Monthly Archives: July 2013

JNDI Feed quick reference

A quick list of the main points to remember when using the ibm.JNDI connector to ISIM;

General

Provider URL: http://yourhost:9080/enrole/dsml2_event_handler

JNDI Driver: com.ibm.dsml2.jndi.DSML2InitialContextFactory

Create an IDI feed service in ISIM, switch on “use workflow” to make sure workflows are run(!), set the naming context to be “dc=<yourNamingContext>” – this is used by the TDI AL’s

Include only the objectclass that maps to the Entity you want to create.  If you pass multiple then ISIM will choose one of them & generally it won’t be the one you want(!).

Ensure the ITIM service “user id” and password match those provided in the “Connection” tab in TDI.

 Add

In the output map provide $dn which should be in the form “uid=<uid for identity>,dc=serrviceNamingContext”

Map whatever attributes you want, or (and provided you validate the attribute list first!), map all attributes so that the AL isn’t affected by schema changes.

 Modify

Set a link criteria to be;

ret.filter="(uid=" + work.getString("uid") + ")";

Set the search base to be the naming context of the IDI service in ITIM i.e. dc=<yourNamingContext>).

In the output map, set $dn “Add” to true and “Mod” to false.  Also set objectclass the same way.

You have to provide attributes in the attribute map for modify.  You can provide the whole schema if required (drag & drop) – ITIM will only update attributes that aren’t null.  Again, this is useful to protect against schema changes breaking the JNDI feed.

Delete

Set a link criteria to be;

ret.filter="(uid=" + work.getString("uid") + ")";

Set the search base to be the naming context of the IDI service in ITIM i.e. dc=<yourNamingContext>).

The Input map can be blank – it’s a delete after all.

Ok – that was the brutally cut down version, but it should be enough….

 

Problems and solutions

“com.ibm.dsml2.jndi.DSML2NamingException: Server returned HTTP response code: 401 “ means that the username/password used to access the ITIM service is incorrect. HTTP code 401 is “Unauthorized” after all.

Under the “Advanced” part of the connector, set the following;

  • Authentication Method: Simple
  • Login username: <Match the User ID field in the service definition form in ITIM>
  • Login password: <Match the Password field in the service definition form in ITIM>

“The following exception occured while validating field: _batchRequestTypeChoiceList of class: com.ibm.dsml2.parser.BatchRequest'”

  •  Again, this can be an authentication issue.  Check the username / password on the JNDI connector.
  • It can also be caused by the “Link criteria” being specified incorrectly.  The link criteria should be specified as a valid LDAP filter, including brackets.  A simple mistake would be to specify a link criteria of “uid=myUserName”, this should be “(uid=myUserName)” (without quotes of course.