Programming Guides › Connector Programming Guide › Connector Review Checklist › Metadata Use Considerations

Metadata Use Considerations

As a CA IAM CS connector is expected to be a fairly thin adapter between LDAP and the native endpoint system, optimal use of metadata significantly reduces the amount of custom coding required. For static C++ options that have been ported, there is typically, an 80-90 percent code reduction. Consider the following when you rate the degree to which metadata has been used correctly:

1. Has connectorMapTo and similar supporting values (possibly with extra connector-specific metadata settings being added), been used to minimize coding?
2. Have you verified that no LDAP object classes or attributes are referenced in the connector's code, and that connectorMapTo or connectorMapToAlias values have been used instead?
3. Have optimal choices of data model value types been used?
   • Has the correct value definition for datamodel properties been used?
   • Have metadata enum definitions been used where appropriate?
   • Have flexistr values been used where required?
4. Do all appropriate metadata items on the Connector object class have isConnection=true?

   Have you fully tested changing of connection-related attributes?

5. Do all attributes requiring secure handling such directory and account passwords have secure metadata settings?

   isWriteOnly=true means that the attribute value can only be written and not read back and should be used on attributes containing sensitive data, unless there a requirement that they can be queried.

6. Is metadata and opbindings modification through LDAP MODIFY requests allowed for this connector? If not, then allowMetadataModifyGlobally (server_jcs.properties) and allowMetadataModify in connector.xml can be used to lock down the connector with respect to metadata changes.
   • allowMetadataModifyGlobally can be set in the server_jcs.xml and can disable all metadata modifications server wide.
   • allowMetadataModify is set on a per connector basis and can override the server setting.
   • Enabling metadata modifications means that metadata can be updated from time to time, when connector is up and running. However, it can be beneficial to keep it locked down which means no metadata changes are allowed until the flag is reset again.