17.5 Checking Your Projects

Designer provides the Project Checker so you can check your project. The Project Checker checks for proper design, contexts, server associations, policies, missing user data, and dependency problems that can cause a project deployment into the Identity Vault to fail. You can check a project at any time, but you should definitely run the Project Checker before deploying a project.

NOTE:Project Checker only checks the objects in Designer. It does not check the current objects in the Identity Vault.

17.5.1 Checking a Project

In the Project or Outline view, select the project, then select the Launch Project Checker icon in the Designer toolbar.

The Project Checker is also available from the Window > Show View menu.
Click the Run the Project Checker icon .

If you have not saved the project, Designer prompts you to save it.

The Project Checker displays a list of versioning conflicts, errors, warnings, and information messages about the project. In the Project Checker view, you can do the following:

Action	Description
See detailed information about a list item	Double-click a list entry to open a properties page that displays the following information about the entry: The message severity A message description The model object that caused the message The line number where the problem occurred, if available Details about the message, if available A recommended solution for the message, if available
Sort the list	Click any header in the Project Checker to sort the entry list on that parameter (Severity, Description, and Model Object). By default, Project Checker sorts entries by severity in descending order (most current at the top of the list.)
Filter the list	Click the Configure Filters icon to customize the Project Checker. For more information, see Customizing the Project Checker.
Clear the list	Click the Clear Results icon to clear the Project Checker entry list.
Save the list	Click the Save Project Checker Results to a File icon to save the current Project Checker entry list to a text file so you can review it off-line.
Menu options	Click the Menu icon to select one of the following: View the messages in a hierarchical layout, according to functions (Identity Manager, provisioning, etc.) View the messages in a flat layout (default). Automatically check the project when you save it. Configure filters View the Project Checker’s Preferences page.

17.5.2 Customizing the Project Checker

You can customize the Project Checker by creating and editing filters. The filters allow you to receive messages about the items you want to verify. You can create multiple filters, but only one filter can be used at a time.

To create a filter:

In the Project Checker, click the Configure Filters icon .
Click New Filter.
Specify a name and description for the filter.

You can select which items are checked, what types of messages are returned about the items, and use key words to limit the messages returned. For example, you can search for all messages about the Driver Set and Driver objects that contain the word “attribute.”
Click OK.

To edit the name and description of the filter:

Select the filter, then click Edit.
After you have completed the changes, click OK.

To delete a filter:

Select the filter.
Click Delete.

17.5.3 Items That Are Checked

The Project Checker looks at specific items in the project. It checks the items in the User Application as well as the rest of Identity Manager.

The following table describes the specific items that are checked. The list increases with each release of Designer.

Table 17-1 Identity Manager Items That Are Checked

Item	Description
Driver	Checks for the presence of a Schema Mapping policy. Checks for an invalid Active Directory container. Checks the trace level setting. If it is set to more than 0, an informational message is displayed. Checks to see if the LoopBack driver is being used instead of the eDirectory driver. Verifies that the GUID attribute is set to synchronize on the Subscriber channel. Verifies that the GUID attribute is not set to synchronize on the Publisher channel. Checks the classes on the Publisher and Subscriber channels that are set to Ignore and verifies that the attributes for these classes are not set to Synchronize. Checks for the presence of a filter and makes sure it is not empty. Checks to make sure that the Publisher Placement policy does not contain set operation destination DN or set xml attribute operations. Checks for the presence of a Publisher Placement policy. Checks to make sure that no policy on the Publisher channel contains set operation destination DN or set xml attribute operations. Checks to make sure that the Subscriber Placement policy does not contain set operation destination DN or set xml attribute operations. Checks to see if the Subscriber Placement policy is missing. Checks to make sure that no policy on the Subscriber channel contains set operation destination DN or set xml attribute operations. Checks to make sure that the npsmDistributionPassword attribute and the public-private key pair attributes do not simultaneously exist in the User class. Checks to make sure that the authentication method on the Active Directory driver is set to Negotiate when synchronizing passwords. Checks the filter for invalid data. Checks the driver to see if it is publishing both NDS and Distribution passwords. If it is, this is an invalid setting. Checks for the presence of the nspmDistributionPassword attribute in the User class in the Filter, if password synchronization is enabled. Checks that the nspmDistributionPassword attribute is set to sync or notify, if password synchronization is enabled.
Driver Set	Checks to make sure that the deployment context for the Driver Set object is set. Checks to make sure that a server object is associated with the Driver Set object.
E-mail Template	Checks to see if the e-mail notification template is empty.
Entitlements	Checks to see if the driver supports entitlements. Checks to see if the attribute DirXML-EntitlementRef is added to the Subscriber channel, if there are policies that use entitlements in the driver. The DirXML-EntitlementRef must be set to Notify or Synchronize for the entitlements to work.
ECMAScript	Checks to see that the ECMAScript object can run.
Identity Vault	Checks to see if the username to authenticate to the Identity Vault is missing. Checks to see if the hostname for the Identity Vault server is missing. Checks to see that the password for the user is not stored in the project.
Job	Checks to see that the job object can run.
Library	Checks to see that the library object can run.
Mapping Table	Checks to see that the mapping table object can run. Checks to see if there is an empty column name. Checks to see if there is a duplicate column name.
Policy	If there are global configuration values in the policy, it checks to make sure they exist on the Driver or Driver Set object. Checks to see if local variables are defined before they are used. Validates the policy against the DTD.
Schema	Checks to see if the class is missing from the schema. Checks to see if attributes are missing from the schema. Checks to see if the attribute for the class is missing from the schema.

Table 17-2 Provisioning Items That Are Checked

Item	Description
Configuration	Verifies that the XML is well-formed and complies with the schema that defines the elements needed for entities, attributes, lists, relationships, and so on.
Entity	Checks every entity to ensure that references to other entities and global lists are valid. Ensures that every entity has at least one attribute defined.
List	Ensures that every local and global list contains at least one item.
Org Chart Relationship	Verifies that the entities and attributes of a relationship have been deployed.
Provisioning Request Definition	Verifies that a workflow follows rules for activities and flow paths.