Candidate Queries
A candidate query is an LDAP Query assignment to a position or group. The position or group is populated based on the results of the candidate query.
An LDAP container must be specified in the candidate query configuration. The primary LDAP source of the LDAP container identifies the LDAP connection on which the query is performed. This also determines the LDAP container to which any newly created resources are assigned.
Any resource identified by the candidate query of a position or group must also be visible via the associated LDAP container. That is, no resource can be created dynamically that could not also be created manually using an LDAP container. This ensures that any resource attributes can retrieve their values from the mapped LDAP attributes of an LDAP container.
Each candidate query will only identify potential entries from the primary LDAP source of the associated LDAP container. If that LDAP container has any secondary LDAP sources, the rules that bind entries within the secondary LDAP sources to those of the primary LDAP source must be followed. It is only when those rules have been completed that the true set of candidate resources can be resolved.
The deletion of the LDAP container causes the deletion of all resources belonging to that LDAP container; whether they were created manually or dynamically. The deletion of the LDAP container always results in the deletion of candidate queries that reference that LDAP container.
Candidate queries can be used to populate either static or dynamic organization models:
- Static Organization Models - These are organization models that are statically defined in TIBCO Business Studio - BPM Edition , that is, they are not dynamically generated from model templates. For these types of organization models, you can populate both groups and positions using candidate queries.
- Dynamic Organization Models - These are organization models that are dynamically generated from model templates. They consist of organization units with subordinate positions that can be populated using candidate queries. For dynamic organization models, the candidate query can also use substitution variables to identify the appropriate resources to assign to positions in each instance of the dynamically generated organization unit. This allows each instance to contain resources that are different than the other instances. (If you did not use substitution variables when assigning resources to a dynamically generated organization model, each of the instances would be populated with the same resources.)
LDAP Source Classes
The class of the primary LDAP source of the LDAP container determines how much candidate query configuration is allowed. There are two classes of LDAP sources:
- LDAP Group Source - For this LDAP source class, the candidate query will take all of the resources identified by the LDAP container as its candidate list. No configuration other than identifying the LDAP container is allowed for this class of LDAP source. So, it does not apply to populating dynamic organization models, that is, since neither a Base-DN nor a query is specified for this class of LDAP source, substitution variables cannot be specified.
- LDAP Query Source - For this LDAP source class, the candidate query can include a Base-DN and query to identify the resources to populate positions and groups.
Invoking Candidate Queries
Candidate queries are invoked using the following Directory Engine properties:
AutoResourceGenEnable- Enables (true) or disables (false) the population of positions and groups that have candidate queries defined each day at the time specified in theAutoResourceGenStartproperty.AutoResourceGenStart- Specifies the time each day to populate positions and groups that have candidate queries defined, as long asAutoResourceGenEnableis set to true.AutoResourceGenInterval- The delay between the start of one candidate query processing event and the next. This value should be great enough to ensure that the two events do not overlap. The value is expressed as an XML Schema Duration string.
For more information about Directory Engine properties, see Directory Engine Configuration.