Configuring Candidate Queries for Dynamic Organizations

It is possible to construct the Base-DN and LDAP query of a candidate query in such a way that it identifies different resources for each instance of the dynamic organization model.

Prerequisites

  • You must have an LDAP container defined from which the resource candidates can be obtained.
  • There must be an organization unit that has been designated for an extension point when it was defined in TIBCO Business Studio, that is, a model template has been defined for the organization unit. When you select a dynamic organization unit, it includes Extension Points and Templates properties (these properties are not shown for non-dynamic organization units). For example:

Substitution Variables

To allow you to specify that each instance of the dynamically generated organization unit be populated with different resources, two substitution variables are available for use in a candidate query:

  • {root-dn} - The DN of the LDAP entry that initiated the organization model template instance. Generally, this substitution variable is used in the Base DN of the candidate query configuration. This is used in the example that is shown below.
  • {root-name} - The name assigned to the root organization unit of the organization model instance; that is, the value of the LDAP attribute named in the extension point. Generally, this substitution variable is used in the Query of the candidate query configuration. Note that this variable is not used in the example that is shown below, but it is available for use if your LDAP source is set up in such a way that it needs to be queried.

Note that substitution variables must be enclosed in braces { }, and they are case insensitive.

These substitution variables will take their values according to each instance from the LDAP entry that the instance comes from. Using the following example, the {root-dn} for the currently selected LDAP entry is "ou=London,ou=AllEmployees,o-easyAsInsurance". The Paris and Swindon entries would have similar DNs. The {root-name} for the three organization units in this example are London, Paris, and Swindon.

Procedure

  1. From the Organization Browser, click Organizations, expand the hierarchy and select the organization unit that contains an extension point, then select the Templates property.
  2. Click View Template.
  3. On the View Templates dialog, expand the hierarchy to view the organization structure, select the position you want to populate in each dynamically generated instance of the template, then click Add Candidate Query (or Edit Candidate Query if you are editing an existing candidate query).
    • If there is already a candidate query defined for the selected position, it is displayed. You can use the information in the table below to edit the candidate query, or you can delete the existing candidate query by clicking the Delete Query () button.
    • If there has not been a candidate query defined for the selected position, click Add Candidate Query then use the information in the table below to define the candidate query.
  4. Configure the candidate query using the fields on the Candidate Query dialog, as follows:
    Field Description
    Ldap Container Select the LDAP container from which the resource candidates are to be obtained to populate the dynamic organization model.

    Note that if you choose an LDAP container that was created using a group source, all of the other fields on this dialog are disabled. If you choose that type of container, you cannot use variable substitution in the Base-DN nor the Query, as those are disabled. In this case, every instance of the dynamically generated organization model will be the same (as defined in the LDAP container), and are populated with the same resources.

    Base DN The LDAP branch to which the query will be restricted. This is optional and is relative to any Base-DN already configured on the primary LDAP source of the identified LDAP container.
    Query This expression will locate entries that identify candidate resources. The expression is combined with that of the primary LDAP source of the identified LDAP container. The query expression must be enclosed in parentheses.

    If you want to include multiple attributes in the query, they must be ANDed together using the following notation:

    (&(attribute1=value)(attribute2=value))

    For example: 

    (&(employeetype=Contract)(departmentnumber=3100))

    You could include the root-name substitution variable in the query as well if it works with the data in the LDAP source. For example: 

    (&(ou={root-name})(employeetype=Contract)(departmentnumber=3100))
    Search Scope Determines the depth to which the search will be performed, as follows:
    • One Level - Only the elements directly within the Base-DN level are searched.
    • SubTree - Elements directly within, and below, the Base-DN level are searched.

    The candidate query cannot be more inclusive in its Search Scope than the LDAP container's primary LDAP source. Therefore, if the primary LDAP source has a search scope of One Level, then the candidate query must also use One Level. However, if the primary source is SubTree, then the candidate query may be either.

  5. Click Save Changes to save the edited/new candidate query and close the Candidate Query dialog.
  6. Click Close to close the Dynamic Org Template dialog.

Candidate Query Configuration for a Dynamic Organization Example

Assumptions:
  • Your LDAP source looks like this:

  • The LDAP source contains a departmentnumber for each of the individuals in the LDAP:

    Each LDAP entry contains a jobtitle attribute. The query looks for the entries in which the value of this attribute is "SalesRep".

  • You have configured the extension point for the dynamic organization as follows:

    Note that this is the same extension point configuration described in Configuring Dynamic Organization Model Extension Points.

  • The candidate query for the "departmentnumber" in the model template is configured as follows:

After the candidate query is invoked, as specified by the Directory Engine candidate query properties, each instance of the dynamically generated position is populated according to the query.