application?
■ Where is the information stored in Netscape Directory?
■ What information is stored in an employee account in Netscape
Directory?
■ What information is stored in other locations in Netscape
Directory?

Microsoft ■ Microsoft Exchange ■ Where are employee mailboxes stored in Microsoft Exchange (in
Exchange on the Digital-Air-1 one or several sites)?
Administrator server ■ What information do you normally enter for an employee
mailbox? Where do you get the information??
■ Is there employee information you feel you own?
■ After you create an employee mailbox, what happens next?
■ Are there other tasks in addition to creating mailboxes you
perform for employees?
■ Who has access to the mailboxes? What rights do they have?
■ Who authorizes changes to employee information in an
employee mailbox?

Web Master ■ Web application for ■ Do you have ownership of data that customers enter into the
the reservations Web application? What about customer accounts?
system ■ What rights or control do customers have over their reservation
accounts? Can they create, modify, or delete an account?
■ What information fields appear in the web application?
■ Is all this information stored in Netscape Directory?

Table 2-4 Answer to Part III of Exercise 2-1 (continued)

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-41
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Application or System
Key Individual Ownership Questions to Ask

Reservations ■ Web site reservations ■ What makes your web site reservations system successful?
Department system ■ What problems do you have in maintaining the web site
Manager reservations system?
■ What information do customers normally fill out when creating a
reservation account?
■ What information do customers consistently leave blank when
creating a reservation account?
■ What responsibilities are assigned to the Web Master for
maintaining and upgrading the reservations system?
■ Do you have contact with the system administrator? If so, why
and under what circumstances?

Table 2-4 Answer to Part III of Exercise 2-1 (continued)

(End of Exercise)

2-42 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Exercise 2-2 Analyze the Business Requirements for the Digital Airlines BRD

After gathering the business process information and creating a BPRD


with business requirements and DFDs, you receive approval from the
IS&T manager and CIO of Digital Airlines to begin designing a DirXML
solution to support the company’s QuickStart program.

You can now create a BRD by analyzing the business requirements from
the BPRD.

You decide to start by doing the following:


■ Part I: Review the BPRD Business Requirements
■ Part II: Identify Applications and Authoritative Data Sources
■ Part III: Define the Enterprise Schema
■ Part IV: Create a Data Flow Diagram (DFD)

Part I: Review the BPRD Business Requirements

The BPRD lists several requirements that directly impact the DirXML
deployment for the new QuickStart business process:
■ When Human Resources receives a letter of acceptance from a
Digital Airlines manager for a new employee, an employee record is
created in PeopleSoft.
■ The employee record must contain at least the following
information:
First name
Middle initial
Last name
Full name
Job title
Office location
Department
Work phone number
■ This information is shared by all other departments and groups
involved in the QuickStart program and can only be changed by
Human Resources.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-43
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

■ When an employee record is created by Human Resources, a new


Microsoft Exchange mailbox, eDirectory user account, and Netscape
Directory reservation account are created for the employee.
■ When a mailbox is created in Microsoft Exchange, an email address
is created. This email address is shared by all other departments and
groups involved in the QuickStart process and can only be changed
by the Microsoft Exchange administrator.
■ Reservations department employee accounts in the
Digital-Air-Workforce eDirectory tree (on the Digital-Air-1 server)
must be replicated in the Digital-Air-Ecommerce tree (on the
Digital-Air-2 server) to provide access to network resources assigned
to the Reservations department.
■ Employee reservation accounts must be stored in a separate
container in Netscape Directory to isolate management of other
reservation accounts from the QuickStart process.
■ When an employee record is deleted by Human Resources, the
associated Microsoft Exchange mailbox, eDirectory user account,
and Netscape Directory employee reservation account are
immediately removed from the network.
■ Other departments and groups involved in the QuickStart process are
not authorized to (and should not) delete employee accounts.

2-44 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Part II: Identify Applications and Authoritative Data Sources

After reviewing the business requirements, you decide to identify the


applications to be included in the DirXML deployment and the owner for
each application.

You also want to identify which applications are authoritative data


sources, and what objects (such as employee accounts) and data (such as
email addresses) are owned by the application.

From the business requirements listed in Part I, and the key personnel
information from Exercise 2-1, fill in the following:

Authoritative Object or Data


Application Owner Source (Yes/No) Owned

Table 2-5 Applications and Authoritative Data Sources for QuickStart

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-45
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part III: Define the Enterprise Schema

The enterprise schema for a DirXML deployment includes all classes


and attributes synchronized among applications in the DirXML system.

You can identify these classes and attributes by reviewing the business
requirements and looking for objects that need to be managed or for data
owned by the applications.

Because eDirectory serves as the hub for sychronizing the attributes, you
should begin creating the enterprise schema by listing each item of
information that needs to be synchronized and the corresponding
eDirectory attribute.

Later on, you can fill in corresponding class and attribute names for all
applications in the DirXML system.

The following are some common class and attribute names used in
eDirectory:

eDirectory Classes eDirectory Attributes

Device company
Group Full Name
Person Email Address
User Given Name
Initials
Internet EMail Address
L
Member
RoomNumber
Surname
Telephone Number
Title
OU

Table 2-6 Common eDirectory Classes and Attributes

2-46 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

In the following table, list the items that need to be synchronized (objects
and data) and the corresponding eDirectory class or attribute name
(choose from the above list):

Synchronized Objects and Data eDirectory Class or Attribute

Table 2-7 Synchronized Classes and Attributes for QuickStart Deployment

Part IV: Create a Data Flow Diagram (DFD)

From your analysis of the BPRD business requirements, you know which
applications are part of the DirXML deployment, how the applications
need to synchronize data, and who owns what data (authoritative data
source).

You have also identified the DirXML drivers you need to implement the
DirXML deployment:
■ PeopleSoft
■ Microsoft Exchange
■ NDS-to-NDS
■ Netscape Directory (LDAP)

With this information, you can draw a DFD that represents the
synchronization of data across the QuickStart DirXML deployment.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-47
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The following is an example of a simple DFD:

Human Manager ● Sends letter of acceptance to Human Resources


Resources
● Receives letter of acceptance
● Creates employee record in PeopleSoft

FS1 Server FS2 Server

Email
Server
Email
PeopleSoft NDS
PeopleSoft Driver
Driver to
NDS
eDirectory Driver eDirectory

Corporate Tree Services Tree


PBX
Driver
PBX
Server

Figure 2-5 DFD Example

The illustration includes arrows indicating the data flow to and from
applications, application names, and driver names.

2-48 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Using this example as a guide, create a simple DFD for the QuickStart
DirXML e-provisioning deployment.

QuickStart DirXML DFD

Table 2-8 DFD for the QuickStart DirXML Deployment - Exercise 2-2

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-49
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise Summary

By completing this exercise, you accomplished the following tasks in


analyzing the business requirements for the Digital Airlines BRD:
■ You identified the applications and authoritative data sources for the
QuickStart DirXML deployment.
Before you can begin designing a complete DirXML solution, you
need to document all applications involved in the data flow, and
which applications have ownership of specific data or processes
(such as adding or deleting employee accounts).
This information provides a solid foundation on which to build the
DirXML solution.
■ You defined the enterprise schema for the QuickStart deployment.
Not all information in all applications is shared across the QuickStart
deployment.
By identifying shared classes (objects) and attributes (values) for the
QuickStart deployment, you begin to form an idea of how to
configure the filters and rules for each driver in the deployment.
■ You created a simple DFD to show the flow of data between
eDirectory and the applications in the DirXML deployment.
The information from your application, authoritative data source, and
enterprise schema analysis of the QuickStart business requirements
enables you to illustrate the data flow across the DirXML
deployment with a simple DFD.
As you continue analyzing the business requirements, you continue
enhancing and modifying the DFD until it accurately reflects the data
flow of the deployment.

2-50 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Exercise Answers

If you are in a classroom setting, the instructor will conduct a group


discussion about the results of your business requirements analysis.

In a self-study environment, compare the following answers with your


own.

Part II: Identify Applications and Authoritative Data Sources

The following are the answers to Part II:

Authoritative Object or Data


Application Owner Source (Yes/No) Owned

PeopleSoft Human Yes Object


Resources Employee Account
Manager
Data
First name
Middle initial
Last name
Full name
Job title
Office location
Department
Work phone number

eDirectory on System No None


Digital-Air-1 Administrator

eDirectory on System Yes Object


Digital-Air-2 Administrator Customer
Reservation Account

Microsoft Microsoft Yes Data


Exchange Server Exchange Email address
Administrator

Netscape Directory System No None


Administrator for
Digital-Air-2
eDirectory

Table 2-9 Answer to Part II of Exercise 2-2

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-51
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part III: Define the Enterprise Schema

The following are the answers to Part III:

Synchronized Objects and Data eDirectory Class or Attribute

Employee Account User

Customer Reservation Account User

First Name Given Name

Middle Initial Initials

Last Name Surname

Full Name Full Name

Job Title Title

Office Location L

Department OU

Work Phone Number Telephone Number

Email Address Internet EMail Address

Table 2-10 Answer to Part III of Exercise 2-2

2-52 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Part IV: Create a Data Flow Diagram (DFD)

The following is the answer to Part IV:

Human Manager ● Sends letter of acceptance to Human Resources


Resources
● Receives letter of acceptance
● Creates employee record in PeopleSoft

DIGITAL-AIR-1 DIGITAL-AIR-2

PeopleSoft
PeopleSoft Driver
NDS
to Web
eDirectory NDS eDirectory Application
Driver
Digital-Air-Workforce Digital-Air-Ecommerce

Microsoft
Exchange Netscape
Driver (LDAP) Netscape
Driver Directory
Microsoft
Exchange

Figure 2-6 Answer to Part IV of Exercise 2-2

(End of Exercise)

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-53
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 3 Implement the Deployment

After you finish planning and designing the DirXML deployment, you
can implement DirXML.

Following are the major steps in implementing DirXML:


■ Assemble a Deployment Team
■ Deploy a Proof of Concept Pilot
■ Deploy a Production Pilot
■ Deploy the DirXML System

Assemble a Deployment Team

From all your interviewing and analysis, you should already know the
key players you need on your deployment team.

These include a system administrator for each system affected by the


DirXML deployment, application experts (such as a PeopleSoft expert),
and a corporate sponsor who is responsible for all involved systems.

The following are suggested areas for building and using an effective
deployment team:
■ Multiple Roles. Some team members might fulfill more than 1 role.
For example, the system administrator for PeopleSoft might also be a
trained PeopleSoft expert and can provide the technical details
necessary for integrating the DirXML driver with PeopleSoft.
■ Corporate Sponsor. A corporate sponsor is critical to the success of
the DirXML deployment, especially when dealing with political
issues.
For example, if your deployment includes synchronizing data across
Lotus Notes, Microsoft Exchange, and an NT domain, you might
want to involve the IS&T manager (or a representative) who has the
authority to put all of this into place.

2-54 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

■ Additional Team Members. Whenever possible, invite other


consultants or DirXML experts to act as a resource for reviewing the
DirXML solution and providing support during the testing and
implementation of the deployment.
■ Testing and Implementation. The deployment team should not only
meet to review plans and advise you on implementing the DirXML
deployment, they should also be available to help with testing and
implementation.
For example, invite the Microsoft Exchange system administrator to
review the test checklist for the email data synchronization; then
have them assist with running the tests.
You might also want to invite the corporate sponsor to observe the
final phase of testing during the production pilot.
■ Support for the Deployment. When the day comes that you are ready
to leave the DirXML deployment in place and operating, the
customer either needs a support contract in place, or needs to be
involved with the implementation to take care of the DirXML
system.
By involving the customer employees as part of the deployment
team, and encouraging them to participate in the testing and
implementation, they gain a greater understanding of how their
DirXML system operates, and feel more accountable for the overall
success and support of the deployment.

Deploy a Proof of Concept Pilot

After you complete the PRD and create a detailed data flow diagram that
illustrates your DirXML deployment, you are ready for a proof of
concept (POC) pilot.

To deploy a POC pilot, you need to


■ Develop the POC Pilot Plan
■ Build and Test the POC Pilot

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-55
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Develop the POC Pilot Plan

To develop the POC pilot plan, do the following with the deployment
team:
■ Verify the POC Plan. The POC plan is based on the DirXML system
requirements as outlined in the BRD and the DFD. After creating an
initial draft of the plan, meet with your team members to validate
what you propose to do.
You should also get approval from each member (by signature).
■ Divide the POC Pilot into Phases. Divide the pilot into phases that let
you integrate each system into the DirXML deployment one at a
time.
If a system integration is complex (such as integrating a PeopleSoft
system), you might want to break the system integration into smaller
phases.
Some consultants prefer implementing the main authoritative data
source application first; then implementing the other applications in
the deployment. Other consultants prefer implementing the main
application last.
Both approaches are equally valid, and both approaches have their
proponents among Novell’s DirXML consultants.
However, through experience, most Novell DirXML consultants
prefer testing the “smaller” applications first (those with the least
impact on the enterprise attributes and event commands).
Because these applications often have more complex rules and
stylesheets, they are more difficult to configure correctly.
After these smaller parts of the overall business process are installed
and functioning, they then import the driver for the main
authoritative data source to test the overall DirXML deployment.
■ Define the Success Factors for Each Phase. It’s important for the
customer to understand the definition of a success and how to
measure that success.
For example, a success might be, “The Microsoft Exchange driver is
implementing changes received on the subscriber channel from
eDirectory.”

2-56 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

A measurement of that success might be, “Microsoft Exchange sends


an email address to eDirectory on the publisher channel each time an
email account is added by DirXML on the subscriber channel.”
■ Define the Tests to Verify the Success Factors. You need to define tests
that validate each phase. The tests should lead to a successful full
deployment of the DirXML system.
■ Create Checklists. After you define phases and success factors, create
checklists to track the progress of the pilot. The checklists not only
help you document the progress of the pilot, but help you keep on
target for meeting deployment time lines.

Build and Test the POC Pilot

The pilot does not need to take place on the customer site and should
never take place in the customer’s production environment.

Testing in an isolated environment protects the production environment


from serious problems such as deleting the administrator’s account.

Consider the following:


■ Build a Phase and the Tests For That Phase. It is your responsibility as
a consultant to build a phase and create the tests for that phase.
To be more effective, you might want to assign network
administrators on your team to develop unit tests for their drivers.
Remember to define unit tests for the rules. For example, if you have
a rule that strips out a phone number or converts it, you need to have
a test described that proves the rule actually works.
You should also develop end-to-end and live action tests for the
entire system. Implement these tests in the final phase of testing the
POC pilot.
■ Run the Tests and Complete the Checklist. As you build the system
and run the tests, moving from one small success to another, you
need to go back and execute the previous tests again.
This method is called regression testing, and involves testing on the
phases you’ve already validated as you implement the next phase.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-57
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

You should also complete the checklist (with dates and signatures) to
make sure you are on track for completing the deployment.
Bring in individuals who will use the DirXML system and have them
run the tests independently. These individuals often provide
significant input to your testing phase.
■ Verify the Results and Make Changes to the Plan. If problems arise
during the POC pilot, include the entire team in tasks such as
modifying the data flow diagram, the PRD, and the POC plan.
■ Record and Archive System Changes. The PRD should include change
logs to record changes made to the DirXML drivers.
At the moment, there is no automatic version control system
provided by Novell for DirXML drivers. If you make a change to a
driver and save that change, you lose the last version of the driver
unless you save that version yourself.
Remember to archive rules as you change them in the driver. You
should develop a method to archive the phases of the solution you’re
building. This enables you to return to a certain baseline where the
system worked and start over.

Deploy a Production Pilot

The basic procedure for deploying a production pilot is the same as


deploying a POC pilot and involves the following tasks:
■ Develop the Production Pilot Plan
■ Build and Test the Production Pilot

Develop the Production Pilot Plan

Start with the POC plan and PRD; then modify the POC plan to create
the production pilot plan. Include the deployment team members in each
of the following tasks:
■ Verify the production plan
■ Divide the production pilot into small phases
■ Define the success factors for each phase

2-58 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

■ Define the tests to verify the success factors


■ Create checklists

When creating the production pilot plan, account for factors such as
where the system will be deployed (the geographics) and what hardware
systems will be used for the deployment.

Build and Test the Production Pilot

When the production pilot plan is complete, you can deploy the pilot by
completing the following with the deployment team members:
■ Build a phase and the tests for that phase
■ Run the tests and complete the checklist
■ Verify the results and make changes to the documents
■ Record and archive system changes

Implement the production pilot on hardware identical to the customer’s


hardware or on the real hardware in the production environment. Use the
same type of network hardware and the same type of routing.

For example, if the final deployment is on an ALR server, a Compaq


server, or a Sun server of a certain configuration, the production pilot
needs to be on the same type of system.

This attention to detail makes it much easier to figure out what you’re
going to do when you deploy in the customer’s production environment.
Consider questions such as the following:
■ What kinds of data scrubbing (data editing) are you going to do?
■ What kind of schema mappings and schema alignments do you need
to configure?

Consider introducing the same latency issues (network speed issues) for
the production pilot that exist on the customer’s network. Try simulating
the customer’s production traffic.

Remember to do regression testing, repeating all tests for the previous


phases and adding new tests at the end.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-59
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

If problems arise, use your team members to help find a solution, modify
the production pilot plan, reconfigure the DirXML system to match, and
then continue testing.

Deploy the DirXML System

If you’ve completed the POC and production pilots successfully, there


should be few surprises when it comes to the deployment. The final
changes you make to the production pilot plan result in the deployment
plan.

After creating the deployment plan, meet with the deployment team and
have each member sign the document. At this point you can start
deployment of the DirXML system in the production environment.

Continue to carefully update revision logs, include team members in the


deployment, and make appropriate changes to the deployment plan as
you proceed.

Remember that the deployment plan (along with the PRD) becomes the
DirXML system blueprint you leave with the company. The members of
your deployment team who are company employees will rely on that
blueprint to manage the system.

2-60 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Exercise 2-3 Test the Digital Airlines POC Pilot

You have finished creating the BRD and PRD, reviewed both documents
with your deployment team, and have signed the documents.

You can now begin testing the POC pilot for the QuickStart deployment.
You prepare and test by completing the following:
■ Part I: Identify the Phases for the POC Pilot
■ Part II: Create a Checklist of Tests
■ Part III: Conduct the POC Pilot Tests

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-61
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part I: Identify the Phases for the POC Pilot

An integral part of the POC pilot plan is a list of the phases for testing
the deployment. In each phase, you test a different DirXML driver.

Test the drivers in an order that fits the data flow as represented by the
DFD. If more than one server is involved in the data flow, test each server
individually before linking them together.

In the following, list the drivers (PeopleSoft, NDS-to-NDS, Netscape


Directory, and Microsoft Exchange) in the order they should be tested
and give a reason for your decision:

Phase DirXML Driver

Phase 1 ■ Driver:
■ Reason:

Phase 2 ■ Driver:
■ Reason:

Phase 3 ■ Driver:
■ Reason:

Phase 4 ■ Driver:
■ Reason:

Table 2-11 Phases for POC Pilot

2-62 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Part II: Create a Checklist of Tests

After completing the POC pilot plan, you decide to create a general
checklist of tests for the entire deployment. You plan to run these tests as
part of the final phase of the POC pilot.

The following lists basic business requirements for the QuickStart


DirXML deployment. For each requirement, list a test and the expected
results of that test (as a measurement of success):

Business Requirement Deployment Test

An employee record created in ■ Test:


PeopleSoft triggers the
creation of accounts in
eDirectory, Microsoft
Exchange, and Netscape ■ Result:
Directory.

PeopleSoft is the authoritative ■ Test:


data source for creating
employee accounts throughout
the DirXML system.
■ Result:

PeopleSoft is the authoritative ■ Test:


data source for all enterprise
schema attributes except the
employee email address.
■ Result:

Table 2-12 Basic Tests for POC Pilot

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-63
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Business Requirement Deployment Test

Microsoft Exchange is the ■ Test:


authoritative data source for
the employee email address.

■ Result:

Netscape Directory is the ■ Test:


authoritative data source for all
customer reservation accounts
and account information
throughout the DirXML system. ■ Result:

An employee record deleted in ■ Test:


PeopleSoft triggers the removal
of all employee accounts
throughout the DirXML system.
■ Result:

PeopleSoft is the authoritative ■ Test:


data source for deleting
employee accounts throughout
the DirXML system.
■ Result:

Table 2-12 Basic Tests for POC Pilot (continued)

2-64 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Part III: Conduct the POC Pilot Tests

After creating the POC pilot plan and working through each phase of the
pilot, you have finished configuring the final phase and tested the
PeopleSoft driver.

You can now use the checklist for the final testing of the POC pilot to
make sure the entire QuickStart DirXML deployment meets the business
requirements.

Use the following checklist for the final testing:

Deployment Test Notes/Signature/Date

Test: Create an employee record in the Notes:


PeopleSoft application. Enter a value
for all enterprise attributes.
Result: A mailbox is created in
Microsoft Exchange, a user object is
created in the Digital-Air-Workforce Signature:
tree, and a reservations account is
Date:
created in Netscape Directory.

Test: Create a reservations account for Notes:


an employee in Netscape Directory.
Include values for all enterprise
attributes (except an email address).
Result: No other application in the
DirXML system should list an Signature:
associated employee account.
Date:

Test: Create an employee record in Notes:


PeopleSoft (with all attributes except
email), and edit the employee’s Given
Name in Netscape Directory.
Result: The Given Name in all other
applications (including PeopleSoft) Signature:
should remain unchanged.
Date:

Table 2-13 Final Testing Checklist for the QuickStart DirXML Deployment - Exercise 2-3

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-65
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Deployment Test Notes/Signature/Date

Test: Create an employee record in Notes:


PeopleSoft (with all attributes except
email).
Result: All applications (including
PeopleSoft) should have an email
address in the appropriate field. Signature:
Date:

Test: Create a customer account in Notes:


Netscape Directory with several items
of information.
Result: An associated customer user
object should be replicated in the
Digital-Air-Ecommerce eDirectory tree. Signature:
Date:

Test: Delete an employee record in Notes:


PeopleSoft that is associated with all
other employee accounts in the
DirXML system.
Result: The employee user object,
mailbox, and reservation account are Signature:
removed from the appropriate
Date:
applications.

Test: Delete a mailbox in the Notes:


Recipients container of Microsoft
Exchange that is associated with a
PeopleSoft employee record.
Result: The associated employee
record is not removed from PeopleSoft. Signature:
Date:

Table 2-13 Final Testing Checklist for the QuickStart DirXML Deployment - Exercise 2-3
(continued)

Because testing the POC pilot involves using application tools (such as
Microsoft Exchange Administrator) introduced in later sections, the
instructor will conduct the tests, or lead the class through the tests as a
group exercise.

2-66 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

In a self-study environment, you can attempt to run the tests if you are
familiar with the application tools. You can also use this checklist as a
guide for Section 7 when testing the final phase of the POC pilot for the
QuickStart DirXML deployment.

x Sections 4 - 7 take you through each phase of the POC pilot plan for the QuickStart
DirXML deployment. As you complete each phase, you will probably discover
other tests you want to conduct that are directly related to a specific driver.

Exercise Summary

By completing this exercise, you prepared for and completed a POC pilot
for the QuickStart DirXML deployment.

Specifically, you accomplished the following:


■ Identified phases for the POC pilot.
To conduct valid tests for a POC pilot, you need to decide which
applications and drivers to bring online and in which order.
For the QuickStart POC pilot plan, you decided to test each
individual server first (Microsoft Exchange driver and Netscape
Directory driver), test the connection between the servers
(NDS-to-NDS driver); then test the entire system by implementing
the PeopleSoft Driver.
■ Created a checklist of tests for the POC pilot.
After you list the phases, create a checklist of tests for each phase;
then create a checklist of tests for the entire deployment.
In this exercise you listed tests that met the requirements for the
entire QuickStart deployment. You also included the anticipated
results of each test in measurable terms that indicated success.
■ Conducted the tests for the POC pilot.
Remember to include relevant team members in each phase of the
testing.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-67
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

For this exercise, you observed or were led through the testing by the
instructor to help you understand that testing requires a basic
knowledge of each integrated application and how to manage that
application.

Exercise Answers

If you are in a classroom setting, the instructor will conduct a group


discussion about the phases and tests for the POC pilot.

In a self-study environment, compare the following answers to your own.

Part I: Identify the Phases for the POC Pilot

The following are the phases for implementing the POC pilot:

Phase DirXML Driver

Phase 1 ■ Driver: Microsoft Exchange


■ Reason: Digital-Air-Workforce will store all user objects for
employees. This makes Digital-Air-1 an ideal place to start
the POC pilot.
Because PeopleSoft is the authoritative data source for most
of the enterprise schema, test PeopleSoft last.
Microsoft Exchange is left on the Digital-Air-1 server.
By testing this driver, you make sure an email address is
returned from Microsoft Exchange to eDirectory when a
mailbox is created.

Phase 2 ■ Driver: Netscape Directory


■ Reason: Because PeopleSoft should be tested last, and
you’ve already tested Microsoft Exchange, test the drivers on
Digital-Air-2.
There is only one driver to test on Digital-Air-2—Netscape
Directory.
By testing this driver, you make sure a reservation account is
created whenever a user object is added to eDirectory.

Table 2-14 Answer to Part I of Exercise 2-3

2-68 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Phase DirXML Driver

Phase 3 ■ Driver: NDS-to-NDS


■ Reason: After you test the drivers on each server individually,
you can connect the servers with the NDS-to-NDS driver.
By testing this driver, you make sure data is flowing between
the eDirectory trees.

Phase 4 ■ Driver: PeopleSoft


■ Reason: PeopleSoft is the authoritative data source for
controlling the management of employee accounts and most
of the enterprise schema.
For this reason, test the PeopleSoft driver after all other
drivers are functioning.
By testing this driver, you make sure the entire deployment
works.

Table 2-14 Answer to Part I of Exercise 2-3 (continued)

Part II: Create a Checklist of Tests

The following are the tests you might perform for each business
requirement

Business Requirement Deployment Test

An employee record created in ■ Test: Create an employee record in the


PeopleSoft triggers the PeopleSoft application. Enter a value for all
creation of accounts in enterprise attributes.
eDirectory, Microsoft Result: A mailbox is created in Microsoft
Exchange, and Netscape Exchange, a user object is created in the
Directory. Digital-Air-Workforce tree, and a reservations
account is created in Netscape Directory.

PeopleSoft is the authoritative ■ Test: Create a reservations account for an


data source for creating employee in Netscape Directory. Include
employee accounts throughout values for all enterprise attributes (except an
the DirXML system. email address).
Result: No other application in the DirXML
system should list an associated employee
account.

Table 2-15 Answer to Part II of Exercise 2-3

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-69
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Business Requirement Deployment Test

PeopleSoft is the authoritative ■ Test: Create an employee record in PeopleSoft


data source for all enterprise (with all attributes except email), and edit the
schema attributes except the employee’s given name in Netscape Directory.
employee email address. Result: The given name in all other
applications (including PeopleSoft) should
remain unchanged.

Microsoft Exchange is the ■ Test: Create an employee record in PeopleSoft


authoritative data source for (with all attributes except email).
the employee email address. Result: All applications (including PeopleSoft)
should have an email address in the
appropriate field.

Netscape Directory is the ■ Test: Create a customer account in Netscape


authoritative data source for all Directory with several items of information.
customer reservation accounts Result: An associated customer user object
and account information should be replicated in the
throughout the DirXML system. Digital-Air-Ecommerce eDirectory tree.

An employee record deleted in ■ Test: Delete an employee record in PeopleSoft


PeopleSoft triggers the removal that is associated with all other employee
of all employee accounts accounts in the DirXML system.
throughout the DirXML system. Result: The employee user object, mailbox,
and reservation account are removed from the
appropriate applications.

PeopleSoft is the authoritative ■ Test: Delete a mailbox in the Recipients


data source for deleting container of Microsoft Exchange that is
employee accounts throughout associated with a PeopleSoft employee record.
the DirXML system. Result: The associated employee record is not
removed from PeopleSoft.

Table 2-15 Answer to Part II of Exercise 2-3 (continued)

(End of Exercise)

2-70 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Objective 4 Manage and Troubleshoot the Deployment

Knowing how to manage the implementation of a DirXML deployment


is critical—especially when something goes wrong.

Even after doing all the analysis work, documenting the deployment
requirements and rules, and getting signatures on the documents, there
can still be problems.

The following are recommendations for managing a deployment and


handling a situation when something goes wrong:
■ Don’t Panic
■ Think Through What You’ve Done
■ Check the Trace Logs
■ Follow Standard Troubleshooting Procedures
■ Focus on Configuration Issues
■ Stick to Your Deployment Plan
■ Don’t Let the Customer Manage the Deployment
■ Apply the Factors of Success

Don’t Panic

First of all, don’t panic. And don’t appear panicked in front of your
deployment team or anyone else associated with the deployment.

Remember you are creating a technology solution that is very invasive to


the network administrator applications. You’re making API calls into
their databases, and they are very sensitive to that intrusion.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-71
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Think Through What You’ve Done

Take a moment and think through what you’ve done and why you’ve
done it. You need to trust the work and research that went into developing
the requirements for the DirXML system.

You also need to trust all the background and thought you’ve put into
developing a DirXML solution for the company.

Check the Trace Logs

Use tools such as DSTrace to watch what’s happening; then clearly think
through the process. Ask yourself questions such as these:
■ Is what I’m seeing a bug?
■ Is what I’m seeing a breakdown in the business process?
■ Is what I’m seeing just standard system behavior that I wasn’t
expecting, and how do I react to that?

For example, something appeared to go wrong in a DirXML deployment


on the East coast of the United States. The customer was sure there was a
problem with the DirXML engine or a problem with the driver.

After the consultant reviewed the trace log files and compared them
against the system requirements, it was discovered that DirXML was
behaving properly. The data was processed as it should have been.

However the trace logs also revealed that an Add event was generating a
second event as a side effect. The second event had not been properly
reported by the customer.

The consultant solved the problem by looking for the event in an event
transformation, catching it, and then discarding it.

2-72 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Follow Standard Troubleshooting Procedures

Be careful about what you do when troubleshooting. Before


implementing a drastic solution, make sure you’ve covered everything
from the hardware through the rules first.

For example, during the implementation of a DirXML deployment, the


consultant thought he was seeing possible corruption in the eDirectory
tree. Obituaries weren’t processing and other information was getting
dropped.

The consultant immediately assumed there were problems with the


eDirectory tree, and to solve the problem ran DSRepair using an
undocumented option. The tree was significantly damaged and required a
full weekend to get it running again.

Afterwards, the consultant discovered the problem was a router on the


WAN, dropping 70% of the packets crossing through it.

Rather than following standard troubleshooting procedures by checking


the hardware first, the consultant assumed the problem was
DirXML-related and used a tool that caused major problems.

Focus on Configuration Issues

Most problems associated with a DirXML deployment are configuration


issues, not technology issues. This is a result of the flexibility built into
DirXML drivers.

These include (but are not limited to)


■ Filters that have too many, too few, or the wrong classes and
attributes
■ Rules with mistyped characters in the XML tags
■ Configuration settings (such as passwords) with the wrong
information

Be careful how you configure the publisher and subscriber channels to


meet business requirements. And make sure you put controls around that
flexibility so data synchronization issues are handled by the driver.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-73
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Stick to Your Deployment Plan

Trust your research and design. And trust the testing done by Novell on
components such as the DirXML engine and drivers. Remember that if
the system isn’t working as expected, it’s likely a configuration problem.

Don’t Let the Customer Manage the Deployment

After getting signatures on the PRD, don’t let the customer dictate a new
schedule that’s too aggressive. If it’s going to take longer than what the
customer wants to safely deploy a DirXML system, make sure the
customer understands the dilemma.

If you ignore the realities and install the system in the customer’s time
frame, you can end up not only losing the customer, but losing refund
costs. You can also become entangled in the legal issues of not fulfilling
your contract.

To avoid this kind of situation, make sure you document the design
process carefully and involve the deployment team in all major decisions.

If the deployment needs to be expanded or the time adjusted, the


customer is involved in making that choice and understands the costs
involved.

Apply the Factors of Success

The Novell consulting team has developed the following list of factors
they feel significantly improve their chances for a successful DirXML
deployment:
■ Use the Customer’s System Experts
■ Use Peer Review Teams to Evaluate the Deployment
■ Use Mentor Teams for Difficult Issues
■ Document Everything
■ Define Phases
■ Conduct the POC Pilot Offsite

2-74 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

■ Involve the Customer in the Testing


■ Use Regression Testing for Each Phase

Although not all of these options (such as a mentor team) are available to
individuals outside Novell consulting, the list helps to focus on key
topics introduced in this section.

Use the Customer’s System Experts

You need to use the customer’s system experts. It is unrealistic to expect


you to have the experience necessary in all of a customer’s systems to
analyze and design a DirXML solution.

For example, you might have worked with Lotus Notes on Intel systems
for several years. But if the Notes system you’re integrating with is on a
System 390, don’t assume that Notes behaves the same. It doesn’t.

In this case, have the customer’s System 390 expert on your deployment
team provide a successful integration.

By including the system experts on the deployment team, you receive the
technical expertise you need, and you give the system experts a sense of
accountability for the success of the deployment.

x Do not assume that a system expert will be sympathetic to the deployment. Just as
network administrators might fear loss of control when DirXML is implemented,
the expert can perceive the implementation of DirXML as a personal loss of
power.

Make sure you assure the system expert that his or her involvement in the
deployment is critical and will continue to be critical during the life span of the
DirXML solution (including any upgrades).

Use Peer Review Teams to Evaluate the Deployment

Novell consulting uses peer review teams for initial deployment plans.
When a Novell consultant accepts a DirXML deployment, he or she
meets with other Novell consultants involved in other engagements for a
review of the plans.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-75
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The consultants look for issues that might not have been considered and
provide insights into the practical side of deploying the system.

Use Mentor Teams for Difficult Issues

Mentor teams are Novell DirXML developers and experienced


consultants who conduct a review of the deployment plans to make sure
the DirXML solution is effective and takes full advantage of the DirXML
technologies.

Document Everything

Make sure you document everything. You might even want to keep a
copy of email messages and other correspondence as part of the history
of the deployment.

Remember that it is better to document too much than to have no record


of a rule or requirement you are sure you discussed with the customer.

Make sure you get signatures on all key documents. One or more people
in the organization need to take ownership of the deployment and agree
with the design and requirements.

For example, a signature on the PRD should mean, “Yes, I agree with
what’s been documented here. I trust it. I approve it. Move on to the
testing phase.”

Define Phases

In addition to dividing the testing and implementation into phases, make


sure you build and test the phases in a logical order.

For example, if you are using an NDS-to-NDS driver to synchronize data


between 2 eDirectory trees, make sure you test the DirXML drivers for
each tree before testing the communication between trees.

2-76 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Conduct the POC Pilot Offsite

Whenever possible, prove to yourself that your DirXML solution initially


works by conducting a POC pilot offsite. This gives you time to assess
your overall design and make the necessary configuration improvements.

Involve the Customer in the Testing

The company employees on your deployment team need to be involved


in the testing. They need to see that DirXML works and how you are
validating the data synchronization.

Remember that what you are deploying is a very aggressive technology


for unifying the company’s business process. You need to have the team
feel comfortable you are delivering what you promised.

Use Regression Testing for Each Phase

Just as you build the POC or production pilot a phase at a time, you also
need to test one phase at a time. Start by building the first phase and
running the tests for that phase (as outlined in the configuration and test
checklists).

As you complete each phase, do regression testing by performing the


tests for all previous phases.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-77
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Summary

Objectives What You Learned

1. Prepare for the To prepare for a DirXML deployment, do the following:


Deployment
■ Learn How to Design Solutions Using eDirectory and DirXML. Understand what you
can and cannot accomplish using components such as rules, stylesheets, and the XML
(XDS) and XSLT markup languages.
Also find out about other DirXML deployments to expand your knowledge of how to
implement DirXML in your own business process.
■ Understand How Business Processes Work. Find out as much as possible about
general business processes and the company’s business process you will be supporting
with DirXML.
■ Understand the Company’s Applications. Find out what is and isn’t possible when
integrating a company’s application with DirXML.
■ Understand the Company’s Political Climate. Understand the concerns and enlist the
support of system administrators and the company’s corporate sponsor.
The sponsor should understand and promote the benefits of DirXML. In addition, the
sponsor should be high enough in the organization to negotiate or dictate the integration or
a system or application with DirXML.
■ Keep Current on the Latest Drivers and Stylesheets. Check Novell’s DirXML web site
for updates on product enhancements and development.

2-78 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Objectives What You Learned

2. Design the To design a DirXML deployment effectively, you need to understand the following:
Deployment
■ Why You Should Document a DirXML Deployment. When designing a DirXML
deployment for a customer, the most successful DirXML consultants understand the
benefits of thorough documentation, get document signatures, and use documentation to
resolve issues.
In addition, you must be able to do the following:
■ Create a Business Process Review Document (BPRD). The BPRD provides a picture of
the current business process in a company and a recommended role for DirXML in
supporting that process.

The following basic tasks are related to creating a BPRD:


■ Define the Deployment Scope. Ask “What is the deployment scope?” Define the
scope from the beginning, or your deployment will continue through a neverending
cycle of major changes.
■ Analyze the Business Processes. Review and analyze the customer’s business
process to help you understand the processes politically and technically.
Make sure you interview key personnel about individual processes and the overall
process. Track the business process throughout the company.
■ Define the Business Requirements. When defining business requirements for the
process, review the process flows, data mapping relationships, and process triggers.
Also document the dependencies, list the priorities, define the prerequisites, and
identify the authoritative data sources.
■ Create a Data Flow Diagram (DFD). Create a DFD that represents the current
business process; then create a second DFD that represents the proposed business
process with DirXML implemented.
■ Describe the Advantages of Using DirXML. Emphasize the advantages of using
DirXML to support the new business process.
These advantages include a cleaner business process, more accurate data, a
reduction in administrative costs, directory support for applications, and data sharing
through a directory.
By implementing DirXML, you improve the timeliness of account administration
activities, allow employees to focus on strategic process and procedures, and increase
the integrity, availability, and reliability of data.
■ Manage the Customer’s Expectations. Explain that the first deliverable is a BPRD
from which you and the customer can begin to document what needs to be installed
and configured, how long it will take, and what the deployment will cost.
By delivering a thoroughly documented BPRD first, you save both you and the
customer time and expense.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-79
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objectives What You Learned

2. Design the ■ Create a Business Requirements Document (BRD). The BRD is a detailed description
Deployment of the business requirements related to the DirXML portion of the new business process
(continued) and how DirXML will be implemented to support those requirements.
The following basic tasks are related to creating a BRD:
■ Define Data Flow and Relationships. Document the data you are moving between
systems and what tasks need to be accomplished with the data.
You should understand each directory schema, how the schemas relate, and what
objects and attributes must be synchronized across the DirXML system.
■ Define the Enterprise Schema. The enterprise schema consists of all shared classes
and attributes across a DirXML system that reside in eDirectory.
■ List Required Data Transformations. Document differences in data format between
applications.
For example, a phone number in Microsoft Exchange might look like “801.222.1234.”
However, the same phone number in PeopleSoft might look like “(801) 222-1234.”
■ List Value Relationships. Consider how different values interrelate between systems.
For example, an employee status field in PeopleSoft might have “employee,”
“contractor,” and “intern” values. However, Netscape Directory might have only
“permanent” and “temporary.”
■ Identify Authoritative Data Sources. Isolated systems and directories in a company
are often called data silos.
You can use DirXML to define ownership of data that is shared across the DirXML
system, and define how to prevent changes being synchronized from a
nonauthoritative data source.
■ Enforce Authoritative Data Sources. You can configure filters, rules, stylesheets, and
object security to prevent changes from being synchronized from a nonauthoritative
data source.
■ Define Termination Processes. Termination procedures are critical to a company to
maintain data integrity and security.
Make sure you define processes for deleting, disabling, or terminating objects for all
applications in a DirXML system.
■ Strengthen the Authentication Process. When designing a DirXML system, make
sure you understand if the customer wants a single sign on or single identity
authentication process.
■ List Additional Software Needed. List software needed beyond that owned by the
company.
■ List the Constraints. List hardware or software constraints, such as the platforms on
which you can run a DirXML driver.
■ Create a Project Requirements Document (PRD). The PRD is a finalized version of the
BRD with the addition of elements such as time lines, goals, and milestones you want to
achieve when implementing the DirXML deployment.

2-80 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Design and Implement a DirXML Deployment

Objectives What You Learned

3. Implement the To implement a DirXML deployment, you must complete the following:
Deployment
■ Assemble a Deployment Team. The deployment team should include a network
administrator for each system affected by the DirXML deployment, application experts, and
a corporate sponsor who is responsible for all involved systems.
The following are suggested areas for building and using an effective deployment team:
■ Multiple Roles. Include as many team members as possible that can serve more than
one role (such as a network administrator who is also an application expert).
■ Corporate Sponsor. The sponsor should have authority across all systems to put the
implementation into place.
■ Additional Team Members. Invite other DirXML consultants or experts to review your
documentation and plans.
■ Testing and Implementation. The team should be available to help with testing and
implementation.
■ Support for the Deployment. The customer either needs a support contract in place
or needs to know what’s going on to take care of the DirXML system.
By involving the customer employees as part of the team, they are prepared to perform
many (if not all) support tasks.
■ Deploy a Proof of Concept (POC) Pilot. After you have signatures on the BRD and PRD,
you are ready for the POC pilot. This involves the following:
■ Develop the POC Pilot Plan. Develop the plan with the deployment team.
Start by verifying the first draft with the team. Then divide the POC pilot into phases (1
for each driver), define the success factors for each phase, and define the tests to
verify the success factors.
Finally, create a configuration checklist and a test checklist.
■ Build and Test the POC Pilot. The pilot does not need to take place on the customer’s
site and should never be implemented in the customer’s production environment.
Start by building a phase and running the tests for that phase (as outlined in the
configuration and test checklists). As you complete each phase, go back and execute
the tests for previous phases. This method is called regression testing.
Verify the results and make changes to the plan. Make sure you archive rules as you
change them in the driver.

Revision 1.0 This document should only be used by a Novell-certified instructor. 2-81
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objectives What You Learned

3. Implement the ■ Deploy a Production Pilot. The basic procedure for deploying a production pilot is the
Deployment same as deploying a POC pilot. You develop the production pilot plan (based on the POC
(continued) plan), and then build and test the production pilot.
Implement the pilot on hardware identical to the customer’s hardware or on the real
hardware itself in the production environment.
Consider introducing the same latency issues (network traffic issues) for the production
pilot that exist on the customer’s network.
■ Deploy the DirXML System. The final changes you make to the production pilot plan
result in the deployment plan.
The deployment plan (along with the PRD) becomes the blueprint you leave behind of the
company’s DirXML system.

4. Manage and To manage and troubleshoot a deployment, consider the following:


Troubleshoot
■ Don’t Panic. Don’t appear panicked in front of your deployment team or anyone else.
the
Deployment ■ Think Through What You’ve Done. Trust in the work and research that went into
developing the requirements for the DirXML system.
■ Check the Trace Logs. Use tools such as DSTrace to watch what’s happening. Compare
the results to your business requirements.
■ Follow Standard Troubleshooting Procedures. Before implementing a drastic solution,
make sure you’ve covered everything from hardware to the rules first.
■ Focus on Configuration Issues. Most problems associated with a DirXML deployment
are configuration issues, not technology issues.
■ Stick to Your Deployment Plan. Trust your research and design, and trust the testing
done by Novell on the preconfigured drivers and DirXML engine.
■ Don’t Let the Customer Manage the Deployment. Don’t allow a customer to dictate a
new schedule that’s too aggressive after signing the PRD.
If it’s going to take longer than what the customer wants to safely deploy a DirXML system,
make sure the customer understands the dilemma.
■ Apply the Factors of Success. The Novell consulting team has developed a list of factors
that significantly improve the chance for a successful DirXML deployment.
These factors include using the customer’s system experts, using peer and mentor
reviews, documenting everything, defining phases, conducting the POC pilot offsite,
involving the customer in the testing, and using regression testing.

2-82 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
SECTION 3 Synchronize Microsoft Exchange and
eDirectory Using DirXML

In this section you learn how to synchronize data between eDirectory and
Microsoft Exchange 5.5 using the Microsoft Exchange driver and
DirXML.

Objectives
1. Identify How Microsoft Exchange Server Works

2. Use Exchange Administrator

3. Import the Exchange Driver

4. Identify How the Exchange Driver Works

5. Modify and Test the Exchange Driver for a DirXML Deployment

Introduction

As a DirXML consultant, or a corporate employee implementing


DirXML, you create a Business Requirements Document (BRD) that
outlines the DirXML business requirements for an approved business
process.

With the BRD completed, you can import, configure, and test the
DirXML drivers that support your DirXML deployment for the business
process. These drivers synchronize data between the applications and
eDirectory as illustrated in your data flow diagram (DFD).

However, to effectively implement a driver, you need to understand the


basics of the application supported by the driver. This is especially true
when working with an application expert or owner.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-1
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

You should also be able to use administrative tools that let you manage
and test the data synchronization.

In this section you are introduced to the Microsoft Exchange Server 5.5
application (often referred to as “Microsoft Exchange”) and the
Microsoft Exchange Administrator tool.

In addition, you import the Microsoft Exchange driver and become


familiar with how the preconfigured driver works.

With an understanding of the application and the preconfigured driver,


you can adapt the driver to meet the business requirements of your
DirXML deployment and test the driver as part of a proof of concept
(POC) pilot.

x The Microsoft Exchange driver for DirXML synchronizes data between Microsoft
Exchange Server 5.5 and eDirectory 8.5.

A preconfigured Lotus Notes driver is also included with DirXML 1.0. Other
email drivers (such as GroupWise) will become available soon. Check the
DirXML product home page on the Novell web site for updates.

Scenario

As the DirXML consultant for Digital Airlines, you have already created
and received approval from the IS&T manager on your BRD and
Production Requirements Document (PRD) for the QuickStart DirXML
deployment.

You have also assembled your project team and listed several phases for
implementing a POC pilot based on your POC plan.

The first phase of your POC pilot involves implementing and testing the
Microsoft Exchange driver to meet the business requirements of your
QuickStart deployment.

The driver ensures that an employee record created or deleted by Human


Resources (in PeopleSoft) results in an associated email account created
or deleted in Microsoft Exchange.

3-2 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

In addition, enterprise attribute values modified in an employee record


must be reflected in the employee’s email account. Microsoft Exchange
must be the authoritative source for an employee’s email address
throughout the QuickStart deployment.

Although you understand how DirXML works, you are unfamiliar with
Microsoft Exchange Server or the Microsoft Exchange driver.

Objective 1 Identify How Microsoft Exchange Server Works

To know how Microsoft Exchange Server works, you must understand


the following:
■ Exchange Server Purpose
■ Exchange Server Hierarchy
■ Exchange Server Components
■ Exchange Server Recipient Types
■ Exchange Server Email Client Support
■ Exchange Server and the DirXML Driver

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-3
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exchange Server Purpose

Exchange Server is a messaging system that enables people to exchange


email messages. You can also share files such as documents,
spreadsheets, and graphics.

Exchange Server also includes several collaboration utilities through


OutlookTM 97, Office 97, and Exchange Server’s own design environment.
These utilities help you perform tasks such as group scheduling, threaded
discussions, and workflow.

x Exchange Server is integrated with the other components of the Microsoft


BackOffice Suite, such as SQL ServerTM, Systems Management Server, and
Internet Information Server. It is also tightly integrated with Windows NT Server.

Exchange Server Hierarchy

Exchange Server uses server and clients to accomplish messaging tasks


across the network. To make it easier to manage servers, Exchange
organizes servers into
■ Organizations
■ Sites
■ Locations

Organizations

An organization is the largest administrative unit in Exchange Server,


and consists of 1 or more sites that support the messaging system.
Normally, a company has just 1 organization.

3-4 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Sites

All servers in an organization are grouped into sites, as illustrated in the


following figure:

Organization

Site B - New York

Site C - Paris Site D - London

Site A - Los Angeles

Figure 3-1 Sites in an Organization

A site contains 1 or more Exchange Server computers that share the


same directory information and are connected by a high-bandwidth
permanent network.

A small organization might have only 1 or 2 sites, whereas a large


organization might have many.

All directory changes within a site are updated and replicated


automatically. However, you need to configure replication between sites.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-5
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Locations

You can group servers into locations within a site. A location is a group
of servers connected across a high-bandwidth network.

Although you do not need to assign servers a location, both public folder
access and mail routing takes advantage of location information if it is
provided.

Exchange Server Components

The basic components that facilitate the delivery of messages in an


Exchange Server system include the following:
■ Information Store (Public and Private)
■ Directory
■ Message Transfer Agent (MTA)
■ System Attendant

Information Store (Public and Private)

The information store is the central repository for all messages in


Exchange Server.

Each Exchange Server can have 2 information stores:


■ Public Information Store. This information store holds all public
folders and their information, such as custom forms.
■ Private Information Store. This information store holds all private
folders and their information, such as messages belonging to
individual mailboxes.

In addition, the email client (such as Microsoft Outlook) that integrates


with Exchange Server can have a personal folder file that consists of
folders stored on the client’s computer.

The information store also provides rules and views, and maintains
storage and age limits.

3-6 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

x Exchange Server uses a fault-tolerant, transaction-based architecture for its


information store.

If a power outage or other abnormal system shutdown occurs, Exchange Server


uses transaction log files to reconstruct the data. Transaction log files minimize
response times for user requests and provide fault tolerance if data needs to be
restored.

Directory

The directory contains information for message recipients and other


objects in an Exchange Server organization.

A directory entry for each Exchange Server object appears in Exchange


Administrator (the administrative tool for Exchange Server).

The directory has 2 main components:


■ Directory Database. The directory database stores information for all
the directory objects.
Most objects in the directory represent individual items in the
organization, such as a particular server or recipient. Container
objects hold individual objects or other containers.
The collection of objects that make up an organization is represented
as a hierarchy.
■ Directory Service. The directory service is a Windows NT server
process that
❑ Manages information in the directory database and handles
directory requests from users, services, and applications
❑ Provides the Exchange Server Address Book

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-7
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

❑ Enforces the rules governing the structure and contents of the


directory
❑ Sends directory replication notifications to directories on other
servers and processes directory replication notifications from
other servers

Message Transfer Agent (MTA)

The message transfer agent (MTA) delivers messages to a destination by


moving them from one server to another. You can transfer and deliver
messages between
■ Exchange Server computers within a site
■ Exchange Server computers in different sites
■ An Exchange Server computer within an organization and another
mail system

If the message needs to be delivered over the internet, the internet mail
service Exchange server component routes the message between
Exchange Server and Simple Mail Transfer Protocol (SMTP)-based
systems.

System Attendant

The system attendant is a maintenance service that must be running for


other Exchange Server services to operate.

The system attendant generates email addresses for new recipients and
maintains message tracking log information. It also monitors the
connection status among Exchange Server computers.

3-8 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Exchange Server Recipient Types

Exchange Server receives messages and information through objects


known as recipients. Recipients are as follows:
■ Mailboxes. A mailbox is a receptacle for messages and attachments
in Exchange. It is associated with a recipient’s Windows NT user
account.
A mailbox can contain items sent from other users within an
organization or from outside organizations. Recipients can read
messages and other items in their mailbox by using a client email
application.
A mailbox is the most common type of recipient and typically has
only 1 user assigned to it. However, several users can share the same
mailbox. You can also import mailboxes from other mail systems or
networks.
■ Distribution Lists. A distribution list is a group of recipients created
to expedite mass mailing of messages and other information. When a
message is sent to a distribution list, all members of the distribution
list receive a copy.
■ Custom Recipients. A custom recipient is a recipient outside the
messaging site, local post office, or organization, such as an Internet
recipient with an SMTP address.
■ Public Folders. A public folder stores messages or information that
can be shared with all designated users in your organization. Public
folders can contain different types of information, from simple
messages to multimedia clips.
■ Mailbox Agents. Mailbox agents are used to build a
messaging-enabled server application written to operate from data
sent to a specific mailbox.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-9
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exchange Server Email Client Support

Exchange provides email to everyone in an organization through an


email client (such as Outlook 97). Email clients are supported through
■ Standard Internet Email Protocols
■ Third-Party Connectors

Standard Internet Email Protocols

In addition to providing messaging functions to Windows-based users


(via the MAPI protocol), Exchange includes the standard Internet email
protocols, including
■ Simple Mail Transfer Protocol (SMTP)
■ Internet News Service/Network News Transfer Protocol (NNTP)
■ Post Office Protocol Version 3 (POP3)
■ Internet Message Access Protocol Version 4 rev1 (IMAP4rev1)
■ Lightweight Directory Access Protocol (LDAP)
■ Hypertext Transfer Protocol (HTTP) and Microsoft Outlook Web
Access

This means you can send and receive email to most Internet/intranet
mailboxes.

DirXML uses LDAP to interface with Exchange Server and to help


maintain data synchronization between Exchange and other applications.

Third-Party Connectors

Exchange Server includes a copy of Microsoft Outlook 97 to use as a


client interface for sending and receiving email through the Exchange
server.

3-10 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Exchange Server also comes with several connectors you can use to
attach your Exchange Server to third-party message servers, such as
Lotus cc:MailTM, Lotus Notes, Internet Mail, Microsoft Mail, and a
mainframe PROFS mailbox.

Exchange Server and the DirXML Driver

When you use Exchange Server to send a message, the following


happens:

1. The message is delivered to the information store, which acts as a


central post office.

2. The information store determines where the message should be


delivered by searching in the directory, which acts as an address book.

3. If the message is addressed to a person on the same home server as the


sender, the information store delivers the message.

4. If the message is addressed to a person on another server or system,


the information store passes the message to the MTA to deliver.

5. Meanwhile, the system attendant runs in the background, making sure


the Exchange system runs smoothly and mail is routed correctly.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-11
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The following illustrates the interaction of the core components of


Exchange Server to deliver a message:

MTA Internet
to Kim Hart
to Kim Hart

Information Store
to Jim Drew
to Jim Drew
FS1

Directory Service

Jim Drew JDrew FS1


Kim Hart KimH Internet

Directory Database

System Attendant

Figure 3-2 Exchange Server Message Delivery

3-12 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Just as the information store contacts the directory to locate an email


address, DirXML contacts the directory through an Exchange driver to
synchronize information and events with eDirectory:

Microsoft Exchange Server

MTA

Information Store PeopleSoft


PeopleSoft
Microsoft Driver
Exchange
Driver
DirXML
Directory Service eDirectory

Jim Drew JDrew FS1


PBX Driver
Kim Hart KimH Internet

Directory Database
System Attendant PBX Server

Animation 3-1 How DirXML Figure 3-3 Exchange and the DirXML Driver
Interfaces with Microsoft
Exchange Server
The directory contains an event (transaction) log that records all
transactions (adds, modifications, and deletes) that occur in the Exchange
directory database.

The Exchange driver polls the event log at regular intervals for new
events; then it processes those events based on the driver filter, rules, and
stylesheets.

After the information from the Exchange directory is synchronized with


eDirectory, DirXML synchronizes the data and events with other
applications through additional DirXML drivers.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-13
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

When you first start the Exchange driver, the driver checks the event log
and receives an ID number. The number represents the latest record listed
in the event log.

Each time the Exchange driver checks the event log, it uses the ID
number to receive and process only the latest events listed in event log.
Then the driver updates to a new ID number that reflects the latest record
in the event log.

x If Microsoft Exchange crashes, the ID number can become invalid because it does
not match any ID number in the log.

In this case, the Exchange driver starts processing events from the
beginning of the log and might reprocess events already reflected by
DirXML.

Objective 2 Use Exchange Administrator

Exchange Administrator provides a graphical environment for


administering the services and components of an Exchange messaging
system.

You need to perform the following in Exchange Administrator when


testing the Exchange DirXML driver:
■ Start the Administrator
■ Display Objects in the Administrator Window
■ Create a Mailbox
■ Modify Mailbox Properties
■ Delete a Mailbox

3-14 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Start the Administrator

Do the following:

1. Select Start > Programs > Microsoft Exchange > Microsoft


Exchange Administrator.
If you are starting Exchange Administrator for the first time,
Administrator might request the name of a server.

2. Select Browse, select a server, and select OK.

3. Enter Exchange Administrator by selecting OK.


A window similar to the following appears:

Figure 3-4 Microsoft Exchange Administrator Window

The Administrator window is a graphical view of all users and resources


in an organization. You can move through the various branches of this
structure to see the complete layout of your organization.

The following are basic components of the Administrator window:


■ Title Bar. Displays the name of the server and domain you’re
connected to, and the name of the item selected in the container area.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-15
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

■ Server Box. Contains a list of the 20 most recently selected servers.


You can select a server by selecting its name from the list.
■ View Filters Box. Enables you to view only custom recipients,
distribution lists, mailboxes, public folders, or all of these combined.
(You can also view recipients by using the View menu.)
■ Container Area. This is the display area on the left side of the
Administrator window. It shows directory container objects and
represents all components in your organization.
■ Contents Area. This is the display area on the right side of the
Administrator window. It shows the contents of the selected object in
the container area.

When connected to a server in a site, you can modify information about


other servers or objects in that site.

Display Objects in the Administrator Window

In an Exchange directory hierarchy, objects can be containers or


individual items (such as a server or mailbox) in an organization.

All objects, and their properties, are part of an Exchange organization


and are stored as entries in the Exchange directory database.

The following are objects you commonly find when using Exchange
Administrator:

Icon Name Description

Organization The root or starting point of Exchange Server


directory objects. This is the name of your
entire organization.

Address Book Views Contains Address Book views that can be


Container used to group recipients.

Folders Contain the public folder hierarchy.

Table 3-1 Exchange Objects

3-16 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Icon Name Description

Public Folders Contains information that can be shared


among many users. You can send messages
to public folders.

Global Address List Contains all recipients in the organization.

Site A group of 1 or more Exchange Server


computers connected to the same LAN.

Site Configuration Contains configuration objects, such as the


Container directory replication connector.

Custom Recipient Recipients residing on a foreign messaging


system.

Distribution List A group of recipients addressed as a single


recipient. This object is equivalent to a Group
object in eDirectory.

Mailbox Contains email and other information. You


must have a mailbox to send and receive
email. This object is equivalent to a user
object in eDirectory

Connections Container Contains all connectivity objects for the


system.

Server Container A container for Exchange Server computers.

Server A Windows NT server computer running


Exchange Server.

Recipients Container Contains recipients (mailboxes, custom


recipients, distribution lists, and public
folders). A site can have multiple recipient
containers.

Table 3-1 Exchange Objects (continued)

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-17
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

To display objects in the container or content area of the Administrator


window, do the following:

1. Select the plus button (+) or the minus button (-) at the left of an object
in the container area or content area.
This expands or collapses the directory structure.

2. Double-click an object in the container area or the content area.

Create a Mailbox

A mailbox is an object that represents an email user in Exchange. A


mailbox requires a user account in Windows NT. You can associate 1 or
more Windows NT user accounts with a mailbox.

Mailboxes are normally stored in the Recipients container of an


Exchange site. When you create a mailbox, an entry is also included in
the Global Address List.

To create a mailbox, do the following:

1. Start Exchange Administrator.

2. Find and select the Recipients container for the site you are
administering.

3. Select File > New Mailbox.

3-18 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

The Mailbox properties dialog appears:

Figure 3-5 Mailbox Properties Dialog

Several tabs are listed in the properties dialog. The General tab is
where you enter basic mailbox information.

4. Enter a first name, middle initial (if any), and a last name.
The first and last name are used to create the display name for the
mailbox. You can edit the display name in the properties dialog.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-19
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Email addresses are created and listed on the Email Addresses tab:

Figure 3-6 Email Addresses Tab in Exchange Administrator

5. Enter other account information on the General tab or other tabs in the
properties dialog as needed.
You must enter a first name on the General tab before you can access
other tabs.

6. Select OK.
Exchange prompts you to select an existing Windows NT account to
associate with the mailbox, or create an NT account.

7. Select an account option and select OK.

8. If you select an existing Windows NT account, do the following:


a. From the Add User or Group dialog, select the server domain.
b. Select a user from the Names list.
c. Select Add; then select OK.

3-20 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

9. If you are creating an NT account, do the following:


a. From the NT domain drop-down list, select the Windows NT
domain.
b. Enter an account name.
A default account name is provided that is the same as the
mailbox alias.
c. Select OK.
d. Confirm that the account will have a blank password by selecting
OK.
The new mailbox appears in the contents area of the
Administrator window:

Figure 3-7 New Mailbox in Exchange

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-21
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Modify Mailbox Properties

You can find most of the data synchronized in a DirXML implementation


of the Exchange driver on the General, Phone/Notes, and Email Address
pages of the mailbox properties dialog.

To modify this mailbox data, do the following:

1. Start Exchange Administrator.

2. Find and select the Recipients container for the site you are
administering.

3. Double-click the mailbox you want to modify.


The mailbox appears in the contents area.

4. Select the General tab or the Phone/Notes tab and change the
information.

5. Save the changes by selecting OK.

Delete a Mailbox

Do the following:

1. Start Exchange Administrator.

2. Find and select the Recipients container for the site you are
administering.

3. Select the mailbox you want to delete.


The mailbox appears in the contents area.

4. Select Edit > Delete or press the Delete key; then select Yes to confirm
the deletion.

x Deleting a mailbox does not delete the associated NT account unless you
select “Delete primary Windows NT account when deleting mailbox” on the
Options dialog of Exchange Administrator (Tools > Options > Permissions).

3-22 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Exercise 3-1 Perform Basic Administrative Tasks Using Exchange


Administrator

As part of testing the Exchange integration in a DirXML deployment,


you need to know how to perform some basic tasks using Exchange
Administrator.

In this exercise, you do the following:


■ Part I: Start Exchange Administrator
■ Part II: Find Objects in the Administrator Window
■ Part III: Create a Mailbox Recipient
■ Part IV: Modify a Mailbox Recipient
■ Part V: Delete a Mailbox Recipient

Part I: Start Exchange Administrator

Do the following:

1. On the Digital-Air-1 server, select Start > Programs > Microsoft


Exchange > Microsoft Exchange Administrator.

2. If you are asked to connect to a server, do the following:


a. Select the Browse button, select DIGITAL-AIR-1 in the DA1
site; then select OK.
b. Connect to the server by selecting OK.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-23
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part II: Find Objects in the Administrator Window

This part of the exercise helps you become familiar with navigating
through the Administrator window. The following is a list of objects that
exist in the Digital Airlines organization:

Icon Name Description

Public Folders A receptacle for information that can be shared


among many users in the Digital Airlines
organization.

Global Address List Contains all recipients in the Digital Airlines


organization.

DA1 A site within the Digital Airlines organization


which contains the Digital-Air-1 server.

Configuration Contains configuration objects for the DA1 site.

Connections Contains all components (such as Directory


Service and MTA) for delivering email
messages.

Servers The container that holds the Digital-Air-1 server


object.

DIGITAL-AIR-1 The NT Server computer running Exchange


Server.

Recipients Will contain mailboxes created in this and other


exercises.

Table 3-2 Exchange Objects

Find each object in the container or contents area of the Administrator


window; then read the description in the list to become familiar with the
object. Several of these objects are referenced in the rest of this section.

Remember that you can expand an object by selecting the plus button to
the left of the object or by double-clicking the object.

3-24 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Part III: Create a Mailbox Recipient

To create a mailbox recipient in the DA1 site, do the following:

1. Select the Recipients container for the DA1 site.

2. Select File > New Mailbox.


The Mailbox properties dialog appears.

3. Enter the following information on the General tab:


First name = Caroline
Middle initial = E
Last name = Nelson
Notice the first and last name are used to create the display name
(Caroline Nelson) for the mailbox. The first name and first letter of
the last name are used to create the mailbox alias (CarolineN).

4. Select OK.
Exchange prompts you to select an existing NT account to associate
with the mailbox or to create an NT account.

5. Select Create a new Windows NT account and select OK.

6. Select the DA1DOMAIN domain from the NT domain drop-down


list.

7. Leave CarolineN as the account name and select OK.

8. Confirm the account will have a blank password by selecting OK.


The new mailbox appears in the contents area of the Administrator
window.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-25
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Part IV: Modify a Mailbox Recipient

To modify the attributes or properties of a mailbox recipient, do the


following:

1. Select the Caroline Nelson mailbox.

2. Select File > Properties.


You can also double-click a mailbox to open the properties dialog.

3. Select the General tab.

4. Delete “Nelson” in the Last name field and enter Carr.


Does the Display name or Alias change to reflect the new last name?

5. Delete “Nelson” in the Display name field and enter Carr.

6. Delete the “N” from the end of the Alias and enter C.

7. Save the changes by selecting OK.


Did the display name change for the mailbox?

Part V: Delete a Mailbox Recipient

Do the following:

1. Select the Caroline Carr mailbox in the contents area.

2. Select Edit > Delete.


You can also press the Delete key.

3. Delete the mailbox by selecting Yes.


Does deleting Caroline Carr’s mailbox also delete her NT account?
Let’s find out.

3-26 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

4. Select Start > Programs > Administrative Tools (Common) > User
Manager for Domains.
Is there an NT account for Caroline? What is her username? What is
her full name? Did the modifications you made to her Exchange
account affect her NT account?
The lack of synchronization between Caroline Carr’s mailbox and
her NT account demonstrates the need for data synchronization
across applications in a company.

5. Close User Manager.

Exercise Summary

By completing this exercise, you became familiar with using Exchange


Administrator in preparation for running tests on the POC pilot for the
Exchange driver.

Specifically, you did the following:


■ Navigated through the Administrator window to find specific
Exchange objects.
Some of these objects are referenced throughout the rest of the
section. You need to be able to find and recognize them.
■ Created, modified, and deleted a mailbox.
You repeat these tasks several times while testing the imported
Exchange driver and while testing the configuration changes to the
driver during the POC pilot.

(End of Exercise)

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-27
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 3 Import the Exchange Driver

A simple installation of DirXML does not provide you with Exchange


driver functionality. You also need to import the Exchange driver.

To import the driver, you need to do the following:


■ Check the Exchange Driver System Requirements
■ Gather the Exchange Driver Import Information
■ Import the Exchange Driver Using the Application Driver Creation
Wizard
■ Configure eDirectory for the Exchange Driver

Check the Exchange Driver System Requirements

The following lists the system requirements for the Exchange driver.

Resource Minimum Requirement

Processor Intel Pentium PC-based processor

RAM 64 MB RAM (128 MB recommended)

eDirectory Windows 2000 or Windows NT Version 8.5

ConsoleOne Version 1.2d

Exchange Server Version 5.5

Table 3-3 System Requirements for the Exchange Driver

Before importing the driver, make sure eDirectory and DirXML are
installed and that you have the correct version of Exchange Server
installed.

x eDirectory must run on Windows NT or Windows 2000 for the Microsoft


Exchange driver to work because the driver shim is a DLL file and does not work
remotely.

3-28 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Gather the Exchange Driver Import Information

Before you begin importing the Exchange driver into eDirectory, you
need to gather configuration information. You enter this information
when importing the driver.

This information is added to the following:


■ Publisher Channel Placement Rule
■ Subscriber Channel Placement Rule
■ Exchange Driver Parameters (Properties Dialog)

Publisher Channel Placement Rule

This information is included as part of the publisher placement rule XML


document:
■ The NDS Container Where New NDS Users Will Be Added. When you
create a mailbox in Exchange, a user is added to eDirectory. This is
the eDirectory container where the user is added.
■ The NDS Container Where New NDS Groups Will Be Added. When
you create a new distribution list in Exchange, a new group is added
to eDirectory. This is the eDirectory container where the new group
is added.

Subscriber Channel Placement Rule

This information is included as part of the subscriber placement rule


XML document:
■ The Default Exchange Container for Exchange Mailboxes. When you
create a user in eDirectory, a mailbox is added to Exchange. This is
the Exchange container where the mailbox is added.
■ The Default Exchange Container for Exchange Distribution Lists.
When you create a group in eDirectory, a distribution list is added to
Exchange. This is the Exchange container where the distribution list
is added.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-29
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exchange Driver Parameters (Properties Dialog)

This information is included as part of the Driver Parameters XML


document in the Exchange properties dialog:
■ The IP Address of Exchange Server (for LDAP Queries). This is the IP
address of the computer on which you installed Exchange Server.
■ Remote Exchange Server Communication (1=true;0=false). If the
Exchange server is on a different (remote) computer than eDirectory
and DirXML, you need to indicate this while importing the driver.
The default is 0.
■ The Name of the Exchange Server. This is the name of the server on
which Exchange Server is installed.
■ The Name of the Exchange Site that the Driver Will Administer. In
addition to the name of the Exchange server, you also need to
provide the name of the Exchange site in which the server is located.
■ The Name of the Domain for New NT Accounts. Each Exchange
mailbox needs to be associated with a Windows NT account.
For eDirectory to successfully add a mailbox to Exchange Server, it
needs to know the name of the domain where the Windows NT
accounts are created.
■ Polling Frequency for the Publisher Channel. This setting lets
DirXML know how often you want the Publisher channel of the
Exchange driver to check for events (such as an add, modify, delete)
listed in eDirectory. The default is 180 seconds.

The following provides suggestions for finding the import information:

Import Information Where to Find It

NDS container for new NDS You can find the container name (using
users ConsoleOne) in the eDirectory tree that will be
synchronized to Exchange.
The Exchange driver is preconfigured to place
user objects in only 1 eDirectory container.

Table 3-4 Gathering Exchange Driver Import Information

3-30 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Import Information Where to Find It

NDS container for new NDS You can find the container name (using
groups ConsoleOne) in the eDirectory tree that will be
synchronized to Exchange.
The Exchange driver is preconfigured to place
group objects in only 1 eDirectory container.

Exchange container for You can find the container name (using Exchange
Exchange mailboxes Administrator) in the site that will be synchronized
with eDirectory.
The container name is normally “Recipients.”

Exchange container for You can find the container name (using Exchange
Exchange distribution lists Administrator) in the site that will be synchronized
to eDirectory.
The container name is normally “Recipients.”

Exchange server IP address At a DOS prompt window, enter IPCONFIG. The


IP address should be displayed.

Remote Exchange Server This is a decision based on whether Exchange is


Communication on a different computer than eDirectory and
DirXML.

Exchange server name Check the Server window title bar in Exchange
Administrator for the name of the server.

Exchange site name Check the Server window title bar in Exchange
Administrator for the name of the site.

Domain name for new NT Create a mailbox in Exchange Server.


accounts During the process, you are asked to select a
domain name from a drop-down list when creating
the NT user account.
Select one of the domain names listed to use for
the DirXML driver.

Publisher channel polling This is a decision based on the amount of traffic


frequency you want to generate on the network and how
frequently you feel you need to check for
unprocessed events.

Table 3-4 Gathering Exchange Driver Import Information (continued)

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-31
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Import the Exchange Driver Using the Application Driver Creation Wizard

When you install DirXML, the following Exchange driver files are
copied to your hard drive:
■ EXDRIVR.DLL. This file is the application shim that communicates
with Exchange Server.
The file receives and translates data from Exchange Server, passing it
through the publisher channel to eDirectory; it also receives data on
the subscriber channel (processed by DirXML) and passes it to
Exchange Server.
The file is in C:\NOVELL\NDS.
■ EXDRIVERCONFIG.XML. This file contains the preconfigured
XML documents for the filters and rules in the Exchange driver.
The file is in
C:\NOVELL\CONSOLEONE\1.2\SNAPINS\DIRXML.

With these files available (and DirXML and eDirectory installed), you
import the Exchange driver into the eDirectory tree.

To import the driver, you need to do the following:


■ Start ConsoleOne
■ Create a Driver Set Object in eDirectory
■ Import the Exchange Driver into eDirectory

Start ConsoleOne

Start ConsoleOne and log into the eDirectory tree where the data you
want to synchronize with Exchange Server is located.

Create a Driver Set Object in eDirectory

A DirXML driver set object stores a collection of imported DirXML


drivers.

3-32 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

If a DirXML driver set object does not exist in the container where you
want to import the Exchange driver, you must create a driver set object
before importing the driver.

Import the Exchange Driver into eDirectory

With a driver set object created, you can import the Exchange driver into
the container.

1. Select the driver set object where you want to import the Exchange
Server driver.

2. Select Wizards > Create a new Application Driver.


A Welcome window for the Application Driver Creation Wizard
appears:

Figure 3-8 Application Driver Creation Wizard Welcome Window

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-33
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

3. From the Welcome window, ensure that “In an existing driver set” is
selected; then select Next.

4. Import the preconfigured Exchange driver into the Driver Set object:
a. Ensure that “Import pre-configured driver (XML file)” is selected;
then select the Browse button.
b. Select ExDriverConfig.xml; then select Open.
c. Continue by selecting Next.

5. Enter the configuration information for the Exchange driver.


The next several dialogs request the configuration information you
gathered before starting the import.
Each dialog requests 1 item of information and includes a default
template of how to enter the information.
For example, the first dialog requests the NDS container where the
new NDS users will be added:

Figure 3-9 Exchange Driver Configuration Dialog

The template is “\TREE-NAME\TOP-LEVEL-CONTAINER\.”


a. Delete the template text; then type the tree name followed by the
name of the top level container in which you want user objects
placed by Exchange.
The template requires a backslash (\) at the beginning of the tree
name and at the beginning and end of the container name. These
backslashes are not optional (including the backslash at the end
of the container name). Without them, the driver will not work.
The same is true of all other template text. Make sure you follow
the format of the template when entering your own information.
b. Continue to the next dialog by selecting Accept.

3-34 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

c. Continue entering the configuration information and selecting


Accept until you enter all the information you gathered.
The following lists tips for entering the information:

Information Template Text Tips

NDS container where new NDS \TREE-NAME\TOP-LEVEL-CONTAINER\ Include a backslash at the


users will be added end of the container name.

NDS container where new NDS \TREE-NAME\TOP-LEVEL-CONTAINER\ Include a backslash at the


groups will be added end of the container name.

Exchange container for Exchange /o=EXCHANGE_ORGANIZATION/ Use forward slashes in the


mailboxes ou=EXCHANGE_SITE/cn=Recipients/cn= DN. Leave the empty “cn=” at
the end because DirXML
uses it (along with a variable)
to create the name of the
Exchange mailbox.

Exchange container for Exchange /o=EXCHANGE_ORGANIZATION/ Use forward slashes in the


distribution lists ou=EXCHANGE_SITE/cn=Recipients/cn= DN. Leave the empty “cn=” at
the end because DirXML
uses it (along with a variable)
to create the name of the
Exchange distribution list.

Exchange server IP address 1.2.3.4 Use the normal formatting for


an IP address.

Remote Exchange Server 0 Only enter “1” for this setting


Communication if the Exchange server is on a
different computer than
DirXML.

Exchange server name EXCHANGE_SERVER_NAME_GOES_HERE Make sure you enter the


actual name of the server
(not the server object name
in eDirectory).

Exchange site name /o=EXCHANGE_ORGANIZATION/ Remember to use forward


ou=EXCHANGE_SITE_NAME slashes in the DN. Do not
place a forward slash at the
end of the site name.

Domain name for new NT DOMAIN_NAME_GOES_HERE Only enter the domain name.
accounts

Publisher channel polling 180 The value you enter


frequency represents seconds.

Table 3-5 Tips for Entering the Exchange Driver Configuration Information

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-35
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

When you finish entering the configuration information, you can


finish importing the driver.

6. Configure security parameters for the Exchange driver.


A dialog appears that asks if you want to define security
equivalences and exclude objects that represent administrative roles.
a. Continue configuring by selecting Yes.
b. Select Memberships > Security Equal To; then select Add.
c. Select the DirXMLAdmin object in the DigitalAir organizational
container; then select OK.
This gives the Exchange driver object security equivalence to the
eDirectory DirXMLAdmin object.
d. Select DirXML > Excluded Users; then select Add.
e. Select the DirXMLAdmin and Admin objects in the DigitalAir
organizational container; then select OK.
This prevents the Exchange driver from synchronizing the
DirXMLAdmin and Admin object information with other
directories.
f. Close the Exchange Driver properties dialog and save the changes
by selecting OK.
A Summary window appears that lists the components of the
Exchange driver.

7. Finish importing the driver by selecting Finish.

3-36 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Configure eDirectory for the Exchange Driver

After you import the driver into the tree, you need to do the following:
■ Provide Login Information for Exchange Administrator
■ Enable the Exchange Driver
■ Validate the Exchange Driver Settings
■ Start the Exchange Driver
■ Change or Disable the eDirectory LDAP Port

Provide Login Information for Exchange Administrator

For DirXML to perform transactions in the Exchange Server directory


(such as adding mailboxes), you need to provide the login information
for Exchange administrator.

This information includes the ID, Windows NT domain, and password


for the Exchange account that has permissions (rights) to administer the
mailbox recipient objects.

Do the following:

1. Right-click the ExDriver object in the driver set; then select


Properties.

2. Select Authentication.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-37
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The Authentication tab for the Exchange driver appears:

Figure 3-10 Authentication tab for the Exchange Driver

3. Enter the Authentication ID for the administrator.

4. Enter the domain name of the Authentication context.

5. Enter and reenter the administrator password.

6. Select Apply.

3-38 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Enable the Exchange Driver

The Exchange driver is set (by default) to “Disabled” when you first
import the driver.

To activate the driver, you need to select “Manual” or “Automatic.”

1. From the Exchange Driver properties dialog, select the Startup


Option tab.
The following appears:

Figure 3-11 Startup Option tab for the Exchange Driver

The driver is disabled (by default) from running manually or starting


up when eDirectory starts.

2. Start the Exchange driver yourself by selecting Manual, or have the


driver start automatically with eDirectory by selecting Auto start.

3. Select Apply.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-39
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Validate the Exchange Driver Settings

You can view most of the configuration information you enter when
importing the Exchange driver (except for the placement rule containers)
from the driver properties dialog.

1. From the Exchange Driver properties dialog, select the Driver


Parameters tab.
The following appears:

Figure 3-12 Driver Configuration tab for the Exchange Driver

2. Scroll down to review the settings.


Make sure that you have the correct IP address, that the correct
Remote Exchange Driver value is set, and that the slashes are
forward slashes in the Exchange site name.

3. Close the Exchange Driver properties dialog and save the changes by
selecting OK; otherwise, select Cancel.

3-40 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Start the Exchange Driver

If you selected “Manual” for the Exchange driver startup option, or


selected “Auto start” but have not restarted eDirectory, you need to
manually start the Exchange driver.

1. Select the Driver Set object in the DigitalAir organizational container.

2. Right-click and select Properties.

3. Select ExDriver; then select Start.


After a few moments you should see “Running” in the Status
column.

4. Close the Properties of Driver Set dialog by selecting Cancel.

Change or Disable the eDirectory LDAP Port

The Exchange driver and Exchange Server are both configured to use
port 389 as the default LDAP port. This conflict can cause serious
problems when running the driver and the server on the same computer.

To resolve this conflict, you should change the eDirectory LDAP server
port to a different number (such as 390 or 400):

1. Start ConsoleOne.

2. Select the LDAP Server object for the server running the Exchange
driver.

3. Right-click the object and select Properties.

4. Select General > LDAP Server General.

5. Change the port number by deleting 389 in the TCP Port field and
entering another port number (such as 390).

6. Implement the change by selecting Apply; then select Refresh


NLDAP Server Now.

7. Close the properties dialog and then close ConsoleOne.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-41
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise 3-2 Import the Exchange Driver

When installing and setting up DirXML for testing in Section 1, you


created a Driver Set object in the DIGITAL-AIR-WORKFORCE tree
and imported the VRTest driver into the object.

Now you need to import the Exchange driver into the same Driver Set
object. Complete the following tasks:
■ Part I: Import the Exchange Driver into the Driver Set Object
■ Part II: Provide Login Information for Exchange Administrator
■ Part III: Enable the Exchange Driver
■ Part IV: Validate the Exchange Driver Settings
■ Part V: Start the Exchange Driver

Part I: Import the Exchange Driver into the Driver Set Object

1. Start ConsoleOne.

2. In the DigitalAir organizational container under


DIGITAL-AIR-WORKFORCE, select the Driver Set object.

3. Select Wizards > Create a new Application Driver.

4. From the Welcome window, make sure In an existing driver set is


selected and that Driver Set.DigitalAir appears as the driver set DN.

5. Continue by selecting Next.

6. Import the preconfigured Exchange driver into the Driver Set object
and configure the driver:
a. Make sure Import a pre-configured driver (XML file) is
selected; then select the browse button.
b. Select ExDriverConfig.xml; then select Open.
c. Continue by selecting Next.
The next 10 dialogs require you to enter configuration
information for the Exchange driver.

3-42 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

d. Enter the following information for each dialog; then continue to


the next dialog by selecting Accept:

Configuration Dialog Configuration Information

NDS container for new \DIGITAL-AIR-WORKFORCE\DigitalAir\


NDS users

NDS container for new \DIGITAL-AIR-WORKFORCE\DigitalAir\


NDS groups

Exchange container for /o=Digital Airlines/ou=DA1/cn=Recipients/cn=


Exchange mailboxes

Exchange container for /o=Digital Airlines/ou=DA1/cn=Recipients/cn=


Exchange distribution lists

Exchange server IP 192.168.51.128


address

Remote Exchange Server 0


Communication

Exchange server name DIGITAL-AIR-1

Exchange site name /o=Digital Airlines/ou=DA1

Domain name for new NT DA1DOMAIN


accounts

Publisher channel polling 10


frequency

Table 3-6 Configuration Information for Exercise 3-2

7. Define security parameters for the Exchange Driver:


After entering the configuration information, a dialog appears and
asks if you want to define security equivalences and exclude objects
that represent administrative roles.
a. Continue by selecting Yes.
b. Select the Memberships > Security Equal To tab; then select
Add.
c. Browse to and select the DirXMLAdmin object in the DigitalAir
organizational container; then select OK.
This gives the Exchange driver object security equivalence to the
eDirectory DirXMLAdmin object.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-43
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

d. Select the DirXML > Excluded Users tab; then select Add.
e. In the DigitalAir organizational container select the
DirXMLAdmin and Admin objects; then select OK.
This prevents the Exchange driver from synchronizing
DirXMLAdmin and Admin object information with other
directories.
f. Close the Exchange driver properties dialog and save the changes
by selecting OK.
A Summary window appears that lists the components of the
Exchange driver.

8. Finish importing the driver by selecting Finish.

9. Verify the Exchange driver is imported by expanding the Driver Set


object and looking for the ExDriver object.

Part II: Provide Login Information for Exchange Administrator

After you import the driver, you must go to the Authentication tab in the
Exchange properties dialog to enter the ID, domain, and password of the
Exchange administrator account for the mailbox objects:

1. In the driver set right-click the ExDriver object; then select


Properties.

2. Select the Authentication > DIGITAL-AIR-1-NDS tab.

3. Delete the template text for the Authentication ID; then enter
Administrator.

4. Delete the template text for the Authentication context; then enter
DA1DOMAIN.

5. For the administrator password enter and reenter novell.


This password was created during the Exchange Server installation.

6. Select Apply.

3-44 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Part III: Enable the Exchange Driver

By default, the Exchange driver is disabled. To use the driver for testing
this phase of the POC pilot, you must set the startup option to Manual.

1. Select the Startup Option > DIGITAL-AIR-1-NDS tab.


The driver is disabled from running manually or starting when
eDirectory starts.

2. Start the Exchange driver by selecting Manual.


Selecting Manual lets you start the driver without restarting
eDirectory.

3. Select Apply.

Part IV: Validate the Exchange Driver Settings

1. Select the Driver Parameters > DIGITAL-AIR-1-NDS tab.

2. Scroll down to review all settings.


Make sure that you have the correct IP address, that Remote
Exchange Driver is set to “0,” and that the slashes are forward
slashes in the Exchange site name.

3. Close the Exchange Driver properties dialog by selecting Close (or


select OK if you have made changes).

Part V: Start the Exchange Driver

1. In the DigitalAir organizational container, select the Driver Set


object.

2. Right-click and select Properties.

3. Select ExDriver in the driver list; then select Start.


After a few moments you should see “Running” in the Status
column.

4. Close the Driver Set properties dialog.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-45
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise Summary

By completing this exercise, you accomplished the following key tasks in


importing and initially configuring the Exchange driver:
■ Imported the Exchange driver into the driver set object.
Importing the driver requires that you prepare information ahead of
time (such as container names and the IP address) to successfully
import the driver with the correct configuration settings.
The same is true of all other DirXML drivers provided by Novell.
The driver is a template you need to configure for the driver to work
properly in your specific DirXML deployment.
■ Provided login information for the Exchange Administrator object.
For DirXML to perform tasks such as creating and modifying
mailboxes in Exchange, you need to provide the admin account name
and password.
■ Enabled the Exchange driver.
Although a simple step, it is often forgotten by consultants and
results in the driver not starting.
■ Validated the Exchange driver settings.
It is always wise to double-check the configuration settings you
entered while importing the driver. One misplaced or mistyped
character can result in the Exchange driver not starting.
■ Started the Exchange driver.
After you implement the DirXML drivers in a production
environment, you will probably want to have them start
automatically by changing the Startup Option setting to Auto Start.

(End of Exercise)

3-46 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Objective 4 Identify How the Exchange Driver Works

The Exchange driver is preconfigured to synchronize data between


eDirectory and the Exchange directory event log by conforming to the
filters, rules, mapping, and EXDRIVR.DLL provided by the driver.

This configuration might be exactly what you need to meet the business
requirements of your DirXML deployment.

However, for most deployments you will need to make changes to the
preconfigured filters, rules, and mapping to meet the business
requirements. You might even need to add other rules and stylesheets.

Before modifying the preconfigured driver, you must be able to explain


how the following work:
■ The Exchange Driver Schema Mapping Rule
■ The Exchange Driver Publisher Channel
■ The Exchange Driver Subscriber Channel

This knowledge comes from reviewing the contents of the filters and
rules, and testing the preconfigured driver.

After reviewing and testing the preconfigured driver, you are better
prepared to make additional changes necessary to implement the
Exchange driver in your DirXML deployment.

x The examples and exercises in this section are based on the Exchange driver
version that includes the EXDRIVERCONFIG.XML file dated 8/29/2000 and the
EXDRIVR.DLL file dated 02/05/2001.

If you use a different version of these files in your own DirXML deployment, they
might not be configured to work exactly as described in this course.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-47
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The Exchange Driver Schema Mapping Rule

The schema for classes and attributes in an application is often


significantly different from the schema used by eDirectory. For example,
the Display-Name attribute in Exchange is the Given Name attribute in
eDirectory.

To solve this coordination problem, DirXML provides a schema mapping


rule. The rule is an XML document that matches class names and
attribute names between eDirectory and the application for both the
publisher and subscriber channels.

The mapping is supported by DirXML’s access to the full eDirectory


schema and the full application schema. DirXML reads the eDirectory
schema directly from eDirectory. The DirXML driver provides an
updated view of the application schema.

Because both schemas are available, you can select any class or attribute
from eDirectory to map to any class or attribute from the application.

To understand more about the Exchange schema mapping rule, you need
to
■ View the List of Mapped Classes
■ View the Lists of Matching Attributes
■ View the XML Document for the Schema Mapping Rule

View the List of Mapped Classes

To view the list of mapped classes, do the following:

1. Open ConsoleOne and log in to the tree where the DirXML drivers
are loaded.

2. In the DirXML driver set object, select the ExDriver object.

3. Select the SchemaMappingRule object.

4. Right-click and select Properties.


The SchemaMappingRule properties dialog appears.

3-48 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

5. Select DirXML > Schema Mapping Rules.


A list of mapped classes appears:

Figure 3-13 SchemaMappingRule Dialog

The first column lists the class names for eDirectory (NDS). The
second column lists the equivalent class names in Exchange (APP).
Only 2 eDirectory classes are mapped to Exchange in this
preconfigured list. Groups in eDirectory are equivalent to distribution
lists (dl) in Exchange; users in eDirectory are equivalent to
mailboxes in Exchange.
When you create, modify, or delete a user object in eDirectory, the
schema mapping rule lets DirXML know to look for a mailbox
account in Exchange to create, modify, or delete.
The same is true of groups. When you create, modify, or delete a
group object in eDirectory, the schema mapping rule lets DirXML
know to look for a distribution list in Exchange to create, modify, or
delete.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-49
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

View the Lists of Matching Attributes

Because a class is defined by a set of attributes, you can also map


attributes based on those associated with a particular class:

1. Select the ExDriver object in the DirXML driver set object.

2. Select the SchemaMappingRule object.

3. Right-click and select Properties.


The SchemaMappingRule properties dialog appears.

4. Select the User/Mailbox class in the class mappings list; then select
Properties.
There are no attributes (properties) defined for mapping purposes in
the User/Mailbox class for the Exchange driver:

Figure 3-14 Matching Attributes for User/Mailbox Class

The same is true of the Group/dl class. No specific attributes are


mapped that are associated with this class.

3-50 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

5. Close the properties dialog for the User/Mailbox class by selecting


Close.
Although mapping classes is important when synchronizing data,
attributes are often listed in a non-specific class properties list in the
DirXML driver because they can be found in more than 1 class.

6. View the list of mapped attributes for the Exchange driver by selecting
Non-specific class properties.
The properties dialog for the non-specific class properties appears:

Figure 3-15 List of Attributes for the Schema Mapping Rule

The first column lists the attribute names for eDirectory (NDS). The
second column lists the equivalent attribute names in Exchange
(APP).

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-51
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The following lists preconfigured mapped attributes in the Exchange


driver, with the associated display name for the eDirectory attribute
in the first column:

eDirectory Display eDirectory (NDS) Exchange (APP)


Name Attribute Attribute

City city Extension-Attribute-3

Company company Company

Country co Text-Country

Department OU Department

E-Mail Address Internet EMail Address Proxy-Addresses

Full name Full Name Display-Name

Given name Given Name Given-Name

Last Name Surname Surname

Location L Physical-Delivery-Office-
Name

Middle initial Initials Initials

Phone Numbers: assistantPhone Telephone-Assistant


Assistant

Phone Numbers: Mobile mobile Telephone-Mobile

Phone Numbers: Pager pager Telephone-Pager

Phone Numbers: Phone homePhone Telephone-Home

State S State-Or-Province-Name

Street SA Address

Telephone Telephone Number Telephone-Office1

Title Title Title

Zip Code Postal Code Postal-Code

Table 3-7 Mapped Attributes in the Exchange Schema Mapping Rule

By providing a table of mapped attributes, DirXML knows where to


place attribute values (such as a city or home phone number) when
creating or modifying users/mailboxes and group/distribution lists.

3-52 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

x The attribute names you see in the schema mapping rule are the attribute
names for the eDirectory and Exchange schemas. They are not the display
(field) names you see in the property dialog boxes in ConsoleOne or
Exchange Administrator.

7. Close the non-specific class properties dialog by selecting Close.

You can add or remove a class or attribute from the mapping lists to
customize the schema mapping rule. Without a mapping, no action can
take place for the class attribute.

However, you should use filters to control the data flow between
eDirectory and Exchange before changing the preconfigured mapping
lists.

View the XML Document for the Schema Mapping Rule

The class and attribute mapping lists make it easy to manage the
mapping of classes and attributes between eDirectory and Exchange.

These lists are based on an XML document. To view and edit the XML
document, do the following:

1. In the DirXML driver set object open the ExDriver object.

2. Select the SchemaMappingRule object.

3. Right-click and select Properties.


The SchemaMappingRule properties dialog appears.

4. Select the DirXML > Edit XML tab.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-53
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

A window appears that lets you view and edit the XML document:

Figure 3-16 XML Document for Schema Mapping Rule

The mapping for each class and attribute is included in the


document.
For example, the following is the XML tags for matching the “pager”
attribute in eDirectory to the “Telephone-Pager” attribute in
Exchange:
<attr-name>
<nds-name>pager</nds-name>
<app-name>Telephone-Pager</app-name>
</attr-name>

If you are familiar with editing markup languages, it might be easier


for you to edit the XML document. The editing you do in this
window is reflected in the class and attribute mapping lists.

5. Close the properties dialog by selecting Cancel.

3-54 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

The Exchange Driver Publisher Channel

The publisher channel for the Exchange driver defines the data flow from
Exchange to eDirectory.

To understand how the publisher channel works in the Exchange driver,


you need to understand
■ The Exchange Publisher Filter
■ The Exchange Publisher Matching Rule
■ The Exchange Publisher Placement Rule

The Exchange Publisher Filter

The filter for a DirXML driver defines which classes and attributes can
be synchronized through a channel. If a class or attribute is not defined in
a filter, no events are processed for that class or attribute.

By configuring a publisher filter, you manage the flow of data and events
from the application to eDirectory. If there is no filter for the publisher
channel, no data synchronization occurs from the application to
eDirectory.

For example, if you have no user class listed in a publisher filter, no user
object is created in eDirectory when an add event occurs in the
application.

To identify how the preconfigured Exchange publisher filter works, you


need to
■ View the Publisher Filter
■ Understand How the Filter Works
■ Edit the Filter

x If you select a class or attribute for a filter, but there is no mapping for that
class or attribute in the schema mapping rule, events are not processed for that
class or attribute.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-55
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

View the Publisher Filter

To view the publisher filter for the Exchange driver, do the following:

1. Expand the ExDriver object in the DirXML driver set object.

2. Select the ExPublisher object.

3. Right-click and select Properties.


The ExPublisher properties dialog appears.

4. Select the DirXML > Filter tab.


A list of classes and attributes appears:

Figure 3-17 Exchange Filter Group Attributes

There are 2 classes listed in the first column: Group and User.

3-56 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Each class has a list of selected attributes. These attributes are the only
data that can flow from the application to eDirectory when processing an
event.

Understand How the Filter Works

The Group class in the Exchange publisher filter has only 1 attribute
selected: Full Name.

DirXML knows from the schema mapping rule that Full Name in
eDirectory matches Display-Name in Exchange. It also knows from the
same rule that the Group class in eDirectory matches the Distribution
List class in Exchange.

When you create a distribution list in Exchange, a group object is also


created in eDirectory.

However, the only information that passes from the new distribution list
to the group object in eDirectory is the data for the full name attribute.
The alias name, notes, and other attribute values for the distribution list
are not passed to eDirectory.

The same is true when modifying a distribution list in Exchange. You can
edit both the Display-Name and Alias attribute, but only the change to
the Display-Name attribute is synchronized with eDirectory.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-57
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Edit the Filter

Though there is only 1 Group attribute allowed to pass from Exchange to


eDirectory, there are several User attributes. You can add other classes
and attributes (or remove them) to meet specific business requirements.

For example, to edit the attributes for the User class, do the following:

1. Select User in the Classes column.


The following attributes appear:

Figure 3-18 Exchange Filter User Attributes

Depending on the business requirements for your DirXML


deployment, you might not want all these Exchange mailbox
attributes synchronized with the user object attributes in eDirectory.

3-58 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

2. Edit the filter by selecting Edit Filter.


The Exchange driver takes a few moments to read the class and
attribute information from eDirectory.
The following appears:

Figure 3-19 Select Filter Dialog for the Exchange Publisher Filter

In the left column are all available classes from the eDirectory
schema. When you select a class name, attributes associated with that
class are listed in the right column.
By selecting the box at the left of the class name, you add the class to
the filter. By selecting the box at the left of an attribute name, you
add the attribute to the filter.
(Remember that any class or attribute you add to the filter must have
an entry in the schema mapping rule, or the data is not
synchronized.)

3. Close the dialog without saving changes by selecting Cancel.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-59
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The Exchange Publisher Matching Rule

A matching rule is used by DirXML to determine if an object in the


application and an object in eDirectory are the same. The matching rule
helps DirXML establish an association between the objects in
eDirectory.

For example, a matching rule might state that to associate 2 user objects,
the full name and work phone number of each object must match.

When you create a user object in the application, DirXML checks the full
name and work phone numbers of the user objects in eDirectory.

If there is a match, an association is made between the objects. If there is


no match, DirXML creates a user object in eDirectory and associates that
object with the user object in the application.

x DirXML keeps an associations table in eDirectory that lists associations between


an eDirectory object and application objects. This table is updated by DirXML
and eDirectory as the result of events processed in the publisher or subscriber
channel.

To identify how the Exchange publisher matching rule works, you need
to
■ View and Understand the Matching Rule
■ Edit the Matching Rule
■ View and Understand the XML Document for the Publisher
Matching Rule

x The Exchange driver includes 2 matching rules: one for the publisher channel and
another for the subscriber channel. This is done because most DirXML
deployments require a different set of matching rules for each channel.

However, if the same set of matching rules apply to both channels, you can create
a single matching rule for both channels and place it in the DirXML driver object
(instead of in one of the channel objects).

3-60 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

View and Understand the Matching Rule

To view the Exchange publisher matching rule, do the following:

1. In the DirXML driver set object expand the ExDriver object.

2. Select the ExPublisher object.

3. Select the PublisherMatchingRule object.

4. Right-click and select Properties.


The PublisherMatchingRule properties dialog appears.

5. Select the DirXML > Matching Rules tab.

6. Expand Matching Rule in the Rules window.


The following appears:

Figure 3-20 Exchange Publisher Matching Rule

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-61
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The publisher matching rule lists the user class and the surname and
given name attributes in that class.
This means that when a mailbox in Exchange is created, DirXML
checks for a user object in eDirectory with the same surname and
given name.
If no match is found, a user object is created in eDirectory.
If a match is found, the mailbox and user object are associated, and
the rest of the attributes in the user object are modified (based on the
publisher filter and the schema mapping rule) to match the attributes
in the new mailbox.

Edit the Matching Rule

To edit the publisher matching rule do the following:

1. In the DirXML driver set object open the ExDriver object.

2. Select the ExPublisher object.

3. Select the PublisherMatchingRule object.

4. Right-click and select Properties.


The PublisherMatchingRule properties dialog appears.

5. Select the DirXML > Matching Rules tab.

6. Select Match Class or Match Attribute.

7. Select Edit Rule.

3-62 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

A Matching Rules Wizard dialog similar to the following appears:

Figure 3-21 Matching Rules Wizard Dialog

From this dialog you can add classes and attributes, edit attribute
values, and remove classes and attributes.

8. Close the Matching Rules Wizard dialog.

View and Understand the XML Document for the Publisher Matching Rule

The Matching Rules Wizard makes it easy to modify the matching rule
for the Exchange publisher channel.

However, you might feel more comfortable editing the XML document
on which the matching rules are based. To view and edit the XML
document, do the following:

1. In the DirXML driver set object, expand the ExDriver object.

2. Select the ExPublisher object.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-63
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

3. Select PublisherMatchingRule; then right-click and select


Properties.
The PublisherMatchingRule properties dialog appears.

4. Select the DirXML > Edit XML tab.


A window appears that lets you view and edit the XML document:

Figure 3-22 XML Document for Publisher Matching Rule

The matching rule for the user class and the surname and given name
attributes is included in the document:
<matching-rule>
<match-class class-name="User”/>
<match-attr attr-name=”Surname"/>
<match-attr attr-name="Given Name"/>
</matching-rule>

3-64 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Any editing you do in this window is reflected in the publisher


matching rules display.

5. Select the DirXML > Matching Rules tab.

6. Close the properties dialog by selecting Cancel.

The Exchange Publisher Placement Rule

A placement rule on a publisher channel is used by DirXML when


creating an object in eDirectory based on an Add event in the application.

When an object is created in eDirectory, DirXML checks the placement


rule to determine in which container to place the object. The criteria for
the placement can be based on class, attribute, or path.

To identify how the Exchange publisher placement rule works, you need
to
■ View and Understand the Placement Rule
■ Edit the Placement Rule
■ View the XML Document for the Publisher Placement Rule

View and Understand the Placement Rule

To view the Exchange publisher placement rule, do the following:

1. In the DirXML driver set object, open the ExDriver object.

2. Select the ExPublisher object.

3. Select the PublisherPlacementRule object.

4. Right-click and select Properties.


The PublisherPlacementRule properties dialog appears.

5. Select the DirXML > Placement Rules tab.


There are 2 placement rules under Placement Rule Root in the Rules
window.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-65
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

6. Expand both placement rules in the Rules window.


The following appears:

Figure 3-23 Exchange Publisher Matching Rule

The first placement rule in the illustration indicates that a new user
object should be placed in the DigitalAir organizational container
and named using the value for the surname attribute.
The second placement rule indicates that a new group object should
be placed in the DigitalAir organizational container and named using
the value for the full name attribute.

7. Close the PublisherPlacementRule properties dialog by selecting


Cancel.

3-66 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Edit the Placement Rule

To edit a publisher placement rule, do the following:

1. In the DirXML driver set object, open the ExDriver object.

2. Select the ExPublisher object.

3. Select the PublisherPlacementRule object.

4. Right-click and select Properties.


The PublisherPlacementRule properties dialog appears.

5. Select the DirXML > Placement Rules tab.

6. Expand a Placement Rule and select Match Class or Placement.

7. Select Edit Rule.


A Placement Rules Wizard dialog similar to the following appears:

Figure 3-24 Placement Rules Wizard Dialog

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-67
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

From this dialog you can add classes and append new items, edit
items, and remove classes and items.

8. Close the Placement Rules Wizard dialog.

9. Close the PublisherPlacementRule properties dialog.

View the XML Document for the Publisher Placement Rule

The Placement Rules Wizard makes it easy to modify the placement


rules for the Exchange publisher channel.

However, you might feel more comfortable editing the XML document
on which the rules are based. To view and edit the XML document, do
the following:

1. In the DirXML driver set object, open the ExDriver object.

2. Select the ExPublisher container.

3. Select the PublisherPlacementRule object.

4. Right-click and select Properties.


The PublisherPlacementRule properties dialog appears.

5. Select the DirXML > Edit XML tab.

3-68 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

A window appears that lets you view and edit the XML document:

Figure 3-25 XML Document for Publisher Matching Rule

The placement rules for the user and group classes are included in
the document. For example, the placement rule for the user class in
the above illustration looks like the following:
<placement-rule>
<match-class class-name="User"/>
<placement>\DIGITAL-AIR-WORKFORCE\DigitalAir\
<copy-attr attr-name="Surname"/>
</placement>
</placement-rule>
If you edit the match class or placement strings in the XML
document, the changes are reflected in the placement rules display.

6. Close the PublisherPlacementRule properties dialog.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-69
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The Exchange Driver Subscriber Channel

The subscriber channel for the Exchange driver defines the data flow
from eDirectory to Exchange.

As with the publisher channel, you control the data flow in the subscriber
channel by using filters, rules, and stylesheets.

The Exchange driver subscriber channel includes the following:


■ The Exchange Subscriber Filter
■ The Exchange Subscriber Create Rule
■ The Exchange Subscriber Matching Rule
■ The Exchange Subscriber Placement Rule

Because you already understand how to view and edit filters and rules,
you can now focus on understanding how the Exchange filters and rules
work on the subscriber channel.

The Exchange Subscriber Filter

The subscriber filter for a DirXML driver defines which classes and
attributes can be synchronized in the application when events occur in
eDirectory.

3-70 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

The subscriber filter for the Exchange driver includes the same classes
and attributes as those listed for the publisher filter:

Figure 3-26 Exchange Subscriber Filter

When you create a group in eDirectory, a distribution list is also created


in Exchange. The only information that passes from the new group to the
distribution list is the data in the full name attribute.

Attribute values in the group object such as location and department are
not passed to the distribution list.

When you create a user in eDirectory, a mailbox is also created in


Exchange. However, there are several attributes listed in the filter that
pass data through to the new mailbox.

If you want to add or remove attributes to meet the business requirements


of a DirXML deployment, you can edit both the classes and attributes
listed in the subscriber filter.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-71
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The Exchange Subscriber Create Rule

A create rule on a subscriber (or publisher) channel is used by DirXML


to determine what is required to create an object. For example, to create a
user object in eDirectory, you need to include a given name.

There is no create rule preconfigured for the Exchange publisher channel.


This means that a mailbox created in Exchange always results in a user
object created in eDirectory.

However, there is a create rule for the subscriber channel. The create rule
lists the following requirements in the Rules window:

Figure 3-27 Exchange Subscriber Create Rule

Two attribute values must be present in a new user object for a mailbox
to be created in Exchange: Given Name and L (Location). If there are no
values in these attributes, the mailbox is not created.

3-72 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

By checking the XML document, you also find the following:


<create-rule class-name="User">
<required-attr attr-name="Given Name"/>
<required-attr attr-name="L">
<value><![CDATA[San Jose]]></value>
</required-attr>

Notice that if there is no location value in the new user object in


eDirectory, a default “San Jose” value is passed to the new mailbox. This
means you only need to enter a given name to comply with the create
rule.

When implementing the create rule in DirXML deployment, you can


change the default value or remove it from the XML document.

You can also use the DirXML Creation Rules Wizard to make the same
changes, although editing the XML document might be easier if you are
familiar with editing markup languages.

The Exchange Subscriber Matching Rule

A matching rule on a subscriber channel is used by DirXML to associate


an object in eDirectory with an object in the application.

When you create an object in eDirectory, DirXML checks the defined


classes and attributes in the rule. Then DirXML attempts to associate the
eDirectory object with an object in the application.

If there is a match, an association is made. If there is no match, a new


object is created in the application.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-73
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The matching rule for the Exchange subscriber channel lists the
following requirements in the Rules window:

Figure 3-28 Exchange Subscriber Matching Rule

The rule lists the user class and the surname and given name attributes in
that class.

This means that when a user object in eDirectory is created or deleted,


DirXML checks for a mailbox in Exchange with the same surname and
given name.

If no match is found, a new mailbox is created in Exchange. If a match is


found, the user object and mailbox are associated, and the rest of the
attributes in the mailbox are modified (based on the subscriber filter and
the schema mapping rule) to match the attributes in the new user object.

3-74 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

The XML document for the subscriber matching rule reflects the same
requirements:
<matching-rule>
<match-class class-name="User"/>
<match-attr attr-name="Surname"/>
<match-attr attr-name="Given Name"/>
</matching-rule>

As with all preconfigured rules, you might need to modify the rule for a
particular DirXML deployment.

The Exchange Subscriber Placement Rule

A placement rule on a subscriber channel is used by DirXML when


creating an object in the application based on an add event in eDirectory.

When an object is created in eDirectory, DirXML checks the placement


rule to determine in which application container to place the object. The
criteria for the placement can be based on class, attribute, or path.

The placement rule for the Exchange subscriber channel lists 2


placement rules in the Rules window.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-75
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

These rules affect the placement of mailboxes and distribution lists:

Figure 3-29 Exchange Subscriber Placement Rules

For example, the first placement rule in the above illustration indicates
that a new mailbox (matched to the user class in the schema mapping
rule) should be placed in the Recipients container of the DA1 site and
named using the common name (cn=) of the user object.

The second placement rule indicates that a new distribution list (matched
to the group class in the schema mapping rule) should be placed in the
Recipients container of the DA1 site and named using the common name
(cn=) of the group object.

3-76 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

The XML document for the placement rules looks basically the same as
the content in the Rules window:
<placement-rule>
<match-class class-name="User"/>
<placement>/o=Digital Airlines/ou=DA1/
cn=Recipients/cn=<copy-name/>
</placement>
</placement-rule>
<placement-rule>
<match-class class-name="Group"/>
<placement>/o=Digital Airlines/ou=DA1/
cn=Recipients/cn=<copy-name/>
</placement>
</placement-rule>

As with all preconfigured rules, you might need to modify the rule for a
particular DirXML deployment.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-77
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise 3-3 Test the Preconfigured Exchange Driver

When you first import the Exchange driver in a POC pilot, production
pilot, or an actual deployment, you should do some preliminary testing to
see if the driver is working.

Although the tests do not need to be extensive, you should test to make
sure the publisher and subscriber channels are synchronizing data and
events, and that the schema mapping rule is operating correctly.

This provides a baseline for adding other configurations that customize


the driver for your own particular DirXML deployment. If your own
customization does not work, you can always return to the baseline and
start over.

To test the preconfigured Exchange driver for the QuickStart POC pilot,
you do the following:
■ Part I: Test the Publisher Channel Rules
■ Part II: Test the Publisher Channel Filter
■ Part III: Test the Subscriber Channel Rules
■ Part IV: Test the Subscriber Filter

Part I: Test the Publisher Channel Rules

After reviewing the rules for the Exchange publisher channel, you know
that
■ When you create a mailbox in the Exchange Recipients container, a
new user object should be created in the eDirectory DigitalAir
organizational container using the surname for the object name.
■ When you delete a mailbox in the Exchange Recipients container,
the associated eDirectory user object should be deleted.
■ When you modify the attribute values of a mailbox associated with a
user object, the data should be synchronized in the user object (as
defined by the publisher filter).

3-78 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Although the preconfigured publisher rules might not meet all the
business requirements outlined in the QuickStart BRD, you should test
the rules (as configured) to make sure they work.

To test the publisher channel rules, do the following:

1. If not already running, start ConsoleOne and Exchange


Administrator.

2. If not already running, start the ExDriver driver:


a. Right-click the Driver Set object in the DigitalAir container; then
select Properties.
b. Select the DirXML > Drivers tab.
c. Select ExDriver in the driver list; then select Start.
If the driver is running, close the Properties dialog.
d. Close the Driver Set properties dialog.

3. Create a mailbox in the Recipients container of the DA1 site in


Exchange Administrator:
a. Select the Recipients container for the DA1 site.
b. Select File > New Mailbox.
c. Enter the following information on the General tab:
First name = Juan
Initials = V
Last name = Rosario
d. Select OK.
e. Select Create a new Windows NT account; then select OK.
f. Make sure DA1DOMAIN is selected for the NT domain; then
select OK.
g. Confirm that the account will have a blank password by selecting
OK.
A new Juan Rosario mailbox appears in the contents area of the
Administrator window.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-79
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

4. Check ConsoleOne to see if a user object was created for Juan


Rosario:
a. Select Novell ConsoleOne on the taskbar.
b. Expand the DIGITAL-AIR-WORKFORCE tree.
c. Select the DigitalAir organizational container.
Is there a user object for Juan Rosario? What is the name of the
user object? Is it the given name or surname (last name)?
If the publisher channel is working correctly, a user object
named “Rosario” should be in the DigitalAir container.
Using the matching rule, DirXML should not have found another
Juan (Given Name) Rosario (Surname) in the DigitalAir
container.
There is no create rule, but the placement rule tells DirXML to
place the user object in the DigitalAir container and use Rosario
(Surname) to name the object.

5. Delete the Juan Rosario mailbox in the Exchange Recipients


container:
a. Select Exchange Administrator on the taskbar.
b. Select the Juan Rosario mailbox.
c. Select Edit > Delete >Yes.

6. Check ConsoleOne to see if the Rosario user object was deleted:


a. Select Novell ConsoleOne on the taskbar.
b. Select the DigitalAir container.
c. Select View > Refresh.
Is there a Rosario user object in the DigitalAir container? (You
might need to select Refresh again.)
If the publisher channel is working correctly, the Rosario user
object should be gone from the DigitalAir container.
When DirXML created the Rosario user object, an entry was
made in the object association table that associated the Rosario
user object with the Juan Rosario mailbox.

3-80 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Using the association, DirXML processed the delete event and


removed the user object.

Part II: Test the Publisher Channel Filter

Although there are many ways to test the publisher channel filter, you
decide to
■ Create an eDirectory User Object
■ Edit Attribute Values of an Exchange Mailbox

Create an eDirectory User Object

When you create a user object in eDirectory, DirXML creates an


associated mailbox in Exchange. (You’ll test this later in the exercise.)

This action triggers an add event in Exchange, which signals DirXML to


update the user object with all additional attribute values. The attributes
listed in the publisher filter control which attributes are updated in the
user object.

Because Exchange creates a full name and email address when creating a
mailbox, these values should be passed to the user object through the
publisher channel (based on the filter configuration).

To perform this test, do the following:

1. Create an eDirectory user object in ConsoleOne for Sabrina Huerta in


the FLIGHT OPERATIONS container:
a. Find and select the FLIGHT OPERATIONS container under
DigitalAir.
b. Select File > New > User.
c. Enter the following information in the New User dialog:
Name = SHuerta
Surname = Huerta
d. Under Assign NDS Password, select Prompt user on first login.
e. Select Define additional properties; then select OK.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-81
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

f. Select the General > Identification tab.


g. Enter Sabrina for the given name.
At this moment, only the given name and last name fields
contain data.
h. Select OK.

2. Open the Sabrina user object properties dialog and check the
General > Identification tab:
a. Double-click the SHuerta user object.
b. Select the General > Identification tab.
Are there additional fields with information filled in? Which
fields?
You should see information in the Full name and E-Mail Address
fields. This information was provided from the mailbox through
the publisher channel.
The Location field also contains information (San Jose). You
learn more about this value when testing the subscriber channel.
c. Close the properties dialog.

3. Check the full name and email address in the associated mailbox in
Exchange:
a. Select Exchange Administrator on the taskbar.
b. Select the Recipients container and press F5 (to refresh the
container contents).
c. In the Recipients container select the Sabrina Huerta mailbox.
d. Double-click to open the properties dialog.
e. Select the General tab.
The Display field (equivalent to Full Name in eDirectory)
contains the full name attribute value. The Office field
(equivalent to Location in eDirectory) contains the location
attribute value.

3-82 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

f. Select the E-mail Addresses tab.


There are 2 or more email addresses listed. The publisher filter
allows the SMTP address to flow from the mailbox to the user
object on the publisher channel.
g. Close the properties dialog by selecting OK.

Edit Attribute Values of an Exchange Mailbox

Another way to test the publisher filter is to edit attributes in a mailbox


and check to see if the values pass through the filter to the associated user
object.

To perform this test, do the following:

1. Change the office location and add a department to Sabrina’s mailbox


properties in Exchange Administrator:
a. Select Exchange Administrator on the taskbar.
b. Select the Sabrina Huerta mailbox.
c. Double-click to open the properties dialog.
d. Select the General tab; then enter LA-130 in the Office field
(replacing “San Jose”).
“Office” is the display name for the
Physical-Deliver-Office-Name attribute in Exchange. “Location”
is the display name for the L attribute in eDirectory.
e. Enter Flight Operations in the Department field.
“Department” is the display name for the Department attribute in
Exchange. “Department” is the display name for the OU attribute
in eDirectory.
f. Select OK.

2. Check ConsoleOne to see if the Location data was synchronized with


the Huerta user object:
a. Select Novell ConsoleOne on the taskbar.
b. In the FLIGHT OPERATIONS container select the SHuerta user
object.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-83
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

c. Right-click and select Properties.


d. Select the General > Identification tab.
Is there a value in the Location field? Is it the same value as the
value listed in the Office field of the Sabrina Huerta mailbox?
When you modified the mailbox by entering LA-130 in the
Office field, DirXML used the association table to associate the
mailbox with the user object in eDirectory.
The schema mapping rule matched the
Physical-Deliver-Office-Name attribute in Exchange with the L
attribute in eDirectory, and the value was updated in the user
object.

3. Check ConsoleOne to see if the Department data in Exchange was


synchronized with the Sabrina user object:
a. Check the Department field on the General > Identification tab.
Do you see a value in the Department field? Why not?
Although the association table enables data to be synchronized
between the mailbox and the user object, you also need to make
sure the attribute is mapped in the schema mapping rule and is
listed in the publisher filter.
b. Close the SHuerta properties dialog by selecting Cancel.

4. Check the schema mapping rule to see if OU is mapped to


Department:
a. In the driver set select the ExDriver object.
b. In the right window select the SchemaMappingRule object.
c. Right-click the object and select Properties.
d. Select Non-specific class properties.
Is the OU attribute mapped to the Department attribute in the
Property mappings list?
The attributes are mapped, which means DirXML should have
recognized in which eDirectory attribute to place the department
name.
However, data flow between Exchange and eDirectory is
controlled by the publisher filter, not the schema mapping.

3-84 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

e. Close both properties dialogs for the schema mapping rule.

5. Check the publisher filter to see if the OU attribute is included:


a. Select the ExPublisher object under ExDriver; then right-click
and select Properties.
b. Select the User class in the left column; then search the right
column for the OU attribute.
Is the OU attribute listed?
Even though there is a mapping for the OU attribute in the
schema mapping rule, the OU attribute is not listed for the user
object in the filter.
This means the department name will not be synchronized on the
publisher channel with a user object associated with a mailbox.

6. Add the OU attribute to the publisher filter:


a. Select Edit Filter.
DirXML begins reading the class and attribute information from
the eDirectory schema.
b. In the Select Filter dialog, select the User class in the left column
(do not deselect the class).
c. Find and check the OU attribute in the right column.
d. Select OK.
You are returned to the ExPublisher properties dialog.
e. Select the User class; then check the Attributes column for the OU
attribute.
The attribute is listed, which means the department name from
Sabrina Huerta’s mailbox can be synchronized with the
department name in her eDirectory user object.
f. Select OK.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-85
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

7. Test the reconfigured publisher filter by doing the following:


a. Double-click the SHuerta user object in the FLIGHT
OPERATIONS container; then select the General >
Identification tab.
b. Check the Department field.
Is there a department name in the field?
Because DirXML is event-driven, an event (such as add, modify,
or delete) needs to happen in Exchange before a change takes
place in eDirectory.
c. Close the SHuerta properties dialog.
d. Open the properties dialog for the Sabrina Huerta mailbox in
Exchange Administrator.
e. Select the General tab and change the Department name from
Flight Operations to Ticketing.
f. Select OK.
g. Open the properties dialog for the SHuerta user object in
ConsoleOne.
h. Select the General > Identification tab.
Is there a name in the Department field?
Because the OU attribute is included in the publisher filter,
DirXML can synchronize the data between Exchange and
eDirectory.
i. Close the properties dialog.

Part III: Test the Subscriber Channel Rules

After reviewing the rules for the Exchange subscriber channel, you know
that
■ When you create an eDirectory user object in the DigitalAir
container (or any subcontainer), a new Exchange mailbox should be
created in the Recipients container of the DA1 site.

3-86 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

■ When DirXML creates a mailbox, the mailbox must have a Given


Name (First name) and a Location (Office) attribute. If you do not
enter a given name, no mailbox is created. If you do not enter a
location, “San Jose” is used as a default value.
■ When you delete an eDirectory user object in the DigitalAir
container (or any subcontainer), the associated Exchange mailbox
should be deleted.
■ When you modify the attribute values of a user object associated
with a mailbox, the data should be synchronized in the mailbox (as
defined by the subscriber filter).

The existing Exchange driver filter and rules seem to meet the business
requirements outlined in the BRD for Digital Airlines. However, you
might need to modify at least the filter later on to meet specific
requirements.

To test the subscriber channel rules, do the following:

1. Create an eDirectory user object for Aaron Sigler in the


ADMINISTRATION container in ConsoleOne:
a. Find and select the ADMINISTRATION container under
DigitalAir in ConsoleOne.
b. Select File > New > User.
c. Enter the following information in the New User dialog:
Name = ASigler
Surname = Sigler
d. Under Assign NDS Password, select Prompt user on first login.
e. Select Define additional properties; then select OK.
f. Select the General > Identification tab.
The create rule states that a given name and location must be
entered for a mailbox to be created in Exchange.
However, if you do not enter a value for location, DirXML enters
“San Jose” for you.
g. Enter Aaron for the given name, but leave the location field blank.
h. Select OK.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-87
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

eDirectory uses the common name (cn) for the user object name
(in this case, ASigler). According to the placement rule, a
mailbox should be created in the Recipients container of
Exchange using the cn.

2. Check Exchange Administrator to see if a mailbox was created for


Aaron Sigler:
a. Select Exchange Administrator on the taskbar.
b. Select the Recipients container in the DA1 site.
Is there a mailbox for Aaron? (Remember to press F5.) What is
the name of the mailbox? Is it the common name (CN)?
Using the matching rule, DirXML did not find another Aaron
(given name) Sigler (surname) in the DigitalAir container and
created the mailbox.
Using the placement rule, DirXML should have created a
mailbox named “ASigler.” However, the mailbox name is “Aaron
Sigler” (the full name).
The placement rule allows DirXML to create a mailbox in the
Recipients container. Without a common name for the mailbox,
DirXML could not start the process.
Because the subscriber filter allows DirXML to pass the given
name and surname to the new mailbox, these values are included
in the First and Last fields of the mailbox.
Exchange uses these values to automatically create a display
name (Aaron Sigler), which is used for the mailbox name.

3. Check the mailbox properties by double-clicking the Aaron Sigler


mailbox.
The first name field is filled in with the given name. But is there a
location in the office field? What is the value?
Using the create rule, DirXML filled in the first name field. However,
because you did not fill in a location when creating the user object,
DirXML provided the default value of “San Jose.”

4. Close the mailbox properties dialog.

3-88 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

5. Switch to ConsoleOne and delete the ASigler user object in the


ADMINISTRATION container:
a. Select Novell ConsoleOne on the taskbar.
b. Select the ASigler user object in the ADMINISTRATION
container.
c. Right-click and select Delete NDS Object.
d. Delete the object by selecting Yes.

6. Check Exchange Administrator to see if the Aaron Sigler mailbox was


deleted.
Is there an Aaron Sigler mailbox in the Recipients container?
(Remember to press F5.)
If the subscriber channel is working correctly, the Aaron Sigler
mailbox should be gone from the Recipients container.
When DirXML created the Aaron Sigler mailbox, an entry was made
in the association table that associated the mailbox with the ASigler
user object.
Using this association, DirXML processed the delete event and
removed the mailbox.

Part IV: Test the Subscriber Filter

To test the subscriber channel filter, do the following:

1. Create a user object for Rachel Taylor in the FLIGHT OPERATIONS


container of ConsoleOne using the following:
Name = RTaylor
Surname = Taylor
Given name = Rachel
Last name = Taylor
Middle initial = M
Title = Operations Manager
Location = LA-201
Department = Flight Operations
Telephone = (912) 365-1234

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-89
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

2. In Exchange, check the properties of the Rachel Taylor mailbox to


verify which user object values passed through the subscriber channel.
Are all the values listed in the properties dialog? Are there values
that did not come through?
The value that did not synchronize was the department name. Even
though you added the OU attribute to the publisher filter, you must
also make sure it is listed in the subscriber filter to have the data
synchronized in both directions.

3. Close the Rachel Taylor mailbox properties dialog.

4. Check the subscriber filter in ConsoleOne to see if the department


attribute is included:
a. Select the ExSubscriber object under ExDriver in ConsoleOne;
then right-click and select Properties.
b. Select the User class in the left column; then search the right
column for the department attribute.
Do you see an OU attribute listed?
Even though there is a mapping rule for the OU attribute, if the
attribute is not listed in the filter, the attribute value is not
processed through the subscriber channel.

5. Add the OU attribute to the subscriber filter:


a. Select Edit Filter.
DirXML begins reading the class and attribute information from
the eDirectory schema.
b. Select the User class in the left column (do not deselect the class).
c. Find and select the OU attribute in the right column.
d. Select OK.
You are returned to the ExSubscriber properties dialog.

3-90 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

e. Select the User class and check the Attributes column for the OU
attribute.
The attribute is listed, which means the department value in the
user object can be synchronized with the department value in the
mailbox.
f. Select OK.

6. Test the reconfigured subscriber filter:


a. Select the RTaylor object in the Flight Operations container in
ConsoleOne; then right-click and select Properties.
b. Select the General > Identification tab.
c. Select the drop-down list button to the right of the Department
field.
d. Select Flight Operations and press the Delete key.
e. Close the drop-down list by selecting outside the list.
f. In the Department field enter Aircraft Operations.
g. Close the properties dialog by selecting OK.
This action triggers a modify event that should cause DirXML to
update the Rachel Taylor mailbox in Exchange.
h. Open the Exchange properties dialog for the Rachel Taylor
mailbox, and check the Department field.
Is there a value in the field? Does it match the value in the user
object?
Because the filter now includes the OU attribute, “Aircraft
Operations” appears in the Department field.
This also indicates there is a mapping for the attribute in the
schema mapping rule.
i. Close the properties dialog by selecting OK.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-91
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise Summary

By completing this exercise, you accomplished an important phase of


preparing to test the Exchange driver for the QuickStart DirXML
deployment.

When you first import and configure a DirXML driver, you need to
become familiar with how the driver works. This includes viewing the
filters, rules, and stylesheets and testing the driver to make sure it works
as configured.

This provides a baseline for adding other configurations that customize


the driver for your own particular DirXML deployment. If your own
customization does not work, you can always return to the baseline and
start over.

In this exercise, you tested the Exchange driver for the QuickStart
deployment by creating, modifying, and deleting mailboxes and user
objects.

You also explored the relationship between the schema mapping rule and
filters, and how filters control the flow of data between eDirectory and
the application.

(End of Exercise)

3-92 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Objective 5 Modify and Test the Exchange Driver for a DirXML


Deployment

Testing the preconfigured Exchange driver not only confirms the driver
works, it also gives you a chance to find out what you might need to
modify to meet the requirements of your DirXML deployment.

After you complete the preliminary testing of the preconfigured


Exchange driver, you are ready to configure and test the driver in a POC
pilot.

The POC pilot is the first test of your DirXML solution outlined in the
BRD. You perform the POC pilot in a lab outside of the customer’s
production environment.

You should divide the pilot into smaller phases for testing. Depending on
the nature of the deployment, you might want to test a different driver in
each phase.

The QuickStart POC pilot is divided into 4 phases, with a phase for each
driver. The first phase involves the Exchange driver and includes the
following general tasks:
■ Prepare for the Exchange Driver Phase
■ Configure and Test the Exchange Driver

Prepare for the Exchange Driver Phase

To prepare for the Exchange driver phase of a POC pilot, you need to do
the following:
■ Review the Business Requirements for the Deployment
■ Create a Checklist of Configuration Tasks
■ Create a Checklist of Tests

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-93
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Review the Business Requirements for the Deployment

Before configuring and testing the Exchange driver, you need to review
the BRD for the DirXML deployment to find business requirements that
impact the operation of the Exchange driver.

These can include items such as authoritative source requirements,


enterprise classes and attributes shared throughout the deployment,
security requirements, and data flow requirements.

You might want to make a copy of the BRD and highlight these
requirements.

Create a Checklist of Configuration Tasks

After you highlight the business requirements that might impact the
Exchange driver, create a list of these requirements. For each business
requirement, list the configuration tasks you need to complete to meet the
business requirement.

You can use this list to build a checklist of configuration tasks. You might
want to associate each configuration task with the filter, rule, or
stylesheet you need to configure to make it easier to configure the driver
in eDirectory.

Create a Checklist of Tests

After you create a checklist of configuration tasks, use the same business
requirements to create a checklist of tests to confirm the reconfigured
Exchange driver meets each requirement.

As you write each test, include the expected results of the test. This
makes it easier for other members of your team to know when the test is
successful.

Associating the tests with the business requirements makes it easier for
you and all other testers to understand the reason for the test. It also helps
you add other tests for the production pilot and final deployment.

3-94 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Configure and Test the Exchange Driver

To conduct the Exchange driver phase of a POC pilot, you need to do the
following:
■ Configure the Exchange Driver Based on the Configuration
Checklist
■ Test the Exchange Driver Based on the Test Checklist

x When you change filters or rules for a DirXML driver, the DirXML engine
recognizes those changes the next time data and events are synchronized on
the publisher or subscriber channel.

However, when you make changes to some settings of the Properties dialog
of the driver or driver channels, and have problems with the driver, try
stopping and starting the DirXML driver to make sure the changes are
recognized by the DirXML engine.

Configure the Exchange Driver Based on the Configuration Checklist

Following a configuration checklist makes it easier to prepare the


Exchange driver for a POC pilot. The checklist also provides
documentation for future changes to the current DirXML deployment.

As you configure the driver, note additional configuration needs and


tasks and add them to the configuration checklist. A thorough
documentation of the configuration during the POC pilot can prevent
significant problems during the final deployment.

Test the Exchange Driver Based on the Test Checklist

The test checklist provides a systematic approach to ensuring the


Exchange driver will perform as outlined in the BRD.

As you discover other configuration tasks that need to be completed, add


the task to the configuration checklist and configure the driver; then
perform the test again to verify the configuration works.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-95
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise 3-4 Prepare for the Exchange Phase of the Digital Airlines POC Pilot

To prepare for the first phase of the Digital Airlines POC pilot, you need
to do the following:
■ Part I: Review the Business Requirements for the QuickStart
Deployment
■ Part II: Create a Checklist of Configuration Tasks for the Exchange
Driver
■ Part III: Create a Checklist of Tests for the Exchange Phase of the
QuickStart POC Pilot

Part I: Review the Business Requirements for the QuickStart Deployment

Before you test the Exchange driver, you need to make sure the driver is
configured to meet the business requirements of the QuickStart
deployment.

The following are excerpts from the Digital Airlines BRD that affect the
deployment of the Exchange driver. Read through these requirements to
prepare for creating the configuration and testing checklists.

Authoritative Sources

Human Resources (PeopleSoft) is the authoritative source for adding and


deleting employee objects and accounts throughout the QuickStart
DirXML deployment.

Human Resources is the authoritative source for the employee name,


mailstop, department, title, and telephone number. Exchange is the
authoritative source for the employee email address.

3-96 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Enterprise Attributes

The following enterprise attributes must be synchronized across the


Digital Airlines deployment:

eDirectory Attribute Name User Object Display Name

Given Name Given name

Initials Middle initial

Surname Last name

Full Name Full name

Title Title

L Location

OU Department

Telephone Number Telephone

Internet EMail Address E-Mail Address

Table 3-8 Enterprise Attributes for the Digital Airlines Deployment

The display name is the field name you see in the user object properties
dialog.

Title is the employee job title, Location is the employee mailstop, and
Telephone is the employee work number.

If you use these attributes in your application, make sure the DirXML
driver is configured to enforce the authoritative sources for the attribute
values.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-97
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Data Flow

The data flow between PeopleSoft, eDirectory, and Exchange is


represented by the following:

Human Manager
Resources
● Sends letter of acceptance
● Receives letter of acceptance to Human Resources
● Creates employee record in PeopleSoft

DIGITAL-AIR-1

PeopleSoft
PeopleSoft
Driver

eDirectory
● Creates employee accounts
● Replicates employee accounts
to eDirectory Digital-Air-Workforce
● Creates enterprise attributes
(except email address)
● Replicates enterprise attributes
(except email address) to
eDirectory ● Receives employee accounts
● Receives email address from PeopleSoft
from eDirectory ● Replicates employee accounts
to Microsoft Exchange
Microsoft ● Receives enterprise attributes
(except email address)
Exchange from PeopleSoft
Driver ● Replicates enterprise attributes
(except email address) to
Microsoft Exchange
● Receive email address from
Microsoft Microsoft Exchange
● Replicates email address
Exchange to PeopleSoft

● Receives employee
accounts from eDirectory
● Receives enterprise
attributes (except email
address) from eDirectory
● Publishes email address
to eDirectory

Figure 3-30 Data Flow Diagram for PeopleSoft, eDirectory, and Exchange

3-98 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

The following are data flow business requirements that impact Exchange
and eDirectory:
■ When Human Resources creates an employee record in PeopleSoft,
an email account (mailbox) is created in Exchange that includes all
the values from the enterprise attributes.
■ As soon as an employee email account is created in Exchange, the
SMTP email address for the account is synchronized across the
DirXML deployment to all other applications that use an email
attribute.
■ Any changes made by Human Resources to values in the enterprise
attributes (except for the email attribute) are synchronized across the
DirXML deployment to all other applications that use these
attributes.
■ Any change made to an employee’s SMTP email address in
Exchange is synchronized across the DirXML deployment to all
other applications that use an email attribute.
■ When Human Resources deletes an employee record in PeopleSoft,
the associated accounts should be removed from all applications
across the DirXML deployment.
■ When the email administrator creates an email account in Exchange,
no associated user object should be created in eDirectory.
■ When the email administrator deletes an email account associated
with a user object in eDirectory, that user object should not be
deleted.

Part II: Create a Checklist of Configuration Tasks for the Exchange Driver

After reviewing the business requirements, you are ready to create a


checklist of configuration tasks you need to complete before configuring
and testing the Exchange driver.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-99
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

With what you know about the preconfigured Exchange driver and the
business requirements, list configuration changes you need to make to
each filter and rule to prepare the Exchange driver for testing:

Rule or Filter Configuration Changes (if any)

Publisher Filter

Publisher Matching Rule

Publisher Placement Rule

Subscriber Filter

Subscriber Create Rule

Subscriber Matching Rule

Subscriber Placement Rule

Schema Mapping Rule

Additional Rules or Stylesheets

Table 3-9 Exchange Driver Configuration Checklist

3-100 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Part III: Create a Checklist of Tests for the Exchange Phase of the QuickStart
POC Pilot

With the configuration checklist created, you are ready to create a


checklist of tests for the Exchange phase of the POC pilot.

The following are the business requirements you need to test. Fill in the
tests you must complete to validate the driver meets each business
requirement.

Remember to include the expected results to indicate how to measure a


successful test. You might also want to number the tests for easier
reference.

Business Requirements Driver Tests

An employee record created in


PeopleSoft triggers the
creation of an email account in
Exchange.

A mailbox created in Exchange


does not trigger the creation of
a user object in PeopleSoft.

Table 3-10 Exchange Driver Test Checklist

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-101
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Business Requirements Driver Tests

PeopleSoft provides and owns


all enterprise attribute values
(except for the employee email
address).

Exchange provides and owns


the employee email address.

An employee record deleted in


PeopleSoft triggers the removal
of the employee mailbox in
Exchange.

A mailbox deleted in Exchange


does not trigger the removal of
an employee record in
PeopleSoft.

Table 3-10 Exchange Driver Test Checklist (continued)

3-102 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Exercise Summary

By completing this exercise, you accomplished some key tasks in


preparing to run the first phase of the POC pilot for the QuickStart
DirXML deployment.

Specifically, you accomplished the following:


■ Reviewed the business requirements for the QuickStart deployment.
In this review of the business requirements, you are looking for
requirements that specifically impact the Exchange driver and
application.
From these requirements, you might need to write a set of
requirements that specify additional details about the relationship
between Exchange and eDirectory.
■ Created a checklist of configuration tasks for the Exchange driver.
Because you have already tested the imported Exchange driver, you
should be able to list the additional configuration tasks you need to
perform to meet the business requirements for the Exchange
application in the QuickStart deployment.
■ Created a checklist of tests for the Exchange phase of the POC pilot.
With the requirements and configuration tasks listed, you can create
a checklist of tests that match the business requirements for the
QuickStart deployment.
By completing a configuration checklist and test checklist, you can
complete an effective and thorough testing of the Exchange driver for
the QuickStart deployment.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-103
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Exercise Answers

The following are basic tasks and tests you need to complete to configure
and validate that the Exchange driver meets the business requirements.

Part II: Create a Checklist of Configuration Tasks for the Exchange Driver

The following is the checklist of tasks for the Exchange driver:

Rule or Filter Configuration Changes (if any)

Publisher Filter ■ Remove the group class.


■ Remove all attributes from the user class
except Internet EMail Address.

Publisher Matching Rule No configuration changes are necessary.

Publisher Placement Rule No configuration changes are necessary.

Subscriber Filter ■ Remove the group class.


■ Remove all attributes (including Internet EMail
Address) from the user class except for those
owned by Human Resources..

Subscriber Create Rule ■ Remove the required Location (L) attribute.

Subscriber Matching Rule No configuration changes are necessary.

Subscriber Placement Rule No configuration changes are necessary.

Schema Mapping Rule No configuration changes are necessary.

Additional Rules or Stylesheets ■ Configure a create rule on the publisher


channel that prevents a user object from being
created when creating a mailbox.
■ Configure an event transformation stylesheet
for the publisher channel that prevents a user
object associated with a mailbox from being
deleted when the mailbox is deleted.

Table 3-11 Answers to Part II of Exercise 3-4

3-104 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Part III: Create a Checklist of Tests for the Exchange Phase of the
QuickStart POC Pilot

The following is the checklist of tests for the Exchange driver:

Business Requirements Driver Tests

An employee record created in ■ Test 1: Create a user object in a subcontainer


PeopleSoft triggers the of DigitalAir. Only enter a given name and last
creation of an email account in name.
Exchange. Result: An associated mailbox is created in the
Recipients container (DA1 site).

A mailbox created in Exchange ■ Test 2: Create a mailbox in the Recipients


does not trigger the creation of container of Exchange.
a user object in PeopleSoft. Result: No associated user object is created in
the DigitalAir container of eDirectory.

PeopleSoft provides and owns ■ Test 3: Create a user object in a subcontainer


all enterprise attribute values of DigitalAir. Enter values for all enterprise
(except for the employee email attributes except for the employee email
address). address.
Result: An associated mailbox is created in the
Recipients container (DA1 site) with the data
provided from the user object.
■ Test 4: Modify 1 or more enterprise attribute
values (except for the email address) in a
mailbox associated with a user object.
Result: No changes are passed to the
associated user object.
■ Test 5: Modify 1 or more enterprise attribute
values (except for the email address) in a user
object associated with a mailbox.
Result: The changes are reflected in the
associated mailbox.

Table 3-12 Answers to Part III of Exercise 3-4

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-105
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Business Requirements Driver Tests

Exchange provides and owns ■ Test 6: Create a user object in a subcontainer


the employee email address. of DigitalAir. Only enter a given name and last
name.
Result: An email address is provided by
Exchange in the user object. The value
matches the SMTP email address in the
associated mailbox.
■ Test 7: Edit the SMTP email address in a
mailbox associated with a user object.
Result: The change is reflected in the
associated user object.
■ Test 8: Edit the email address in a user object
associated with mailbox.
Result: No changes are passed to the
associated mailbox.

An employee record deleted in ■ Test 9: Delete a user object in a subcontainer


PeopleSoft triggers the removal of DigitalAir that is associated with an
of the employee mailbox in Exchange mailbox.
Exchange. Result: The associated mailbox is removed
from the Recipients container (DA1 site) in
Exchange.

A mailbox deleted in Exchange ■ Test 10: Delete a mailbox in the Recipients


does not trigger the removal of container of Exchange that is associated with
an employee record in a user object.
PeopleSoft. Result: The associated user object is not
removed from eDirectory.

Table 3-12 Answers to Part III of Exercise 3-4 (continued)

Although these tests might be adequate, you might discover other tests
you want to add to the checklist for the production pilot and final
deployment.

(End of Exercise)

3-106 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Exercise 3-5 Configure and Test the Exchange Driver for the Digital Airlines
POC Pilot

With the configuration and test checklists created, you can conduct a
POC pilot for the Exchange phase of the Digital Airlines deployment.

To do this, you need to


■ Part I: Configure the Exchange Driver
■ Part II: Test the Exchange Driver

Part I: Configure the Exchange Driver

The following are the tasks from the checklist that you need to
accomplish to configure the Exchange driver:
■ Configure the Publisher Filter
■ Configure the Subscriber Filter
■ Configure the Subscriber Create Rule
■ Create a Publisher Create Rule
■ Create a Publisher Event Transformation Stylesheet
■ Restart the Exchange Driver

For each task, you are provided basic steps and notes for completing the
configuration.

Configure the Publisher Filter

To configure the publisher filter, do the following:

1. In ConsoleOne, open the properties dialog for the Exchange driver


ExPublisher object.
The business requirements do not include synchronization of the
group class. To prevent synchronization, you need to remove the
class from the filter.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-107
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

2. Select the Group class; then select Remove class.


The business requirements list Exchange as the authoritative data
source for the email address. This means only the email address
attribute should be listed for the user class on the publisher filter.

3. Select the User class; then select Edit Filter.

4. Deselect all attributes for the user class except Internet EMail
Address; then select OK.
Only the user class should be displayed with an Internet EMail
Address attribute.

5. Close the properties dialog by selecting OK.

Configure the Subscriber Filter

To configure the subscriber filter, do the following:

1. In ConsoleOne, open the properties dialog for the Exchange driver


ExSubscriber object.
The business requirements do not include synchronization of the
group class. To prevent synchronization, you need to remove the
class from the filter.

2. Select the Group class; then select Remove class.

3. Select the User class; then select Edit Filter.


The business requirements indicate that Human Resources is the
authoritative data source for the following attributes:
Full Name
Given Name
Initials
L
OU
Surname
Telephone Number
Title

3-108 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

These should be the only attributes included in the subscriber filter to


allow data to flow from Human Resources through eDirectory to
Exchange.

4. Make sure only the attributes owned by Human Resources (listed in


Step 3) are selected; then select OK.

5. Close the properties dialog by selecting OK.

Configure the Subscriber Create Rule

To configure the subscriber create rule, do the following:

1. Open the properties dialog for the SubscriberCreateRule object and


expand Creation Rule for ‘User’ in the Rules edit window.
The business requirements indicate that the L (Location) attribute is
not required to properly create a mailbox. The attribute can be
removed.

2. Select Required Attribute (L); then select Edit Rule.

3. Select the L required attribute.

4. Select Remove required attribute; then select Finish.

5. Close the properties dialog by selecting OK.

Create a Publisher Create Rule

One of the business requirements states that only PeopleSoft in Human


Resources has the authority to create new employee accounts.

This means a mailbox created in Exchange must not trigger the creation
of a user object in eDirectory, which can result in the new employee
being added to other applications (such as PeopleSoft).

To prevent this from happening, you can configure a create rule on the
publisher channel that has a non-existent required attribute.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-109
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

To create the create rule, do the following:

1. Create a PublisherCreateRule object for the publisher channel:


a. Select the ExPublisher object under ExDriver in eDirectory
(ConsoleOne).
b. Right-click and select New > Object.
c. Select the DirXML-Rule class; then select OK.
d. For the rule name enter PublisherCreateRule.
e. Select the Creation rules type > Define additional properties >
OK.
The properties dialog for the PublisherCreateRule appears.

2. Add a required attribute to the create rule:


a. Make sure the DirXML > Creation Rules tab is selected; then
select Append new rule.
This starts the Creation Rule Wizard to guide you through
creating the rule you need.
b. For the description enter Don’t Allow User Object Creation;
then select Next.
c. From the class drop-down list, select the User class; then select
Next.
A blank list of matching attributes appears.
d. Because you do not want to match attributes, leave the list blank;
then select Next.
A blank list of required attributes appears.
To prevent the Exchange driver from creating an associated user
object when a new mailbox is added to the Recipients container,
you can list a non-existent required attribute in a publisher create
rule.
When processing the add event from the Exchange event log for
a new mailbox, DirXML will try to create an associated user
object in eDirectory using the required attribute.

3-110 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

However, because the attribute is not part of the eDirectory


schema, DirXML will not be able to find it, and will end
processing the add event. The result is that a user object is not
created in eDirectory.
e. Add a required attribute to the rule by selecting Edit required
attribute list.
You edit the name of the attribute to be a non-existent attribute
after creating the rule.
f. Select the ACL attribute and select OK; then select Next.
You are asked for the name of a template you want to add to the
rule.
g. Because you do not want to include a template in the rule, leave
the template name blank and select Finish.
The properties dialog for the publisher create rule appears.
h. Create the XML document for the create rule by selecting Apply.

3. Change the required attribute name to a non-existent attribute:


a. View the XML document for the create rule by selecting the
DirXML > Edit XML tab.
In the XML Editor, you should see the following required
attribute tag:
<required-attr attr-name=”ACL”/>
Because “ACL” is an existing attribute in the eDirectory schema,
you need to replace it with a non-existent attribute name.
b. Replace “ACL” in the required attribute tag with MyAttrib.
The required attribute tag should look like the following:
<required-attr-name=”MyAttrib”/>

4. Close the properties dialog and save the create rule by selecting OK.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-111
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Create a Publisher Event Transformation Stylesheet

One of the business requirements states that only PeopleSoft in Human


Resources has the authority to delete terminated employee accounts.

This means a mailbox deleted in Exchange must not trigger the deletion
of the associated user object in eDirectory, which can result in the
employee account being deleted from other applications (such as
PeopleSoft).

To prevent this from happening, you can configure an event


transformation stylesheet for the publisher channel that includes a delete
event, but without instructions or parameters for transforming the event.

Because there are no instructions for transforming the delete event,


DirXML stops processing the delete event. The result is that there is no
delete event passed through the publisher channel.

To create the event transformation stylesheet, do the following:

1. Create a NoDeleteStyleSheet object for the publisher channel:


a. Select the ExPublisher object under ExDriver in eDirectory
(ConsoleOne).
b. Right-click and select New > Object.
c. Select the DirXML-StyleSheet class; then select OK.
d. For the name enter NoDeleteStyleSheet; then select Define
additional properties > OK.
A properties dialog for the stylesheet appears with the XML
Editor open.

2. Copy the XML document for the stylesheet.


Because you have not learned how to create the XSLT document you
need, the document is provided for you.
a. Start Notepad; then open the NODELETE.XML file from the
D:\Lab Files\Section 3\Exchange directory your Student CD.
(To see the file, select All Files for the file type.)
b. Select and copy the entire contents of the document.

3-112 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

c. Return to the properties dialog in ConsoleOne and paste the


document into the XML Editor window.
Near the bottom of the window, you should see the following
XSL tag:
<xsl:template match=”delete"/>
This is an instruction to DirXML to match on a delete event.
However, the “/” at the end of the tag indicates the command is
empty. There are no instructions.
Without instructions for transforming the delete event, DirXML
stops the process before an association is made between the
mailbox and the user object.
The result is that the associated user object in eDirectory is not
deleted.
d. Save the stylesheet by selecting OK.

3. Add the NoDeleteStyleSheet stylesheet to the list of attributes


configured for the ExPublisher channel.
Although you’ve created the event transformation stylesheet, you
still need to add it to the list of attributes the ExPublisher driver uses
when processing data and events in the Publisher channel.
a. Select the ExPublisher object under ExDriver in eDirectory
(ConsoleOne).
b. Right-click and select Properties.
c. Select the Other > Edit tab; then select Add.
d. Select the DirXML-EventTransformationRule attribute and
select OK.
e. Select the browse button at the right of the empty field under the
transformation rule attribute.
f. Under the ExPublisher object select NoDeleteStyleSheet > OK.
g. Close the properties dialog by selecting OK.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-113
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Restart the Exchange Driver

When you make changes to the filters or rules for a DirXML driver, the
DirXML engine recognizes those changes the next time data and events
are synchronized on the publisher or subscriber channel.

However, when you make changes to settings on the properties dialog of


the DirXML driver or driver channels, you should stop and start the
DirXML driver to make sure the changes are recognized by the DirXML
engine.

When configuring the Exchange driver for the QuickStart deployment,


you added a DirXML-EventTransformationRule attribute to the publisher
channel properties.

For this property to be recognized and used by the publisher channel, you
need to restart the Exchange driver.

To restart the driver, do the following:

1. Select the Driver Set object in eDirectory (ConsoleOne).

2. Right-click and select Properties.

3. Select ExDriverd; then select Stop.


You only need to complete this step if the driver is running.

4. When the driver status is “Stopped,” select Start.

5. Close the properties dialog by selecting Cancel.


You can now test the reconfigured Exchange driver.

3-114 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Part II: Test the Exchange Driver

The following are the tests from the checklist you must accomplish to
conduct the Exchange phase of the POC pilot:
■ Test 1: Create a User Object with a Given Name and Last Name
■ Test 2: Create a Mailbox in Exchange
■ Test 3: Create a User Object with All Enterprise Attributes Except
for Email Address
■ Test 4: Modify 1 or More Enterprise Attributes (Except Email
Address) in a Mailbox
■ Test 5: Modify 1 or More Enterprise Attributes (Except Email
Address) in a User Object
■ Test 6: Create a User Object with a Given Name and Last Name to
Test Email Address Flow
■ Test 7: Edit the SMTP Email Address in a Mailbox Associated with
a User Object
■ Test 8: Edit the Email Address in a User Object Associated with a
Mailbox
■ Test 9: Delete a User Object Associated with a Mailbox
■ Test 10: Delete a Mailbox Associated with a User Object

For each test, you are provided a test description and results (from the
checklist) and basic steps and notes for completing the test.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-115
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Test 1: Create a User Object with a Given Name and Last Name

The following is the test description and results:

Test Description Test Results

Create a user object in a subcontainer of An associated mailbox is created in the


DigitalAir. Only enter a given name and Recipients container (DA1 site).
last name.

Table 3-13 Test 1 for Exercise 3-5

To run the test, do the following:

1. Create a user object for Lynn Palena in the ADMINISTRATION


subcontainer of the DigitalAir container in eDirectory (ConsoleOne)
using the following:
Name = LPalena
Surname = Palena
Given name = Lynn
Last name = Palena

2. Verify that a Lynn Palena mailbox was created by DirXML in the


Recipients container (DA1 site) of Exchange.
You might need to refresh the contents of the container by pressing
F5.
Is there a Lynn Palena mailbox in the Recipients container?
If not, check the subscriber create rule to make sure Given Name is a
required attribute. Also check the subscriber filter to make sure the
user class and given name attribute are listed.
Because a mailbox was created in Exchange, you can assume that
when the PeopleSoft driver creates a user object in eDirectory, the
add event will trigger the creation of a mailbox in Exchange.

3-116 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Test 2: Create a Mailbox in Exchange

The following is the test description and results:

Test Description Test Results

Create a mailbox in the Recipients No associated user object is created in


container of Exchange. the DigitalAir container of eDirectory.

Table 3-14 Test 2 for Exercise 3-5

To run the test, do the following:

1. Create a mailbox for Paul Rossi in the Recipients container (DA1 site)
of Exchange:
❑ Fill in the First and Last name fields only.
❑ Create a new Windows NT account in DA1DOMAIN using
PaulR for the account name.

2. Check in eDirectory for a user object for Paul Rossi.


Did DirXML create a user object in DigitalAir (or any
subcontainers) for Paul?
If so, check the publisher create rule to make sure you entered
“MyAttrib” for the required attribute. Also make sure Internet
E-Mail Address is the only attribute listed for the user class in the
publisher filter.
With a non-existent attribute such as “MyAttrib” in the create rule,
DirXML should not complete the process of creating a user object
for Paul Rossi.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-117
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Test 3: Create a User Object with All Enterprise Attributes Except for Email
Address

The following is the test description and results:

Test Description Test Results

Create a user object in a subcontainer of An associated mailbox is created in the


DigitalAir. Enter values for all enterprise Recipients container (DA1 site) with the
attributes except for the employee email data provided from the user object.
address.

Table 3-15 Test 3 for Exercise 3-5

To run the test, do the following:

1. Create a user object for Rahul Rajan in the HUMAN RESOURCES


subcontainer of the DigitalAir container in eDirectory (ConsoleOne)
using the following:
Name = RRajan
Surname = Rajan
Given name = Rahul
Last name = Rajan
Full name = Rahul Rajan
Middle initial = R
Title = Resource Manager
Location = LA-145
Department = Human Resources
Telephone = (912) 445-1234

2. Verify that a Rahul Rajan mailbox was created by DirXML in the


Recipients container (DA1 site) of Exchange.

3. Verify that all information you entered in the user object was passed
by DirXML to the mailbox.
All information should be available on the General tab of the
mailbox properties dialog.
Is all the information listed on the page? Are there missing attribute
values?

3-118 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

If so, check the subscriber filter to make sure all the enterprise
attributes (except for Internet E-Mail Address) are listed for the user
class.

Test 4: Modify 1 or More Enterprise Attributes (Except Email Address) in a


Mailbox

The following is the test description and results:

Test Description Test Results

Modify one or more enterprise attribute No changes are passed to the


values (except for the email address) in a associated user object.
mailbox associated with a user object.

Table 3-16 Test 4 for Exercise 3-5

To run the test, do the following:

1. Open the properties dialog for the Rahul Rajan mailbox in Exchange
Administrator.

2. Make the following changes to the Title and Office fields:


Title = Vice President
Office = LA-301

3. Close the properties dialog by selecting OK.

4. Check to see if the changes are reflected in the properties dialog of the
Rahul user object in the HUMAN RESOURCES subcontainer of the
DigitalAir container in eDirectory (ConsoleOne).
If the title or location has changed, check the publisher filter to make
sure Internet E-Mail Address is the only attribute listed for the user
class.
By limiting the information that can flow from Exchange to
eDirectory, you make sure PeopleSoft is the authoritative source for
the enterprise schema attributes.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-119
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Test 5: Modify 1 or More Enterprise Attributes (Except Email Address) in a


User Object

The following is the test description and results:

Test Description Test Results

Modify 1 or more enterprise attribute The changes are reflected in the


values (except for the email address) in a associated mailbox.
user object associated with a mailbox.

Table 3-17 Test 5 for Exercise 3-5

To run the test, do the following:

1. Open the properties dialog for the RRajan user object in eDirectory
(ConsoleOne).

2. Make the following changes to the Title and Location fields on the
General > Identification tab:
Title = Employee Advisor
Location = LA-223
You need to delete the existing values before you enter the new
information as DirXML only uses the first value in a multi-value
field.

3. Check to see if the changes are reflected in the properties dialog of the
Rahul Rajan mailbox in Exchange Administrator.
If the title or office has not changed, check the subscriber filter to
make sure the Title and L attributes are listed for the user class.
Listing the enterprise attributes (except for Internet E-Mail Address)
in the subscriber filter allows changes for these attributes to flow
from PeopleSoft through eDirectory to Exchange.
This configuration supports PeopleSoft (not Exchange) as the
authoritative source for these attribute values.

3-120 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Test 6: Create a User Object with a Given Name and Last Name to Test
Email Address Flow

The following is the test description and results:

Test Description Test Results

Create a user object in a subcontainer of An email address is provided by


DigitalAir. Only enter a given name and Exchange in the user object. The value
last name. matches the SMTP email address in the
associated mailbox.

Table 3-18 Test 6 for Exercise 3-5

To run the test, do the following:

1. Create a user object for Toru Chen in the IS&T subcontainer of the
DigitalAir container in eDirectory (ConsoleOne) using the following:
Name = TChen
Surname = Chen
Given name = Toru
Last name = Chen

2. Verify that a Toru Chen mailbox was created by DirXML in the


Recipients container (DA1 site) of Exchange.

3. Verify that an email address appears on the General > Identification


tab of the properties dialog for the TChen user object in eDirectory
(ConsoleOne).
Is the email address listed on the page? (Make sure you close and
reopen the properties dialog to see the change.)
If not, check the publisher filter to make sure the Internet E-Mail
Address attribute is listed for the user class.
Listing the Internet E-Mail Address in the publisher filter allows the
data for that attribute to flow from Exchange through eDirectory to
PeopleSoft.
This configuration supports Exchange (not PeopleSoft) as the
authoritative source for the email address.

4. Close the properties dialog.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-121
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Test 7: Edit the SMTP Email Address in a Mailbox Associated with a User
Object

The following is the test description and results:

Test Description Test Results

Edit the SMTP email address in a The change is reflected in the associated
mailbox associated with a user object. user object.

Table 3-19 Test 7 for Exercise 3-5

To run the test, do the following:

1. Open the properties dialog for the Toru Chen mailbox in Exchange
Administrator.

2. Select the E-mail Addresses tab.

3. Select SMTP address in the list; then select Edit.

4. Delete ToruC in the email address and enter TChen.


The edited email address should be
TChen@DA1.DigitalAirlines.com.

5. Save the change by selecting OK.

6. Close the properties dialog by selecting OK.

7. Validate that the email address also changed on the General >
Identification tab of the TChen user object properties dialog in
eDirectory (ConsoleOne).
Has the email address changed in the user object?
If not, check the publisher filter to make sure the Internet E-Mail
Address attribute is listed for the user class.
You might also want to check the schema mapping rule to make sure
the Internet E-Mail Address attribute in eDirectory is mapped to the
Proxy-Addresses attribute in Exchange.
Again, this configuration supports Exchange (not PeopleSoft) as the
authoritative source for the email address.

3-122 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Test 8: Edit the Email Address in a User Object Associated with a Mailbox

The following is the test description and results:

Test Description Test Results

Edit the email address in a user object No changes are passed to the
associated with mailbox. associated mailbox.

Table 3-20 Test 8 for Exercise 3-5

To run the test, do the following:

1. Open the properties dialog for the TChen user object in eDirectory
(ConsoleOne).

2. On the General > Identification tab, edit the email address to reflect the
following:
ToruChen@DA1.DigitalAirlines.com

3. Close the properties dialog by selecting OK.

4. Check the E-mail Addresses tab on the properties dialog of the Toru
Chen mailbox in Exchange Administrator.
Is the change reflected in the SMTP email address?
If so, check the subscriber filter to make sure the Internet E-Mail
Address attribute is not listed for the user class.
By blocking the flow of the email address from eDirectory to
Exchange (through filter configuration), you are supporting
Exchange as the authoritative data source for the email address.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-123
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Test 9: Delete a User Object Associated with a Mailbox

The following is the test description and results:

Test Description Test Results

Delete a user object in a subcontainer of The associated mailbox is removed from


DigitalAir that is associated with an the Recipients container (DA1 site) in
Exchange mailbox. Exchange.

Table 3-21 Test 9 for Exercise 3-5

To run the test, do the following:

1. Delete the TChen user object in the IS&T subcontainer of DigitalAir


in eDirectory (ConsoleOne).

2. Verify the results in the Recipients container (DA1 site) of Exchange


Administrator.
Is the Toru Chen mailbox gone from the Recipients container?
(Press F5.)
If not, check the matching rule on the subscriber channel to make
sure both the given name and surname are listed as required
attributes.
The test result supports the requirement that PeopleSoft is the
application that controls deletion of user objects and accounts
throughout the DirXML deployment.

3-124 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Test 10: Delete a Mailbox Associated with a User Object

The following is the test description and results:

Test Description Test Results

Delete a mailbox in the Recipients The associated user object is not


container of Exchange that is associated removed from eDirectory.
with a user object.

Table 3-22 Test 10 for Exercise 3-5

To run the test, do the following:

1. Delete the Lynn Palena mailbox in the Recipients container (DA1 site)
of Exchange Administrator.

2. Verify the results in the ADMINISTRATION subcontainer of


DigitalAir in eDirectory (ConsoleOne).
Did DirXML delete the LPalena user object in the
ADMINISTRATION subcontainer?
If so, check the NoDeleteStyleSheet to make sure the match XSLT
command template is formatted correctly. Also, try restarting the
driver again.
Although the mailbox has been removed, the user object still exists.
If you still want the user object associated with a mailbox in
Exchange, do the following:

3. Select the LPalena user object in the ADMINISTRATION


subcontainer of eDirectory (ConsoleOne).

4. Right-click and select Properties.

5. Scroll the tabs at the top of the properties dialog to the left until the
DirXML tab (the last tab) appears.

6. Select the DirXML > Associations tab.

7. Remove the association with the non-existent mailbox in Exchange by


selecting the ExDriver.DriverSet.DigitalAir driver object; then
select Remove.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-125
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

By removing the association, DirXML uses the rules on the


subscriber channel when an event happens in eDirectory for the
LPalena user object.
Because there is no matching mailbox in Exchange, DirXML uses
the create and placement rules to create a mailbox for Lynn Palena in
the Recipients container.

8. Close the properties dialog box by selecting OK.

9. Generate an event for LPalena by entering Administration for the


department name on the General > Identification tab for the LPalena
user object.

10. Save the change by selecting OK.

11. Check the Recipients container in Exchange Administrator (press F5


to refresh the container contents).
Did DirXML create a Lynn Palena mailbox? Did DirXML include
values from all the fields on the General > Identification tab in the
new mailbox?
The test results match the business requirements. You have
completed the Exchange phase of the POC pilot.

3-126 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Exercise Summary

By completing this exercise, you finished the Exchange phase of the


QuickStart POC pilot and are ready to continue with the Netscape
Directory phase of the pilot.

Specifically, you accomplished the following:


■ Configured the Exchange driver.
With a prepared checklist, there is no trial and error or guesswork
involved in configuring the driver. You can quickly accomplish the
task and move on to testing the configured driver.
■ Tested the Exchange driver.
Because of your preparation, testing the Exchange driver is a much
more thorough and enjoyable experience. You can even involve the
other members of your project team by handing them the checklist.
As with most initial testing, you might find that you need to make
some additional changes to your configuration of the Exchange
driver to make sure the deployment is working correctly.
You should also remember to restart the driver when making changes
to the properties dialogs for the driver.

(End of Exercise)

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-127
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Summary

Objectives What You Learned

1. Identify How To identify how the Exchange Server works, you must know the following:
Microsoft
■ Exchange Server Purpose. Exchange Server is a messaging system that enables
Exchange Server
people to exchange email messages and collaborate through group scheduling,
Works
threaded discussions, and workflow.
■ Exchange Server Hierarchy. To make it easier to manage servers with Exchange, you
can group servers into organizations, sites, and locations. An organization is the largest
administrative unit that contains servers organized into 1 or more sites. You can group
servers into 1 or more locations within a site.
■ Exchange Server Components. There are 4 basic Exchange components that facilitate
the delivery of email messages:
■ Information Store. This is the central repository for all public and private messages
and documents processed through Exchange.
■ Directory. The directory is divided into a directory database and directory service.
The directory database stores information for all directory objects. Directory service
is a Windows NT server process that manages information in the directory database
and handles directory requests.
■ Message Transfer Agent (MTA). The MTA delivers messages to a destination on
another server. The MTA works with the Internet mail service to deliver email
messages over the Internet.
■ System Attendant. The system attendant is a maintenance service that must be
running for other Exchange services to operate.
■ Exchange Server Recipient Types. Exchange Server receives messages and
information through objects known as recipients.
Basic recipients include mailboxes, distribution lists, custom recipients, public folders,
and mailbox agents. Mailboxes and distribution lists are similar to user objects and group
objects in eDirectory.
■ Microsoft Exchange Serve Email Client Support. Exchange provides email through
an email client (such as Outlook 97) supported by standard internet protocols (such as
SMTP, POP3, LDAP, and IMAP) or a third-party connector.

3-128 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Objectives What You Learned

1. Identify How Exchange Server and the DirXML Driver. When you use Exchange Server to send an
Microsoft email message, the following occurs:
Exchange Server
■ The message is delivered to the information store.
Works (continued)
■ The information store searches the directory for an address. If the recipient is on the
same server, the information store delivers the message; if not, the MTA delivers the
message.
■ The system attendant runs in the background, making sure the components and
services run smoothly.
■ The Exchange driver contacts the directory to synchronize data between applications in
a DirXML deployment.
The directory contains an event (transaction) log. The Exchange driver polls the event
log at regular intervals for new events; then it processes those events based on the
driver filter, rules, and stylesheets.

2. Use Exchange To use the Exchange Administrator for testing the Exchange driver, you must be able to do
Administrator the following:
■ Start the Administrator. Make sure you have the right server selected when starting (or
after starting) the program.
The Administrator window is a graphical view of all users and resources in an
organization. The container area on the left side of the window shows directory container
objects. The content area on the right side of the window shows the objects in a
container.
■ Display Objects in the Administrator Window. Objects can be containers or individual
items (such as a mailbox) in an Exchange directory hierarchy.
You can view objects in the container or contents area by selecting the plus button (+)
next to an object or container to expand the directory.
■ Create a Mailbox. A mailbox is an object that represents an email user in Exchange. You
can create a mailbox by selecting File > New Mailbox.
■ Modify Mailbox Properties. The mailbox properties dialog includes several tabs of
information. The attributes that synchronize with eDirectory (through the driver) are
found on the General, Phone/Notes, and Email Addresses tabs.
You can edit mailbox properties by double-clicking the mailbox.
■ Delete a Mailbox. You can delete a mailbox by selecting Edit > Delete or by pressing the
Delete key.
Deleting a mailbox does not delete the associated Windows NT account unless you
select the “Delete primary Windows NT account when deleting mailbox” option on the
Options dialog.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-129
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objectives What You Learned

3. Import the To import the Exchange driver, you must be able to do the following:
Exchange Driver
■ Check the Exchange Driver System Requirements. Before importing the driver, make
sure the server meets the system requirements for the Exchange driver.
Make sure that eDirectory and DirXML are installed and that you have Exchange 5.5
installed.
■ Gather the Exchange Import Information. Before importing the Exchange driver,
gather the configuration information.
This information includes the following:
■ The eDirectory containers where new eDirectory users and groups will be added.
■ The default Exchange containers where mailboxes and distribution lists will be
added.
■ The name and IP address of the Microsoft Exchange Server.
■ The name of the Exchange site the driver will administer.
■ The name of the domain for new Windows NT accounts.
■ The remote Exchange Server communication (true or false).
■ The polling frequency for the publisher channel (in seconds).
■ Import the Exchange Driver Using the Application Driver Creation Wizard. The
Exchanger driver consists of 2 files:
■ EXDRIVR.DLL is the driver shim.
■ EXDRIVERCONFIG.XML contains the preconfigured XML documents for the filters
and rules in the Exchange driver.
To import the driver, you need to
■ Start ConsoleOne.
■ Create a driver set object to store the driver.
■ Import the Exchange driver into eDirectory.
You use the Application Driver Creation Wizard to guide you through importing the driver.
During the import, you select the EXDRIVERCONFIG.XML file which guides you through
entering the configuration information you previously gathered.
You also configure security parameters by giving the Exchange driver object security
equivalence to the DirXMLAdmin object and prevent the driver from synchronizing
DirXMLAdmin and Admin information with other directories by excluding it as a user
during DirXML processing.
■ Configure eDirectory for the Exchange Driver. After importing the Exchange driver,
you need to perform several tasks with ConsoleOne:
■ Provide login information for Exchange Administrator
■ Enable and start the Exchange driver
■ Change the eDirectory LDAP server port to a value other than 390 or disabling the
server port

3-130 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Microsoft Exchange and eDirectory Using DirXML

Objectives What You Learned

4. Identify How the To identify how the preconfigured Exchange driver works, you must be able to understand
Exchange Driver and test the following:
Works
■ The Exchange Driver Schema Mapping Rule. To read and modify the Exchange
schema mapping rule, you need to
■ View the List of Mapped Classes. Only the group and user classes are mapped (to
the dl and mailbox classes in Exchange).
■ View the Lists of Matching Attributes. Several attributes are mapped in the
Non-specific Class Properties list. These include most of the attributes on the
General > Identification tab in ConsoleOne and the General tab in Exchange
Administrator.
■ View the XML Document for the Schema Mapping Rule. The mapping for each
class and attribute is included in the XML document. You can add other mappings to
the document, or use the Add feature to add them to the property mappings list.
■ The Exchange Driver Publisher Channel. To identify how the publisher channel works
in the Exchange driver, you need to understand
■ The Exchange Publisher Filter. The publisher filter contains 2 classes (Group and
User). The group class only contains the Full Name attribute. The user class contains
commonly shared attributes.
The only information that passes from Exchange to eDirectory are these classes and
attributes. All others are ignored.
You can use the Edit Filter feature to add other classes and attributes to the publisher
filter. Remember that any class or attribute you add to the filter must have an entry in
the schema mapping rule or the data will not be synchronized.
■ The Exchange Publisher Matching Rule. The publisher matching rule lists the user
class and the Surname and Given Name attributes in that class. This means that
when a mailbox in Exchange is created, DirXML checks for a user object in
eDirectory with the same surname and given name.
■ The Exchange Publisher Placement Rule. When you create a distribution list or
mailbox in Exchange, an associated group or user object is placed in eDirectory in
the containers indicated by this rule.
■ The Exchange Driver Subscriber Channel. To identify how the subscriber channel
works in the Exchange driver, you need to understand
■ The Exchange Subscriber Filter. The subscriber filter is configured exactly like the
publisher filter, and controls the flow of data from eDirectory to Exchange.
■ The Exchange Subscriber Create Rule. A given name and location must exist in a
user object for an associated mailbox to be created in Exchange.
■ The Exchange Subscriber Matching Rule. The subscriber matching rule is
configured like the publisher matching rule. When you create a user object, DirXML
checks for a mailbox with the same last name and first name.
■ The Exchange Subscriber Placement Rule. When you create a group or user
object, an associated distribution list or mailbox is placed in Exchange in the
containers indicated by this rule.

Revision 1.0 This document should only be used by a Novell-certified instructor. 3-131
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objectives What You Learned

5. Modify and Test To modify and test the Exchange driver for a DirXML deployment, you must be able to do the
the Exchange following:
Driver for a
■ Prepare for the Exchange Driver Phase. To prepare for the Exchange driver phase of
DirXML
Deployment
a POC pilot, do the following:
■ Review the Business Requirements for the Deployment. Make a copy of the
BRD and highlight the requirements that impact the operation of the Exchange
driver.
■ Create a Checklist of Configuration Tasks. For each business requirement, list the
configuration tasks you need to complete to meet the business requirement.
■ Create a Checklist of Tests. For each business requirement, create a checklist of
tests to confirm that the reconfigured MIcrosoft Exchange driver meets the
requirement.
Include the expected results of the test. This makes it easier for others to know when
the test is successful.
■ Configure and Test the Exchange Driver. To conduct the Exchange driver phase of a
POC pilot, do the following:
■ Configure the Exchange driver based on the configuration checklist.
■ Test the Exchange driver based on the test checklist.

3-132 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
SECTION 4 Synchronize Netscape Directory
Server and eDirectory Using DirXML

In this section you learn how to synchronize eDirectory with Netscape


Directory Server by installing and configuring the Netscape/LDAP
driver.

Objectives
1. Describe Netscape Directory Server

2. Use the Netscape Console

3. Explain How the Netscape/LDAP DirXML Driver Works

4. Install and Configure the Netscape/LDAP Driver

Introduction

Digital Airlines has 2 eDirectory trees.

The first is for employees at Site A and is managed by Robb. This tree is
used to manage employees in the Marketing and Sales and Human
Resources departments as well as LAN resources for those employees.

The second tree is for employees in Site B and is managed by Michelle.


This tree is used to manage employees in the Reservations department as
well as LAN resources for those employees.

For this section, you will work in the second eDirectory tree
(DIGITAL-AIR-ECOMMERCE).

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-1
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Recall that a Digital Airlines customer creates a personal online account


using a web-based application that works only with a Netscape
Directory. After their online account is created, customers can make
reservations, pay for tickets, and check all flight related information.

These customer accounts are subsequently stored and managed in Site B


by Michelle in a Netscape directory container called Customers.

In addition, each Digital Airlines employee receives a flight discount


benefit. Because eDirectory and Netscape Directory Server are not
compatible, Michelle must create an account for every current employee
on Netscape Directory Server.

This provides Digital Airlines employees with the same convenience that
customers receive when making reservations and buying tickets.

Currently, Michelle, the network administrator for Site B, must manage


both directories separately. This results in an increased workload for her
because she must not only manage customer accounts, but she must
create and manage online accounts for new employees as well.

Your task, as a consultant to Digital Airlines, is to synchronize the


Customers container in Netscape Directory with a Customer Service
container in Site B’s eDirectory tree.

In addition, you must ensure that every time an employee is added to


eDirectory, an account is created for them in the Employees container in
Netscape Directory.

Before you begin, you must first understand a few Netscape Directory
basics.

4-2 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

Objective 1 Describe Netscape Directory Server

To be able to effectively implement the Netscape/LDAP DirXML driver,


you must understand the following about Netscape Directory Server:
■ The Purpose of Netscape Directory Server
■ The Features of Netscape Directory Server
■ The Components of Netscape Directory Server
■ The Schema Structure of Netscape Directory Server

The Purpose of Netscape Directory Server

Like eDirectory, the primary purpose of Netscape Directory Server is to


provide a scalable, common storage location for data shared within an
enterprise.

To maintain a common storage location for enterprise data, Netscape


Directory Server employs a Global Directory Service. Global Directory
services allow a network-based data repository to be accessed by
applications used in the enterprise, as shown in the following figure:

Workstations
Servers Data
Repository

Printers
Users
Figure 4-1 Global Directory Services

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-3
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The key to success for a global Directory service is to use a common


communications protocol for all applications that access the data.

To provide global Directory access, Netscape Directory Server uses


LDAP, which is compatible with another common communication
protocol, TCP/IP.

As entries in the Directory increase, the Directory services of Netscape


Directory Server can expand to include multiple Netscape Directory
Servers dispersed throughout the network.

The Features of Netscape Directory Server

To properly deploy Netscape Directory Server, you should be familiar


with the following Directory features:
■ The Directory Tree
■ Distinguished Names
■ Suffix Value
■ Root Entry
■ Directory Manager

4-4 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

The Directory Tree

Directory entries in an LDAP Directory service are organized in a


structure that mirrors the tree model used by most file systems. The first
entry in the Directory makes up the tree’s root point at the top of the
hierarchy (see Figure 4-2).

O=DigitalAir.Com

OU=Customers OU=Groups OU=Employees

UID=Katy Carball UID=Juan DelGato Mail=JuneM@DigitalAir.Com MAIL=RKTracy@DigitalAir.Com

CN=Directory Administrators CN=Managers

Figure 4-2 A Directory Tree for Netscape Directory Server

Distinguished Names

As in eDirectory, directory entries in the Netscape Directory Server


database are identified according to the entry’s distinguished name (DN).

The LDAP DN syntax specifies a Directory entry using a series of


■ Comma-separated attributes
■ Attribute values

The Directory object is specified in the left-most component of the DN,


and the right-most component of the DN is the Directory root point.

For example, in the following DN, the Directory entry is rtracy in


subdirectory customers, and the Directory root point is the directory
digitalair.com.
uid=rtracy,ou=customers,o=digitalair.com

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-5
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

All attributes shared by the Directory entry and the Directory root point
represent a branch point in the Directory tree above the Directory entry.

Suffix Value

Like eDirectory, Netscape Directory Server can manage multiple


Directory trees. However, where eDirectory uses federation (NDS/DNS
integration that allows different NDS trees to connect to a common
naming root) to manage multiple Directory trees, Netscape Directory
Server uses suffixes (identifiers associated with each tree that allow for
inter-tree communication).

The Netscape Directory identifies each Directory tree by a suffix value.


Each suffix value corresponds to the root entry in the Directory.

For example, if the root entry in the following DN is o=digitalair.com,


the suffix value identifying the Directory tree is o=digitalair.com:
uid=rtracy,ou=customers,o=digitalair.com

A Netscape Directory Server database always contains multiple suffixes.


Most are used only for internal purposes, with one corresponding to the
primary Directory managed by the server (such as o=digitalair.com).

Therefore, when configuring the placement rule, you must identify the
appropriate suffix to synchronize eDirectory with.

Although every Netscape Directory Server has multiple suffixes defined


for it, the primary suffix is most important for identifying the Directory
tree. The primary suffix represents the Directory tree where enterprise
data is stored.

Other suffixes, called secondary suffixes, correspond to the Directory


trees used internally by Netscape Directory Server. Secondary suffixes
include the following:
■ A suffix that represents the server’s machine data area
■ A suffix used for server administration (o=NetscapeRoot)
■ Other suffixes used for server maintenance, such as schema
management and server configuration

4-6 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

Root Entry

The root entry is the first, or topmost, entry in the Directory tree. The DN
of the root entry must be identical to the primary suffix defined for the
Directory.

Directory Manager

Directory Manager can be considered the Directory’s super-user.


Configuring Directory Manager for the server is recommended because
through Directory Manager you create Directory entries and set up initial
access control privileges for those entries.

The default distinguished name for Directory Manager is represented by


the common name attribute-data pair:
cn=Directory Manager

All information for Directory Manager and its password is stored in


Netscape Directory Server’s configuration file slapd.conf.

Because the Directory Manager DN is a special entry not stored in the


Directory tree, the Directory Manager DN does not need to conform to
any suffix configured for Netscape Directory Server.

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-7
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

The Components of Netscape Directory Server

The following shows the essential Netscape Directory Server


components:

Netscape Console

Administration Server

Directory
Servers

Directory
Databases

Figure 4-3 The Essential Components of Netscape Directory Server

The following describes each Netscape Directory Server component:


■ Netscape Console. The Netscape Console provides you with a user
interface to perform server administrative functions.
The Netscape Console is part of Administration Server.
■ Administration Server. Administration Server helps you manage
Directory Server and other Netscape servers. Its primary purpose is
to pass communications from the Netscape Console to the
appropriate Netscape server.
■ Directory Server. Using LDAP, Netscape Directory Server
❑ Responds to client requests
❑ Manages Directory databases
■ Directory Databases. Store Netscape Directory information.

4-8 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

The Schema Structure of Netscape Directory Server

As with all directories, Netscape Directory Server has its own set of
unique rules, called a schema. This schema defines the different directory
classes, their associated attributes, and how the classes and attributes are
used.

Though it is not necessary to know the Netscape Directory Server


schema in detail, it is useful to at least be familiar with the most common
classes and attributes.

b For a list of the most common Netscape Directory Server schema, see Appendix B.

Knowing common classes and attributes allows you to effectively and


efficiently create rules such as the SchemaMapper rule and the Placement
rule.

b For a complete list of Netscape Directory Server schema, see the Netscape
Universal Schema Reverence guide at
http://developer.netscape.com/docs/manuals/index.html.

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-9
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 2 Use the Netscape Console

Like ConsoleOne, the Netscape Console provides you with a method of


performing your network management tasks from a single location.
Among other things, this console allows you to do the following:
■ Manage the Netscape Directory
■ Create Objects in the Directory
■ Manage Objects in the Directory

Manage the Netscape Directory

To manage the Netscape Directory, do the following:

1. From the Digital-Airlines 2 server, select Start > Programs >


Netscape Server Products > Netscape Console 4.2.

2. When prompted (Figure 4-4), log in to Netscape Directory Server


using the username and password of the Admin user object.

Figure 4-4 Netscape Console Login Screen

4-10 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

3. As shown in Figure 4-5, expand the Server Group object and select
Directory Server > Open.

Figure 4-5 The Directory Server Page

This opens the Netscape Directory you intend to manage.

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-11
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

4. Select the Tasks tab (default).


Figure 4-6 shows each task that can be performed from the Netscape
Console.

Figure 4-6 Netscape Console Tasks

4-12 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

5. Select the Configuration tab (Figure 4-7) to access network-specific


settings and features.

Figure 4-7 The Configuration Tab

x By default, LDAP uses port 389. If other services are using that port, choose
a different port number for your LDAP services. Netscape Directory Server
allows you to change the LDAP port number here.

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-13
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

6. Select the Directory tab (Figure 4-8) to manage container and leaf
objects in the Directory tree.

Figure 4-8 The Directory Tab

x Because the Directory tab displays tree objects, most administrator tasks are
performed from this tab.

4-14 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

7. Select the Status tab (Figure 4-9) to determine the status of select
network resources.

Figure 4-9 The Status Tab

Create Objects in the Directory

To create an object in the Netscape Directory, do the following:

1. From the Netscape Console, select the Directory tab.

2. Select the location where you would like to create an object.

3. Select Object > New > User/Group/Organizational Unit.

4. In the new object properties page, enter all information pertaining to


the new object.

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-15
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Manage Objects in the Directory

Managing objects in the Directory involves many tasks, the most


common of which are to
■ Modify Object Information
■ Set Access Permissions
■ Remove Objects from the Directory

Modify Object Information

To modify objects in Netscape Directory Server, do the following:

1. From the Netscape Console, select the container where objects are
stored.

2. Right-click an object; then select Properties.


For example, in the case of a user object, Figure 4-10 shows the
object-specific information that can be modified.

Figure 4-10 A User Properties Page

4-16 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

Set Access Permissions

To set access permissions in Netscape Directory Server, do the following:

1. From the Netscape Console, select the container where objects are
stored.

2. Right-click an object; then select Set Access Permissions.

3. From the Multi-value ACI selector, select either an existing ACI (to
edit) or select New (to create a new ACI).

4. From the Set Access Permissions window, select from 5 fields (Figure
4-11) that help you restrict access to authorized objects.

Figure 4-11 The Set Access Permissions Window

Those fields are as follows:


❑ Allow/Deny. Use to either allow or deny configured rights.
❑ Users/Groups. Use to select the object you would like to add to
the ACI.
❑ Host. Use to specify the host you want to allow access
permission to.

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-17
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

❑ Time. Use to specify what times access permissions are granted


to the configured host.
❑ Rights. Use to specify the rights granted to the host.

Remove Objects from the Directory

To remove objects from the Directory tree, do the following:

1. From the Netscape Console, select the container where the objects are
stored.

2. Right-click the object you would like to delete; then select Delete.

3. At the Delete Entry window, select Yes.

4-18 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

Exercise 4-1 Use the Netscape Console to Create, Manage, and Remove a User
Object from Netscape Directory

To become familiar with the Netscape Console and before you can
effectively implement the Netscape/LDAP driver, you must be able to
use the Netscape Console to manage Netscape Directory Server.

In this exercise, you practice a few simple management tasks:


■ Create a new organizational unit
■ Create a new user
■ Modify the new user account
■ Set access permissions
■ Remove the new user from Netscape Directory Server

Exercise Procedure

1. From server DIGITAL-AIR-2 and In the digitalair.com organizational


unit, create an Employees container:
a. From your desktop, launch the Netscape Console.
b. Authenticate as admin by entering the password novell.
c. In the Console window, expand digital-air-2.digitalair.com; then
expand Server Group.
d. Select Directory Server; then select Open.
e. Select the Directory tab.
f. Select digitalair.com; then select Object > New >
Organizational Unit.
g. In the Name field, enter Employees; then select OK.
h. Right-click DigitalAir.com; then select Refresh.

2. In the Employees organizational unit, create a user object:


a. Select Employees; then select Object > New > User.
b. In the First Name field, enter Joe.

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-19
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

c. In the Last Name field, enter Carr.


Notice the Common Name and User ID fields are populated
automatically. These fields are all that is required to create a user
object in Netscape Directory Server.
d. Create user Joe Carr by selecting OK.
User Joe Carr appears in the Employees organizational unit.

3. Add a telephone number to the Joe Carr account:


a. Right-click Joe Carr; then select Properties.
b. In the Phone field, enter 555-444-3333; then select OK.
c. Access the properties of the Joe Carr object and note the existence
of the new telephone number.

4. Provide Joe Carr with access to the Directory Aministrators


organizational unit:
a. Right-click the Directory Administrators organizational unit;
then select Set Access Permissions.
b. In the Multi-value ACI Selector field, select New.
c. Select the Allow/Deny field; then select allow.
d. Double-click the User/Group field.
e. In the Select Users and Groups window, select Find Users and
Groups.
f. In the Search Users and Groups window, select Directory
(button).
g. In the User Directory Subtree field, remove ou=Directory
Administrators; then select OK.
h. In the For field, enter JCarr; then select Search.
i. After the JCarr object is found, select OK.
j. Return to the Set Access Permissions window by selecting OK.
k. Double-click the Rights field.

4-20 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

l. Deselect the Delete and Add checkboxes; then select OK.


You have just prevented Joe Carr from deleting or adding objects
from the Directory Administrators organizational unit.
m. Return to the Netscape Console by selecting OK.

5. Remove the Joe Carr user object from the Employees organizational
unit:
a. Select the Employees organizational unit.
b. Select the Joe Carr user object.
c. Select Edit > Delete.
d. In the Delete Entry window, select Yes.
e. In the Deleted Entry window, select OK.

Exercise Summary

In this exercise you performed simple Netscape Directory Server


management tasks using the Netscape Console. These skills are useful as
you complete future exercises in this section.

(End of Exercise)

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-21
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

Objective 3 Explain How the Netscape/LDAP DirXML Driver Works

To explain how the driver works, you must understand the following:
■ What the Netscape/LDAP Driver Is
■ The Netscape/LDAP Driver Properties
■ The Schema Mapper Rule
■ How the Netscape/LDAP Driver Publisher Channel Works
■ How the Netscape/LDAP Driver Subscriber Channel Works
■ Netscape/LDAP Driver Specifics
■ Netscape/LDAP Driver System Requirements

What the Netscape/LDAP Driver Is

The Netscape/LDAP Driver is an application or shim that allows you to


use LDAP to synchronize changes in Netscape Directory Server with
eDirectory 8.5 (Figure 4-12):

Netscape/LDAP
DirXML
Engine

Driver

eDirectory LDAP
Directory

Figure 4-12 The Netscape/LDAP Driver

As a preconfigured driver that Novell provides with DirXML, this driver


runs on all eDirectory supported platforms.

x Though DirXML provides preconfigured drivers, those drivers must be


customized to work in your environment.

4-22 This document should only be used by a Novell-certified instructor. Revision 1.0
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Synchronize Netscape Directory Server and eDirectory Using DirXML

The driver runs as part of eDirectory with nothing running on the


Netscape Directory Server system. This means the initial Netscape
Directory setup is not modified by installing the Netscape/LDAP driver.

Because of the architecture of the Netscape/LDAP driver, Netscape


Directory Server can run either on the same system as eDirectory or on
another network that is only connected by a LAN.

This means by not having the Netscape/LDAP driver run on Netscape


Directory Server and with both the driver and Netscape Directory Server
using LDAP, the driver can synchronize with a Netscape Directory
Server running on a platform not supported by eDirectory.

The Netscape/LDAP Driver Properties

The Netscape/LDAP Driver properties allow you to configure certain


aspects of the driver to allow Netscape Directory Server to synchronize
with eDirectory.

After the driver is installed, a driver object appears in ConsoleOne. This


object allows you to control the functionality of the driver in many ways.

Revision 1.0 This document should only be used by a Novell-certified instructor. 4-23
Copying this document is strictly prohibited. To report suspected copying, please call 1-800-PIRATES.
Directory and Database Integration Using DirXML

By accessing the Properties of the driver object you can configure


different driver settings through the following tabs:
■ Driver Module. Use to specify the jar file that contains the
Netscape/LDAP driver code.
The Exchange driver uses a native driver, but the Netscape/LDAP
driver uses a java driver. As a result, you must always select Java and
specify com.novell.nds.dirxml.driver.netscape.NetscapeDriverShim
(Figure 4-13).
This specification is the name of the Java class that DirXML uses to
start and run the driver.