Jaa


Management Agent for Directory Services Markup Language (DSML)

Applies To: Windows Server 2003 with SP1

Use the management agent for Directory Services Markup Language (DSML) to synchronize data in DSML 2.0 format.

Properties

Available in Identity Integration Feature Pack for Microsoft® Windows Server™ Active Directory® (IIFP)

No

Management agent type

File-based

Supported connected data source versions

  • Directory Services Markup Language (DSML) 2.0

MIIS 2003 features supported

  • Password management by using password extension

  • Full import

  • Delta import

  • Export

Schema Information

  • The schema is generated based on the discovery of the data in the template input file. When you refresh the schema for this management agent, Management Agent Designer starts, reads the template input file, and then updates the management agent schema. Then, you can update the management agent configuration based on the new schema.

Remarks

  • When you create a management agent for DSML, the sample file should contain all the object classes that you plan to use. If, during an import from a data file, MIIS 2003 encounters an object class that has not been defined, or mapped, it only traverses the object class hierarchy to the level that was defined in the sample file.

    For example, you map the object classes in the following table from the sample file during the creation of the management agent.

    Object class in sample file Mapped to object type in management agent

    top, OrganizationalUnit

    OrganizationalUnit

    top, person

    person

    top, person, organizationalPerson

    organizationalPerson

    After the management agent is created, if you import a data file that contains an object class that is not defined, or mapped, in the management agent, FIM matches that object against the object class with the longest continuous prefix in the object class hierarchy.

    For example, given the mappings defined above, FIM maps defined and undefined object classes as shown in the following table.

    Object class Object type

    top, organizationalUnit

    organizationalUnit

    top, organizationalUnit, container

    organizationalUnit

    top, person

    person

    top, person, inetOrgPerson

    person

    top, person, organizationalPerson

    organizationalPerson

    top, person, organizationalPerson, inetOrgPerson

    organizationalPerson

  • The format of a DSML 2.0 input file consists of a set of entries, each containing a distinguished name or globally unique identifier (GUID) of the object and sets of attributes and values. Every DSML 2.0 file must end with a <searchResultDone> tag, or Microsoft Identity Integration Server 2003 will fail to parse the file. The following is a sample of a DSML 2.0 input file:

    - <batchResponse xmlns="urn:oasis:names:tc:DSML:2:0:core" xmlns:xsd="https://www.w3.org/2001/XMLSchema" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance">
    - <searchResponse>
    - <searchResultEntry dn="CN=46e25386-32a1-4589-8156-42bb244bcdce">
    - <attr name="objectclass">
        <value>employee</value>
        </attr>
    - <attr name="employeeid">
        <value>123</value>
        </attr>
    - <attr name="firstname">
        <value>some</value>
        </attr>
    - <attr name="lastname">
        <value>one</value>
        </attr>
    - <attr name="email">
        <value>someone@example.com</value> 
        </attr>
    </searchResultEntry>
    - <searchResultDone>
        <resultCode code="0" descr="success" /> 
    </searchResultDone>
    </searchResponse>
    </batchResponse> 
    
  • For file-based management agents, the template input file should contain all the object classes and attributes that will be synchronized, and it should be in a full import format

  • Microsoft Identity Integration Server 2003 treats all data as case sensitive.

  • When you select the Code Page type in the DSML management agent, it specifies only what export code page to use, not the import code page.

  • Import and export DSML files are not identical in format and cannot be interchanged. Import DSML file use must use <searchResult> tags, and export DSML files must use <addRequest> tags.

Important

In order to successfully use the management agent for DSML, the connected data source must be able to produce a valid DSML import file. You cannot re-import an export DSML file that has been exported from a management agent run. Without a valid DSML import file, you will be unable to confirm your exports.

  • File-based management agents do not export characters that are not in the destination code page. ILM 2007 FP1 fails when it attempts to export objects that contain any character that is not in the target connected data source code page. If you try to avoid this behavior by converting the file to Unicode and then doing a best-fit translation, ILM 2007 FP1 cannot confirm the export. As a workaround, you can do your own file translation during export attribute flow.

  • File-based management agents only support importing a single value for the object class (OC) attribute. If you try to import a multi-value OC attribute from a connected data source, the management agent will fail with a "multi-single-mismatch" error.

  • This management agent provides a DSML level 1 consumer and level 1 producer. Although it does not make use of any schema, this management agent can process the following document types:

    • Documents that contain no directory schema or any references to an external schema.

    • Documents that contain no directory schema but that contain at least one reference to an external schema.

    • Documents that contain only a directory schema.

    • Documents that contain both a directory schema and entries.

  • When you create a management agent for DSML, the sample file should contain all the object classes that you plan to use. If, during an import from a data file, Microsoft Identity Integration Server 2003 encounters an object class that has not been defined, or mapped, it only traverses the object class hierarchy to the level that was defined in the sample file.

  • If you use a template input file that is larger than 200 KB, ILM 2007 FP1 analyzes only the first 100 objects when discovering the schema. As a result, if there are object classes and attributes that you want to synchronize that do not appear in the first 100 objects, manually add those object classes and attributes as connector space object types and attributes. Depending on the size of the file, a delay might occur when ILM 2007 FP1 reads the entire file.

See Also

Concepts

Management Agents in MIIS 2003