Managing LDAP Metadata

When the server accesses a data source, it needs to know how to interpret the data stored there. For each data source the server will access, you create a synonym that describes the structure of the data source and the server mapping of the LDAP data types.

Mapping LDAP Schema Definitions in a Synonym

Server metadata is generated from the LDAP schema, which is stored on the LDAP server in a partition separate from the partitions that contain directory objects (which are treated as reported data objects).

Each directory object in the LDAP tree is addressable using a Distinguished Name (DN), which contains the root path from the object up.

The schema defines set of rules that govern the types of objects that can exist in a tree. Each object belongs to an object class that specifies which attributes can be associated with the object. All attributes are based on a set of attribute types that are, in turn, based on a standard set of attribute syntaxes. The schema controls the structure of individual objects as well as the relationships among the objects in the tree. Schema rules allow some objects to contain other, subordinate objects. Thus, the schema gives structure to the tree.

The schema consists of two basic components:

Object classes. An Object class is a set of rules that determines what attributes can be contained in the directory object (entry).
Attribute types. Attribute type is a set of data types called attribute syntaxes. The attribute syntaxes define the data types for values stored in the attribute.

Although LDAP can support many attribute syntaxes (data types), the Adapter for LDAP currently supports only the String data type.

Supported Object class rules are:

SUP. Superior object class (parent).
MUST. Required attributes (fields).
MAY. Optional attributes (fields with MISSING=ON).

An LDAP Entry is the actual data item (object or node) that comprises the LDAP tree. Each entry holds Attributes, which are key=value pairs in which the key can have more than one value. Multi-value attributes are the default. Single-value attributes are denoted with the SINGLE-VALUE keyword in the attributeTypes attribute in the schema.

Server metadata describes a subset of the LDAP tree, starting with the DN passed down to the leaf hierarchical level when a synonym is created. The provided root DN is stored in the Access File.

The Server metadata represents each object in the processed LDAP hierarchy as a segment (whose name is taken from the Object class name), with fields (that are created out of the object attributes).

Master File	LDAP Schema
Segment name	Object class name
Field name	Adjusted Attribute name
Alias	Unadjusted Attribute name
Fields with MISSING=ON	Optional Attributes

The default USAGE and ACTUAL formats are set as A64 unless the size of an attribute is specified by the schema.

Creating Synonyms

Synonyms define unique names (or aliases) for each LDAP table or view that is accessible from the server. Synonyms are useful because they hide the underlying data source's location and identity from client applications. They also provide support for extended metadata features of the server, such as virtual fields and additional security mechanisms.

Using synonyms allows an object to be moved or renamed while allowing client applications to continue functioning without modification. The only modification required is a redefinition of the synonym on the server. The result of creating a synonym is a Master File and an Access File, which represent the server's metadata.

Create a Synonym

Procedure

From the WebFOCUS Reporting Server browser interface Application page, click Get Data.
On the Configured Adapters section of the page, in Simple Mode, right-click an adapter and click Show Connections. Right-click a connection.
Depending on the type of adapter you choose, one of the following options appears on the context menu.
- Show DBMS objects. This option opens the page for selecting synonym objects and properties.
- Create metadata objects. This option opens the page for selecting synonym objects and properties.
- Show files. This option opens a file picker. After you choose a file of the correct type, the page for selecting synonym objects and properties opens.
- Show local files. This option opens a file picker. After you choose a file of the correct type, the page for selecting synonym objects and properties opens.
- Show topics. This option opens the page for selecting synonym objects and properties for topics within the environment.
Enter values for the parameters required by the adapter as described in the chapter for your adapter.
After entering the parameter values, click Add.

This button may be labeled Next, Create Synonym, Create Base Synonyms, Create Cluster Synonym, or Update Base Synonyms.

The synonym creation process for most adapters has been consolidated so that you can enter all necessary parameters on one page. However, for some adapters such as LDAP, continue clicking Next until you get to a page that has a Create Synonym button.

Result

The synonym is created and added under the specified application directory.

Note: When creating a synonym, if you select the Validate checkbox, where available, the server adjusts special characters and checks for reserved words. For more information, see Validation for Special Characters and Reserved Words.

Synonym Creation Parameters for LDAP

The following list describes the parameters for which you will need to supply values, and related tasks you will need to complete in order to create a synonym for the adapter. These options may appear on multiple panes. To advance from pane to pane, click the buttons provided, ending with the Create Synonym button, which generates the synonym based on your entries.

Processing Modes are SCHEMA FLAT, SCHEMA HIERARCHY, and LDIF:

SCHEMA FLAT

Builds a synonym ignoring the LDAP data tree hierarchy, and produces a Master File with a single segment.

SCHEMA HIERARCHY

Builds a synonym reflecting the LDAP data tree hierarchy supporting two levels of the data tree (root and child), and produces a Master File by mapping selected object classes to segments.

LDIF

Builds a synonym reflecting the complete hierarchy of the LDAP data tree and produces a multisegmented Master File.

Filter by Object Class name

Creates a subset of Object Classes so that only a small list of Object Classes is produced.

Set as Index

Indicates the attribute (field) that can be utilized as the sort attribute for the LDAP API.

Note: Only a single attribute can be used as an Index.

View referenced Object names

Produces a list of Object Classes related by inheritance to the one selected.

Note: Adding referenced Object(s) is optional.

Base DN

For SCHEMA FLAT: Is the Distinguished Name (DN) of the LDAP tree entry (node) that is set as a default root for data retrieval.
Note: While Base DN is optional at the Create Synonym step, it is required for data retrieval, and can be provided in TABLE requests as:
```
IF BASEDN EQ 'dc=dn1,dc=com'
```
Note: Range retrieval is supported. When range retrieval is to be utilized, it is necessary to set Base DN to the leaf object containing attributes with the description utilized for retrieval. It is the DN of the group when retrieving a list of group members via range retrieval.
For LDIF: Is the Distinguished Name (DN) of the LDAP tree entry (node) from which the synonym is created.

Synonym name

Displays the name that will be assigned to the synonyms. To assign a different name, replace the displayed value.

Model DN

Distinguished Name that the adapter uses to retrieve list of attributes. It can be any valid DN of the LDAP tree. For example:

uid=pgmtst5,ou=srv,dc=dn1,dc=com

ou=srv,dc=dn1,dc=com

By default, it is root DSE:

dc=dn1,dc=com

If this step skipped, all the attributes in the schema are fetched to the list.

Select attributes

Optional attribute selection that allows the user to specify the list of attributes (fields) that are present in the synonym. The user can reduce the size of the Master File by omitting unnecessary attributes.

If this step is skipped, all schema attributes will be present in the synonym.

Note that if all attributes are selected, the effect is the same as if no attributes are selected. For example, all available attributes in the schema will be present in the synonym.

Validate

Select the Validate checkbox if you wish to convert all special characters to underscores and perform a name check to prevent the use of reserved names. (This is accomplished by adding numbers to the names.) This parameter ensures that names adhere to specifications. See Validation for Special Characters and Reserved Words for more information.

When the Validate option is unchecked, only the following characters are converted to underscores: '-'; ' '; ' \'; '/'; ','; '$'. No checking is performed for names.

Make unique

Select the Make unique checkbox if you wish to set the scope for field and group names to the entire synonym. This ensures that no duplicate names are used, even in different segments of the synonym. When this option is unchecked, the scope is the segment.

Application

Select an application directory. The default value is baseapp.

Prefix/Suffix

If you have tables with identical table names, assign a prefix or a suffix to distinguish them. For example, if you have identically named human resources and payroll tables, assign the prefix HR to distinguish the synonyms for the human resources tables. Note that the resulting synonym name cannot exceed 64 characters.

If all tables and views have unique names, leave the prefix and suffix fields blank.

Overwrite Existing Synonyms

To specify that this synonym should overwrite any earlier synonym with the same fully qualified name, select the Overwrite existing synonyms checkbox.

Note: The connected user must have operating system write privileges in order to recreate a synonym.

Guidelines for Manually Editing an LDAP Master File

If you wish to delete non-essential information from a generated synonym, you can manually edit the Master File using the following editing guidelines:

Technique 1. If you wish to remove individual fields from a Master File segment and other fields in that segment that are not essential to your work, remove the entire segment from the Master File.
Techniques 2. If you wish to remove individual fields from a Master File segment but require other fields in that segment, note the following before editing the file:
- You must preserve any fields referenced in the Access File in the format RDN=fieldname.
  The attribute name RDN is part of the group of attributes that comprise an LDAP entry. This field is part of the DN, and, as such, is always activated during data retrieval and must be included in the Master File.
- As long as you retain the RDN attribute, you can delete other non-essential fields from the Master File.

Managing Synonyms

Once you have created a synonym, you can right-click the synonym name in the Adapter navigation pane of either the WebFOCUS Reporting Server browser interface or ibi Data Migrator desktop interface to access the available options.

For a list of options, see Synonym Management Options.

Did you find this helpful?

Yes No