4.2 Directory Abstraction Layer

The directory abstraction layer provides a logical view of the Identity Vault data. You define a set of entities and their related attributes based on the Identity Vault objects that you want users to view, modify, or delete in the identity applications. The Directory Abstraction layer:

  • Performs all of the LDAP queries against the Identity Vault. This isolates presentation-layer logic from the Identity Vault, so that all requests for identity data go through the directory abstraction layer.

  • Checks constraints and access control on data requests made with the identity applications.

  • Caches runtime configuration and entity-definition data obtained from the Identity Vault. See Configuring Caching and Cluster Settings.

You use the directory abstraction layer editor plug-in (available in Designer for Identity Manager) to define the structure of the directory abstraction layer data definitions. To learn more, see the section on the directory abstraction layer editor in the Configuring the Directory Abstraction Layer in the NetIQ Identity Manager - Administrator’s Guide to Designing the Identity Applications.