The ds-object DTD is used to create an object of the specified class and name in the container object. You can specify the hierarchy of objects to be created as part of driver import in a driver configuration file. The specification of these objects takes the form of ds-object elements as first level children of the driver-configuration element. A ds-object construct is also used for importing provisioning objects within a provisioning element, Role-based Entitlement objects within an rbe-policies element, and Identity Manager Job objects within a Jobs element.
The driver configuration level ds-object elements are processed after all variable analysis and patching is completed so that the contents of the ds-object elements can be controlled by user prompts in the driver configuration file. The top level ds-object element specifies an object to be created at the root of the tree being imported into. To create object's within a nested container, you must specify the hierarchy of the objects using the nested ds-object elements that specify the appropriate class for each object in the hierarchy. If your driver configuration file creates the objects in the hierarchy, you need to include appropriate ds-attribute elements to specify the attributes of the these objects.
The ds-object elements are used for object creation only. If an object by the same name and class name, such as ads-object, already exists in the Identity Vault, the object is not changed (that is, the ds-attribute values from the driver configuration file are not applied). If an object with the same name from a different class exists, an error is generated. The ds-object child elements of ds-object elements are always processed using the same rules. The following is an example of ds-object XML definition:
<add class-name="User" src-dn="\Sam"> <association>1012</association> <add-attr attr-name="cn"> <value>Sam</value> </add-attr> <add-attr attr-name="Surname"> <value>Jones</value> </add-attr> <add-attr attr-name="Given Name"> <value>Sam</value> </add-attr> <add-attr attr-name="Telephone Number"> <value>555-1212</value> </add-attr> </add>
Element |
Description |
---|---|
ds-object |
Creates an object of the specified class and name in the container object. |
ds-attributes |
Adds attributes on the containing ds-object element. |
ds-attributes (job) |
Adds job specific values and query information defining a job on the containing ds-object element. |
ds-aux-class-attributes |
Adds attributes on an auxiliary class on the containing ds-object element. |
ds-rights-other-objects |
Adds information about an Role-based Entitlements policy's rights to other objects. |
ds-rights-object |
Adds object information about an Role-based Entitlements policy's rights. |
ds-rights-attribute |
Adds attribute information about an Role-based Entitlements policy's rights. |
ds-attribute |
Adds an attribute and value(s) to be stored on the containing ds-object. |
ds-member-query-url-info |
Adds an LDAP memberQueryURL attribute value. |
ds-value |
Adds individual attribute values for an attribute. |
Creates an object of class specified in the ds-object-class attribute in the container object. The ds-object element describes an object hierarchy that is to be created in the Identity Vault as part of importing the driver configuration file. When contained in a provisioning element, the object is created in the DirXML-Driver object. When nested in another ds-object element, the object is created under that object. The containing ds-object element must specify an Identity Vault container class that can contain an object of the specified class. When contained in a driver-configuration element, the object is created at the root of the eDirectory tree. If the object already exists, the attributes are ignored but any nested ds-object's are processed.
Attribute |
Possible Values |
Default Value |
---|---|---|
ds-object-class |
CDATA The class name of the object to create in the Identity Vault. |
#REQUIRED |
ds-object-name |
CDATA The name of the class under which the object is to be to created in the Identity Vault. |
#REQUIRED |
base-dn |
CDATA The base dn from the root where the object is to created in the Identity Vault. |
#REQUIRED |
on-update |
CDATA The possible value is “overwrite” and the default value is “ignore”. overwrite can be used to indicate overwriting existing values on an eDir object. By default, it is set to “ignore.” If an object mentioned in the ds-object is already present in Identity Vault, ds-object creation does not perform anything. This option can only be used if you are deploying ds-objects through Designer. |
None |
Attribute |
Possible Values |
Default Value |
ds-object-class |
CDATA The class name of the object to create in the Identity Vault. |
#REQUIRED |
Attribute |
Possible Values |
---|---|
ds-object |
Adds object within this object. |
ds-attributes |
Adds attributes to the containing ds-object. |
ds-attributes (job) |
Adds the job specific attributes and queries information on the containing ds-object defining a job. |
ds-aux-class-attributes |
Adds attributes of the auxiliary class on the containing ds-object. |
ds-rights-other-objects |
Adds ds-object defines an Role-based Entitlement policy. |
(ds‐object, ds‐attributes, ds‐aux‐class‐attributes, ds‐rights‐other‐objects)
Element |
Description |
---|---|
ds-object |
Creates an object of the specified class and name in the container object. |
Contains attributes to be stored on an auxclass of the containing ds-object.
Element |
Description |
---|---|
ds-attribute |
Contains an attribute and value(s) to be stored on the containing ds-object. |
None
(ds-attribute*)
Element |
Description |
---|---|
ds-object |
Create an object of specified class and name in the container object. |
Used within a ds-object defining a job, contains attributes to be stored on the job as well as job specific values and queries.
Element |
Description |
---|---|
job-email-server-query |
Contains the the email server to be associated with the containing DirXML-Job. |
job-scope-query |
Contains the scope information for the job. |
job-servers-query |
Contains the servers to be associated with the job. |
job-reference-dnquery |
Contains a job reference DN for the job. The number and content of these is based on the content of the exported job's XmlData. |
Attribute |
Possible Values |
Default Value |
---|---|---|
jjob-name |
CDATA |
#REQUIRED |
job-display-name |
CDATA |
#IMPLIED |
attr-name |
CDATA |
#REQUIRED |
aux-class-name |
CDATA |
#IMPLIED |
reference-name |
CDATA |
#REQUIRED |
reference-display-name |
CDATA |
#IMPLIED |
target-class-filter |
CDATA |
#IMPLIED |
(job-email-server-query, job-scope-query, job-servers-query, (job-reference-dn-query)
Element |
Description |
---|---|
ds-object |
Create an object of specified class and name in the container object. |
Contains attributes to be stored on an auxclass on the containing ds-object.
Element |
Description |
---|---|
ds-attribute |
Contains an attribute and value(s) to be stored on the containing ds-object. |
Attribute |
Possible Values |
Default Value |
---|---|---|
aux-class-name |
CDATA Name of the auxclass the contained ds-attribute. |
#REQUIRED |
(ds-attribute*)
Element |
Description |
ds-object |
Creates an object of specified class and name in the container object. |
Contains information about an RBE policy's rights to other objects.
Element |
Description |
---|---|
ds-rights-object |
Adds object information about an Role-based Entitlements policy's rights. |
None
(ds-rights-object*)
Element |
Description |
---|---|
ds-object |
Creates an object of specified class and name in the container object. |
Adds object information about an RBE policy's rights.
Element |
Description |
---|---|
ds-rights-attribute |
Adds attribute information about an RBE policy's rights. |
Attribute |
Possible Values |
Default Value |
---|---|---|
dn |
#REQUIRED |
(ds-rights-attribute*)
Element |
Description |
---|---|
ds-rights-other-objects |
Contains information about an RBE policy's rights to other objects. |
Adds attribute information about an RBE policy's rights.
None
Attribute |
Possible Values |
Default Value |
---|---|---|
ds-attr-name ds-rights |
CDATA Attribute name for these rights CDATA The rights for this attribute |
#REQUIRED #REQUIRED |
None
Element |
Description |
---|---|
ds-rights-objects |
Adds object information about an RBE policy's rights. |
Contains an attribute and value(s) to be stored on the containing ds-object. If there are multiple ds-values, the attribute named by ds-attr-name must be defined in eDirectory to contain multiple values.
Element |
Description |
---|---|
ds-value |
Add attribute value |
ds-member-query-url-info |
used with the DirXML-SPFilterXML of a DirXML-SharedProfile |
Attribute |
Possible Values |
Default Value |
---|---|---|
ds-attr-name |
CDATA |
#REQUIRED |
(ds-value*, ds-member-query-url-info?)
Element |
Description |
---|---|
ds-attributes |
Adds attributes on the containing ds-object element. |
ds-aux-class-attributes |
Adds attributes on an auxiliary class on the containing ds-object element. |
Contains information used to construct an LDAP memberQueryURL attribute value from a DirXML-SPFilterXML value. Used only with the DirXML-SPFilterXML attribute of a DirXML-SharedProfile --object when exporting an RBE policy.
None
Attribute |
Possible Values |
Default value |
---|---|---|
base-dn |
CDATA The base DN of the query in Fully Qualified Distinguished Name format. |
#REQUIRED |
scope |
CDATA The scope of the query, such as base, one, sub, and so on. Default value is “base”. |
#IMPLIED |
x-chain |
CDATA The x-chain of the query. Default value is “”. |
#IMPLIED |
None
Element |
Description |
---|---|
ds-attribute |
Contains an attribute and value(s) to be stored on the containing ds-object. |
Contains individual attribute values for an attribute. The contents are based on the syntax of the attribute. The stream attributes are stored as base64 encoded strings.
None
Attribute |
Possible Values |
Default Value |
---|---|---|
base64-encoded |
ʺtrueʺ or “false” |
false |
contains |
ʺtextʺ, ʺbase64encodedʺ, or ʺxmlʺ |
None |
None
Element |
Description |
---|---|
ds-attribute |
Contains an attribute and value(s) to be stored on the containing ds-object. |