Data flows through the Identity Manager system in the form of XML documents. Identity Manager has a vocabulary of XML named XDS. Identity Manger uses XDS to represent the state of objects and data operations with the corresponding attribute values. Identity Manager uses DirXML Script to handle identity synchronization events. DirXML Script is an XML-based language and consists of conditions, actions, noun, and verb tokens to modify the data exchanged between the Identity Vault and the external data store. DirXML Script takes the XDS document, determines what needs to be done using the conditions, and then builds the document using the actions.
Identity Manager provides several options for capturing information about the background actions that occur when transactions are processed through Identity Manager. The following are the options:
Capturing a driver set trace
Capturing a driver trace
Using eDirectory’s ndstrace
The most common method of capturing information of an issue with a specific driver is using the driver trace. The driver set trace is used while troubleshooting issues related to the driver set, such as issues related to Identity Manager jobs. ndstrace is an all-encompassing trace tool that can be used for tracing information about drivers, driver sets, and eDirectory. Long traces can be hard to read and confusing at times if multiple drivers are running on the server at the same time. This section focuses on explaining how Identity Manager tracing works.
By enabling trace, you can analyze the type of operation and data flowing between systems or the changes made by a driver’s logic in both data and operations. For example, a trace can show you an event before entering a policy, so the starting conditions are known. You can see when a rule executes, evaluation of its conditions, whether the rule is selected, actions taken, and the tokens evaluated. The resulting document is shown after leaving the rules in the policy. You can configure the trace to print a text file containing messages about the status of Identity Manager processes for further analysis. This is helpful while developing drivers and for troubleshooting issues in a production environment.
NOTE:Use tracing only during testing and troubleshooting Identity Manager. Running it in a production environment increases the load on the Identity Manager server and can cause slow processing of the events.