9.0 DS-Object DTD

The ds-object DTD is used to create an object of the specified class and name in the container object. You can specify the hierarchy of objects to be created as part of driver import in a driver configuration file. The specification of these objects takes the form of ds-object elements as first level children of the driver-configuration element. A ds-object construct is also used for importing provisioning objects within a provisioning element, Role-based Entitlement objects within an rbe-policies element, and Identity Manager Job objects within a Jobs element.

The driver configuration level ds-object elements are processed after all variable analysis and patching is completed so that the contents of the ds-object elements can be controlled by user prompts in the driver configuration file. The top level ds-object element specifies an object to be created at the root of the tree being imported into. To create object's within a nested container, you must specify the hierarchy of the objects using the nested ds-object elements that specify the appropriate class for each object in the hierarchy. If your driver configuration file creates the objects in the hierarchy, you need to include appropriate ds-attribute elements to specify the attributes of the these objects.

The ds-object elements are used for object creation only. If an object by the same name and class name, such as ads-object, already exists in the Identity Vault, the object is not changed (that is, the ds-attribute values from the driver configuration file are not applied). If an object with the same name from a different class exists, an error is generated. The ds-object child elements of ds-object elements are always processed using the same rules. The following is an example of ds-object XML definition:

<add class-name="User" src-dn="\Sam">
 <association>1012</association>
 <add-attr attr-name="cn">
  <value>Sam</value>
 </add-attr>
 <add-attr attr-name="Surname">
  <value>Jones</value>
 </add-attr>
 <add-attr attr-name="Given Name">
  <value>Sam</value>
 </add-attr>
 <add-attr attr-name="Telephone Number">
  <value>555-1212</value>
 </add-attr>
</add>

9.1 DS-Object DTD Elements

Element	Description
ds-object	Creates an object of the specified class and name in the container object.
ds-attributes	Adds attributes on the containing ds-object element.
ds-attributes (job)	Adds job specific values and query information defining a job on the containing ds-object element.
ds-aux-class-attributes	Adds attributes on an auxiliary class on the containing ds-object element.
ds-rights-other-objects	Adds information about an Role-based Entitlements policy's rights to other objects.
ds-rights-object	Adds object information about an Role-based Entitlements policy's rights.
ds-rights-attribute	Adds attribute information about an Role-based Entitlements policy's rights.
ds-attribute	Adds an attribute and value(s) to be stored on the containing ds-object.
ds-member-query-url-info	Adds an LDAP memberQueryURL attribute value.
ds-value	Adds individual attribute values for an attribute.

ds-object

Creates an object of class specified in the ds-object-class attribute in the container object. The ds-object element describes an object hierarchy that is to be created in the Identity Vault as part of importing the driver configuration file. When contained in a provisioning element, the object is created in the DirXML-Driver object. When nested in another ds-object element, the object is created under that object. The containing ds-object element must specify an Identity Vault container class that can contain an object of the specified class. When contained in a driver-configuration element, the object is created at the root of the eDirectory tree. If the object already exists, the attributes are ignored but any nested ds-object's are processed.

Attributes

Attribute	Possible Values	Default Value
ds-object-class	CDATA The class name of the object to create in the Identity Vault.	#REQUIRED
ds-object-name	CDATA The name of the class under which the object is to be to created in the Identity Vault.	#REQUIRED
base-dn	CDATA The base dn from the root where the object is to created in the Identity Vault.	#REQUIRED
on-update	CDATA The possible value is “overwrite” and the default value is “ignore”. overwrite can be used to indicate overwriting existing values on an eDir object. By default, it is set to “ignore.” If an object mentioned in the ds-object is already present in Identity Vault, ds-object creation does not perform anything. This option can only be used if you are deploying ds-objects through Designer.	None
Attribute	Possible Values	Default Value
ds-object-class	CDATA The class name of the object to create in the Identity Vault.	#REQUIRED

Allowed Content

Attribute	Possible Values
ds-object	Adds object within this object.
ds-attributes	Adds attributes to the containing ds-object.
ds-attributes (job)	Adds the job specific attributes and queries information on the containing ds-object defining a job.
ds-aux-class-attributes	Adds attributes of the auxiliary class on the containing ds-object.
ds-rights-other-objects	Adds ds-object defines an Role-based Entitlement policy.

Content Rule

(ds‐object, ds‐attributes, ds‐aux‐class‐attributes, ds‐rights‐other‐objects)

Parent Elements

Element	Description
ds-object	Creates an object of the specified class and name in the container object.

ds-attributes

Contains attributes to be stored on an auxclass of the containing ds-object.

Allowed Content

Element	Description
ds-attribute	Contains an attribute and value(s) to be stored on the containing ds-object.

Attributes

None

Content Rule

(ds-attribute*)

Parent Elements

Element	Description
ds-object	Create an object of specified class and name in the container object.

ds-attributes (job)

Used within a ds-object defining a job, contains attributes to be stored on the job as well as job specific values and queries.

Allowed Content

Element	Description
job-email-server-query	Contains the the email server to be associated with the containing DirXML-Job.
job-scope-query	Contains the scope information for the job.
job-servers-query	Contains the servers to be associated with the job.
job-reference-dnquery	Contains a job reference DN for the job. The number and content of these is based on the content of the exported job's XmlData.

Attributes

Attribute	Possible Values	Default Value
jjob-name	CDATA	#REQUIRED
job-display-name	CDATA	#IMPLIED
attr-name	CDATA	#REQUIRED
aux-class-name	CDATA	#IMPLIED
reference-name	CDATA	#REQUIRED
reference-display-name	CDATA	#IMPLIED
target-class-filter	CDATA	#IMPLIED

Content Rule

(job-email-server-query, job-scope-query, job-servers-query, (job-reference-dn-query)

Parent Elements

Element	Description
ds-object	Create an object of specified class and name in the container object.

ds-aux-class-attributes

Contains attributes to be stored on an auxclass on the containing ds-object.

Allowed Content

Element	Description
ds-attribute	Contains an attribute and value(s) to be stored on the containing ds-object.

Attributes

Attribute	Possible Values	Default Value
aux-class-name	CDATA Name of the auxclass the contained ds-attribute.	#REQUIRED

Attribute

Possible Values

Default Value

aux-class-name

CDATA

Name of the auxclass the contained ds-attribute.

#REQUIRED

Content Rule

(ds-attribute*)

Parent Elements

Element	Description
ds-object	Creates an object of specified class and name in the container object.

ds-rights-other-objects

Contains information about an RBE policy's rights to other objects.

Allowed Content

Element	Description
ds-rights-object	Adds object information about an Role-based Entitlements policy's rights.

Attributes

None

Content Rule

(ds-rights-object*)

Parent Elements

Element	Description
ds-object	Creates an object of specified class and name in the container object.

ds-rights-object

Adds object information about an RBE policy's rights.

Allowed Content

Element	Description
ds-rights-attribute	Adds attribute information about an RBE policy's rights.

Attributes

Attribute	Possible Values	Default Value
dn		#REQUIRED

Content Rule

(ds-rights-attribute*)

Parent Elements

Element	Description
ds-rights-other-objects	Contains information about an RBE policy's rights to other objects.

ds-rights-attribute

Adds attribute information about an RBE policy's rights.

Allowed Content

None

Attributes

Attribute	Possible Values	Default Value
ds-attr-name ds-rights	CDATA Attribute name for these rights CDATA The rights for this attribute	#REQUIRED #REQUIRED

Attribute

Possible Values

Default Value

ds-attr-name

ds-rights

CDATA

Attribute name for these rights

CDATA

The rights for this attribute

#REQUIRED

Content Rule

None

Parent Elements

Element	Description
ds-rights-objects	Adds object information about an RBE policy's rights.

ds-attribute

Contains an attribute and value(s) to be stored on the containing ds-object. If there are multiple ds-values, the attribute named by ds-attr-name must be defined in eDirectory to contain multiple values.

Allowed Content

Element	Description
ds-value	Add attribute value
ds-member-query-url-info	used with the DirXML-SPFilterXML of a DirXML-SharedProfile

Attributes

Attribute	Possible Values	Default Value
ds-attr-name	CDATA	#REQUIRED

Content Rule

(ds-value*, ds-member-query-url-info?)

Parent Elements

Element	Description
ds-attributes	Adds attributes on the containing ds-object element.
ds-aux-class-attributes	Adds attributes on an auxiliary class on the containing ds-object element.

ds-member-query-url-info

Contains information used to construct an LDAP memberQueryURL attribute value from a DirXML-SPFilterXML value. Used only with the DirXML-SPFilterXML attribute of a DirXML-SharedProfile --object when exporting an RBE policy.

Allowed Content

None

Attributes

Attribute	Possible Values	Default value
base-dn	CDATA The base DN of the query in Fully Qualified Distinguished Name format.	#REQUIRED
scope	CDATA The scope of the query, such as base, one, sub, and so on. Default value is “base”.	#IMPLIED
x-chain	CDATA The x-chain of the query. Default value is “”.	#IMPLIED

Attribute

Possible Values

Default value

base-dn

CDATA

The base DN of the query in Fully Qualified Distinguished Name format.

#REQUIRED

scope

CDATA

The scope of the query, such as base, one, sub, and so on. Default value is “base”.

#IMPLIED

x-chain

CDATA

The x-chain of the query. Default value is “”.

#IMPLIED

Content Rules

None

Parent Elements

Element	Description
ds-attribute	Contains an attribute and value(s) to be stored on the containing ds-object.

ds-value

Contains individual attribute values for an attribute. The contents are based on the syntax of the attribute. The stream attributes are stored as base64 encoded strings.

Allowed Content

None

Attributes

Attribute	Possible Values	Default Value
base64-encoded	ʺtrueʺ or “false”	false
contains	ʺtextʺ, ʺbase64encodedʺ, or ʺxmlʺ	None

Content Rule

None

Parent Elements

Element	Description
ds-attribute	Contains an attribute and value(s) to be stored on the containing ds-object.