An operation binding is additional logic, such as a stored procedure or a script, that you can bind to a particular operation to specialize the handling of that operation. You can specify the timing of the logic invoked by the stored procedure in relation to the operation, that is, will it run before, after, or instead of the operation.
When CA IAM Connector Server performs any operation, CA IAM Connector Server verifies whether there are any operation bindings that tell it to invoke some logic before, instead of, or after that operation.
For example, imagine you want to add a user to an endpoint. You have the user's given name and family name. On the endpoint system, however, the record for that user is an attribute made up of a particular combination of their given name and family name. To resolve this situation, you can create a script that combines the two names to match the endpoint format and then, using an operation binding, specify that this script must run before any search you perform on the endpoint system.
An operation binding can invoke a stored procedure for Add, Modify, Delete, and Rename operations.
An operation binding can invoke a script for Add, Modify, Delete and Rename operations, and an additional 16 operations such as Search, Lookup, Modify-Assocs, Delete-Assocs, Activate, Deactivate, and such.
A script in this instance can either be a called function stored in a global script, or a stand-alone scriptlet. Calling functions that exist within a global script is best practice because you can then reuse those functions for other operation bindings.
You can apply an operation binding to any object class. For example, if you want to record all modify operations to either an account object or a group object in a log file, you could use a single operation binding and apply it to both.
You can apply multiple operation bindings with the same timing (before, after, instead of) to a single object. For example, invoking two stored procedures to run before a particular operation.
Note: Connector Xpress does not support binding an operation to a compound class.
Stored procedures are located on JDBC endpoints. They are code that CA IAM Connector Server can invoke before, after, or instead of an operation. Stored procedures are only relevant for relational database endpoints and are written in the language specific to that endpoint.
Scripts are located in the Connector Xpress project file and are written using JavaScript. As with stored procedures, CA IAM Connector Server can invoke a script before, after, or instead of any CA Identity Manager operation.
You can create global scripts or individual scripts. A global script contains JavaScript functions that any number of operation bindings can invoke. Global scripts are an excellent way to store and reuse common functions.
An individual script is a piece of JavaScript code that is only used by a single operation binding. You would typically use an individual script for a simple specialization of the operation. If you want to bind several functions within a global script, you can create an individual script that invokes selected functions.
You can bind operations to stored procedures on JDBC databases to specify actions that you want to occur, before, after, or instead of, standard account CRUD operations. For example, Add, Modify, and Delete. Other types of operations are available, depending on the type of operation binding you select.
Follow these steps:
The Operation Bindings Editor appears.
You have specified the object class you want to create the operation binding for.
The Create Operation Binding dialog appears.
You have specified the object classes you want to apply the operation binding to.
You have specified the type of operation that you want to bind the operation to.
You have specified when the operation binding is executed.
A node is added to the mapping tree which displays the type of operation, the timing you selected and the name of class you want the operation binding to apply to.
The Stored Procedure dialog appears.
You have bound the procedure to the operation you specified in step 8.
Note: If the procedure list fails to populate verify that your database does not have outstanding transactions or locks on the schema metadata.
You have specified the parameters for a stored procedure style operation binding.
You can bind operations to scripts to specify actions that you want to occur, before, after, or instead of, standard account CRUD operations, such as Add, Modify and Delete. Other types of operations are available, depending on the type of operation binding you select. You can bind an operation to a specific function in a global script, or bind an operation to an individual script. You can bind operations to scripts for any endpoint types which permit them (such as JNDI and JDBC).
Follow these steps:
The Operation Bindings Editor appears.
You have specified the object class you want to create the script binding for.
The Create Operation Binding dialog appears.
You have specified the object classes you want to apply the script binding to.
You have specified the type of operation that you want to bind the script to.
You have specified when the script binding is executed.
A node is added to the mapping tree which displays the type of operation, the timing you selected and the name of class you want the script binding to apply to.
The Script Editor dialog appears.
Selecting a global script specifies the script where the function you want to bind to the operation is located.
You have specified the function you want to bind to the operation.
The Edit Script dialog appears.
You have specified the parameters for a script binding style operation binding.
If you created operation bindings in another project and you want to reuse them, or if you simply want to restore operation bindings from a backup, you can import operation bindings from an XML file.
When you import operation bindings, Connector Xpress imports operation bindings and any references to stored procedures.
Follow these steps:
The Import Operation Bindings dialog appears.
The imported operations bindings and all associated scripts or references to stored procedures appear under the Operation Bindings node.
If you plan to reuse operation bindings in another project or if you simply want to back up your operations bindings, you can export operation bindings to an XML file. When you export operation bindings, Connector Xpress makes a copy of all operation bindings and any scripts or references to stored procedures.You can create a copy of a live endpoint type and that contains all operation bindings.
Follow these steps:
The Export Operations Bindings dialog appears.
Your operation bindings are saved.
When you export operation bindings, Connector Xpress automatically encapsulates scripts in CDATA sections in the exported XML file. You can easily cut-and-paste from exported XML files without having to worry about XML quoting issues such as "<" => "<" and "&" => "'".
This section covers some recommendations for your database schema to ensure smooth operations with stored procedures.
Stored procedure arguments that do not have a common SQL type reported by their drivers (that is, the driver returns java.sql.Type.OTHER = 1111) are treated as Type.VARCHAR (16), assuming that the driver converts from string to the argument’s desired native type. For example, this works for Oracle NVARCHAR2 arguments. If this does not work, your stored procedure is not invoked and a failure message ending with “Invalid column type” appears.
We recommend that you use basic types (for example, basic types related to VARCHAR) for stored procedure arguments where possible, and verify other argument types against a single stored procedure against your desired vendor and version before proceeding to wide spread usage.
Verify that the native type of account/group table column you select as the key when creating a Group-Account association matches the type of corresponding columns in your chosen membership table. If they do not match, then membership information is not retrieved successfully. We recommend that you use strict constraints as much as possible. For example, if the column you select as the group naming attribute is of type NVARCHAR2 and the matching column is of type VARCHAR2 in the membership table, then looking up the groups an account belongs to returns an empty list (or at least is missing groups which have multibyte characters in their names).
We recommend that you do not use the percent (%) and underscore (_) characters because they act as wildcard characters when searching for database objects like schemas, tables, table columns, and stored procedure arguments. These values are quoted where they do appear, but this is an area of considerable divergence between vendors and versions. For example, some vendors do not report the quotation character used in some releases correctly. There are no longer any known problems with %/_ for any of our supported vendors.
Important! Connector Xpress and CA IAM Connector Server read and write data from stored procedures through their arguments. However, they do not verify the validity of the code of any stored procedures you bind to. We recommend that you verify the validity of the code of any stored procedures you bind to.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|