TIBCO Adapter For LDAP - User's Guide

TIBCO Adapter™ for LDAP
User’s Guide
Software Release 5.4
September 2006
Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH
EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY
(OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE.
THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY
ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.
USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND
CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED
SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT,
THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING
DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN
TIBCO ADAPTER FOR LDAP USER’S GUIDE). USE OF THIS DOCUMENT IS SUBJECT TO
THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE
ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.
This document contains confidential information that is subject to U.S. and international copyright
laws and treaties. No part of this document may be reproduced in any form without the written
authorization of TIBCO Software Inc.
TIB, TIBCO, TIBCO Software, TIBCO Adapter, Predictive Business, Information Bus, The Power of
Now, TIBCO Adapter, TIBCO Rendezvous, TIBCO Administrator, TIBCO IntegrationManager,
TIBCO Designer, TIBCO Hawk, and TIBCO Enterprise Message Service are either registered
trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.
EJB, J2EE, JMS and all Java-based trademarks and logos are trademarks or registered trademarks of
Sun Microsystems, Inc. in the U.S. and other countries.
All other product and company names and marks mentioned in this document are the property of
their respective owners and are mentioned for identification purposes only.
This software may be available on multiple operating systems. However, not all operating system
platforms for a specific software version are released at the same time. Please see the readme.txt file
for the availability of this software version on a specific operating system platform.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL
ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE
CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO
SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S)
AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.
THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY
OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE,
INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.
Copyright © 1999-2006 TIBCO Software Inc. ALL RIGHTS RESERVED.
TIBCO Software Inc. Confidential Information
| iii
Contents
Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
TIBCO Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Other TIBCO Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
How to Contact TIBCO Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Chapter 1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Adapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Integration With LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Directory Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Adapter Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Adapter Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Publication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Subscription Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Preparing your Environment for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
LDAP Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Pre-Installation Worksheet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Adapter Machine Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
LDAP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
LDAP Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installer Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Upgrading the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Uninstalling the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Installation Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Microsoft Windows Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
UNIX Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Installation History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
TIBCO Adapter for LDAP User’s Guide

iv
| Contents
Adapter Components and Compatible Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Adapter Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Required and Optional TIBCO Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Installing on Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Installing on Microsoft Windows 2000 and 2003 Terminal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Installing the Adapter on Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Combining Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Installation on UNIX Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Installing the Adapter on UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Combining Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Post Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Installation FAQs and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Running Out of Disk Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Installation Errors on HPUX 11.00 64 bit Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Configuring TIBCO Hawk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Cannot Install the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Chapter 3 Preparing LDAP Server Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Preparing the LDAP Server for Use with the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Enabling SSL on the LDAP Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Setting Search Size Limit on the LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Chapter 4 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Scenario Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Connections to LDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Permissions to Access Repository Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Other Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Setting LDAP Connection Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Create the Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Configure the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Configure the Publication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configure the Subscription Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Configure the Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Convert the Project to a Repository File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Configuring the Project Using TIBCO IntegrationManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Configure the Publication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Configure the Subscription Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configure the Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Contents v
|
Deploy the Project and Start the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Configuring the Exercises Using TIBCO IntegrationManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Chapter 5 Adapter Instance Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Configuring the SSL Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Converting Certificates to Use SSL at Design Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Converting Certificates to Use SSL at Run-Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Using SSL with the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Adapter Instance Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Design-time Connection Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Run-time Connection Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
General Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Multithreading Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Logging Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Startup Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Monitoring Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Adapter Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Publication Service Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Transport Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Schema View Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Schema Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Subscription Service Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Transport Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Schema View Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Schema Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Request-Response Service Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Transport Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Schema View Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Schema Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Supported LDAP Operations and Message Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Specifying an Attribute Filter as a Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Handling Entries Belonging to Multiple Object Classes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Chapter 6 Deploying and Starting the Adapter Using TIBCO Administrator . . . . . . . . . . . . . 141
Create an EAR File in TIBCO Designer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

vi
| Contents
Deploy the Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Start or Stop the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Monitor the Adapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Chapter 7 Advanced Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Using the Adapter with a Revision Control System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Defining a TIBCO Hawk Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Using Global Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
Changing Global Variable Values at Runtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Predefined Global Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Setting Encoding Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
LDAP Server Synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Password Synchronization between Sun ONE Directory Server and Microsoft Active Directory Server. . . 158
Configuring the Repository for Binary Attribute Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Message Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Message Acknowledgement by the Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Message Acknowledgement by the Subscription Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Publishing Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Configuring Timers for Publication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Publishing Messages in Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Persistent Publishing of Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Publishing Duplicate Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Publishing Deleted Entries in the Microsoft Active Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Updating Entries in the LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Adding a User Account with a Password into Microsoft Active Directory Server . . . . . . . . . . . . . . . . . . . . . . . . 166
Changing the LDAP Server Connection Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Chapter 8 Monitoring the Adapter Using TIBCO Hawk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Starting TIBCO Hawk Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
The Auto-Discovery Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Invoking Microagent Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Available Microagents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
activateTraceRole() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
deactivateTraceRole() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
getAdapterServiceInformation(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
getComponents() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
getConfig() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
getConfigProperties(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
getHostInformation() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

Contents vii
|
getRvConfig() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
getStatus() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
getTraceSinks(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
getVersion() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
_onUnsolictedMsg() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
preRegisterListener() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
reviewLedger() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
setTraceSinks() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
stopApplicationInstance() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
unRegisterListener() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
getActivityStatistics(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
getActivityStatisticsByOperation(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
getActivityStatisticsBySchema() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
getActivityStatisticsByService. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
getConnectionStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
getPollingInterval() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
getQueueStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
getThreadStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
resetActivityStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
resetConnectionStatistics(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
resetThreadStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
setPollingInterval() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Appendix A Trace Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
Trace Message Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Appendix B Additional LDAP Directory Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Setting Default Naming Context in ADAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Configuring Global Catalog Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

viii
| Contents

| ix
Figures
Figure 1 Logical Architecture for Integration with LDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Figure 2 Typical Publication Service Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Figure 3 Typical Subscription Service Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Figure 4 Typical Request-Response Service Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

x
| Figures

| xi
Tables
Table 1 TIBCO Adapter components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Table 2 Required and Optional TIBCO Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Table 3 Supported platforms, package names, service packs and disk space for Microsoft Windows . . . 25
Table 4 Supported platforms, hardware, package names, patches and disk space for UNIX systems . . . 30
Table 5 Predefined Global Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Table 6 Microagent Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Table 7 Tracing Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

xii
|

| xiii
Preface
TIBCO Adapter™ for LDAP is a bidirectional gateway between applications

configured for the TIBCO environment and an LDAP server.
Topics
• Related Documentation, page xiv

• How to Contact TIBCO Customer Support, page xvii

xiv
| Related Documentation
Related Documentation
This section lists documentation resources you may find useful.
TIBCO Product Documentation

The following documents form the TIBCO Adapter™ for LDAP documentation
set:
• TIBCO Adapter Concepts — Read this manual to gain an understanding of
adapters in general that you can apply to the various tasks you may
undertake.
• TIBCO Adapter for LDAP User’s Guide — This manual explains concepts
relating to the adapter and the application with which it interacts. Installation,
configuration, and deployment information is included in this manual.
• TIBCO Adapter for LDAP Examples Guide — This manual provides hands-on
examples that demonstrate the use of the adapter.
• TIBCO Adapter for LDAP Release Notes — Read this document for information
about new features, deprecated features, and open and closed issues.
• README for TIBCO Adapter for LDAP — Read this document to get
information on the current release version, and see a summary of software
and hardware requirements for installing and running the adapter.
Other TIBCO Product Documentation

You may find it useful to read the documentation for the following TIBCO
products. Note that only books that relate to adapters are listed. Each of the books
is available from the doc directory in the product’s installation area.
• TIBCO ActiveEnterprise™ software:
— TIBCO ActiveEnterprise Concepts
• TIBCO Designer™ software:
— TIBCO Designer User’s Guide
— TIBCO Designer Palette Reference
— TIBCO Designer Release Notes

Preface xv
|
• TIBCO Administrator™ software:

— TIBCO Administrator User’s Guide
— TIBCO Administrator Server Configuration Guide
— TIBCO Administrator Release Notes
• TIBCO BusinessWorks™ software:
— TIBCO BusinessWorks Concepts
— TIBCO BusinessWorks QuickStart
— TIBCO BusinessWorks Process Design Guide
— TIBCO BusinessWorks Palette Reference
— TIBCO BusinessWorks Installation
— TIBCO BusinessWorks Release Notes
• TIBCO IntegrationManager™ software:
— TIBCO IntegrationManager Concepts
— TIBCO IntegrationManager Administrator’s Guide
— TIBCO IntegrationManager Process Design Guide
— TIBCO IntegrationManager Reference
— TIBCO IntegrationManager Release Notes
• TIBCO Rendezvous™ software:
— TIBCO Rendezvous Concepts
— TIBCO Rendezvous Administration
— TIBCO Rendezvous Configuration Tools
• TIBCO Enterprise Message Service™ software:
— TIBCO Enterprise Message Service User’s Guide
— TIBCO Enterprise Message Service Installation
— TIBCO Enterprise Message Service Application Integration
— TIBCO Enterprise Message Service Release Notes
• TIBCO Hawk® software:
— TIBCO Hawk Installation and Configuration
— TIBCO Hawk Administrator’s Guide

xvi
| Related Documentation
• TIBCO Adapter™ SDK

— TIBCO Adapter SDK Concepts
• TIBCO Runtime Agent™ software
— TIBCO Runtime Agent Release Notes
— TIBCO Runtime Agent Installation
— TIBCO Runtime Agent Domain Utility User’s Guide
— TIBCO Runtime Agent Upgrading to Release 5.4

Preface xvii
|
How to Contact TIBCO Customer Support
For comments or problems with this manual or the software it addresses, please
contact TIBCO Support Services as follows.
• For an overview of TIBCO Support Services, and information about getting
started with TIBCO Product Support, visit this site:
http://www.tibco.com/services/support/
• If you already have a valid maintenance or support contract, visit this site:
http://support.tibco.com
Entry to this site requires a username and password. If you do not have a
username, you can request one.

xviii How to Contact TIBCO Customer Support
|

|1
Chapter 1 Concepts
This chapter introduces the TIBCO Adapter for LDAP product by providing
background information about its features and product elements, and about the
applications that use it.
Topics
• Adapter Overview, page 2

• Adapter Features, page 4
• Adapter Services, page 10

2
| Chapter 1 Concepts
Adapter Overview
TIBCO Adapter for LDAP brings LDAP servers into the TIBCO interoperability
framework. The adapter allows applications configured for the TIBCO
environment to communicate with LDAP servers without any knowledge of
LDAP protocol, LDAP APIs, and LDAP server implementation. Applications can
retrieve information from or update LDAP servers.
The adapter provides a Publication Service, a Subscription Service, and a
Request-Response Server Service. The Publication Service publishes the changes
occurring on the LDAP server to the TIBCO environment. The Subscription
Service receives messages from the TIBCO environment, and updates the LDAP
server appropriately. The Request-Response Server Service receives requests for
LDAP information from applications, contacts the configured LDAP server for it,
and sends the results in its response to the TIBCO environment, for the
applications.
TIBCO Adapter for LDAP helps organizations to move transparently from
proprietary, application-specific directories to organization-wide LDAP
directories.
Integration With LDAP

LDAP is a client-server protocol for accessing a directory service. LDAP lets you
locate organizations, individuals, and other resources such as files and devices in
a network, whether on the Internet or on a corporate intranet. An LDAP directory
can be distributed among many servers on a network, then replicated and
synchronized regularly.
The adapter is a bidirectional gateway between an LDAP server and the TIBCO
environment. The distributed architecture of a typically-deployed TIBCO
Adapter for LDAP makes seamless integration into an LDAP-served enterprise
possible. The following figure is a high-level view of how the adapter is
integrated with LDAP in the TIBCO environment.

Adapter Overview 3
|
Figure 1 Logical Architecture for Integration with LDAP
TIBCO Environment
Messages
LDAP Server LDAP Directory

Store
TIBCO Adapter
for LDAP
Directory Store
In LDAP terminology, a directory store is a repository of information, typically
including information on resources, services, users, applications, devices and
configuration. Unlike a database, a directory is used mostly for read operations
and is rarely updated.
A server, which implements the directory store and supports the LDAP protocol
and API is typically referred to as an LDAP server.
Data on an LDAP server is stored as entries, each of which stores information
about some object or entity. Each entry has a number of attributes. Each attribute
has a type.
Each LDAP entry belongs to one or more object classes. An object class defines
what attributes entries can have, so object classes define the schema on an LDAP
server.
All entries on an LDAP server are organized into a tree structure, which is called
the Directory Information Tree (DIT).
LDAP servers allow users to add, update, delete, look up, and search for entries.
LDAP clients can be configured to connect to LDAP servers with or without
authentication.

4
Adapter Features
The following adapter features are described in detail in this manual. For
additional adapter features, refer to the TIBCO Adapter Concepts book.
Adapter Services
The following adapter services are supported:
• Publication Service — Publishes the changes occurring on the LDAP server to
JMS or TIBCO Rendezvous, for other applications to use.
• Subscription Service — Subscribes to messages from other applications on
JMS or TIBCO Rendezvous, and applies the requests contained in them to the
LDAP server.
• Request-Response Service — Receives requests for LDAP information from
applications, through JMS or TIBCO Rendezvous. It performs the required
operations on the LDAP server and sends the results in its reply.
An Easy-to-Use GUI
The adapter provides its own design-time component, namely the adapter
palette, which seamlessly integrates with TIBCO Designer. This easy-to-use
interface allows you to quickly configure adapter-specific features. You can use it
to enter, delete, and modify configuration information. You can easily specify
operational parameters and change them as needed.
Support for Dual TIBCO Messaging Transports

The adapter supports the following TIBCO messaging transports:
• TIBCO Rendezvous transport — This transport uses subject-based
addressing to provide support for both multicast or broadcast and
point-to-point communications. You can configure the delivery modes of the
messages and specify the wire format to be used when you configure the
adapter service.
• JMS transport — TIBCO Enterprise Message Service must be installed to use
the JMS transport. The JMS administration interfaces allow you to create and
manage administered objects such as Connection Factories, Topics, and
Queues. JMS clients can retrieve references to these objects by using Java
Naming and Directory Interface (JNDI). Creating static administered objects
allows clients to use these objects without having to implement the object
within the client. When a JMS client starts, it performs a JNDI lookup for the
connection factories that it needs. For details on JNDI, see the TIBCO

Adapter Features 5
|
Enterprise Message Service User’s Guide. You can specify the connection factory
type and the delivery mode to be used when you configure the adapter
service.
Support for Distributed Queues

A distributed queue is a group of cooperating transport objects, each in a separate
process. Each transport object is called a member. To balance the transmission
load among servers, the adapter can use distributed queues for one-of-n delivery
of messages to a group of servers. Each member of a distributed queue must listen
for the same subject using the TIBCO Rendezvous Distributed Queue listener
objects. Even though many members listen for each inbound message (or task),
only one member processes the message. For details on distributed queues, see
TIBCO Rendezvous Concepts.
In the queue mode within TIBCO Enterprise Message Service, each listener is a
single receiver of a point-to-point message. However, the listeners can be
configured as a set of receivers, each of which receives a fraction of the messages.
For details on TIBCO Enterprise Message Service distributed queues, see the
TIBCO Enterprise Message Service User’s Guide.
Load balancing for the processing of TIBCO Rendezvous or JMS certified
messages is supported using distributed queuing. The messages from TIBCO
Rendezvous or TIBCO Enterprise Message Service are distributed equally among
all instances that belong to the same group. This distributes the data load over
several adapter instances. However, the order in which the data is sent to the
application server is not guaranteed.
Support for Multithreading

The adapter maintains a pool of threads allowing it to respond to and process
multiple events simultaneously, thereby improving its performance. One thread
pool is maintained for an adapter configuration, allowing Publication,
Subscription, and Request-Response services to use the same thread pool.
Support for Internationalization

The adapter provides support for many encodings. The default encoding used by
the adapter is ASCII.
Schema Support
With the ActiveEnterprise wire format, you can configure a schema to describe
the structure of messages processed by the adapter. This feature is especially
useful in the following situations:

6
• Every adapter service supports one (and only one) schema. The service
restricts its operation (publish, subscribe, or request-response) to the chosen
schema as well as to a user-specified part of the DIT (Directory Information
Tree).
• If the schema information has changed on the LDAP server, you can
reconfigure the adapter instance to reflect the changes.
DIT Browsing
You can restrict the scope of a service to a specific part of the DIT.
• When you begin configuring a service, only the top-level entries in the tree are
visible. Entries below these are fetched dynamically when you explicitly
expand the subtrees.
• You can specify the number of entries. The maximum number of entries you
can specify is 10, 000. The tree expands if the number of entries is equal to, or
less than the value you specify.
• You can only select a single entry at any time since a service can be associated
only with one subtree.
• Each service lets you select a subtree of the LDAP DIT. The adapter supports
selection by example. For example, if you need to select object class X, you can
choose any entry belonging to object class X. Therefore, when you select a
particular LDAP entry type under a DIT, all the entries of that type,
irrespective of their position in the tree, will be supported by the service.
• If the tree selection is not required, all that you need to do is select the root of
the tree for each service.
• The adapter service will log an error and return an error message if the
incoming message tries to access other LDAP entry types or other portions of
the DIT tree.
Support for Basic Authentication

The adapter supports basic authentication, the most simple security mechanism
in LDAP. When using basic authentication with LDAP, the client identifies itself to
the server by means of a DN (Distinguished Name) and a password which are
sent in the clear over the network. The server considers the client authenticated if
the DN and password sent by the client matches the password for that DN stored
in the directory.

Adapter Features 7
|
Support for SSL

All data exchange between the adapter and LDAP server can now be secured via
a Secure Sockets Layer (SSL) connection.
Attribute Filtering
The adapter provides support for retrieving the attributes of an entry by
specifying the names of the attributes. This functionality is available only for the
Search operation in the request-response service.
Refined Search Capabilities

The adapter provides refined search capabilities in the request-response service
through the use of LDAP_SEARCH_BASE, LDAP_SEARCH_ONELEVEL and
LDAP_SEARCH_SUBTREE search options. LDAP_SEARCH_BASE helps you to search
for a particular entry, LDAP_SEARCH_ONELEVEL helps you to search one level
below the base, not including the base, and LDAP_SEARCH_SUBTREE lets you
search the entire subtree.
Support for Retrieval of the DN of Searched Entries

The adapter can retrieve the Distinguished Name (DN) of an entry retrieved
through search, in addition to the attributes of the entry. This functionality is
available for the Search operation in the request-response service.
Alias Dereferencing
In an LDAP directory, an alias entry is an entry that points to another entry.
Following an alias pointer is known as dereferencing an alias. In the LDAP
directory, you can set a leaf entry to point to another object in the namespace. This
alias entry, it contains the DN of the object to which it is pointing. When you look
up an object by using the alias, the alias is dereferenced so that what is returned is
the object pointed to by the alias's DN.
You can use aliases to organize the directory's namespace so that as the
namespace evolves, old names may be used. Suppose, for example, that in the
o=Wiz, c=us company, the departments ou=hardware and ou=software are
merged into ou=engineering. You can move the contents of ou=hardware and
ou=software to ou=engineering, and change the entries ou=hardware and
ou=software into alias entries that point to ou=engineering.
The adapter only supports alias dereferencing for the SEARCH operation.

8
Publication Service Filter

While configuring the LDAP Adapter instance, you can specify an additional
filter for the publication service. For example, telephoneNumber>1000 against
which the entries will be published.
Support for SEARCH Operation on Sub Class

The adapter can perform the SEARCH operation on a sub class. Selecting the
Handle Any Subset of Configured Object classes check box in the Schema
View tab enables the adapter to perform service specific operation on any subset
of the configured object class. For example, the adapter can then retrieve the
entries belonging to sub class c when a service is configured for an object class
a.b.c.d
So, if you configure a publication service for the object class inetorgperson and a
publication filter telephoneNumber>1000, then all entries that satisfy both these
criteria will be published by the adapter.
The filter should comply with the LDAP Search Filter Syntax described in the
LDAP specification.
Persistent Publisher
The adapter supports publication of the changes on an LDAP server even if the
adapter is not running when those changes are made on the server. This
functionality is available for all supported LDAP servers.
Server Synchronization
The adapter supports synchronization of changes between two supported LDAP
servers. This requires the Update Only If Different check box to be selected
for the subscriber service.
Referrals
The adapter supports referrals. A server that does not store the requested data can
refer the adapter to another server. Since a server might not store the entire DIT,
servers need to be linked together in some way to form a distributed directory
that contains the entire DIT. This is accomplished with referrals. The referral acts
like a pointer that can be followed to where the desired information is stored.

Adapter Features 9
|
Enhanced Logging Capability

If the adapter receives a message that causes an LDAP invocation error, then the
adapter traces the complete message on the console and also logs it to a file so that
you can manually recover and process these messages.
LDAP Schema Browser for Specifying Object Classes

In previous versions of the adapter, it was possible to specify the object classes
associated with a service using the DIT browser. This required a suitable sample
entry to exist in the DIT. This version of the adapter adds an LDAP schema
browser that allows you to browse and select from all the LDAP object classes
available in the server’s LDAP schema. When using the LDAP schema browser to
specify the object class, no sample entry is needed.

10
Adapter Services
The adapter provides the following services: Publication Service, Subscription

Service, and Request-Response Service.
Publication Service
The adapter gets a message from the LDAP server and sends the message to the
TIBCO environment.
For example, a new employee joins Company A. The administrator updates the
corporate LDAP server with the details of the new employee. The Publication
Service of the adapter receives this information from the LDAP server, assigns a
structure to it, and publishes it using TIBCO Rendezvous or JMS messaging for
other applications to pick up. All other applications that need to be aware of this
change are informed by the Publication Service via TIBCO Rendezvous or JMS
messaging.
Figure 2 Typical Publication Service Flow
TIBCO Environment
Message

Store
Publish an LDAP TIBCO Adapter

Business Event for LDAP
Subscription Service
The adapter gets a message from the TIBCO environment and sends the message
to the LDAP server.

Adapter Services 11
|
For example, Company A adds 50 computers to its existing infrastructure, as part

of its expansion program. This asset information needs to be reflected on the
corporate LDAP server. This information is published by the application using
TIBCO Rendezvous or JMS messaging, probably through an application adapter.
When the Subscription Service of the adapter receives this information from
TIBCO Rendezvous or JMS messaging, it uses the standard LDAP API to update
the LDAP server by adding the required entries.
Figure 3 Typical Subscription Service Flow
TIBCO Environment
Message

Store
Subscribe to an LDAP TIBCO Adapter

Business Event for LDAP
Request-Response Service
The adapter gets a request from the TIBCO environment and sends the request to
an LDAP server. When a response is returned to the adapter from the LDAP
server, the adapter sends the response to the TIBCO environment. The adapter
supports request-response scenarios with an RPC server.
For example, User A of an email client does not know the first name or email
address of the contact to whom a mail must be sent. Therefore, the user searches
for all names ending with Smith, using the Find Contact option on the email
client. The email client publishes this request using TIBCO Rendezvous or JMS
messaging, probably through an application adapter. When the
Request-Response Server Service of the adapter receives this query, it uses the
standard LDAP API to contact the LDAP server, and uses the Search operation to
find all names (or the specified number of names) ending with Smith. It then
returns the search results in its response to TIBCO Rendezvous or JMS messaging.

12
Figure 4 Typical Request-Response Service Flow
TIBCO Environment
Request Message
Response Message

Store
TIBCO Adapter
for LDAP

| 13
Chapter 2 Installation
This chapter explains how to install the adapter on Microsoft Windows and UNIX
systems.
This software may be available on multiple operating systems. However, not

all operating system platforms for a specific software version are released at the
same time. Please see Table 3 on page 25 and Table 4 on page 30 for the
availability of this software version on a specific operating system platform.
Topics
• Preparing your Environment for Installation, page 14

• Pre-Installation Worksheet, page 16
• Installer Overview, page 18
• Installation Registry, page 21
• Adapter Components and Compatible Software, page 23
• Installing on Microsoft Windows, page 25
• Installation on UNIX Systems, page 30
• Installation FAQs and Troubleshooting, page 34

14
| Chapter 2 Installation
Preparing your Environment for Installation
The most time-consuming part of an adapter installation is the collection of

environment information and parameters. This section helps you complete this
process. It provides a check list of parameters you should obtain from various
system administrators within your organization before installing the adapter.
Note that obtaining a <vendor application> account can take some time
depending on your corporate policies — so plan in advance!
Operating System Requirements

Obtain the following information from the administrator of the machine on which
you plan to install the adapter:
System name:
System IP address:
Username and password to access the system and run the adapter:
Username:
Password:
Do you have the required credentials to run the installer?

• On Microsoft Windows, administrator privileges are required to install.
• On UNIX systems, you can install as root or a regular user. See Installer
Account on page 31 for details.
• Note that the TIBCO Runtime Agent (TRA) must be installed prior to
installing the adapter and the adapter installation always places files under
the TIBCO root directory that was set when the TRA was installed.
Is there enough space on that disk or partition to install the adapter? The adapter
needs space in your temp area and the directory where it is installed.
• See Installation Registry on page 21 for details about temp folder space
requirements on Microsoft Windows and UNIX systems.
• See Table 3 on page 25 for Microsoft Windows installations
• See Table 4 on page 30 for Unix System installations.

Preparing your Environment for Installation 15
|
You must have write permissions to these directories to install the adapter. In
addition, on UNIX systems certain other permissions must be set to run the
adapter. See Permission Requirements on UNIX Systems on page 33 for details.
• To run the adapter you must have permissions to access the project where
adapter configuration is stored.
• Depending on whether TIBCO Administrator is used to set access
permissions, you may need an account identified by Administrator. See the
TIBCO Administrator User’s Guide for details.
Determine how the adapter installation files are to be transferred to this system.
The installation files can be downloaded from download.tiboc.com (if you have
an account setup to download). Do you plan to use FTP, NFS, HTTP, or install
from a CD?
LDAP Requirements
Determine which LDAP versions are supported.
• See Supported LDAP Servers on page 26 for Microsoft Windows.
• See Supported LDAP Servers on page 30 for UNIX systems.
Obtain the following information from your LDAP administrator. This is a list of
LDAP server parameters that you will need to configure the adapter, along with
the LDAP credentials that the adapter requires.
Note that the parameters listed here use LDAP terminology. This is the
information that you would typically be prompted for during a LDAP client
installation.
Test Connectivity
If you install the LDAP client, start it and ensure you can connect to the LDAP
server using the username and password that you were provided by your
administrator.
Use this form to capture the information you will need to collect before starting
installing the adapter

16
Pre-Installation Worksheet
Use this form to capture the information you will need to collect before starting
installing the adapter.
Adapter Machine Information
Field Name Field Description Field Value

Hostname Name of the machine on which the
adapter is being installed.
(Example:
adapter1.tibco.com)
IP address IP address of the machine on which

the adapter is being installed.
(Example: 192.168.12.12)
User account User account to be used for the

installation.
(Example: administrator)
User domain (if Microsoft Network domain to which the user

Windows) belongs.
(Example: ENGR2)
User password
Disk and path on which to

install adapter
(Example: /opt/tibco)
How will machine be [ ] directly [ ] terminal server [ ] xterm [ ] telnet

accessed
[ ] other: ………………………
How will installation files be [ ] CD-drive [ ] internet download [ ] FTP to machine

transferred to machine
[ ] network disk mounting

Pre-Installation Worksheet 17
|
LDAP Information
Field Name Field Description Field Value

User account User account to be used for the
installation.
(Example: jsmith)
User password
LDAP Server Type
LDAP Server Version
LDAP Server Name

(Example:
peopleserver1.tibco.com)
LDAP Port
LDAP SSL Port (if SSL is

used)
LDAP Server Certificate (if

SSL is used)
LDAP Server Certificate

Issuer (if SSL is used)
LDAP Software
Please specify where software for the LDAP server can be found within your
organization:
[ ] It's already installed on adapter machine.
Location on disk: ………………………….
[ ] Installation files are available via:
FTP (Server: ………… User: ………… Password: ……… )
Disk mount (full path: ………………………………………..)
CD provided during install by (name/extension): ………………………..

18
Installer Overview
The installer allows you to run in different modes. Each mode is supported on all
platforms.
• GUI mode
• Console mode
• Silent mode
GUI Mode
In GUI mode, the installer presents panels that allow you to make choices about
product selection, product location, and so on. When you invoke the installer by
double-clicking on the icon, GUI mode is used.
Console Mode
Console mode allows you to run the installer from the command prompt or
terminal window. This is useful if your machine does not have a Windows
environment.
Silent Mode
Silent mode either installs using default settings or uses a response file that was
saved during an earlier installation. Silent mode installs without prompting you
for information.
• If no response file has been recorded earlier and you invoke the installer with
the -silent argument, the default installation parameters are used.
• If a response file exists, and the installer is started with -options
<responseFileName> as an argument, the installer uses the values specified by the
user when the response file was generated.
Upgrading the Adapter

Software from TIBCO uses three numbers to indicate whether the release is major,
minor or a patch. For example, 5.0.0 indicates a major release, 5.1.0 indicates a
minor release and 5.1.1 indicates a patch release. The installer for a patch release
performs an automatic upgrade. For example, the installer automatically
upgrades TRA 5.0.0 to 5.0.1 by overwriting the contents of the 5.0 directory.

Installer Overview 19
|
For a major and minor release, the installer prompts whether you wish to
upgrade, and informs you if incompatible products are on your system. If you
proceed, major or minor releases are installed under a new directory that is
named using the major or minor release numbers.
For example, if you have installed the 5.0.0 release and are upgrading to a 5.1.0
minor release, it will be installed under the 5.1 directory. This allows both the 5.0
and 5.1 releases to coexist on the same machine.
If you are upgrading the adapter, or reinstalling a clean version of the software,
you may uninstall the product first or allow the installer to perform the upgrade
or reinstall.
Note that, if you are reinstalling over the same adapter version:
• You are not prompted to supply the installation location. The software is
automatically reinstalled where the previous version was installed.
• If any files are currently locked (that is, in use), the installer marks the file for
deletion in the install location. After installation, the installer prompts you to
reboot your system. You must reboot before using the software.
Uninstalling the Adapter

If another product is dependent on the product you wish to uninstall, you are
informed that you must uninstall the other product first
Microsoft Windows
Use one of the following options to uninstall the Adapter from the Microsoft
Windows platform:
• Click Start>Programs>TIBCO><Adapter>Uninstall
• Navigate to the _uninst directory located in the Adapter installation
directory and invoke the Tibuninstall.exe program.
• Click Start>Programs>TIBCO>TIBCO Installation Manager
• Use Add/Remove Programs from the Control Panel.
UNIX
Use one of the following options to uninstall the Adapter from the supported
UNIX platform:
• Navigate to the _uninst directory located in the Adapter installation
directoryand invoke the Tibuninstall.bin program.

20
• Run TIBCO Installation Manager which is located in the

<install-path>/tibco/TibcoInstallationManager.bin.

Installation Registry 21
|
Installation Registry
The installer maintains an installation registry. The registry location depends on

platform. This section explains where the registry files are located. The files have
vpd as a prefix, which stands for Vital Product Database. Note that the installer
does not recognize TIBCO ActiveEnterprise 4.x products.
Do not edit, modify, rename, move, or remove any of the registry vpd files.
Microsoft Windows Platforms

TIBCO ActiveEnterprise 5.x products maintain the installation registry in the
SystemDrive:\WINNT directory. The following files represent the installation
registry:
SystemDrive:\WINNT\vpd.properties
SystemDrive:\WINNT\vpd.properties.tibco.systemName
Installer Disk Space Requirements in Temporary Area

The entire package is extracted into a temp folder, typically SystemDrive:\Temp
or SystemDrive:\Documents and Settings\<user_name>\Local
Settings\Temp.
The installer requires 33 MB of free space in the temp directory.
UNIX Platforms
The installation registry is maintained in the following files in the user's home
directory:
User_Home_Directory/vpd.properties
User_Home_Directory/vpd.properties.tibco.systemName
If installation is performed by super-user (root), the installation registry is

maintained as follows:
• On Solaris and HP-UX, in the root user’s home directory (which is /) as two
vpd files.
• On Linux, in the /root directory as two vpd files.

22
Installer Disk Space Requirements in Temporary Area

The installer launcher first extracts a Java Virtual Machine (JVM) in a temporary
directory and uses this JVM to launch itself. The size of the extracted JVM differs
from platform to platform.
On UNIX platforms the following disk space is required in the temporary area:
• On Solaris, 50 MB of free disk space in /var/tmp
• On HP-UX, 85 MB of free disk space in /var/tmp
• On Linux, 50 MB of free disk space in /tmp
If your system does not have sufficient free disk space in the above temporary
area, you can still run the installer with a different temporary area by using the
following option when starting the installer:
<install_package_name>.bin -is:tempdir /new_tmp
where /new_tmp has sufficient free disk space.
Disk Space Requirement in User's Home Directory

On UNIX platforms when a regular (non-root) user installs a TIBCO 5.1 product,
the installation registry (two vpd files) is maintained in the user's home directory.
As more products are installed, entries are added into these vpd files.
The user's home directory must at least have 500 KB of free disk space.
Installation History
The installer and uninstaller creates a file called
TIBCOInstallationHistory.xml in the same location where the installation
registry is created. Each time an installation and uninstallation is performed,
entries are appended to the file.
On Microsoft Windows:
SystemDrive:\WINNT\TIBCOInstallationHistory.xml
On UNIX: Users_Home_Directory/TIBCOInstallationHistory.xml
The file TIBCOInstallationHistory.xml therefore contains the record of all
installation and uninstallation activities of all products, features and components.
Do not edit, modify, rename, move, or remove the

TIBCOInstallationHistory.xml file.

Adapter Components and Compatible Software 23
|
Adapter Components and Compatible Software
You can install different adapter components on different machines. For example,
you can run the run-time adapter on one machine and install the design-time
components on another machine. This allows you to configure an adapter on one
machine and run it on another.
Adapter Components
Table 1 describes the adapter components in the adapter installation package.
Table 1 TIBCO Adapter components
Component Purpose
Run-time adapter This process does the actual work of passing and converting data to and from
the vendor application. Parameters of data exchanges are stored in projects
created using the adapter palette.
Adapter palette Adapter-specific GUI that is loaded in TIBCO Designer (see next section for
details) at configuration time.
Required and Optional TIBCO Products

Depending on the tasks you wish to perform, you must install one or more other
TIBCO products. The following table describes required and optional products
and their purpose. To know the version number of these products, see the
adapter’s readme.txt.
Table 2 Required and Optional TIBCO Products
Component Purpose
TIBCO Runtime Agent Required. TIBCO Runtime Agent supplies a number of TIBCO and
third-party libraries used by the adapter and other TIBCO products both
at design time and run time. This includes, for example, TIBCO
Rendezvous and TIBCO Designer software.
You must install TIBCO Runtime Agent on each machine that hosts an
adapter. TIBCO Runtime Agent must be installed before you install the
adapter.

24
Table 2 Required and Optional TIBCO Products
Component Purpose
TIBCO Administrator Required. Required. TIBCO Administrator includes the following
modules:
• User Management. Management of authentication, roles and users,
that is, connecting roles (groups) and users to access control lists
(ACLs). This includes security for server-based projects at
design-time and for deployed applications at runtime.
• Resource Management. Monitoring of machines and of all running
applications in a TIBCO administration domain. Alerts can be
created, for example, to notify an administrator if the number of
processes or disk usage exceed a certain number.
• Application Management. Uploading of Enterprise Archive (EAR)
files, creation, configuration, deployment, and monitoring of
applications. This console is also used to start and stop applications.
TIBCO Administrator is available as a separate installation and can be
installed after installing the adapter separate installation and can be
installed after installing the adapter.
TIBCO BusinessWorks Optional. TIBCO BusinessWorks is a scalable, extensible, and easy-to-use

integration platform that allows you to develop integration projects.
TIBCO Adapters are typically part of integration projects created using
TIBCO BusinessWorks.
TIBCO BusinessWorks is available as a separate installation and can be
installed after installing the adapter.
TIBCO Enterprise Optional. TIBCO Enterprise Message Service allows you to use the Java
Message Service Messaging Services (JMS) as the messaging transport for your adapter.
TIBCO Enterprise Message Service is available as a separate installation
and can be installed after the adapter is installed.

Installing on Microsoft Windows 25
|
Installing on Microsoft Windows
Before starting the installation procedure, review the topics in this section to
determine that your system meets the basic requirements and that you have the
prerequisite software installed.
The following is a list of prerequisites for installing the adapter on Microsoft
Windows systems. See Installer Disk Space Requirements in Temporary Area on
page 21 for additional disk space requirements.
The following table also lists the platform-specific installation packages, where
<version_num> is the Adapter release number. For example, the installation
package name for TIBCO Adapter for LDAP 5.4.0on the Microsoft Windows 2000
platform is TIB_adldap-simple_<version_num>_w32.exe.
Table 3 Supported platforms, package names, service packs and disk space for Microsoft
Windows
Disk
Spac
Platform Package Names Hardware
e
(MB)
Microsoft x86 30
Windows 2000
Microsoft
Windows XP TIB_adldap-simple_<version_num
Professional >_w32.exe
Microsoft
Windows
Server 2003

26
Supported LDAP Servers

Before proceeding to adapter installation, ensure you can connect to the target
application using the vendor client. The adapter works with the following LDAP
directory servers:
— IBM Directory Server 5.2
— Microsoft Active Directory 2000
— Microsoft Active Directory 2003
— Microsoft Active Directory Application Mode Retail version
— Novell eDirectory Server 8.6.2
— Novell eDirectory Server 8.7
— Novell eDirectory Server 8.8
— OpenLDAP Server 2.2.26
— Oracle Internet Directory 9.2.0.1.0
— Oracle Internet Directory 10.1.2.0.2
— Oracle Virtual Directory 3.0.3
— Sun ONE Directory Server 5.1
— Sun ONE Directory Server 5.2
The Sun ONE Directory Server was formerly called iPlanet.
TIBCO Runtime Agent Must be Installed Before the Adapter

Before you can install the adapter, you must install the TRA. If you use the Typical
installation, the installer places all libraries and other products required by the
adapter into the TIBCO HOME directory.
During installation, the adapter installer checks for the availability of all
dependent products in the target system. If any of the dependencies are not
available, the installer will immediately exit. Otherwise installation will proceed.
Installer Account
You must have administrator privileges for the machine on which the adapter is
installed.

|
If you do not have administrator privileges, the installer will exit. You must then
log out of the system and log in as a user with the required privileges, or request
your system administrator to assign the privileges to your account.
Installing from Network Drive

If you intend to install the product on a network drive, you must ensure that the
account used for installation has permission to access the network drive.
Installing on Microsoft Windows 2000 and 2003 Terminal Server

There are two modes in Microsoft Windows Terminal Server: Execute and Install.
Users are logged on by default in the Execute mode, which allows them to run
applications. To install an adapter so that everyone can use it, log on as
administrator in the Install mode. When the adapter is installed in the Install
mode, the installation registry is maintained in SystemDrive:\WINNT\.
Microsoft Windows Terminal Server must be running in the remote admin mode,
not application sharing mode. The adapter is not supported if installed on a
machine that is using Microsoft Windows Terminal Server in the application
sharing mode.
The best way to install the adapter on Microsoft Windows Terminal Server is to
use the Add/Remove Programs control panel applet. This automatically sets your
mode to Install during the installation and then back to Execute afterwards.
Alternatively, you can manually change your mode to Install before starting the
installation by typing the following at a command prompt:
C:\> change user /install
Change back to Execute mode after installation is complete by typing:

C:\> change user /execute
To check your current mode, type the following:

C:\> change user /query
Installing the Adapter on Microsoft Windows

You can either download the adapter package or install the package from a CD.
The installer prompts you to accept the license agreement, then to choose to
perform a typical install or custom install.
• A typical install has minimal prompts and installs standard components in
default locations.

28
• A custom install prompts you to choose which components of the product

suite to install and installs only those components.
The installer checks your system for the installation home directory that was
established when TIBCO Runtime Agent was installed. The adapter is installed
under the installation home directory.
Use one of the following modes to install the software.
Install Using GUI Mode

GUI Mode allows you input values in panels. Type the following at the command
prompt:
TIB_adldap-simple_<version_num>_w32.exe
Install Using Console Mode

Console mode allows you to install the software in a non Windows environment.
The installer will prompt you for values. Type the following at the command
prompt:
TIB_adldap-simple_<version_num>_w32.exe -is:javaconsole -console
When running in console mode you can move through the installation process as
described next:
Enter Key = Moves forward in the installer
2 = Goes back to previous screen
3 = Cancels the Wizard and exits the installation or uninstallation
4 = Redisplays the current screen
Install Using Silent Mode

Silent mode allows you to install the software without prompts as it uses the
default configuration. Type the following at the command prompt:
TIB_adldap-simple_<version_num>_w32.exe -silent
Install and Generate a Response File

You can generate a response file during installation which you can later use to
invoke the installer with the selected values as default values (GUI mode) or as
selected values (silent mode).
To install and generate a response file, type the following at the command
prompt:

|
TIB_adldap-simple_<version_num>_w32.exe -options-record
C:\directory\<responseFile>
The response file does not record selections at the component level. It does record
all other selections, for example, which products you wished to install.
Install Using a Response File

You can use a previously generated response file for installation. For non-silent
modes, the response file determine the defaults that are presented. For silent
mode, the response file determines what will be installed.
To install using a response file, type the following at the command prompt:
TIB_adldap-simple_<version_num>_w32.exe -options
C:\directory\<responseFileName>
Combining Options
You can combine the different available options. For example, to install in silent
mode using a response file, use:
TIB_adldap-simple_<version_num>_w32.exe -silent -options
<responseFileName>
To install using Console mode and generate a response file, use:

TIB_adldap-simple_<version_num>_w32.exe -is:javaconsole -console
-options-record <responseFileName>

30
Installation on UNIX Systems
Your operating system must meet the minimum patch requirements listed next.
See Installer Disk Space Requirements in Temporary Area on page 22 for
additional disk space requirements.
Table 4 Supported platforms, hardware, package names, patches and disk space for UNIX
systems
Disk
Platform Hardware Package Names Space
(MB)
Solaris 8 SPARC TIB_adldap-simple_<versi 35
on_num>_s4_58.bin
Solaris 9 36
Solaris 10
HP-UX 11.0 HPPA TIB_adldap-simple_<versi 38

on_num>_h7_110.bin
HP-UX 11i TIB_adldap-simple_<versi

on_num>_h7_110.bin
HP-UX 11i IA64 Itanium TIB_adldap-simple_<versi 51

on_num>_5.2.1_h7_ia64.b
V2
Red Hat x86 TIB_adldap-simple_<versi 33

on_num>_lnx86_24_323.bin
Linux 3.0
Red Hat TIB_adldap-simple_<version 35S

Linux 4.0 _num>_linux24gl23_x86.bin
SUSE Linux x86

Enterprise
Server 9
AIX 5.2 POWER TIB_adldap-simple_<versi 35

on_num>_rs_51.bin
AIX 5.3 POWER 41
Supported LDAP Servers

The adapter supports many LDAP servers. Click , Supported LDAP Servers, on
page 26 to view the list of LDAP servers the adapter supports.

Installation on UNIX Systems 31
|
The adapter can be used with the Active Directory and ADAM directory servers
only on windows platform. However if you use it on any other platform, the
adapter displays the status message, AELDAP-00017. For more information about
the message, see , Status Messages, on page 216.
TIBCO Runtime Agent Must be Installed Before the Adapter

Before you can install the adapter, you must install the TRA. If you use the Typical
installation, the installer places all libraries and other products required by the
adapter into the TIBCO HOME directory.
Installer Account
TIBCO 5.x products can be installed by a regular (non-root) user and super-user
(root). Different users can install the same product at different locations.
Product dependencies at install time are resolved at user level through the
installation registry maintained at user's home directory. See Installation Registry
on page 21 for more information.
Windows Environment
A window environment such as CDE (i.e. X Windows) is required to run the
installer in GUI mode. It is not required for a console installation.
Installing the Adapter on UNIX

After unpacking the software and accepting the license agreement, you can
choose to perform a typical install or custom install.
• A typical install has minimal prompts and installs standard components in
default locations.
• A custom install prompts you to choose which pieces of the product suite to
install and installs only those components.
The installer checks your system for the installation home directory that was
established when TIBCO Runtime Agent was installed. The adapter is installed
under the installation home directory.
Use one of the following modes to install the software. The examples assume you
are installing the adapter on Solaris 8.

32
Install Using GUI Mode

GUI Mode allows you input values in panels. Type the following in a terminal
window:
% ./TIB_adldap-simple_<version_num>_s4_58.bin
Install Using Console Mode

Console mode allows you to install the software in a non Windows environment.
The installer will prompt you for values. Type the following in a terminal
window:
% ./TIB_adldap-simple_<version_num>_s4_58.bin -is:javaconsole
-console
When running in console mode you can move through the installation process as
described next:
Enter Key = Moves forward in the installer
2 = Goes back to previous screen
3 = Cancels the Wizard and exits the installation or uninstallation
4 = Redisplays the current screen
Install Using Silent Mode with Default Values

Silent mode allows you to install the software without prompts using default
values. Type the following in a terminal window:
% ./TIB_adldap-simple_<version_num>_s4_58.bin -silent
Install and Generate a Response File

You can generate a response file during installation which you can later use to
invoke the installer with the selected values as default values (GUI mode) or as
selected values (silent mode).
To install and generate a response file, type the following at the command
prompt:
% ./TIB_adldap-simple_<version_num>_s4_58.bin -options-record
/dir/<responseFile>
The response file does not record selections at the component level It does record
all other selections, for example, which products you wished to install.

Installation on UNIX Systems 33
|
Install Using a Response File

You can use a previously generated response file for installation. For non-silent
modes, the response file determine the defaults that are presented. For silent
mode, the response file determines what will be installed.
To install using a response file, type the following at the command prompt:
% ./TIB_adldap-simple_<version_num>_s4_58.bin -options
/dir/<responseFileName>
Combining Options
You can combine the different available options. For example, to install in silent
mode using a response file, use:
% ./TIB_adldap-simple_<version_num>_s4_58.bin -silent -options
<responseFileName>
To install using Console mode and generate a response file, use:

% ./TIB_adldap-simple_<version_num>_s4_58.bin -is:javaconsole
-console -options-record <responseFileName>
Post Installation
Permission Requirements on UNIX Systems

All adapter users must have read, write, and execute permissions for the
following directories:
$TIBCO_HOME/adapter/adldap/<version_num>/bin
$TIBCO_HOME/adapter/adldap/<version_num>/logs
$TIBCO_HOME/tra/<version_num>/logs
$TIBCO_HOME/logs
For example, if the adapter has been installed in /opt/tibco, the user who
installed the adapter can make these directories writable for all other users by
executing the following commands:
% chmod a+w /opt/tibco/adapter/adldap/5.4/bin/
% chmod a+w /opt/tibco/adapter/adldap/5.4/bin/logs
% chmod a+w /opt/tibco/tra/5.4/logs

34
Installation FAQs and Troubleshooting
This section lists some common errors along with their causes and solutions.
Frequently Asked Questions
Where is the installation log file located?

Install and uninstall log files are created in the TIBCO_HOME\log directory.
What should I do, if JVM crashes when I run the installer?

The installer first extracts the bundled JVM into a temporary area and then uses it
to launch itself. If for some reason, the JVM crashes, you could still run the
installer using another JVM, preferably JVM 1.3.1 or higher. The examples assume
you are installing the adapter on Solaris 8. The syntax is:
TIB_adldap-simple_<version_num>_w32.exe -is:javahome C:\j2sdk1.4.0
TIB_adldap-simple_<version_num>_s4_58.bin -is:javahome /opt/jre142
The javahome directory must contain bin/java.exe or bin/java.

The installer will use the externally supplied JRE to launch itself.
Will 5.1 installer recognize a 3.x or 4.x installation?

TIBCO products follow a three digit release numbering scheme:
Major.Minor.Maintenance
Product releases that differ in either Major or Minor numbers will be a separate
installation, and will not recognize the old installation. In this case, 5.0 is a major
release and hence will not recognize either 3.x or 4.x product installations.
Why and how should I set the DISPLAY variable on UNIX platforms for GUI
mode?
The installer on UNIX, must open an additional window, generally for graphics. It
uses the DISPLAY environment variable to tell it on what computer to open the
window. If the environment variable is not set, the installer will either wait or
abort after displaying:
InstallShield Wizard
Initializing InstallShield Wizard...
Preparing Java(tm) Virtual Machine...
...................................

Installation FAQs and Troubleshooting 35
|
...................................
........
The DISPLAY variable must be set to the IP address or name of the computer (on
which the installer graphics window are to be displayed), followed by a screen
address, which can be :0.0. For example:
# Bourne shell
DISPLAY=<ip_address>:0.0; export DISPLAY
# Korn shell
export DISPLAY=<ip_address>:0.0
# C-shell
setenv DISPLAY <ip_address>:0.0
For example, consider a scenario where you need to install the adapter on a
remote HPUX machine (named itaska). Because you have a Solaris 5.6 machine
(named alaska) that has a video card and monitor installed, you can run an
X-window application on it. So you decide to telnet to itaska from alaska.
When you telnet to itaska, you will not get access to itaska's monitor and will
be unable to display an X-window application. That is why you must set the
DISPLAY variable, which instructs the X-server to redirect all Windows to the
computer set in the variable. Before doing so, the computer (specified in the
DISPLAY variable) must give permissions to share its monitor.
alaska> xhost + # give permission for all to its share monitor

alaska> telnet itaska
Welcome to HPUX itaska 11.00
User:
Password:
itaska> export DISPLAY=alaska:0.0 # set display on alaska
itaska> TIB_adldap-simple_<version_num>_odbc_h7_110.bin
What is uninst2 directory?

If the original uninstall directory is in use at uninstall time, it cannot be removed
by the installer program. The installer then creates a second uninstall directory for
the second installation. To remove the second installation, you must invoke the
uninstall program from the second uninstall directory. The original uninstall
directory can also be manually removed, if empty.
Running Out of Disk Space

The installer calculates the disk space required in product home location, for the
selected components. The calculation is done before the actual installation
(copying of files to system) begins. The installer will proceed only if sufficient free
disk space is available in product home location.

36
However, if disk space is consumed by another process while the installer is

copying the files, and if the required disk space is thereby reduced, the installer
may fail and will then give a failure message.
Solution
While performing installation, avoid running other processes that consume disk
space in product home location.
Installation Errors on HPUX 11.00 64 bit Platform
Error message
Installation on a HPUX 11.00 64 bit system may crash with the following error
message:
Pid nnn killed due to trashed stack.
Pid nnn was killed due to failure in writing the signal context.
This happens only on HPUX 11.00 64 bit systems. It does not happen on HPUX
11.00 32 bit system and HPUX 11.11 (or 11.i) system.
To determine the OS version on your system, run:
uname -a
To determine the kernel bits on your system, run:

getconf KERNEL_BITS
Resolution
HPUX kernel patch PHKL_27282, resolves the above crash.
To determine if your system has the kernel patch, run:
/usr/sbin/swlist -l product PHKL_27282
or
what /stand/vmunix | grep PHKL_27282
If your system is an HPUX 11.00 64 bit system and it does not have the patch, first
install HPUX kernel patch PHKL_27282 and then proceed with the installation.
Installation of patch PHKL_27282, will reboot your system.

Installation FAQs and Troubleshooting 37
|
Configuring TIBCO Hawk
Error
TIBCO Runtime Agent includes the TIBCO Hawk Agent only. If you install the
full TIBCO Hawk package after installing TIBCO Runtime Agent and do not have
a Java Runtime Environment (other then the TIBCO JRE) installed, the TIBCO
Hawk Configuration tool is unable to determine the Java home location and the
JVM executable. The TIBCO Hawk services will not start correctly and you will be
unable to start the TIBCO Hawk Display.
Resolution
1. Start the TIBCO Hawk Configuration tool. For example, on Microsoft
Windows:
Start > TIBCO > TIBCO Hawk > Hawk Configuration
2. Under the General tab, click Advanced.
3. In the Java Home Directory field, provide the path to Java. For example:
C:\tibco\jre\1.4.2
4. In the JVM Executable field, provide the JVM executable. For example:
java.exe
The services will start properly and the TIBCO Hawk Display will run.
Cannot Install the Adapter

On HP-UX and AIX platforms, even though the correct version of TIBCO
Runtime Agent version is already installed on the system, installation of an
adapter that depends on TIBCO Runtime Agent may fail in the dependency
resolution.
The TIBCO product installer maintains the registry information in the
vpd.properties.tibco.systemName file. The value for systemName is determined
by InetAddress.getLocalHost().getHostName(). However, the method
getHostName(), returns different values based on the JRE versions used. For
example, on AIX, JRE 1.3.1 returns only systemName, whereas JRE 1.4.0 returns
systemName.domainName. Because of this, the installer is not able to load the correct
registry file.

38
Resolution
On Unix platforms, the installer registry file vpd.properties.tibco.systemName
is located in the user's home directory.
Case 1: If the vpd.properties.tibco.systemName file exists:
$ cd user's_home_directory
$ ln -s vpd.properties.tibco.systemName
vpd.properties.tibco.systemName.domainName
For example:
$ cd ~
$ ln -s vpd.properties.tibco.upside
vpd.properties.tibco.upside.tibco.com
where upside is systemName, and tibco.com is domainName

Case 2: If the vpd.properties.tibco.systemName.domainName file exists:
$ cd user's_home_directory
$ ln -s vpd.properties.tibco.systemName.domainName
vpd.properties.tibco.systemName
For example:
$ cd ~
$ ln -s vpd.properties.tibco.upside.tibco.com
vpd.properties.tibco.upside
where upside is systemName, and tibco.com is domainName.

| 39
Chapter 3 Preparing LDAP Server Interfaces
This chapter explains how to configure the LDAP server to interoperate with the
adapter.
Topics
• Overview, page 40
• Preparing the LDAP Server for Use with the Adapter, page 41

40
| Chapter 3 Preparing LDAP Server Interfaces
Overview
Before configuring the adapter, you must prepare the LDAP Server applications’
interfaces so that the adapter can interoperate with it.

Preparing the LDAP Server for Use with the Adapter 41
|
Preparing the LDAP Server for Use with the Adapter
Configuring the LDAP Server involves the following tasks:

1. Enabling SSL on the LDAP Servers
2. Setting Search Size Limit on the LDAP Server
Enabling SSL on the LDAP Servers

SSL (Secure Sockets Layer) is a network protocol that allows authentication and
encryption of data. SSL provides a secure connection between a client and a
server.
Based on the SSL configurations of the client and the server, various levels of
privacy are established. Understanding the basic operation of SSL will help you to
correctly configure the required level of privacy for the client as well as the
application data.
SSL supports, but does not require, server authentication (the client authenticates
the server), client authentication (the server authenticates the client), and mutual
authentication. SSL uses public key cryptography. One, or both the
communicating applications has a public-private key pair; these keys are
symmetric; data encrypted with the public key can be decrypted with the private
key, and vice versa. To use SSL on all supported directory servers, the server's key
pair must be pre generated and configured in the server.
Visit the following link to enable SSL on the LDAP server:
For Microsoft Active Directory,
http://support.microsoft.com/default.aspx?scid=kb;en-us;247078#1
For Sun ONE Directory Server 5.1,
http://docs.sun.com/source/816-5606-10/ssl.htm#996824
Setting Search Size Limit on the LDAP Server

You may come across the following exceptions:
• The size of the result exceeds server-specific limit.
• The number of descendants for this node are more than the requested number.
Additionally, if you are using the Sun ONE Directory Server, you may come
across the exception The adminstrative limit on the maximum number of
entries to return was exceeded.

42
| Chapter 3 Preparing LDAP Server Interfaces
To proceed, you will need to log on to the server and change the value for the
search size limit:
• For the Sun ONE Directory Server, click the Configuration tab. Select
Database Settings and click the LDBM Plugin Settings tab. Change the
value of the Look-through limit entry. While you are in the Configuration
tab, select the root of the tree, and click the Performance tab. Change the
value for the Size Limit entry too.
For details, see the documentation shipped with the server you are using.

| 43
Chapter 4 Getting Started
This chapter presents examples that demonstrate key adapter features. Work
through these examples to get a hands-on understanding of how the adapter
works.
Topics
• Prerequisites, page 44
• Setting LDAP Connection Parameters, page 45
• Create the Project, page 47
• Configure the Adapter, page 49
• Configure the Publication Service, page 52
• Configure the Subscription Service, page 54
• Configure the Request-Response Service, page 56
• Convert the Project to a Repository File, page 58
• Configuring the Project Using TIBCO IntegrationManager, page 59
• Deploy the Project and Start the Adapter, page 80
• Configuring the Exercises Using TIBCO IntegrationManager, page 81

44
| Chapter 4 Getting Started
Prerequisites
Before starting the configuration exercise, make sure that all required software
has been installed and is operating correctly. For a list of required software, see
the installation instructions in Chapter 2, Installation, on page 13.
You should know how to drag and drop icons in TIBCO Designer and be familiar
with saving projects. If you are not familiar with these topics, refer to the TIBCO
Designer User’s Guide, which is available by clicking Help>Designer Help in
TIBCO Designer.
Scenario Overview
The exercises in this chapter are designed to help you become familiar with basic
adapter configuration. You can also view the activity on the adapter console when
you perform LDAP operations supported by the services, using TIBCO
IntegrationManager.
Running through these exercises will familiarize you with the different LDAP
operations that a service supports. You will also learn how to integrate the
adapter with other TIBCO products like TIBCO IntegrationManager.
Connections to LDAP
Make sure that the adapter is connected to the LDAP Server. See Chapter 3,
Preparing LDAP Server Interfaces, on page 39 for details.
Permissions to Access Repository Server

If your site is using TIBCO Administrator to set access control to the repository
server, you must have the account name and password that is used by the adapter
to log onto the server.
Other Examples
A set of examples are included online. TIBCO IntegrationManager examples are
available in the examples\IM directory and TIBCO BusinessWorks examples are
available in the examples\BW directory. The ActiveDirectory folder includes
examples for the Active Directory Server. The eDirectory folder includes
examples for the eDirectory Server. The SunOneDirectory folder includes
examples for the Sun One Server. For more information, see the TIBCO Adapter for
LDAP Examples Guide.

Setting LDAP Connection Parameters 45
|
Setting LDAP Connection Parameters
Before starting the configuration exercise, you must modify the

SunOneDirectory-run.bat (on Microsoft Windows platforms) or the
SunOneDirectory-run.sh file (on Unix platforms) with information about your
LDAP server connection. The SunOneDirectory-run.bat and
SunOneDirectory-run.sh files are available in the
<ADLDAP_HOME>\examples\IM\SunOneDirectory folder. Make sure you enter
the values accurately as described below.
Open the SunOneDirectory-run.bat or SunOneDirectory-run.sh in any editor
of your choice and modify the following properties:
set LDAP_SERVER_MACHINE_NAME=<Machine-Name>
set LDAP_SERVER_PORT_NO=<Port-No>
set LDAP_SERVER_USERNAME=<Username>
set LDAP_SERVER_PASSWORD=<Password>
set LDAP_SERVER_BASE_DN=<Base-Dn>
where:
Parameter Description
<Machine-Name> Server name or the IP Address of the machine on which the
LDAP server is installed. For example, 192.168.2.27.
<Port-No> Port on which the LDAP server is installed. For example,

389.
<Username> User name that will be used to connect to the LDAP server.
Use quotation marks around the name. For example,
"cn=Directory Manager".
<Password> Password for establishing the LDAP server connection. For

example, admin123.

46
Parameter Description
<Base DN> DN from the Directory Information Tree on your LDAP
server under which sample data will be created to run the
example. For example,
"o=TestExample,o=BenchMark,dc=us.tibco.com"
The selected base DN should not have any child entries.

The sample entries that will be created will be of type
organization and below that, of type
organizationalUnit. This implies that for eDirectory, the
Base DN should be an entry of type Locality or Country
and for Active Directory, the object class of the Base DN
should be in the list of possible superiors for the type
organization.
The SunOneDirectory-run.bat and SunOneDirectory-run.sh files contain

actual data that you must replace with details of the server you are using.

Create the Project 47
|
Create the Project
The TIBCO Designer GUI is used to configure adapter instances. When starting
TIBCO Designer, you must create or select a project. A project contains the
configuration files that define options used by a run-time adapter. After a project
is configured, it is converted to a repository file and available for use by the
run-time adapter.
Make sure that you are using JRE 1.4.2 to run this example.
To create a project:
1. Run the modified SunOneDirectory-run.bat or SunOneDirectory-run.sh
file to create entries on the LDAP server.
2. Start TIBCO Designer by executing the following command, depending on
your operating system.
On Microsoft Windows, select: Start > Programs > TIBCO > TIBCO Designer
5.2 > Designer 5.2
On UNIX, from a command window change directory to the
<install-path>/tibco/designer/5.2/bin directory and type ./designer
3. In the TIBCO Designer dialog, click New empty project.
4. In the Save Project dialog, select Multi-File Project (if it is not selected) and
click the Browse button for the Root Directory field. Navigate to the
C:\tibco\adapter\adldap\<version_num>\examples folder and click the

48
Create New Folder icon. Name the new directory LDAPConfig and click
OK.
5. In the Save Project dialog, click OK. The project will be saved in the
LDAPConfig directory.
The next diagram shows the TIBCO Designer GUI with the LDAPConfig project
defined.
Project panel Design panel
Configuration
panel
Palette panel

Configure the Adapter 49
|
Configure the Adapter
An adapter instance can contain publication services, subscription services, or

request-response services. Options for logging, design-time connection, startup,
and monitoring are set on the adapter instance. In this exercise, default values are
used for all these options except design-time connection configuration.
To configure the adapter instance:
1. Drag the LDAP Adapter Configuration icon from the palette panel to the
design panel. This creates an adapter named by default,
LDAPAdapterConfiguration. The name can be changed, but in this exercise,
names assigned by TIBCO Designer will be used.
2. Click the Design-time Connection tab to specify the LDAP Server access
details and select the Sun ONE Directory Server in the Server Type
drop-down.
The values specified in the Design-time Connection tab must be the same as the
values specified in the SunOneDirectory-run.bat or SunOneDirectory-run.sh
file.

50
a. Specify the machine name in the Server Name field.

b. Specify the port number in the LDAP Port field.
c. Specify the user name in the User DN field. TIBCO Designer uses this user
name to access the Sun ONE Directory Server.
d. Specify the password in the Password field. TIBCO Designer uses this
password to access the Sun ONE Directory Server.
e. Click Test Connection to verify that the values you entered are correct for
your setup.
3. Click the Logging tab to identify the file log options.

In the next diagram, Information, Warning and Error messages are specified
to be logged to the log file and standard input. The Log File field lists the
global variables that are used to define the log file path and name. The
DirTrace and Deployment variables are set using global variables. You can
click the Global Variable tab to display the variables in the project panel.
The default settings will be used in this example. The InstanceId variable

Configure the Adapter 51
|
need not be set. The variable automatically substitutes the adapter name at
run-time.
4. Select Project > Save to save the project information.

52
Configure the Publication Service
This section explains how to configure an adapter with a publication service that
publishes a message from the specified LDAP Directory. The steps are:
• Configure the Publication Service
• Configure the Transport Information
• Configure the Schema Definitions
Task A Configure the Publication Service

1. In the project panel, expand the LDAP Adapter Configuration node, then
highlight the Adapter Services folder to access the LDAP Publication
Service icon.
2. Drag the LDAP Publication Service icon from the palette panel to the
design panel.
3. In the Configuration tab, specify the Service Name that this service should
use, and select JMS in the Transport drop-down.
Task B Configure the Transport Information

1. Click the Transport tab and enter ldapexample.pub in the Destination
field.
2. Select Topic in the Connection Factory Type drop-down. Click Apply.
Task C Configure the Schema Definitions

1. Click the Schema View tab and in the Base DN field click Browse DIT.

Configure the Publication Service 53
|
2. Navigate to o=MyOrg1, c=I0, dc=MyDomain, dc=portal, dc=com,

LDAP_SERVER_BASE_DN in the Select Base DN dialog box. Note that the DN
value is the same value specified for the LDAP_SERVER_BASE_DN parameter
defined in the SunOneDirectory-run.bat or SunOneDirectory-run.sh
file.
3. Specify 100 in the Maximum Number Of Entries field.
4. Click OK.
5. Click Browse DIT in the Sample Entry for Schema field.
6. Navigate to ou=MyOrgOu0, o=MyOrg1, c=I0,
dc=MyDomain,dc=portal,dc=com in the Select Sample Entry for Schema
dialog box.
7. Click OK.
8. Click Apply in the Schema View tab.

54
Configure the Subscription Service
This section explains how to configure an adapter with a subscription service that
subscribes to a message from the JMS Transport. You must use the project created
in the previous exercise. The steps in this exercise are:
• Configure the Subscription Service
Task A Configure the Subscription Service

highlight the Adapter Services folder to access the LDAP Subscription
Service icon.
2. Drag the LDAP Subscription Service icon from the palette panel to the
design panel.

1. Click the Transport tab and enter ldapexample.sub in the Destination
field.

Configure the Subscription Service 55
|

2. Navigate to o=MyOrg0,c=I0,dc=MyDomain,dc=portal,dc=com,
defined in the SunOneDirectory-run.bat or SunOneDirectory-run.sh file.
4. Click OK.
dialog box.
7. Click OK.

56
Configure the Request-Response Service
This section explains how to configure a request-response service to receive a

request, execute the search criteria and publish the search results on JMS
transport. You must use the project created in the previous exercise. The steps in
this exercise are:
• Configure the Request-Response Service
Task A Configure the Request-Response Service

highlight the Adapter Services folder to access the
LDAP Request-Response Service icon.
2. Drag the LDAP Request-Response Service icon from the palette panel to the
design panel.

1. Click the Transport tab and enter ldapexample.rpc in the Destination
field.

Configure the Request-Response Service 57
|

2. Navigate to o=MyOrg0,c=I0,dc=MyDomain,dc=portal,dc=com,
defined in the SunOneDirectory-run.bat or SunOneDirectory-run.sh file.
4. Click OK.
dialog box.
7. Click OK.

58
Convert the Project to a Repository File
The project must be exported to the DAT (repository) format for use by the
adapter.
To export the project to a local repository:
1. Select Project >Export Full Project.
2. In the Export Project dialog box, specify the project name and the directory to
save to. Click OK.
It is recommended that you save the project as example.dat, as the exercises in

this chapter use example.dat as the project name.

Configuring the Project Using TIBCO IntegrationManager 59
|
Configuring the Project Using TIBCO IntegrationManager
This section helps you configure the project files using TIBCO
IntegrationManager. You must have TIBCO IntegrationManager installed.
Additionally, you must complete this task before you run the exercises.
Configure the Publication Service

To configure the publication service:
1. Save the configured example.dat as impubexample.dat.
2. Open the impubexample.dat in the TIBCO IntegrationManager Editor.
3. Create a new Shared Parameter, for example, JMSShared.
4. Enter tcp://localhost:7222 in the JNDI/JMS URL field.
5. Enter com.tibco.tibjms.naming.TibjmsInitialContextFactory in the
JNDI Context Class field.
6. Enter TopicConnectionFactory in the JMS Connection Factory field.
7. Click OK.
8. Create a new Channel, for example, PubChannel.
9. Select JMS from the Transport drop-down.

60
10. Select 5.3 from the AE Version drop-down.

11. Choose the wire schema that you had configured earlier in the Class field. It
will be adapter/ldap/<server name>/<machine name>/organizationalUnit.
12. Enter the publication service subject as ldapexample.pub. This is the subject
the LDAPPublicationService is listening on.
13. Choose JMSShared in the Shared Parameters field.
14. Click OK.

15. Create a new job creator, PubJob.
16. Select JMS from the Transport Type drop-down.
17. Choose the channel PubChannel.
18. Create a new process, PubProcess.
19. Create a new job slot, PubMesg. A dialog box displays.

|
20. Select Predefined from the Channel (Source) drop-down and decoded ae
message from the adjacent drop-down.
If decoded ae message is not available, choose message instead and then run the
TIBCO IntegrationManager transforms. Stop TIBCO IntegrationManager and
return to this configuration step. The decoded ae message option will display.
Select it.
21. Click OK.

22. Double-click PubProcess and drag a Start Task, End Task, and an Execute
Script Task.
23. In the Execute Script Task write the following line:

writeln("The Publication Service message received
:"+job.get("PubMesg"));
Connect the tasks in the following sequence by the Trigger Task as

mentioned below:

62
'start task' ===> 'Execute Script task' ===> 'end task'
24. Click OK and save impubexample.dat.

To start the adapter and to run the process follow the steps explained in the
section Deploy the Project and Start the Adapter on page 80 and Configuring the
Exercises Using TIBCO IntegrationManager, page 81.
Configure the Subscription Service

To configure the subscription service:
1. Save the configured example.dat as imsubexample.dat.
2. Open imsubexample.dat in the TIBCO IntegrationManager Editor.

|
7. Click OK.
8. Create a new Channel, SubChannel.
9. Select JMS in the Transport drop-down.
10. Select 5.3 from the AE Version drop-down.
11. Choose the wire schema that you had configured earlier in the Class field. It
will be adapter/ldap/<server name>/<machine name>/organizationalUnit.
12. Enter the subscription service subject as ldapexample.sub. This is the subject
the LDAPSubscriptionService is listening on.

64
13. Choose JMSShared in the Shared Paramters field.
14. Click OK.

15. Create a new process, SubProcess.

|
16. Double-click SubProcess and drag a Start Task, End Task, Mapper Task,
and Signal Out Task.
17. Double-click Mapper Task and then choose the schema as mentioned above
in step 11 in the Mapper output.
Depending on the operation, the values you must enter are given below:

66
For the INSERT operation:

— OpCode = LDAP_ADD
— DN = ou=newunit,<DN as configured for the service>
— attribute ou=newunit
— objectclass attribute = organizationalUnit
For the DELETE operation:

— OpCode = LDAP_DELETE
— DN = ou=existingunit,<DN as configured for the service>
For the UPDATE operation:

— OpCode value = LDAP_MODIFY
Also, specify the values of the attributes that you want to modify for this
entry.
For the MODIFYADD operation:
— OpCode value = LDAP_MOD_ADD
Also, specify the values of the attribute values that you want to add for this
entry.
For the MODIFYDELETE operation:
— OpCode value = LDAP_MOD_DELETE
Also, specify the values of the attribute values that you want to delete for this
entry.
For the MODIFYREPLACE operation:
— OpCode value = LDAP_MOD_REPLACE

|
Also, specify the values of the attribute values that you want to replace for this
entry
For the MODIFY DN operation:
— OpCode = LDAP_MODIFYKEY

— NewDN = ou=modifiedunit
For the UPSERT operation, the

— OpCode = LDAP_UPSERT
— DN = ou=unit,<DN as configured for the service>
If the specified DN does not exist on the LDAP server, the adapter will add
this entry provided ou and objectclass attribute values have been
specified. If the specified DN exists, the adapter will update the entry with
the specified attribute values in the schema.

68
18. Save the values entered for doing a particular operation and enter the Job Slot
name in the Slot text field of the Mapper Task, for example, SubSlot.
19. Click OK.
20. Double-click Signal Out Task.
21. Choose JMS and choose SubChannel.
22. Create a job slot. Specify the SubSlot name as mentioned above. Select
message in the Channel (Source).
23. Click OK.

24. Connect the tasks in the following sequence by the Trigger Task as
mentioned below:

|
start task ===> Mapper task ===> Signal Out Task ==> end task
25. Create a Channel that will be used for triggering the Subscription Process,
called TestChannel.
26. Specify test.sub as the value of the subject field. Click OK.

70
27. Create a Job slot, TestJob and choose TestChannel as the channel, and
SubProcess as the process.
28. Click OK.

29. Create a message diagram, SubMesgDiagram.

|
30. Drag TestChannel, TestJob, and SubProcess to the Design Panel. These are
connected by arrows and this indicates that your configuration is correct. If
the arrows are missing, check your configuration.
31. Save imsubexample.dat.

Configure the Request-Response Service
1. Save the configured example.dat as imrpcexample.dat.

2. Open imrpcexample.dat in the TIBCO IntegrationManager Editor.

72
7. Click OK.
8. Create a Channel, for example, rpcchannel.
9. Select JMS from the Transport drop-down.
10. Select client/server from the Channel Type drop-down.
11. Select the value of the RPC Server endpoint that you have configured in the
Endpoint field.
When you select the endpoint, the Class and Subject fields are automatically
populated.

|
12. Choose JMSShared from the Shared Paramters field.
13. Create a process, rpcprocess.

74
14. Double-click rpcprocess and drag the Start Task, Stop Task, Execute
Task, and Invoke Task to the design panel.
15. Connect the tasks in the following sequence by the Trigger Task as
mentioned below:
Start Task ===>Execute Task ===>Invoke Task ===>Stop Task
16. Open Execute Task and write the following script lines for a LOOKUP
operation using the RPC Server service of the adapter.
var orgUnit;
orgUnit = new
aeclass.adapter.ldap.iplanet.anand.organizationalUnit();
orgUnit.OpCode="LDAP_LOOKUP";
orgUnit.DN="ou=unit1,o=BenchMark,dc=tibco.com";

|
job.put("input",orgUnit);
To execute any other LDAP operation, changes will be required to the script.
17. Click OK.

18. Open Invoke Task and select rpcchannel.
The Operation field is populated automatically.
19. Click the + sign to create new binds.

76
20. Specify the name of the Job Slot that was specified in the script, that is, input.
21. Select the class configured for this rpc server service in the Parameter
drop-down, that is, organizationalUnit.
22. Click OK.
23. Select Entire Reply from the Operation drop-down and enter reply in the
Slot Name field.

|
24. Click OK.

The Slot Name reply encapsulates all the information obtained from the
server, in response to the request made by the RPC Server Service.
25. Create a channel, for example, testchannel.
26. Enter the subject in the Subject field as test.rpc.
27. Click OK.
28. Create a test job creator, for example, testjob.

78
29. Select testchannel as the channel, and rpcprocess as the process.
30. Click OK.

31. Create a message diagram, rpcmesg.

|
32. Drag testchannel, testjob and rpcprocess to the design panel. These are
connected by arrows and this indicates that your configuration is correct. If
the arrows are missing, check your configuration.
33. Save the imrpcexample.dat.


80
Deploy the Project and Start the Adapter
Before starting the adapter, you must create a properties file for the adapter.
Task A Deploy the Adapter

To create a properties file for the adapter:
1. Change directory to the adapter bin directory:
cd C:\tibco\adapter\adldap\<version_num>\bin
2. Copy adldap.tra to a new text file named example.tra.

3. Using a text editor, open the example.tra file and change the following
properties.
Change: #TIBCO.repourl <repourl> to:
TIBCO.repourl
C:/tibco/adapter/adldap/<version_num>/examples/example.dat
Change: #TIBCO.configurl <configurl> to:

TIBCO.configurl adldap/LDAPAdapterConfiguration
Change: application.args adldap -system:propFile

C:/tibco/adapter/adldap/<version_num>/bin/adldap.tra
to:
application.args adldap-system:propFile
C:/TIBCO/adapter/adldap/<version_num>/bin/example
.tra
Task B Start the Adapter

Open a command window.
1. Start the JMS Server by executing the following command:
On Microsoft Windows, select Start > Programs > TIBCO > TIBCO
Enterprise Message Service > Start JMS Server.
On Unix, from a command window change directory to the
<install-path>/tibco/jms/bin directory and type ./tibjmsd
2. In the second command window change directory to the

<install-path>/tibco/adapter/adldap/<version_num>/bin directory.
3. Start the adapter:
adldap --run --propFile example.tra

Configuring the Exercises Using TIBCO IntegrationManager 81
|
Configuring the Exercises Using TIBCO IntegrationManager
After starting the adapter, run the exercise as follows:

1. Copy the project file into the bin folder of your TIBCO IntegrationManager
directory. Depending on the service you want to run, copy:
— impubexample.dat - to run the Publication Service
— imsubexample.dat - to run the Subscription Service
— imrpcexample.dat - to run the Request- Response Service
2. Open a command prompt for TIBCO IntegrationManager.
3. Navigate to the bin folder of the TIBCO IntegrationManager install directory.
4. In the command prompt window type imse -name example -f
<filename>.dat. This will start the IntegrationManager server and engine.
Before you run this command, in the TIBCO IntegrationManager Editor, go to the
Tools > Global Variables menu, and add InstanceId and AppName to the
existing global variables.
5. Run the adapter as mentioned in Start the Adapter on page 80.

6. Do any of the following, depending on the service you want to execute:
For the Publication Service:
a. Execute the LDAP Publication Service related operations on the LDAP
Server under the DN specified during configuration.
b. You will see a message displayed on the TIBCO IntegrationManager
Engine console and the adapter console.
For the Subscription Service:
a. Open one more command prompts and send any message on the subject
test.sub. For example: tibrvsend test.sub "trigger sub"
b. Look for any messages published on the Engine Console and also look for
the entry on which the LDAP operation as implemented by the process
was performed.
c. Check your LDAP Server for changes effected by the process.
For the Request-Response Service:

82
a. Open a command prompt window and send any message on the subject
test.rpc. For example: tibrvsend test.rpc "trigger rpc"
b. Look for messages published on the Engine Console and for the entry on
which the LDAP operation as implemented by the process was performed.
c. Check your LDAP Server for changes effected by the process.

| 83
Chapter 5 Adapter Instance Options
This chapter explains how to create an adapter instance and assign it services by
configuring standard settings. All configuration tasks are performed in TIBCO
Designer and the information is stored in a project that is later used by the
run-time adapter.
Topics
• Configuring the SSL Environment, page 85
• Adapter Instance Fields, page 91
• Adapter Services, page 103
• Publication Service Fields, page 104
• Subscription Service Fields, page 113
• Request-Response Service Fields, page 122
• Supported LDAP Operations and Message Structure, page 131
• Specifying an Attribute Filter as a Sequence, page 138
• Handling Entries Belonging to Multiple Object Classes, page 139

84
| Chapter 5 Adapter Instance Options
Overview
You can configure adapter instances and add and configure adapter services
using TIBCO Designer.
Configuration Tasks
Use the following sequence to create and configure an adapter service.
1. Start TIBCO Designer and open a multi-file project. See the TIBCO Designer
User’s Guide for details on multi-file projects.
2. Drag the LDAP Adapter Configuration icon from the palette panel to the
design panel. This creates an adapter named, by default,
LDAPAdapterConfiguration.
3. Define the adapter instance by assigning a new name and optionally change
logging options. See Logging Tab on page 99 for details.
4. Specify the LDAP Design Time Connection and test the connection.
5. Add a service to the adapter instance by dragging the service icon from the
palette panel and dropping it in the design panel.
6. Define the configuration, transport, and schema options for the service.
7. To select a Base DN for a service, in the Schema View tab, click the Browse
DIT button. The Directory Information Tree is displayed in a dialog. Specify
the Maximum Number of Entries and then select an LDAP entry for the
service from the DIT. You can also browse the DIT to specify a sample entry
for the schema. This generates the class reference needed for the service.
Repeat step 2 through step 7 for each adapter service that you want to
configure. Set the combination of options required for your service. See the
Configuration Tab on page 91 for details.
8. Export the project as a local repository and exit TIBCO Designer.
After configuring the adapter, you must create the run-time adapter properties
file and add the project name and adapter instance name.

Configuring the SSL Environment 85
|
Configuring the SSL Environment
Configuring the SSL environment involves the following tasks:

• Converting Certificates to Use SSL at Design Time
• Converting Certificates to Use SSL at Run-Time
You will need to obtain the following from your LDAP server administrator:
1. The CA (Certificate Authority) certificate that signed the LDAP server
certificate. You will need the CA certificate in a DER format file. If you have the
CA certificate in the PEM format, you can convert it to the DER format as
follows:
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\openssl\openss
l.bat x509 -inform PEM -outform DER <cacertperm> cacert.der
The samples assume that the CA certificate file is called cacert.der.

2. To use External (client certificate based) authentication, the certificate and
private key of the LDAP user that the adapter will authenticate to the LDAP
server as a PKCS12 file. Use the administration tools of the LDAP server to
export the LDAP user’s certificate and private key.
The samples assume that the PKCS12 file is called userident.p12. The
PKCS12 file is encrypted with a password and you will need that as well.
To use SSL for the design-time connection, the certificates and keys must be
imported into a keystore as described in Converting Certificates to Use SSL at
Design Time.
To use SSL for the run-time connection, the certificates and keys must be
converted to a different format as described in Run-time Connection Tab on
page 95.
For AIX 5.2, $ADLDAPHOME/tools/openssl is not bundled with the installer. You
must download it from http://www.opnssl.org.
Converting Certificates to Use SSL at Design Time

To use SSL for the design-time connection to the LDAP server, the CA certificate
must be imported into a keystore. Use the Java utility keytool for this.
The command for using this utility is:
<TIBCO_HOME>\jre\1.4.2\bin\keytool -import -v -alias <alias> -file
<cert_file> -keystore <keystore>

86
To import the CA certificate from the cacert.der file into the keystore file,
<TIBCO_HOME>\jre\1.4.2\lib\security\keystore with the alias CAcert, run
the following command:
<TIBCO_HOME>\jre\1.4.2\bin\keytool -import -v -alias CAcert
-file cacert.der -keystore <TIBCO_HOME>\jre\1.4.2\lib\security\ca
certs
You will be prompted to choose a password. You require this password to import
additional certificates into the keystore. Select yes when the keytool prompts you
to trust the imported certificate.
To use SSL at design time with anonymous or simple authentication:

In the Design-time Connection tab, specify the following values. For details, see
Design-time Connection Tab on page 92.
• Specify the LDAP server (Hostname or IP address).
• Specify the port number in the LDAP Port field.
• Select the Use SSL check box.
• In the Trusted Certificate Authorities field, specify the path to the Java
keystore you created earlier. In the example above, the keystore file is in the
TIBCO_HOME\jre\1.4.2\lib\security\cacerts folder.
• Specify the authentication mode to be Simple or Anonymous. If you select

Simple authentication, the User DN and Password are mandatory.
• Click Test Connection to make sure that the design-time adapter can connect
to the LDAP server using SSL with the specified parameters.
To use SSL at design time with external authentication:

1. In the Design-time Connection tab, specify the following values. For details,
see Design-time Connection Tab on page 92.
— Enter the LDAP Server (Hostname or IP address).
— Specify the port number in the LDAP Port field.
— Select the Use SSL check box.
— In the Trusted Certificate Authorities field, specify the path to the
Java keystore you created earlier. In the example above, the keystore file is
TIBCO_HOME\jre\1.4.2\lib\security\cacerts.
2. Select External for the Authentication mode.

3. In the Client Identity field, specify the full path to the PKCS12 file that has
the LDAP user’s certificate and key.

|
4. In the Identity Password field, provide the password to the PKCS12 file.
5. Click Test Connection to make sure that the design-time adapter can connect
to the LDAP server using SSL with the specified parameters.
Converting Certificates to Use SSL at Run-Time

To use SSL for the run-time connection, the CA certificate and the user PKCS12
file (required only if the Authentication Mode is External) must be converted
and imported into a security database. The security database is a directory with
files that contain the same information as the CA certificate and the user PKCS12
in a format that can be used at run-time.
To create a directory for the security database:
1. Create a directory for the certificate database.
The following examples assume that
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates (or
<TIBCO_HOME>/adapter/adldap/<version_num>/certificates on UNIX)
is the directory chosen.
2. Use the following command to prepare the directory:
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.ba
t -N -d <TIBCO_HOME>\adapter\adldap\<version_num>\certificates
On Unix, use certutil.sh instead of certutil.bat.
You will be prompted to select a password for the security database. You will
need this password to import any additional certificates and the user PKCS12
file into the security database.
After you have run the command, the directory
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates will
contain the files cert7.db, key3.db and secmod.db.
3. Add the CA certificate to the security database. Type the command:
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.b
at -A -n CAcert -t "CT,," -i cacert.der -d
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates
The -n CAcert specifies the alias or display name for the CA certificate being
imported. Choose a unique alias for each certificate you add to the certificate
database. You will be prompted to enter the password you chose in step 2.
4. Verify that the certificates have been correctly added to the database. Use the
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.

88
bat -L -d
command to produce the output CAcert CT.
5. Import the user PKCS12 file (required only for External authentication). The
following command imports the PKCS12 file userident.p12 into the
certificates directory
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates (this
should be the same directory you imported the CA certificate into):
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\pk12util
-i userident.p12 -d
You will be prompted for the password to the security database that you chose
in step 3 and the password of the PKCS12 file.
6. List the contents of the security database by running the following command:
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.
bat -L -d
On Unix, use certutil.sh instead of certutil.bat
The output should be similar to the following:

Certificate Name
Trust Attributes
Userident
u,pu,u
CAcert
CT,,
You will obtain the Trust Attributes u,pu,u output only if you imported a
user PKCS12 file for External authentication.

|
To use SSL with Anonymous or Simple authentication:

1. In the Run-time Connection tab, specify the following values. For details, see
Run-time Connection Tab on page 95.
— In the Converted Certificates and Keys Directory field, specify the
directory you chose for the security database.
2. Specify the Authentication Mode as Simple or Anonymous. If you select
Simple authentication, the User DN and Password are mandatory.
To use SSL with external authentication:

1. In the Run-time Connection tab, specify the following values. For details, see
— In the Converted Certificates and Keys Directory field, specify the
directory you chose for the security database.
2. Specify the Authentication Mode as External.
3. In the Client Certificate Name field, enter the name of the certificate with
Trust Attributes u,pu,u.
4. In the Client Key Password field, enter the password you selected when you
prepared the security database directory.
Using SSL with the Adapter

To use the SSL protocol with the adapter:
1. Configure SSL support in the LDAP server. For further information, see
Preparing the LDAP Server for Use with the Adapter on page 41.
2. Get the LDAP server's certificate and the certificate (chain) of the CA that
issued the LDAP server's certificate. You must obtain the LDAP certificates in
the DER format.

90
3. Create certificate stores containing the certificates.

— For the design-time connection, use the Java keytool to create a keystore.
For details, refer to Converting Certificates to Use SSL at Design Time on
page 85.
— For the run-time connection, use certutil to convert the certificates. For
details, see Converting Certificates to Use SSL at Run-Time on page 87.
If you are using Active Directory as the LDAP server and setting up a
publication service, you must also import the certificate to the systems
certificate store on the Microsoft Windows machine that will run the adapter.
4. Configure the SSL parameters on the Design-time Connection tab. Refer to

Design-time Connection Tab on page 92.
5. Configure the SSL parameters on the Run-time Connection tab. Refer to
You can configure SSL separately for the design-time and run-time connections.

Adapter Instance Fields 91
|
Adapter Instance Fields
The following tabs can be used to define an adapter instance:

• Configuration Tab on page 91
• Design-time Connection Tab on page 92
• Run-time Connection Tab on page 95
• General Tab on page 98
• Multithreading Tab on page 98
• Logging Tab on page 99
• Startup Tab on page 101
• Monitoring Tab on page 101
Configuration Tab
Instance Name
Use the default name or replace it with a name of your choice.
• An instance name must use alphanumeric characters. An underscore (_)
character can be used. The entire instance name must be less than 80
characters. The space character cannot be used in an instance name.
• An instance name cannot use global variables.
• An instance name must be unique with respect to other adapter instances for
the same adapter in the project. The same instance name can be used to name
an adapter instance for a different adapter in the same project. For example,
an R/3 adapter instance named TEST and a Siebel adapter instance named
TEST can coexist in the same project.
• Each instance name must be unique per adapter within a project even if each
instance is defined in a different folder. That is, configuring same-named
adapter instances in different folders will not make their names unique.
When you create an adapter instance, the palette automatically creates several
resources for it. The names of these resources derive from the name of the instance
to which they belong. Changing the adapter instance name results in an
automatic regeneration of the resources names. If you manually modify any
resource name, that particular name will not be automatically regenerated next
time you rename the adapter instance.

92
Description
Provide information about the adapter instance that you want stored in the
project. The field is optional.
Version
The version string indicates the ActiveEnterprise (AE) format in which the
adapter instance is saved. An adapter instance can be saved in AE Version 4.0
or AE Version 5.1, AE Version 5.2 and AE Version 5.3 format.
When a new adapter instance is created in TIBCO Designer 5.x, the version string
is set to AE Version 5.3. When a 4.x adapter instance is opened in TIBCO
Designer 5.x, the Version field is set to AE Version 4.0.
• If a 4.x adapter instance is to be run against a 4.x run-time adapter, the
instance must be saved with the Version field set to AE Version 4.0.
If you are using TIBCO Designer 5.x to modify 4.x adapter instances, change
only features supported by the 4.x. run-time adapter and use the validation
utility to verify the instance before deploying the project. The validation
utility scans the project and returns warnings if any 5.x features are defined
for 4.x adapter instances. Invoke the utility from the Project>Validate
Project for Deployment menu command in TIBCO Designer.
• If a 4.x adapter instance is to be run against a 5.x run-time adapter, the

Version field should be set to AE Version 5.x.
To change versions, click the Change Version button.
Message Filter
Specify a message filter, if you have configured a message filter resource for use
with the adapter. The filter allows you to manipulate incoming and outgoing data
before sending it on the network or handing it to the target application. Filters can
be written using the TIBCO Adapter SDK. See the TIBCO Adapter SDK
Programmer’s Guide for information about writing a message filter.
Show All Tabs

Select this box to display additional tabs for configuring advanced options.
Design-time Connection Tab

Many of the following fields make use of global variables. Click the Global
Variables tab in the project panel to enter a value for a global variable.

|
Server Type
Specify the type of server. This is the name of the LDAP server that the adapter
will be connecting to. You can choose Microsoft Active Directory Server/ADAM,
IBM Directory Server, Sun ONE Directory Server, Novell eDirectory, or Oracle
Internet Directory.
Server Name
Specify the name of the machine where the LDAP server is installed.
If an existing dat file is opened and the machine name is changed, then the
following message displays:
You have already configured adapter instances and services for a
particular LDAP server. The change that you are attempting will be
valid only if the new server has identical directory information
tree and schemas. Please confirm this and that you do wish to
proceed with this change.
Click Yes to effect the changes to the machine name. Click No to revert to the
previous value.
Use SSL
Select this check box to specify whether the SSL protocol should be used. By
default, this check box is not selected.
LDAP Port
Specify the number of the port that the adapter is configured to listen at. The
default port number for LDAP servers is 389.
The default SSL port number is 636.
Authentication Mode
The mode of authentication used for connecting to the LDAP server. Currently,
the following are supported:
• Simple — If you select the Simple authentication mode, you must specify the
user name and password required to log on to the LDAP server. Click Test
Connection. If the entries are accurate, the adapter will connect to the server.
• Anonymous — If you select the Anonymous authentication mode, you do not
need to specify the user name and password. You will be logged on to the
LDAP server automatically. Click Test Connection. If the configuration is
accurate, the adapter will connect to the server.

94
• External — This field is only available if you select the Use SSL check box. If
you select the External authentication mode, you must ensure that the User
DN and Password fields are empty. In the Client Identity field, provide the
path to the userident.p12 file. Also, enter the password for the .p12 file in
the Identity Password field. Click Test Connection. If the entries are
User DN
Specify the user name that will be used to log on to the LDAP server. You must
specify the DN used to bind to the LDAP server. For example,
cn=Administrator,cn=Users,dc=adsldap.
Password
Specify the password that will be used to log on to the LDAP server at design
time.
Remember Password
If this check box is not selected, the password must be entered each time the
project is opened. If it is selected, the password will be stored in the project
repository. This password is for the design-time connection only.
The password for the run-time connection is stored in the adldap.tra file, either
in clear text or in obfuscated format.
Audit Log File Path

If you specified the server type to be IBM Directory Server, enter the path for the
audit log in the Audit Log File Path field.
Use Design-time Connection for Run-time

Select this check box to use the design-time connection information for the
run-time adapter.
Trusted Certificate Authorities

This is the file that contains the list of trusted certificates and specifies which
Certificate Authorities should be trusted as issuers of the LDAP server certificate.
The file is created using keytool.

|
Client Identity
You must specify the complete path of the client .pfx or .p12 file.
Identity Password
This is the password that is used to decrypt the private key of the client.
Verify Server Certificate Common Name

The design-time connection does not support this option.
Test Connection
Click to test the validity of the connection information that you specified for the
adapter instance.
Run-time Connection Tab

Specify the run-time parameters on this tab.
Server Type
Specify the type of server. This is the name of the LDAP server that the adapter
will be connecting to. You can choose Microsoft Active Directory Server/ADAM,
IBM Directory Server, Sun ONE Directory Server, Novell eDirectory, or Oracle
Internet Directory.
Server Name
Specify the name of the machine where the LDAP server is installed.
Use SSL
Select this check box to specify whether the SSL protocol should be used. By
default, this check box is not selected.
LDAP Port
Specify the number of the port that the adapter is configured to listen at. The
default port number for LDAP servers is 389.
The default SSL port number is 636.

96
Authentication Mode
The mode of authentication used for connecting to the LDAP server. Currently,
the following are supported:
• Simple — If you select the Simple authentication mode, you must specify the
user name and password required to log on to the LDAP server. Click Test
Connection. If the entries are accurate, the adapter will connect to the server.
• Anonymous — If you select the Anonymous authentication mode, you do not
need to specify the user name and password. You will be logged on to the
LDAP server automatically. Click Test Connection. If the configuration is
• External — This field is only available if you select the Use SSL check box. If
you select the External authentication mode, you must ensure that the User
DN and Password fields are empty. In the Client Identity field, provide the
path to the userident.p12 file. Also, enter the password for the .p12 file in
the Identity Password field. Click Test Connection. If the entries are
User DN
Specify the user name that will be used to log on to the LDAP server. You must
specify the DN used to bind to the LDAP server. For example,
cn=Administrator,cn=Users,dc=adsldap.
Password
Specify the password that the adapter must use at run time. The password is
encrypted and stored in the project file. If you select the Use Design-time
Connection for Run-time check box under the Design-time Connection tab,
the adapter uses the design-time password at run time too. To maintain backward
compatibility, if the run-time password is not specified or if the field is empty in
the project file, the adapter uses the password from the .tra file. This field is
mandatory.
The adapter handles the password at design time and run time as follows:
• In the 5.1.0 release and later, you can enter the run-time password in the
Password field under the Run-time Connection tab. The adapter looks for
the run-time password in the project file.
• In the 5.0.1 release, you cannot specify a run-time password through TIBCO
Designer. However, if you select both the Remember Password and Use
Design-time Connection for Run-time check boxes, the adapter first looks
for the password in the project file. If there is no specified password, the
adapter uses the password specified in the .tra file.

|
• In the 4.x release, the run-time password is not saved in the project file.
Therefore, the adapter uses the password that you specify in the .tra file.
Converted Certificates and Keys Directory

A directory containing the converted certificates is created via certutil.
You must select SSL under the Design-time Connection tab, or SSL options will
not be available at runtime.
Client Certificate Name

Specify the name of the certificate that you want to use for client authentication.
Client Key Password

Specify the password to the encrypted private key database.
Verify Server Certificate Common Name

Every certificate has a field called the Common Name (CN). If this box is selected,
then the adapter will verify that the CN in the LDAP server's certificate is the
same as the DNS name of the LDAP server host.
If you are using Active Directory as the LDAP server and setting up a publication
service, you must also import the certificate to the systems certificate store on the
Microsoft Windows machine that will run the adapter. For more information on
this, see Converting Certificates to Use SSL at Run-Time on page 87.
Maximum Number of Reconnect Attempts

Specify the total number of reconnection attempts to make before the run-time
adapter or adapter service is stopped. A value of -1 means reconnection attempts
will continue indefinitely. You cannot specify a value of zero.
Number of Reconnect Attempts Before Suspending Impacted Service(s)

Specify the number of reconnection attempts to make before suspending the
adapter services.
Interval between Reconnect Attempts (milliseconds)

Specify the time interval in milliseconds, between each reconnection attempt.

98
Adapter Termination Criteria (after max number of reconnect attempts)

The adapter provides the following choices:
• When All Services Are Suspended — To stop the adapter when a service is
suspended. Therefore, only the adapter service that cannot reconnect is
stopped. Other adapter services that are connected continue to function
normally.
• When Any Service is Suspended — To stop the adapter if any one service is
unable to re-establish a connection after the specified number of reconnection
attempts.
However, since the adapter currently supports only a single connection to a
LDAP server, either choice results in the same behavior. The adapter stops after
the maximum number of reconnection attempts.
General Tab
Termination Subject or Topic

A message sent on the termination subject (if TIBCO Rendezvous is the transport)
or topic (if JMS is the transport) stops the adapter. In most cases, you should use
the default value.
See TIBCO Rendezvous Concepts for information about specifying subject names.
See the TIBCO Enterprise Message Service User’s Guide for information about
publishing on a topic.
Adapter Encoding
This field has the ASCII and UTF8 values.
Multithreading Tab
It is possible to run the adapter in the multithreaded mode for improved
throughput and performance. You can specify the number of concurrent
dispatcher threads that are to be operated for a given session.

|
Session Name
Shows the TIBCO-enabled application session that has been created by TIBCO
Designer.
A termination service must use a different session from the session that is
configured because if all threads are waiting for a connection, there will be no
thread available to process the termination request. Setting a session for the
termination service that is different from the configured session ensures that the
request is processed immediately.
Number of Threads
Specifies the number of dispatch threads to be started for this session.
It is recommended that you set the threading after configuring all the services.
Setting the threads after configuring the services will allow you to inspect all the
different sessions and choose the appropriate thread counts.
Logging Tab
Use Advanced Logging

When Use Advanced Logging is not selected (the default), you can set two
standard output destinations (sinks) for trace messages and set the tracing level
for the roles selected.
When Use Advanced Logging is selected, you have complete control on selecting
the destinations and associating desired roles with each of the destinations.
To create and configure the sinks, select the log sinks folder under the Advanced
folder in the project panel.
To create sinks, drag and drop the Generic log sink icon from the palette panel
into the design panel. From the configuration panel, select the sink type. The
following are the sink types available:
• File
• Hawk
• Network
• STDIO

100
When File and STDIO sinks are created from the Generic log sink they offer
further configuration options. For the File sink, the file limit, file count, and the
option to append or overwrite can be specified. When created by default, this is
set to 30000 bytes, 3 and Append Mode respectively. For the STDIO sink, the
option to write to stdout or stderr can be selected. When created by default,
stdout is selected.
The Hawk sink uses the hawk session, created and used by the adapter for
monitoring purposes, to send tracing messages to the TIBCO Hawk monitor or
Display. For details on Hawk sessions, see Using Global Variables on page 152.
The configuration for the Hawk sink involves specifying the MicroAgent Name
that must be specified in the configuration panel.
The Network sink is used to publish tracing messages on TIBCO Rendezvous.
The configuration for the network sink involves specifying the session, and the
subject on which the trace messages needs to be published.
For all the sinks, optionally the name and description for the sink can be
provided.
Log to Standard I/O

(STDIO Sink) When selected, trace messages are displayed in the command
prompt window where the adapter is started. When not selected, trace messages
do not display in the window.
Log File
Specify the name of the log file (log sink) to which trace messages are written.
Global variables can be used to specify the location of the log file. See Using
Global Variables on page 152 for more information.
The roles available are Info, Debug, Warning, and Error messages. The trace
message generated depends on the roles selected. Turning on the roles can affect
the performance of the adapter. Therefore, it is recommended that you turn on the
required roles only.
Log Info/Debug/Warning/Error Messages

Trace messages of the selected level(s) will be collected in the named log sink. You
can configure what levels of trace messages you want logged, and where trace
messages are sent. There are three types of logs (log sinks) that you can configure
to hold trace messages, corresponding to three levels (roles) of trace messages,
Information, Warning and Error. A fourth level of trace messages, Debug, is
reserved and should not be enabled unless requested by the TIBCO Product
Support Group. This option writes a lot of information to the log file and
significantly reduces the speed of the adapter.

|
Startup Tab
Show Startup Banner

Select this option to show the startup banner. The startup banner displays the
run-time adapter version, the infrastructure version on which the adapter is built,
and copyright information in the console window when the adapter is started.
Metadata Search URL

This field is predefined and cannot be changed. The field specifies the location
where the adapter searches for base schemas. The adapter searches for any
schema that has been defined and saved at this location, and that should be
loaded at startup.
Monitoring Tab
Many of the following fields make use of global variables. Click the Global
Variables tab in the project panel to enter a value for a global variable.
Enable Standard Microagent

Allows you to turn on or off the standard TIBCO Hawk Microagent. The way to
turn it on or off is also configurable. By clicking the globe icon, a standard check
box or text value (true or false) can be used to turn the standard microagent on or
off.
Standard Microagent Name

This is the name for the standard microagent that will be registered with the
TIBCO Hawk system. In most cases the default value is used. The InstanceId
variable need not be set because it is automatically set at run time by the run-time
adapter.
Enable Class Microagent

Allows you to turn on or off the instance or class specific standard TIBCO Hawk
Microagent. The way to turn it on or off is also configurable. By clicking the globe
icon, a standard check box or text value (true or false) can be used to turn the class
microagent on or off.

102
Class Microagent Name

This is the name for the class microagent that will be registered with the TIBCO
Hawk system. In most cases the default value is used.
Class Microagent Timeout

Specifies the amount of time the Hawk Agent should wait for HMA method
invocations to complete before timing them out. The default is 10000
milliseconds. Normally there is no need to change this value, however, on
machines under extreme stress where method invocations are timing out, this
new option allows the timeout value to be increased.
Standard Microagent Timeout

See above, Class Microagent Timeout, on page 102.
Default Microagent Session

This field is predefined and cannot be changed. It specifies the name of the TIBCO
Rendezvous session that will be used by the standard, class, and custom
microagents.
The session name and the corresponding session is automatically generated by
TIBCO Designer. Do not change the session name or the session. However, you
can modify the session parameters if required. Navigate to the Sessions folder
under the Advanced folder to modify the session parameters.
Make sure you have set the correct parameter value for the global variables that
correspond to the TIBCO Hawk configuration. If the session parameters are not
set properly, the microagents will not display in the TIBCO Hawk Display.

Adapter Services 103
|
Adapter Services
After configuring an adapter instance, select one or multiple adapter services for
the instance. The following sections describe the services and fields that are
available to the adapter.
• Publication Service Fields on page 104
• Subscription Service Fields on page 113
• Request-Response Service Fields on page 122

104
Publication Service Fields
The following tabs are available:

• Transport Tab on page 105
• Schema View Tab on page 109
• Schema Tab on page 112
The Publication Service supports the following LDAP operations:
INSERT, UPDATE, DELETE and MODIFY DN. Changes made through the INSERT,
UPDATE, DELETE and MODIFY DN operations on the LDAP server are picked up
by the adapter and published.
Configuration Tab
Name
You can use the default name or replace it with a name of your choice.
• A service name must use alphanumeric characters. An underscore (_)
• A service name cannot use global variables.
Description
Provide information about the service that you want stored in the project. The
field is optional.
Transport Type
Select the transport to be used by the run-time adapter, JMS or TIBCO
Rendezvous. After selecting the transport, the transport-specific configuration
fields display.
The transport can be configured to use a trusted store and identity resource for
SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions and JMS
topics have an SSL configuration field that provides a dialog for SSL
configuration.

Publication Service Fields 105
|
To enable and configure SSL, in the Project panel, expand the Advanced folder,
then expand the Sessions folder. Select the TIBCO Rendezvous session or JMS
topic and select the Use SSL check box. The SSL configuration options are
explained in the online help associated with the session dialog. Click the question
mark to display the online help.
Transport Tab
Message Subject
This field displays only if TIBCO Rendezvous is selected in the Transport Type
field (under the Configuration tab).
By default, a service uses a message subject that is generated using the Domain
and Deployment global variables, the adapter acronym, the adapter instance
name and the service name. If you use this default subject, make sure the values
for Domain and Deployment are not empty. You can type a TIBCO Rendezvous
subject name different from the default in this field. See TIBCO Rendezvous
Concepts for information about specifying subject names.
Destination
This field displays only if JMS is selected in the Transport Type field (under the
Configuration tab).
By default a service uses a dynamic destination that is generated using the Domain
name, and the service name. If you use this default dynamic destination, make
sure the values for Domain and Deployment are not empty. You can override the
default dynamic destination by specifying the static destination in this field. The
static destination must be defined on the JMS server before it can be used by the
run-time adapter. See the TIBCO Enterprise Message Service User’s Guide for
information about destinations.
Reply Message Subject

This field is not applicable to TIBCO Adapter for LDAP.
Reply Destination
This field is not applicable to TIBCO Adapter for LDAP.
Quality of Service
If TIBCO Rendezvous is selected as the transport type, select:

106
• Certified
Guarantees that every certified message reaches its intended recipient in the
order sent. The message can be sent across network boundaries, and if a
network fails, delivery attempts continue until delivery succeeds or until the
message's time limit expires. This is often called certified message delivery.
If certified message delivery is used, data is stored in a ledger file. The size of
the ledger depends on several factors, the most important of which is the
retention rate of stored data. That is, the ledger grows fastest in response to
the cumulative length of undeliverable messages. You must ensure that
sufficient disk space is available for the expected size of the ledger.
• Reliable
Ensures that each multicast or broadcast message is received as long as the

physical network and packet recipients are working, and that the loss of a
message is detected. This choice can compensate for brief network failures
because it can retransmit a message on request if the first attempt failed. This
choice is appropriate when message delivery is expected but some loss can be
tolerated.
Wire Format
Services must use the same wire format to exchange data.
• ActiveEnterprise Message (TIBCO Rendezvous only)
Control information for validation is sent in the message. If no control
information is included, an exception is returned to the subscriber.
ActiveEnterprise standard wire format provides class information and
packing rules for the TIBCO Adapter SDK set of data types. This format
allows ActiveEnterprise components to perform extra validation on messages
sent or received.
See the TIBCO Adapter SDK Programmer’s Guide for details about the control
information generated and sent with ActiveEnterprise messages.
• XML Message (TIBCO Rendezvous and JMS)
The XML Message wire format conforms to specifically constructed and fully
compliant XML Schema (XSD) based on the existing definition of the
ActiveEnterprise schema.

|
Connection Factory Type

• Topic (JMS only)
A message published to a topic is broadcast to one or more subscribers. All
messages published to the topic are received by all services that have
subscribed to the topic. This messaging model is known as publish-subscribe.
• Queue (JMS only)
A message sent to a queue is consumed by one and only one receiver. Each
message has only one receiver though multiple receivers may connect to the
queue. The first receiver to access the queue gets the message. The other
receivers do not. This messaging model is known as point-to-point.
Delivery Mode
• Persistent (JMS only)
In general, a message marked persistent will be available to a JMS client even
if the JMS server goes down.
• Non-Persistent (JMS only)
A message marked non-persistent will not be available to a JMS client if the
JMS server goes down.
Messages sent with the persistent delivery mode are always written to persistent
storage, except when they are published to a topic that has no durable
subscribers. When a topic has no durable subscribers, there are no subscribers
that need messages resent in the event of a server failure. Therefore, messages do
not need to be saved, and performance is improved because disk I/O is not
required.

108
The semantics for these fields are more complex than the explanation given here.
See the TIBCO Enterprise Message Service User’s Guide for more information.
Typically, a publication service will publish INSERT, UPDATE, DELETE, and MODIFY
DN operations. For the publication service on the Active Directory server, a MODIFY
DN operation on any monitored entry is published as UPDATE and not as MODIFY
DN.
The adapter supports persistent publisher services. Therefore, the adapter will be
able to publish changes that occurred on the LDAP server even when the adapter
was not running. However, if the adapter is not running when the changes take
place on the LDAP server, only INSERT and UPDATE operations will be published.
MODIFY DN operations will be published as UPDATE while DELETE operations (for
Sun ONE Directory Server and eDirectory) will not be published at all. This is
because the deleted entries no longer exist on the LDAP server and information
on deleted entries is also no longer available.
For Active Directory, the DELETE operation will be published (whether or not the
adapter is running when the delete happens on the server), but Active Directory
moves the deleted entry to a Deleted Objects subtree, retaining only its RDN
(Relative Distinguished Name), if there is no conflict with other deleted items.
The DN of the entry itself is lost. The object GUID (a unique GUID) for the object
is retained and may be used to retrieve the object from a parallel store, if it exists.
When the adapter publishes a deleted object, it uses the new DN, not the original
DN of the entry. So, for example, the DN may look like:
DN = CN=Aparna DEL:aec6dadb-244d-4fd0-a058-4c6e7ef18a09,CN=Deleted
Objects,DC=adsldap
Since the information on the original DN and attribute values are not available on
the Active Directory server, the adapter cannot publish those details; only the DN
as used in the deleted objects container is available.
Session Reference
Every adapter can have one or more sessions configured for it. Sessions
encapsulate stateful connections to TIBCO Rendezvous and other messaging
sources. The session object shown in this field is initially supplied by the adapter,
depending on the Quality of Service selected. You can change the session by
browsing for it in the project panel.
Endpoint Reference
You can drag a different endpoint, browse for another endpoint resource, go to
the referenced endpoint to edit its properties or delete the endpoint. Endpoint
reference objects are explained in the TIBCO Designer Palette Reference.

|
Schema View Tab
Base DN
Displays the selected Base DN (Distinguished Name) of a specified node.
To display the Base DN, you can browse the Directory Information Tree by
clicking the Browse DIT button and then selecting the required node from the
DIT.
When the length of an object class name that is fetched from the Base DN field
exceeds 128 characters, the ActiveEnterprise schema created with this name
affects the run-time functionality. When you click Apply, a dialog box is displayed
that prompts you to enter a shorter name that can be stored in the schema. The
name you enter must be unique and less than 128 characters.
If the service has been configured with a long schema name, the dialog box will
not display if a service has already been configured for the same object class.
Select Object Classes From

There are two methods you can use to select an object class:

110
• Sample Entry — You can specify a sample entry so that the object class for
that entry is populated in the Objectclasses field.
• LDAP Schema — You can specify an object class by selecting it from the ldap
schema on the ldap server.
Sample Entry
This field is available only if you select the Sample Entry option for the Select
Object Classes From field.
In your LDAP server, you can specify an entry from the schema you will use for
this service. The service will only handle entries with identical object classes.
To specify a sample entry for the schema, you can browse the Directory
Information Tree by clicking the Browse DIT button and then selecting the
required node from the DIT. This generates the class reference needed for the
service, in the Objectclasses field.
For details on specifying object class names, see page 109.
LDAP Schema Classes

This field is available only if you select the LDAP Schema option for the Select
To select the LDAP schema classes for the service, you can browse the LDAP
schema by clicking the Browse Schema button and selecting the object classes
from the Available Objectclasses list.
This generates the class reference needed for the service, in the Objectclasses
field.

|
Maximum Number Of Entries

Click Browse DIT for the Base DN or Sample Entry for Schema fields to access
the Maximum Number of Entries field. This field is available in the Select Base
DN and Select Sample Entry for Schema dialog boxes. Specify the maximum
number of entries that you want to restrict the service to. The DIT expands only if
the number of entries is equal to, or less than the value you specify.
You cannot specify a value greater than 10000 as the maximum number of entries.
If you need to select a node within a subtree that has more than 10000 entries, you
must specify the DN, in the DN (Base DN/Sample Entry) box.
You may come across the following exceptions The size of the result
exceeds server specific limit and The Number of Descendants for this
Node are more than the requested number. Additionally, if you are using the
Sun ONE Directory Server, you may come across the exception The
adminstrative limit on the maximum number of entries to return was
exceeded.
search size limit:
value of the Look-through limit entry. While you are in the
Configuration tab, select the root of the tree, and click the Performance tab.
Change the value for the Size Limit entry too.
For further details, see the documentation shipped with the server you are using.
Objectclasses
Displays the object class of the entry specified in the Base DN, or Sample Entry
fields, if these have been specified. Otherwise, the value from the LDAP Schema
Classes field is displayed. You cannot edit this field.
Handle Any Subset of Configured Object Classes

This field is available if a composite object class is displayed in the Objectclass
field. Although the adapter is configured for a composite object class, all
combinations of the object class are supported. Therefore, if you select the check
box, changes made to any attribute of an entry belonging to any subset of the
configured object class will be published by the service.

112
By default, this check box is not selected in 4.x adapter instances.
This field is not visible when the adapter instance is configured for the Microsoft
Active Directory server.
Filter
You can specify a filter option in this field. The adapter supports LDAP V3 filters.
Only entries that conform to the specified filter will be published. The conditions
used to specify a filter should be syntactically accurate. If the filter specified has
an incorrect syntax, the following message is displayed:
Syntax of the filter is not valid. Please ensure that you enter a
valid LDAP filter.
If the filter syntax is correct but no entries match the filter specifications, the
following warning is displayed:
No results are found on the LDAP server with the given filter.
Please ensure that filter is semantically correct.
This may mean that at the time of configuration, no entries may match the filter,
but the entries may be present at run-time.
Schema Tab
Class Reference
Displays the reference to the ActiveEnterprise schema that corresponds to the
object class that was configured under the Schema View tab.

Subscription Service Fields 113
|
Subscription Service Fields

Configuration Tab
Name
Description
Provide information about the service that you want stored in the project. The
field is optional.
Transport Type
fields display.
use in SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions
and JMS topics have an SSL configuration field that uses a dialog to perform SSL
configuration.
topic and click Use SSL?. The SSL configuration options are explained in the
online help associated with the session dialog. Click the question mark to display
the online help.

114
LDAP Operations
Specify the operations that this service supports. At least one operation must be
selected. Select:
• Insert — To add an entry.
• Update — To update an existing entry.
• Delete — To remove an entry.
• Upsert — To update an entry if it already exists. If the entry does not exist,
running this operation will insert it.
• Validate Object — To validate the object class of a requested entry against
the configured object class for LDAP_DELETE and LDAP_MODIFY operations.
• Modify DN — To move an entry from one location to another by changing the
RDN (Relative Distinguished Name). If you select this option, all variations of
the UPDATE operation are used. If you do not select this option, none of the
UPDATE operation variations are used.
Update Only if Different

The adapter has additional support for synchronization of entries between two
LDAP servers through a configuration option in the subscription service. This
option prevents infinite loops for server synchronization scenarios. To determine
the scenarios in which this option should be selected, refer to LDAP Server
Synchronization on page 157.
Chase Referrals
Select this check box to specify that if a referral is encountered during an
operation, the referral should be followed.
When you browse the DIT tree, the adapter palette will not follow a referral and
only entries on the configured server will be displayed.
The referring server returns an LDAP URL in the following format:
({ldap|ldaps}://<host>[:<port>]/<DN>).
Depending on the URL used, the following referral chasing scenarios are possible:
• If the URL is ldaps://, then referral chasing uses SSL.
• If the URL is ldap://, then referral chasing does not use SSL.

|
• If the bind to the original server is SSL-EXTERNAL and the referral URL is
ldap://, then the bind to referred server will be anonymous.
Referrals are not supported for the Publication service.

Chasing referrals for a selected operation will work only if the authentication
information used for connecting to the servers is identical for all servers.
Referral Hop Count

This field specifies the number of servers that must be followed if a referral is
encountered. If there are more referral servers than the number specified in this
field, these servers will not be in the purview of the specified operation. This field
is available only if you select the Chase Referrals check box.
Transport Tab
Message Subject
By default a service uses a message subject that is generated using the Domain and
Deployment global variables, the adapter acronym, the adapter instance name
and the service name. If you use this default subject, make sure the values for
Domain and Deployment are not empty. You can type a TIBCO Rendezvous
Destination
Configuration tab).
name and the service name. If you use this default dynamic destination, make

116
Quality of Service
• Certified
• Distributed Queue
Distributed queue includes a group of cooperating transport objects, each in a

separate process. Each transport object is called a member. To balance the
transmission load among servers, the adapter can use distributed queues for
one-of-n delivery of messages to a group of servers. Each member of a
distributed queue listens for the same subject using the TIBCO Rendezvous
Distributed Queue listener objects. Even though many members listen for
each inbound message (or task), only one member processes the message. For
details on distributed queues, see TIBCO Rendezvous Concepts.
Load balancing for the processing of TIBCO Rendezvous certified messages is
supported by using distributed queuing. The messages from TIBCO
Rendezvous are distributed equally among all instances that belong to the
same group. This distributes the message load over several adapter instances.
However, the order in which messages are sent to the application is not
guaranteed.
• Reliable

tolerated.
Wire Format

|

sent or received.
• XML Message (TIBCO Rendezvous and JMS)

This field is available only if JMS transport is selected.
Delivery Mode
For a subscription service, a message is marked as durable or non durable. This
field is available only if JMS transport is selected.
• Durable
If a subscription service is marked durable, it indicates that messages need to

be resent on the configured topic or queue, if the JMS server goes down.
• Non-Durable
If a subscription service is marked non-durable, it indicates that messages will

not be resent on the configured topic or queue, if the JMS server goes down.
The semantics for these fields are somewhat more complex than the explanation
given here. See the TIBCO Enterprise Message Service User’s Guide for more
information.

118
Session Reference
Endpoint Reference
Schema View Tab
Base DN
To display the DN, you can browse the Directory Information Tree by clicking the
Browse DIT button and then selecting the required node from the DIT.
If the service is configured with a long schema name, the dialog box will not
display if the service has already been configured for the same object class and
has a shorter name.


|
Sample Entry
LDAP Schema Classes

field.

120

Click Browse DIT for the Base DN or Sample Entry for Schema fields to access
the Maximum Number of Entries field. This field is available in the Select Base
DN and Select Sample Entry for Schema dialog boxes. Specify the maximum
number of entries that you want to restrict the service to. The DIT expands only if
the number of entries is equal to, or less than the value you specify.
exceeded.
search size limit:
Objectclasses

This field is available if the object class displayed in the Objectclass field is a
composite object class. If you select the check box, changes made to any element
of the composite object class will be used by the subscription service.

|
Schema Tab
Class Reference

122
Request-Response Service Fields

Configuration Tab
Name
Description
Provide information about the service that you want stored in the project. This
field is optional.
Transport Type
fields display.
use in SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions
and JMS topics have an SSL configuration field which uses a dialog to perform
SSL configuration.
topic and click Use SSL?. The SSL configuration options are explained in the
online help associated with the session dialog. Click the question mark to display
the online help.

Request-Response Service Fields 123
|
LDAP Operations
Specify the operations that this service supports. At least one operation must be
selected. Select:
• Insert — To add an entry.
• Update — To update an existing entry.
• Delete — To remove an entry.
• Upsert — To update an entry if it already exists. If it does not exist, this
operation inserts it.
• Modify DN — To move an entry from one location to another by changing the
RDN.
• Lookup — To find an entry.
• Validate Object — To validate the object class of a requested entry against
the configured object class for LDAP_DELETE and LDAP_MODIFY operations.
• Authenticate — To validate or bind a user DN.
• Search — To find entries that match a search criteria.
The search filter defines criteria that an entry must match to be returned from
a search. The basic component of a search filter is an attribute value assertion
of the form: attribute operator value
For example: (|(sn=Smith)(sn=Miller)) matches entries with the surname
Smith or the surname Miller.
TIBCO Adapter for LDAP supports standard LDAP search. Therefore, if your
search filter is LDAP compatible, the adapter will be able to successfully
execute the action.
For more details on search filters and their syntax, see the following RFC at
http://www.ietf.org/rfc/rfc1558.txt
If you select this field, the Limit Search Results field is displayed.
• Limit Search Results — If you select this check box, the Enter the
Number of Entries field is displayed.
• Enter the Number of Entries — Specify the number of entries that the
adapter should search. The default is 1000.
• Extended Search — If you select this check box, the adapter returns all the
entries found in the search without checking for the configured objectclasses
that the entry belongs to.

124
Chase Referrals
Select this check box to specify that if a referral is encountered during an
operation, the referral should be followed.
When you browse the DIT tree, the adapter palette will not follow a referral and
only entries on the configured server will be displayed.
The referring server returns an LDAP URL in the following format:
({ldap|ldaps}://<host>[:<port>]/<DN>).
Depending on the URL used, the following referral chasing scenarios are possible:
• If the URL is ldaps://, then referral chasing uses SSL.
• If the URL is ldap://, then referral chasing does not use SSL.
• If the bind to the original server is SSL-EXTERNAL and the referral URL is
ldap://, then the bind to referred server will be anonymous.
Referrals are not supported for the Publication service.

Chasing referrals for a selected operation will work only if the authentication
information used for connecting to the servers is identical for all servers.
Referral Hop Count

This field specifies the number of servers that must be followed if a referral is
encountered. If there are more referral servers than the number specified in this
field, these servers will not be in the purview of the specified operation. This field
is available only if you select the Chase Referrals check box.
Transport Tab
Message Subject
By default a service uses a message subject that is generated using the Domain and
Deployment global variables, the adapter acronym, the adapter instance name
and the service name. If you use this default subject, make sure the values for
Domain and Deployment are not empty. You can type a TIBCO Rendezvous

|
Destination
Configuration tab).
name and the service name. If you use this default dynamic destination, make
Quality of Service
• Certified
• Distributed Queue
Distributed queue includes a group of cooperating transport objects, each in a

separate process. Each transport object is called a member. To balance the
transmission load among servers, the adapter can use distributed queues for
one-of-n delivery of messages to a group of servers. Each member of a
distributed queue listens for the same subject using the TIBCO Rendezvous
Distributed Queue listener objects. Even though many members listen for
each inbound message (or task), only one member processes the message. For
details on distributed queues, see TIBCO Rendezvous Concepts.
Load balancing for the processing of TIBCO Rendezvous certified messages is
supported by using distributed queuing. The messages from TIBCO
Rendezvous are distributed equally among all instances that belong to the
same group. This distributes the message load over several adapter instances.
However, the order in which messages are sent to the application is not
guaranteed.

126
• Reliable

tolerated.
Wire Format
sent or received.
• XML Message (JMS only)


|
Delivery Mode
For a subscription service, a message is marked as durable or non durable. This
field is available only if JMS transport is selected.
• Durable
If a request-response service is marked durable, it indicates that messages

need to be resent on the configured topic or queue, if the JMS server goes
down.
• Non-Durable
If a request-response service is marked non-durable, it indicates that messages

will not be resent on the configured topic or queue, if the JMS server goes
down.
The semantics for these fields are more complex than the explanation given here.
See the TIBCO Enterprise Message Service User’s Guide for more information.
Session Reference
Endpoint Reference
Schema View Tab
Base DN
To display the Base DN, you can browse the Directory Information Tree by
clicking the Browse DIT button and then selecting the required node from the
DIT.

128
If the service has been configured with a long schema name, the dialog box will
not display if a service has already been configured for the same object class.

Sample Entry
LDAP Schema Classes

field.

|

Click Browse DIT beside the Base DN or Sample Entry fields to access the
Maximum Number of Entries field. This field is available in the Select Base DN
and Select Sample Entry for Schema dialog boxes. Specify the maximum number
of entries that you want to restrict the service to. The DIT expands only if the
number of entries is equal to, or less than the value you specify.
exceeded.
search size limit:
Objectclasses

This field is available if the object class displayed in the Objectclass field is a
composite object class. If you select the check box, changes made to any element
of the composite object class will be used by the request-response service.

130
Schema Tab
Class Reference

Supported LDAP Operations and Message Structure 131
|
Supported LDAP Operations and Message Structure
TIBCO Adapter for LDAP supports the following:

• INSERT Operation
• DELETE Operation
• UPDATE Operation
• MODIFY DN Operation
• UPSERT Operation
• LOOKUP Operation
• SEARCH Operation
• AUTHENTICATE Operation
These operations are done in the context of the wire schema and the native
schema.
Native schema contains the attribute names (field names) of any object class that
is configured for the service. Each attribute is a multi-value sequence of strings.
For example, if the object class is inetOrgPerson the native schema is:
inetOrgPerson
{
sn
cn
telephoneNumber
{
}
.
.
.
}
Wire schema contains the native schema as well as the Opcode, DN, NewDN,
Objectclass, SearchCondition, and Attributes.
For example:
inetOrgPerson
{
Opcode
DN
NewDN
ObjectClass
Searchcondition
Attributes

132
{
sn
cn
telephoneNumber
.
.
.
}
}
Details about an LDAP operation is specified using a wire schema.
For each operation:

• The specified entry must be within the subtree for the adapter service that you
specify during configuration.
• The object class must match the object class of the adapter service.
If either of these two conditions are not met, the operation will fail.
You can specify the Opcode acronym for the operation to work. For example, if
you specify AT for the INSERT operation, the adapter will use only the first
character of the acronym. The same concept is applicable for all Opcodes. For
Opcodes that have a two-letter acronym, the adapter will use the first two
characters and ignore all subsequent characters. However, if the first letter of an
acronym is not valid, the adapter will display an error.
INSERT Operation
The INSERT operation uses the LDAP_ADD or A operation codes and will add an
entry to the LDAP server.
For an INSERT operation using the LDAP_ADD operation code, the inbound
message will be in the following format:
inetorgperson
{
Opcode = "LDAP_ADD"
DN = "uid=xyz,ou=People,o=abc.com"
inetOrgPerson
{
sn = "abc"
cn = "def"
telephoneNumber = "123233"
objectClass="inetOrgPerson"
}
}
The details specified in the native schema will be added for the entry specified in
the DN field.

|
DELETE Operation
The DELETE operation uses the LDAP_DELETE or D operation codes, and will delete
an entry from the LDAP server.
For a DELETE operation using the LDAP_DELETE Opcode, the inbound message
will be in the following format:
inetorgperson
{
Opcode = "LDAP_DELETE"
}
For a DELETE operation, the native schema is not required.
UPDATE Operation
The UPDATE operation uses the LDAP_MODIFY or M operation codes, and will
modify the entry on the LDAP server by overwriting the existing attribute values
in the entry.
The UPDATE operation can be specified as:
Opcode = LDAP_MODIFY
Opcode = LDAP_MOD_REPLACE or MR
Opcode = LDAP_MOD_ADD or MA
Opcode = LDAP_MOD_DELETE or MD
• LDAP_MOD_REPLACE or MR will overwrite the existing attribute values with the
new attribute values specified.
• LDAP_MOD_ADD or MA will add the new attribute values to the old entry only if
the original entry does not contain the attribute values being added.
• LDAP_MOD_DELETE or MD will delete the specified attribute values from an
entry.
For the UPDATE operation using the LDAP_MODIFY Opcode, the inbound message
inetorgperson
{
Opcode = "LDAP_MODIFY"
inetOrgPerson
{
sn = "abc1"
cn = "def1"

134
}
}
MODIFY DN Operation
The MODIFY DN operation replaces the RDN (Relative Distinguished Name) of an
entry specified in the DN field with the RDN specified in the NewDN field. This
operation uses the LDAP_MODIFYKEY or MK operation codes.
For example, for the MODIFY DN operation using the LDAP_MODIFYKEY Opcode,
the inbound message appears in the following format:
inetorgperson
{
Opcode = "LDAP_MODIFYKEY"
NewDN="uid=ijk"
}
UPSERT Operation
The UPSERT operation is an INSERT or an UPDATE operation. If the entry does not
exist, it will be added. If the entry exists, it will be modified. This operation uses
the LDAP_UPSERT or U operation codes.
For the UPSERT operation using the LDAP_UPSERT Opcode, the inbound message
inetorgperson
{
Opcode = "LDAP_UPSERT"
inetOrgPerson
{
sn = "abc"
cn = "def"
objectClass="inetOrgPerson"
}
}
LOOKUP Operation
This operation is available with the request-response service. The LOOKUP
operation uses the LDAP_LOOKUP or L operation codes.
For the LOOKUP operation using the LDAP_LOOKUP operation code, the inbound
message will be in the following format:
inetorgperson
{
Opcode = "LDAP_LOOKUP"

|
}
For the LOOKUP operation, native schema is not required as you are merely
checking if the entry exists or not.
SEARCH Operation
This operation is available with the request-response service. The SEARCH
operation can be specified as:
Opcode = LDAP_SEARCH or SS
Opcode = LDAP_SEARCH_BASE or SB
Opcode = LDAP_SEARCH_ONELEVEL or SO
Opcode = LDAP_SEARCH_SUBTREE
LDAP_SEARCH_BASE helps you to search for an entry using a search condition,

LDAP_SEARCH_ONELEVEL helps you to search one level below the base using a
search condition, not including the base, and LDAP_SEARCH_SUBTREE lets you
search the entire subtree.
LDAP_SEARCH and LDAP_SEARCH_SUBTREE are the same.
For details on search filters and their syntax, see the following RFC at
http://www.ietf.org/rfc/rfc1558.txt
For the SEARCH operation, the inbound message will be in the following format:
inetorgperson
{
Opcode = "LDAP_SEARCH"
DN = "ou=People,o=abc.com"
SearchCondition = "mail=someone@somewhere.com"
}
OR
inetorgperson
{
Opcode = "LDAP_SEARCH"
DN = "ou=People,o=abc.com"
SearchCondition = "mail=someone@somewhere.com"
Attributes =
{
telephoneNumber
MobileNumber
}
}
In the first search condition, all entries that match the search criteria are returned
with all the details of each entry, including the DN.

136
In the second search condition, only the details specified as the Attributes
(telephoneNumber and MobileNumber) are returned along with the DN.
The outbound message will be in the following format:
inetorgperson
{
{
DN = "uid=abc,ou=People,o=abc.com"
inetorgperson
{
}
}
inetorgperson
{
inetorgperson
{
}
}
.
.
.
}
When you perform a search, a number of entries may be retrieved. Therefore, the
outbound message will be a sequence of wireschema that has details about each
entry specified in the native schema. Each entry is identified by its DN,
mentioned in the wireschema.
However, you can also set an attribute filter. The adapter search operation can
fetch attributes that are a subset of the attributes of the configured object class and
this can be specified in the Attributes attribute of the Request-Response Server
service schema.
The filter should be specified as a sequence.
AUTHENTICATE Operation
This operation is available only for the request-response service. The
AUTHENTICATE operation uses the LDAP_VALIDATE_USR or V operation codes.
For the AUTHENTICATE operation using the LDAP_VALIDATE_USR operation code,

the inbound message will be in the following format:

|
inetorgperson
{
Opcode = "LDAP_VALIDATE_USR"
Password = "secret"
}
For the AUTHENTICATE operation, there is no native schema as you are merely
checking if the entry can be authenticated or not.

138
Specifying an Attribute Filter as a Sequence
To specify an attribute filter as a sequence using TIBCO IntegrationManager:

1. In TIBCO IntegrationManager, under the Design tab, select the process
diagram that contains the object class to be mapped.
2. Double-click a mapper class in the process diagram. The Mapper Task Edit
Dialog displays. Select the required output schema by clicking the Add
Schema button.
3. Right-click the Attributes node in the output and select Add Multiple.
4. Type the name of the new attribute in the Name of multiple policy node
field, and click OK.
5. Double-click the node you created. Enter the names of the attributes you want
to retrieve, in the Formula field.
6. Click OK in the Mapper Task Edit Dialog.
7. Repeat step 3 to step 6 to create multiple Attributes.
The name of the Attributes node that you create must be unique.
The Mapper task allows independent repetitions of the original output schema;
also, you can have as many repetitions as needed. To delete the multiple copies,
right-click the copy and select Delete.

Handling Entries Belonging to Multiple Object Classes 139
|
Handling Entries Belonging to Multiple Object Classes
If an entry in the LDAP server belongs to a composite object class, for example,
a.b.c, you must use TIBCO IntegrationManager to map the entry to each object
class.
TIBCO IntegrationManager supports multiple policy mapping which is an
extension of repetition mapping. This means that you can have repetitions in the
output created by multiple sources in the input. For details, see Repetition
Mapping in the TIBCO IntegrationManager Process Design Guide.
To map entries to multiple object classes:
1. In TIBCO IntegrationManager, under the Design tab, select the process
diagram that contains the object class to be mapped.
2. Double-click a mapper class in the process diagram. The Mapper Task Edit
Dialog displays.
3. Right-click objectClass in the output and select Add Multiple.
Add Multiple does not overwrite the datatype substitutions when using multiple
policy mapping.
4. Type the name of the new object class node in the Name of multiple policy
node field.
5. Double-click the node you created. Enter the names of the object classes you
want to map to this node, in the Formula field.
6. Click OK in the Mapper Task Edit dialog box.
7. Repeat step 3 to step 6 to create multiple objectClass nodes. You can map
each node to one or more object classes. Also, you can map two or more nodes
to the same object class.
The names of the objectClass nodes that you create must be unique.
The Mapper task allows you to have independent repetitions of the original
output schema and you can have as many repetitions as needed. Additionally,
you can remove all the multiple mappings you have created in the output, with
the exception of the original repeating node where you derived the copies from.
To delete the multiple copies, right-click the copy and select Delete.

140

| 141
Chapter 6 Deploying and Starting the Adapter Using

TIBCO Administrator
This chapter provides an overview about deploying, starting, stopping, and

monitoring adapter services using the TIBCO Administrator web interface.
Topics
• Create an EAR File in TIBCO Designer, page 142

• Create an EAR File in TIBCO Designer, page 142
• Deploy the Project, page 143
• Start or Stop the Adapter, page 144
• Monitor the Adapter, page 145

142
| Chapter 6 Deploying and Starting the Adapter Using TIBCO Administrator
Create an EAR File in TIBCO Designer
Generate an Enterprise Archive file (EAR) that contains information about the
adapter services to deploy.
The EAR file contains information on what you wish to deploy. This could be one
or more adapter services, one or more TIBCO BusinessWorks process engines, or
both.
Building an archive creates the EAR file, which you can then deploy from TIBCO
Administrator. If you make changes to the business processes or adapter services
included in the archive, you need to rebuild the archive. Saving the project does
not affect the archive.
In TIBCO Designer, follow these steps to create an EAR:

1. Configure the adapter services.
2. Drag and drop the Enterprise Archive resource from the palette panel to
the design panel.
3. Select the Enterprise Archive. Drag and drop the Process Archive
resource from the Process palette panel to the design panel. If there are any
processes in your project, configure them using the Browse Resources
button.
4. If there are any configured adapter services in your project, an Adapter
Archive resource becomes available in the Adapter Resources palette panel.
Drag the Adapter Archive into the design panel and specify information in
the Configuration tab, then click Apply.
5. Go to the Enterprise Archive and click Build Archive to create the EAR
file.
See Also
See the TIBCO Designer User’s Guide for more information about this procedure.
The guide is available from the TIBCO Designer Help menu.

Deploy the Project 143
|
Deploy the Project
Before deploying a project, the machine on which the adapter is installed must be
part of a TIBCO administration domain. After you have installed the TIBCO
Administration Server, any machine on which you install TIBCO Runtime Agent
(required by an adapter) is automatically added to the administration domain.
The TIBCO software installed on the machine is then visible and accessible via the
TIBCO Administrator GUI.
When you deploy a project, startup scripts and other information about the
different components are sent to the machines to which the components were
assigned. The project data store and TIBCO Administration Server are updated
with the deployed components.
To deploy a project:
1. Start TIBCO Administrator and import the EAR file into TIBCO
Administrator Enterprise Edition.
2. Assign adapter archives to adapters installed in the administration domain
and likewise assign process archives to process engines.
3. Specify startup options for each adapter service.
Password Handling
At design time, the adapter uses a password to connect to the backend application
and fetch metadata. At run-time, the adapter uses a password to connect to the
back-end application and interoperate with it. If you create a 4.x configuration
using TIBCO Designer 5.1, and use the configuration against a 4.x adapter
version, some special considerations are required for security.
When deploying the adapter, check that the password has been specified in the
adldap.adldapPassword property.
See Also
See the TIBCO Administrator User’s Guide for an introduction to the TIBCO
administration domain and detailed information about the above steps.

144
Start or Stop the Adapter
The TIBCO Administrator Application Management module allows you to start,

and stop deployed applications.
To start an adapter service from the module:
1. In the Administrator GUI left pane, expand Application Management >
Application-Name > Service Instances.
2. In the Service Instances panel, select the check box next to the adapter
service.
3. Click the Start Selected button.
The status changes from Stopped to Starting up to Started.
4. To stop the adapter service, select it, and then click the Stop Selected button.
See Also
See the TIBCO Administrator User’s Guide for more information.

Monitor the Adapter 145
|
Monitor the Adapter
TIBCO Administrator offers a number of monitoring options.

• Specify alerts and TIBCO Hawk rulebases for each machine in the domain.
• Specify alerts and Hawk rulebases for each adapter service.
• View the log for each adapter service.
See Also
See the TIBCO Administrator User’s Guide for information about configuring the
above monitoring options.

146

| 147
Chapter 7 Advanced Topics
This chapter explains advanced topics.

The advanced features help you to use the adapter with a revision control system,
define a TIBCO Hawk session to monitor the adapter, use variable substitution to
override global variables that are predefined in the project, set encoding options
before running the adapter so that it can handle files that use different encodings,
synchronize LDAP servers, configure the repository for binary attribute support,
acknowledge and publish messages, and add a user with a password to Active
Directory.
Topics
• Using the Adapter with a Revision Control System, page 148

• Defining a TIBCO Hawk Session, page 150
• Using Global Variables, page 152
• Setting Encoding Options, page 156
• LDAP Server Synchronization, page 157
• Configuring the Repository for Binary Attribute Support, page 159
• Message Acknowledgement, page 160
• Publishing Messages, page 162
• Updating Entries in the LDAP Server, page 165
• Adding a User Account with a Password into Microsoft Active Directory Server,
page 166
• Changing the LDAP Server Connection Parameters, page 167

148
| Chapter 7 Advanced Topics
Using the Adapter with a Revision Control System
TIBCO Designer supports revision control systems such as MicroSoft Visual

SourceSafe and Perforce. If you are using a revision control system, you must
manually add some configured resources to the revision control system and check
in the resources when completing the instance configuration.
As part of service configuration, the adapter creates schema files in
root/AESchemas/ae. For example, if you configure a service in an adapter
configuration Instance1, the following files are created:
Project_root/AESchemas/ae/Instance1.aeschema
The AESchemas/ae folder initially contains baseDocument.aeschema, which is a

TIBCO-defined schema. The following figure shows the schema files that are
created when you save the configuration.

Using the Adapter with a Revision Control System 149
|
When the project is saved and a revision control system has been specified, the
adapter displays a warning that additional files were created and should be
added to the revision control system. This warning appears only when the files
are created for the first time. The warning displays a Go To Resource button that
helps in navigating to the resource. Use the Multi-User > Add Resources to RCS
menu command to add these files to the revision control system. The following
figure shows a warning that may be displayed:
For information about how to use the Multi-User feature in TIBCO Designer, refer
to the TIBCO Designer User’s Guide.

150
Defining a TIBCO Hawk Session
To use TIBCO Hawk to monitor the adapter you must first define a TIBCO
Rendezvous session on which TIBCO Hawk messages will be sent and received.
Use the following steps to create the session.
1. In the project tree panel, click the LDAP Adapter Configuration icon defined
for your adapter instance.
2. Select the Show Advanced Settings check box, then click the Monitoring
tab.
3. The Default MicroAgent Session contains the name of the Hawk session:
DefaultHawkSession. Use default settings for the other fields.
The next diagram shows the definition for a Monitoring tab.
4. Open the Advanced folder for the adapter instance. Double-click the Sessions
folder.

Defining a TIBCO Hawk Session 151
|
5. Double-click the DefaultHawkSession icon.
6. In Service, type 7474 (the default used by TIBCO Hawk) or modify the
global variable by clicking the Global Variables tab.
7. In Daemon, type tcp:7474 (the default used by TIBCO Hawk) or modify the
global variable by clicking the Global Variables tab.
8. If you choose to change the defaults, click Apply and save the project.
The next diagram shows the HawkSession defined.

152
Using Global Variables
The variable substitution mechanism can override global variables predefined in

the project in a restricted manner. Predefined variables can be viewed and set in
TIBCO Designer. Variables are specified as %%VARNAME%% and cannot contain any
white space.
Variable substitution allows you to accomplish the following:
• Substitute string variables specified in the project at startup time.
• Locally define the value for a variable for a specific project. The local value
takes precedence over any global value.
• Specify the value for a variable in a properties file. This overrides the project
repository and values set in code, but not variables set on the command line.
• Enforce the pre-defined variables listed in Predefined Global Variables on
page 154.
Variables can be used anywhere in the configuration and will be replaced by
the locally-defined adapter instance.
Specifying Variables Using TIBCO Designer

Global variables provide an easy way to set defaults for use throughout your
project. There are several ways in which they can be used:
• Define a variable using TIBCO Designer, then override the value for
individual applications at deployment time using TIBCO Administrator. You
can also override values for predefined variables, unless the GUI does not
allow you to make them settable later.
• Predefine a variable using TIBCO Designer, then override the value for
individual services (for example, publication service or TIBCO BusinessWorks
process) at deployment time using TIBCO Administrator. The values you
specify are then used at runtime. You can also override values for predefined
variables, unless the GUI does not allow you to make them settable later.
For example, you could assign the value 7474 to the predefined global variable
RvDaemon. You can then use the variable in different sessions in your adapter. If
you wish to change the TIBCO Rendezvous daemon for your adapter, you can
globally set it to a different value or override it from the command line.
To use global variables in your project, follow these steps:

1. In the project panel, select the Global Variables tab.

Using Global Variables 153
|
The project panel is updated to display all currently defined global variables.
You now have these choices:
— To assign or change a variable value, select that region and triple-click the
variable. The variable expands so you can change either the variable name
or the variable value. Press Enter when you’re done.
— To add a new global variable group, click the leftmost icon at the bottom of
the dialog box. Specify the name of the group, then press Enter. With the
group icon selected, you can click the abc icon to add variables to the
group.
— To add a global variable, click the abc icon. A new global variable item is
added to the bottom of the list. Supply the variable name and, optionally,
the value. Press Enter when you’re done.
The global variable is now displayed in the global variables list.

2. When you want to use the global variable in the fields of a resource, enter the
variable name surrounded by %% on both sides.
When the project is deployed and the configured components are run, all
occurrences of the global variable name are replaced with the global variable
value (unless it was overridden in a way that had higher precedence).
A number of global variables are predefined. See Predefined Global Variables on
page 154 for information. You may add definitions of any variables you need, to
the predefined variables.
Changing Global Variable Values at Runtime

You can change the value of a global variable when you deploy your project in
TIBCO Administrator. See the section on modifying runtime variables in the
TIBCO Administrator User’s Guide for more information on using TIBCO
Administrator.
You can also specify values for global variables when starting a process engine on
the command line. To do this, specify the following as a command line argument
when starting the process engine:
-tibco.clientVar.<variablePathAndName> <value>
where variablePathAndName is the name of the variable you wish to set, including
the path to the variable if it is contained in a folder. value is the value you wish to
set the variable to. For example, if you have a global variable named item1
contained in a folder named myGroup and you wish to set its value to 500, add the
following argument to the command line when starting the process engine:
-tibco.clientVar.myGroup/item1 500

154
Predefined Global Variables

The next table lists and explains the predefined global variables. Some global
variables are automatically used within the system when an adapter instance is
configured.
Table 5 Predefined Global Variables
Variable Description
Deployment Defaults to the TIBCO Designer project name. This value
can be any string value. This global variable is used by the
system to partially define the subject name defined for a
service.
DirLedger Specifies the path name of the TIBCO Rendezvous

certified messaging ledger file. The default is the root
installation directory.
DirTrace Specifies the path name for logging the file used by the
adapter. The default is the root installation directory.
Domain The default value for file-based local projects is MyDomain.

The value for server-based projects is the domain to which
the project was saved.
HawkEnabled Indicates whether TIBCO Hawk is used to monitor the

adapter. True indicates that a Hawk microagent is defined
for the adapter. False indicates the microagent is not to be
used.
JmsProviderUrl Specifies where the JMS server is located. Setting this value
mostly makes sense in the early stages of a project, when
only one JMS server is used.
JmsSslProvider Specifies where the JMS server, running in the SSL mode,
Url
is located. Setting this value mostly makes sense in the
early stages of a project, when only one JMS server is used.
RemoteRvDaemon TIBCO Rendezvous routing daemon (rvrd) to be used. See

TIBCO Administrator Server Configuration Guide for details
about setting up a domain using rvrd.
RvDaemon TIBCO Rendezvous daemon. Sessions use this daemon to

establish communication. The default value is 7500.

Using Global Variables 155
|
Table 5 Predefined Global Variables
Variable Description
RvNetwork TIBCO Rendezvous network. This variable need only be
set on computers with more than one network interface. If
specified, the TIBCO Rendezvous daemon uses that
network for all outbound messages.
In most cases, you can leave the default.
RvService TIBCO Rendezvous service. The TIBCO Rendezvous

daemon divides the network into logical partitions. Each
transport communicates on a single service. A transport
can communicate only on the same service with other
transports.
Unless you are using a non-default TIBCO Rendezvous
configuration, you should leave the default (7500).
RvaHost Computer on which the TIBCO Rendezvous agent runs.

This variable is only relevant if you are using the TIBCO
Rendezvous Agent (rva) instead of the TIBCO
Rendezvous daemon, and if you have configured a
non-default setup. See TIBCO Rendezvous Administration
for details about specifying the rva parameters.
RvaPort TCP port where the TIBCO Rendezvous agent (rva) listens
for client connection requests. See TIBCO Rendezvous
Administration for details about specifying the rva
parameters. Defaults to 7501.
TIBHawkDaemon TIBCO Rendezvous daemon used in the TIBCO Hawk

session. See the TIBCO Hawk Installation and Configuration
manual for details about this parameter.
TIBHawkNetwork TIBCO Rendezvous network used by the TIBCO Hawk

TIBHawkService TIBCO Rendezvous service used by the TIBCO Hawk


156
Setting Encoding Options
See the TIBCO Adapter Concepts book for an introduction to Internationalization

topics such as Unicode and how adapters handle it.
Complete the following steps prior to running the adapter so it can handle files in
different encodings.
1. Configure inter-communication encoding.
The wire format encoding used for communication between adapters and
TIBCO applications is determined by the encoding property set in the project.
The adapter configuration can be saved in a project:
— At design time or running as a legacy project using a local repository.
— Deployed to a TIBCO Administrator Domain.
If the adapter configuration is saved to a project in an Administration server
domain, TIBCO messaging encoding is determined by the repo.encoding
property in the server's tibcoadmin.tra file. Each adapter or TIBCO-enabled
application that uses the Administration server for storing and retrieving
configuration data from a project uses this encoding setting when
communicating. This assures that all components (including adapters and
other TIBCO-enabled applications) that use the same repository also use the
same encoding value to communicate. The repo.encoding property value
can be ISO8859-1 (the default) or UTF8. If English or other Latin-1 language
data is transmitted between adapters, ISO8859-1 should be used. Otherwise,
use UTF8.
If an adapter instance is saved in a local project, the TIBCO messaging
encoding is determined by the encoding property of the local project file. To
communicate with other adapters using the same encoding, all adapters and
applications must have their local project file encoding property set to be
identical. The encoding value is set on the root project folder, in the Save
Project dialog box, TIBCO Messaging Encoding field. The default value is
ISO8859-1.
The encoding property set in the project file is superseded by the server's
encoding property.
The encoding property discussed above is the encoding used by the
communication between adapters and applications, not the encoding used for the
persistent storage of the project files. Project files are always saved using UTF8.

LDAP Server Synchronization 157
|
LDAP Server Synchronization
To synchronize two LDAP servers, you need to set up two adapter instances: one
instance for each server. Each adapter instance should contain a publication and a
subscription service. The publication and subscription services must be
configured to the same destination or subject to enable them to exchange data
between the two servers. The following two situations are possible:
• The two LDAP servers that you are trying to synchronize have changes
happening on separate directory information trees. This situation does not
require special configuration. You can configure an adapter instance for use
with both synchronized and non-synchronized LDAP servers using identical
methods.
• The two LDAP servers have changes occurring on the same or overlapping
directory information trees. If the adapter services in the adapter instances use
two different object classes, no special configuration is required.
However, if the adapter services use the same object class, you must select the
Update Only if Different check box on the Configuration tab of the
Subscription service. Selecting this check box enables the adapter subscription
service to look up the server and decide whether an update is required. For
more information on configuring synchronized LDAP servers, see
Configuration Tab on page 113.
Configuring two LDAP servers that have changes occurring on the same or
overlapping directory information trees affects the adapter performance because
every update through the subscription service involves an additional lookup,
which is unnecessary for a non-synchronized configuration.
If the adapter instance is configured for the Microsoft Active Directory Server, the
publication service publishes the data with the read-only fields such as
uSNCreated, uSNChanged, whenCreated, whenChanged and objectGUID. When
the subscription service fails to update these read-only fields, it displays the
following error:
Error [Adapter] AE_LDAP-00027 Subscription error. Subscription
service 'LDAPSubscriptionService' listening on subject '' failed
due to target application invocation error 'Invalid syntax'.
To prevent this error, you need to use TIBCO IntegrationManager to remove the
read-only fields from the publishing data.

158
Password Synchronization between Sun ONE Directory Server and Microsoft

Active Directory Server
The LDAP servers use the one-way hash function when storing passwords.
Therefore, you cannot use the adapter to synchronize passwords and the system
cannot retrieve the original passwords.
Since the Sun ONE Directory Server and Microsoft Active Directory Server use
different algorithms to store the passwords, copying the password as opaque data
is not available as an option. If you store the passwords in clear text on both the
Sun ONE and Active Directory servers, you can copy the password from one
server to another. However, this is not a real-world use scenario.

Configuring the Repository for Binary Attribute Support 159
|
Configuring the Repository for Binary Attribute Support
The adapter provides support for binary attributes to enable you to work with
images, audio files, and so on using the adapter.
At design time, do the following before starting the adapter:
1. After you have configured the adapter services, navigate to the <Project_Root_
folder>/AESchemas/ae/scalar/ae/Sequences folder.
2. Drag and drop a Generic Sequence icon into the Sequences folder and enter
the name as sequence[binary].
3. Select Binary as the element type and click Apply.
4. Navigate to the
<Project_Root_folder>/AESchemas/ae/adapter/ldap/<LDAP server
type>/<LDAP server machine>/native/Classes/<required schema> directory to set
the type as binary for the required attributes. This contains the schema that
was created. The required schema is the schema that must be modified and
can be an object class name such as inetorgperson, user, organization, and
so on.
The <LDAP server type> and <LDAP server machine> values are the values that you
specified in the Server Type and Server Name fields under the Design-Time
Connection tab while configuring the adapter instance.
5. Expand the schema and identify the attributes that need to be modified for the
binary type. For each attribute, click Browse in the Sequence field and select
the sequence[binary] that was created in step 2.
6. Click Apply.
7. Save the project.

160
Message Acknowledgement
The following adapter services acknowledge messages:

• Request-Response Service
• Subscription Service
Message Acknowledgement by the Request-Response Service

The following scenarios are applicable for message acknowledgement by the
request-response service:
• LDAP Server is Not Running
• LDAP Server does Not Respond in Time
• LDAP Server Returns an LDAP Error Code
• LDAP Server Returns a Success Code with Data
LDAP Server is Not Running

If the LDAP server is not running, the adapter verifies that the message was
received by the LDAP server and informs you that the server is unavailable. The
adapter then tries to reconnect to the LDAP server.
You can configure the number of retries that must be attempted and the interval
between each retry in the adapter’s properties file. If the adapter is not able to
reconnect to the LDAP server, it will stop attempting to reconnect after the
maximum number of retries has been reached.
LDAP Server does Not Respond in Time

In this scenario, a connection timeout results. The adapter returns a timeout
message. The adapter then tries to reestablish a connection with the server.
LDAP Server Returns an LDAP Error Code

If the LDAP server returns an LDAP error code because an error has occurred, the
adapter returns a message that contains this code.

Message Acknowledgement 161
|
LDAP Server Returns a Success Code with Data

If the operation is completed successfully, the LDAP server returns a success code
with the processed data. The adapter then sends a response message that contains
the success code and the data received from the LDAP server.
Message Acknowledgement by the Subscription Service

The following scenarios are applicable for message acknowledgement by the
subscription service:
• LDAP Server is Not Running
• LDAP Server is Running, but the API Fails
• LDAP Server is Running and the API Succeeds
LDAP Server is Not Running

In this scenario, the adapter attempts to reconnect to the server immediately. The
adapter does not confirm that the messages were received, nor does the adapter
inform you that the LDAP server is not running.
You can configure the number of retries that must be attempted and the interval
between each retry in the adapter’s properties file. If the adapter is not able to
reconnect to the LDAP server, it will stop attempting to reconnect after the
maximum number of retries has been reached.
LDAP Server is Running, but the API Fails

In this scenario, an error message is returned by the API. This message can be
viewed on the console as well as in the log file.
LDAP Server is Running and the API Succeeds

In this scenario, if you have configured the logging roles, the success code can be
viewed in the log messages.

162
Publishing Messages
This section explains the following:

• Configuring Timers for Publication Services
• Publishing Messages in Sequence
• Persistent Publishing of Messages
• Publishing Duplicate Events
• Publishing Deleted Entries in the Microsoft Active Directory Server
Configuring Timers for Publication Services

You can configure the polling interval for the publication service. To do so, in
TIBCO Designer, navigate to the <AdapterInstanceName> > Advanced > Timers
folder, and select the timer that was created when you added a publication
service. On the Configuration tab, specify the polling interval in the Interval
(milliseconds) text box. This will determine the interval at which the service
will poll the LDAP server. For more details on configuring timers, see the TIBCO
Designer Palette Reference.
Publishing Messages in Sequence

You can use the adapter’s publication service to publish messages in sequence.
The publication service of the adapter can behave in one of the following ways:
• If the adapter is running, all changes that are being made will be published in
sequence.
• If the adapter is not running and if n number of changes have been made on a
particular entry, when the adapter is started, the publication service will
publish only the most recent change.
Persistent Publishing of Messages

There are no special APIs available that you can use for persistent publishing of
messages. However, the adapter maintains the timestamp for the last
modification that was made when the adapter was running in a .ts file. When
the adapter restarts, it identifies the latest changes from the modifytime >
timestamp field in the .ts file. The adapter then publishes these updated
messages.

Publishing Messages 163
|
Publishing Duplicate Events

During publishing of messages, the server first returns the entries that match the
search criteria of the adapter. However, unlike in an ordinary search, the server
keeps the search active until you disconnect from the server. If an entry is changed
and the changed data matches the search criteria, the server will publish the
modified entry. Therefore, if an entry is changed twice, and both changes match
the search criteria when the adapter is running, the LDAP server will publish both
changes.
For entries that are changed when the adapter is not running, the adapter does
not fetch all the changes that were made. It only retrieves messages that match the
search criteria that were modified after the adapter stopped, that is, after the
timestamp of the last modification that was received by the adapter when it was
running.
Therefore, the adapter cannot publish duplicate changes, if the changes were
made when the adapter was not running.
Publishing Deleted Entries in the Microsoft Active Directory Server

Entries deleted from a Microsoft Active Directory Server are published with a
different DN and without applying the configured filter, if any.
When you delete entries on the Microsoft Active Directory Server, it moves the
entries to a Deleted Objects subtree, retaining only its DN and object class, if there
is no conflict with other deleted items. When the adapter publishes a deleted
object, it uses the new DN, not the original DN of the entry. For example:
DN = CN=Aparna DEL:aec6dadb-244d-4fd0-a058-4c6e7ef18a09,CN=Deleted
Objects,DC=adsldap
Since the information about the original DN and attribute values are not available
on the Microsoft Active Directory Server, the adapter cannot publish those details;
only the DN used in the deleted objects container is available. Therefore, the
adapter will publish all deleted entries belonging to the object class irrespective of
whether it is a part of the Base DN you selected during configuration.
Additionally, if you configure a publication service with a filter (for example,
attribute1 = abc), the adapter cannot search for attribute1 as it no longer
exists. Therefore, the adapter will ignore the filter for publishing deleted entries,
for Microsoft Active Directory Server.

164
TIBCO recommends that you do not process DELETE operations published by a

publication service configured for the Microsoft Active Directory Server.
Further technical details are available at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/
retrieving_deleted_objects.asp

Updating Entries in the LDAP Server 165
|
Updating Entries in the LDAP Server
For Subscription and Request-Response services, executing the DELETE, MODIFY,

and MODIFYKEY operations on a node results in the adapter trying to validate the
object class of the node. To do this, the adapter performs a SEARCH operation to
retrieve the details of that node. This affects the performance of the adapter.

166
Adding a User Account with a Password into Microsoft Active

Directory Server
To add a user account with a password into Microsoft Active Directory Server,
you must make the following configuration changes:
1. Configure the adapter instance to use an SSL connection at run time. To do
this, configure the SSL parameters in the Run-time Connection tab of the
adapter instance. For details on configuring SSL, see Configuring the SSL
Environment on page 85.
2. Set the unicodePwd attribute type in the user schema to binary. For details on
setting binary attributes, see Configuring the Repository for Binary Attribute
Support on page 159.
In the request data that is to be sent to the adapter, the actual password must be
enclosed in double quotes. Supply the binary encoded value of the password,
including the double quotes, to the unicodePwd attribute.

Changing the LDAP Server Connection Parameters 167
|
Changing the LDAP Server Connection Parameters
In the 4.x version of the adapter, the connection parameters for the LDAP server
at design-time and run-time were the same. Also, the schema generated for an
adapter configuration during design time was stored under folders that derived
their names from the specified LDAP server type and the LDAP server name.
Therefore, changing the LDAP server after configuring the connection parameters
broke the schema references between associated TIBCO BusinessWorks and
TIBCO IntegrationManager processes, and the adapter stopped working. The
adapter only worked if the schemas of the previous and the current LDAP servers
were identical.
In the 5.x version of the adapter, the Run-time Connection tab was introduced.
Consequently, although you can continue to use the same connection parameters
for the LDAP server at design-time and run-time, you also have the option to
specify different design-time and run-time connection parameters. This ensures
that you can migrate from one LDAP server to another by specifying different
server details in the Design-time Connection and the Run-time Connection
tabs. Since the schemas are generated at design time using the server details
specified in the Design-time Connection tab, the references are not broken if
you change the server details in the Run-time Connection tab. However, for the
adapter to work, the schemas on both the servers must be identical.
Additionally, you can specify the global variables for the server details in the
Run-time Connection tab, and provide the values at run-time, using the
adapter’s properties file. This allows you to migrate the project from one LDAP
server to another without modifying the project file. You only need to modify the
adapter’s properties file (.tra).
To specify global variables for run-time connection parameters:
1. Open the project file in TIBCO Designer and select the adapter configuration
you want to modify.
2. Click the Design-time Connection tab and clear the Use Design-time
Connection For Run-time check box.
3. Click the Run-time Connection tab and specify global variables for the
server details. You can provide the values for these global variables at
run-time, using the adapter’s properties file.
For details on how to configure an LDAP server and specify global variables,
see the TIBCO Adapter for LDAP Examples Guide.
This ensures that schema references are not broken when the run-time
connection parameters of the LDAP server are changed.

168

| 169
Chapter 8 Monitoring the Adapter Using TIBCO Hawk
This chapter explains how to use TIBCO Hawk microagents to monitor and
manage the adapter.
Topics

• Starting TIBCO Hawk Software, page 171
• The Auto-Discovery Process, page 172
• Invoking Microagent Methods, page 173
• Available Microagents, page 176

170
| Chapter 8 Monitoring the Adapter Using TIBCO Hawk
Overview
TIBCO Hawk is a sophisticated tool for enterprise-wide monitoring and

managing of all distributed applications and systems. System administrators can
use it to monitor adapters in a wide area network of any size. TIBCO Hawk can be
configured to monitor system and adapter parameters and to take actions when
predefined conditions occur. These actions include: sending alarms that are
graphically displayed in the TIBCO Hawk display, sending email, paging,
running executables, or modifying the behavior of a managed adapter.
Unlike other monitoring applications, TIBCO Hawk relies on a purely distributed
intelligent agent architecture using publish or subscribe to distribute alerts.
TIBCO Hawk uses TIBCO Rendezvous for all messaging and thus gains the
benefits and scalability from the TIBCO Rendezvous features of
publish/subscribe, subject name addressing, interest-based routing, and reliable
multicast.
TIBCO Hawk is a purely event-based system that uses alerts. The agents are
configured with rules that instruct them on everything from what and how to
monitor to what actions to take when problems are discovered. Thus the
workload is fully distributed throughout the enterprise. Every agent is
autonomous in that it does not depend on other components to perform its
functions.
The TIBCO Hawk Enterprise Monitor consists of these components:
• Display—GUI front end that displays alarms and provides editors to create
rule bases, create tests, view messages, and invoke microagents to request
information or initiate an action.
• Agents—Intelligent processes that perform monitoring and take actions as
defined in rules.
• Rulebases—Rules that are loaded by agents to determine agent behavior.
• Application Management Interface (AMI)—Manages network applications
via TIBCO Rendezvous and supports communication between a network
application and monitoring TIBCO Hawk agents, including the ability to
examine application variables, invoke methods, and monitor system
performance.
• Microagents—Feed information back to TIBCO Hawk and expose action
methods to rulebases.
For more information, see the TIBCO Hawk documentation.

Starting TIBCO Hawk Software 171
|
Starting TIBCO Hawk Software
The TIBCO Hawk agent can be configured to start automatically during the
system boot cycle. See the TIBCO Hawk Installation and Configuration guide for
information about starting TIBCO Hawk.
The TIBCO Hawk Administrator’s Guide explains how to start the TIBCO Hawk
Display.
The guides are included in your TIBCO Hawk software installation area.

172
The Auto-Discovery Process
After you start an instance of TIBCO Hawk Display, it continually discovers

machines running TIBCO Hawk Agents on your network. Container icons are
created for each agent, and arranged hierarchically in clusters. By default, agent
icons are clustered according to subnets.
At first, the Agents container is empty. Its counter displays a value of zero and, on
the right, the Discovered counter is also at zero. Both icons are initially green in
color to show that no alerts, or warning messages, are in effect. As agents are
discovered, the counters increment to reflect the current number of discovered
agents:
Monitored network nodes are arranged in a hierarchical tree of containers.

Clicking a container in the left panel displays nested items on the right.
Icon colors change to reflect the highest level of alert found on discovered agents.
For explanations of icon elements and characteristics, see your TIBCO Hawk
Administrator’s Guide.

Invoking Microagent Methods 173
|
Invoking Microagent Methods
A set of default microagents is loaded when a TIBCO Hawk Agent is started.

When you install and start the adapter, its microagents are dynamically added to
the local agent.
To invoke a microagent method:
1. Start TIBCO Hawk Display, then right-click on the agent icon and select Get
Microagents.
If TIBCO Hawk security is implemented on your system and you do not have
access to microagents on this agent, an error dialog displays. Select another
agent, or contact your system administrator to obtain access.
The Microagents, Methods and Arguments dialog displays. The panel on the
upper left lists microagents you can access on the current agent.
This dialog has two modes, Invoke and Subscribe. Invoking a method
immediately returns a single set of current results. Subscribing provides
updates of current results at regular intervals. Radio buttons at the bottom of
the dialog control these modes.
2. Click a microagent name, such as Self, to display a list of associated methods
and text descriptions in the panels below.

174
3. Click the name of the method to invoke, such as getComponentInfo.
If the method accepts arguments, fields for each argument display in the
upper right panel. Detailed help text displays in the lower panel.
4. Specify any arguments for the method invocation.
5. Verify that the Invoke radio button is selected.
6. Click the Invoke button to invoke the selected method.
The Invocation Results dialog displays the results returned by the method.
7. Click Done to close the dialog.

Invoking Microagent Methods 175
|
These steps describe how to interactively invoke a microagent method and

receive a single set of results in TIBCO Hawk Display. You can also use a
microagent method as the data source of a TIBCO Hawk rule. Rules automatically
receive method results, apply tests to evaluate them, then take action if necessary.
For more information on building TIBCO Hawk rules and rule bases, see your
TIBCO Hawk Administrator’s Guide.

176
Available Microagents
Each adapter has three microagents, a standard TIBCO Hawk microagent named
COM.TIBCO.ADAPTER.xyz where xyz is the adapter configuration name, a custom
microagent, and a class microagent (for PAM compliance). The microagents
provide:
• Business level statistics—statistics that report the progress of the adapter as it
interacts with the vendor application. For example, in a database adapter such
statistics might indicate whether objects were successfully or unsuccessfully
inserted, updated, or deleted in the database.
• Queries that return information about the state of the adapter. This can be an
important tool for seeing the internals of an adapter and debugging it if
something appears wrong. For example, methods can return information
about threads, internal queues, or connections to the target system. Using
these methods, one might be able to identify certain bottlenecks or gauge how
successfully an adapter is scaling with respect to the current environment.
• Updates of the adapter run-time parameters. This includes retrieving the
current run-time parameters and setting new run-time parameters without
restarting the adapter. An example of this is getting and setting the polling
interval. Updating a run-time parameter through the Hawk microagent only
affects the setting of the instance that is running. It does not make a
permanent change of the setting in either the repository or the .tra file.
By default, all three microagents are available at run time. You can disallow
adding custom methods to the standard microagent when deploying the adapter
by changing the addCustomHawkMethodsToClassMAgent property value in the
adapter’s property file.
The following table lists each method available for the adapter and page on which
the method is explained.
Table 6 Microagent Methods
Method Description Page

Standard Methods
activateTraceRole() Activates a mapping of a role to a sink at 180

run time.
deactivateTraceRole() Deactivates a mapping of a roles to sinks 181

at run time.

Available Microagents 177
|
Table 6 Microagent Methods (Cont’d)
Method (Cont’d) Description (Cont’d) Page

getAdapterServiceInfo Returns information about the services 182
rmation()
implemented by this adapter.
getComponents() Returns information about the publisher, 183

subscriber and IODescriptor.
getConfig() Returns basic configuration information. 184

More specific information is accessed by
the more specific methods.
getConfigProperties() Returns all attributes and elements for 185

the given repository object.
getHostInformation() Returns standard and extended 186

application information.
getRvConfig() Returns information about all TIBCO 187

Rendezvous sessions defined.
getStatus() Returns general status information, such 188

as the number of TIBCO Rendezvous
messages received and published, the
number of errors since the last call, the
PID of the application, and more.
getTraceSinks() Returns information about sinks to 189

which traces currently go.
getVersion() Returns the configuration ID, application 190

name, version, and date for this adapter
instance.
_onUnsolictedMsg() Displays alert messages sent to the 191

current adapter.
preRegisterListener() Preregisters an anticipated listener. 192
reviewLedger() Returns information retrieved from the 193

ledger file of a certified messaging
session for a publisher adapter.
setTraceSinks() Adds a role or changes the file limit of a 195

previously specified sink.

178

stopApplicationInstan Stops the running adapter instance. 196
ce()
unRegisterListener() Unregisters a currently preregistered 197

listener.
Custom Methods
getActivityStatistics Returns the total number of objects 198

()
processed for all the schemas.

ByOperation()
processed for all the schemas by each
service that is associated with a specified
operation.

BySchema()
processed for the given schema by each
service that uses the schema.
getActivityStatistics Returns information about the services 201

ByService
implemented by this adapter.
getConnectionStatisti Returns the state and statistics for all the 202
cs()
current connections used by the adapter.
getPollingInterval() Returns the current polling interval 203

setting.
getQueueStatistics() Returns the current count of elements in 204

any internal queue used by the adapter.
getThreadStatistics() Returns the operation counts of the 205

current threads
resetActivityStatisti Resets all the counts for the activity 206

cs()
statistics.
resetConnectionStatis Resets all the counts for the connection 207

tics()
statistics.
resetThreadStatistics Resets all the counts for the thread 208

()
statistics.

Available Microagents 179
|

setPollingInterval() Sets the polling interval for the 209
publication service.

180
activateTraceRole()
Activates a mapping of a role to a sink at run time. This replaces the

now-deprecated setTraceSink() TIBCO Hawk method.
Input Parameters Type Description

Role Name string Name of the role to activate.
Sink Name string Name of the sink for which to activate the role.

deactivateTraceRole() 181
|
deactivateTraceRole()
Deactivates a mapping of a roles to sinks at run time.

Role Name string Name of the role to activate.
Sink Name string Name of the sink for which to activate the role.

182
getAdapterServiceInformation()
Returns information about the services implemented by this adapter.
Input Parameter Type Description

Service Name string Name of the service from which to get
information. Default is ALL.
Returns Type Description

Line integer Sequential row number.
Service Name string Name of the service as defined at design time.
Endpoint Name string Name of the endpoint used for this service.
Type string Type of the endpoint, for example, publisher or

subscriber.
Quality of string Quality of service for the endpoint. For example

Service RVCM or JMS Persistent.
Subject string Subject defined for this endpoint.
Class string Class associated with the endpoint.
Number of integer Number of messages processed for this endpoint.

Messages

getComponents() 183
|
getComponents()
Returns information about the currently active TIBCO Hawk components such as
publishers, subscribers, or timers.

Component Name string Name of the component. If no value is enter, all
components display.
Component Type string Any of Publisher, Subscriber, Timer, or

IODescriptor. The default value is All.

Instance ID string Name of this adapter instance as defined at
design time.
Adapter Name string Name of the adapter.
Component Name string Name of the component.
Component Type string The name of the TIBCO Adapter SDK class for
this component, such as Publisher,
Subscriber, or IODescriptorSource. For
more information about the class, see your
TIBCO Adapter SDK documentation.
Session Name string Name of the session.
Description string Information about this component, for

example, time interval, signal type, and
validating the publisher or subscriber.

184
getConfig()
Retrieves generic configuration information. More specific configuration

information is accessed through separate methods.

Instance ID string Configuration ID of this adapter.
Repository string URL of the repository used for adapter instance.

Connection
Configuration string Location of the adapter project; either a file name

URL or configuration URL.
Command string Command line arguments used to start the

adapter.

getConfigProperties() 185
|
getConfigProperties()
Returns all attributes and elements for the given repository object.

Property string Name of the property for which elements (tags)
and attributes are desired. For example,
agentone/startup.
If no value is given, all properties are returned.

Element Name string Repository directory for the property.
Attribute Name string Name of the repository object attribute.
Attribute Value string Value of the repository object attribute.
Line integer Line number in which this property is defined

in the project file.

186
getHostInformation()
Return standard and extended application information set. It returns the

following information.

Name string Name of the property.
Value string Value of the property.

getRvConfig() 187
|
getRvConfig()
Returns information about the TIBCO Rendezvous session defined by this

adapter. Information about all currently defined sessions is returned if no
sessionName is provided.
Input
Parameter Type Description
Session Name string Name of the TIBCO Rendezvous session for

which configuration is required. If not given,
information about all sessions is returned. The
default is all.

Instance ID string Configuration ID of this adapter.
Session Name string Name of the session.
Service string Service parameter for this session.
Daemon string Daemon parameter for this session.
Network string Network parameter for this session.
Synchronous? boolean Returns 1 if this is a synchronous session, 0

otherwise.
Session Type string Type of session; one of M_RV, M_RVCM, or

M_RVCMQ.
Certified Name string Name of this certified session.
Ledger File string Ledger file for this certified messaging session.
Returns the empty string for sessions that are
not certified messaging sessions.
CM Timeout string Timeout for this certified messaging session.

Returns the empty string for sessions that are
not certified messaging sessions.

188
getStatus()
Retrieves basic status information about the adapter.

This information is fairly limited; for more detail, additional methods are
provided (getConfig() on page 75 and getRvConfig() on page 77.

Instance ID string Configuration ID for this adapter instance.
Uptime integer Number of seconds since startup.
Messages Received integer Number of TIBCO Rendezvous messages

received.
Messages Sent integer Number of TIBCO Rendezvous messages

published.
New Errors integer Number of errors since the last call to this
method.
Total Errors integer Total number of errors since startup.
Process ID integer Process ID of the application.
Host string Name of host machine on which this adapter

is running.

getTraceSinks() 189
|
getTraceSinks()
Returns information about sinks to which traces currently go.

Sink Name string Name of the sink for which you need
information. If no name is specified,
information about all sinks is returned. Default
is all.
Role Name string Name of the role for which you need
information for the specified sink or sinks.
Default is all.

Instance ID string Name of this adapter instance as a string.
Adapter Name string Name of the application for this sink.
Sink Name string Name of the sink
Sink Type string Type of this sink. One of fileSink, rvSink,

hawkSink, stderrSink.
Roles string Roles this sink supports, as a string. For example

warning, error, debug.

190
getVersion()
Retrieves version information for the current application. Two lines may be
returned, one for the TIBCO Adapter SDK, one for the adapter.
Returns Description
Instance ID Configuration ID as a string, for example SDK.
Adapter Name Name of the adapter as a string, for example agentone.
Version Version number as a string, for example 5.1.

_onUnsolictedMsg() 191
|
_onUnsolictedMsg()
Displays all alert messages sent from the adapter or an error if not successful.

192
preRegisterListener()
Preregister an anticipated subscription service. Some sending applications can

anticipate requests for certified delivery even before the listening applications
start running. In such situations, the publication service can preregister
subscription services, so TIBCO Rendezvous software begins storing outbound
messages in the publication service ledger. If the listening correspondent requires
old messages, it receives the backlogged messages when it requests certified
deliver.
Input Type Description

Parameters
Session Name string Name of the session that anticipates the
listener.
Publisher Name string Name of the component for which the

listener should be preregistered.
Listener Session string Name of the subscription service to

Name preregister.
Returns OK if the subscription service was preregistered successfully, false

otherwise.

reviewLedger() 193
|
reviewLedger()
Returns information retrieved from the ledger file of a TIBCO Rendezvous

certified messaging session.
Before invoking this method, ensure that the certified messaging publisher
adapter has established a certified delivery agreement with its subscriber agents.
Input
Parameters Type Description
Session Name string Name of the TIBCO Rendezvous session for

which ledger information is desired (default is
all).
Subject string Name of the subject for which ledger

information is desired.

Session Name string Name of the TIBCO Rendezvous CM session
to which this information applies.
Subject string Subject name for this session.
Last Sent Message integer Sequence number of the most recently sent
message with this subject name.
Total Messages string Total number of pending messages with this

subject name.
Total Size integer Total storage (in bytes) occupied by all

pending messages with this subject name.
If the ledger contains ten messages with this
subject name, then this field sums the storage
space over all of them.
Listener Session string Within each listener submessage, the Listener

Name Session Name field contains the name of the
delivery-tracking listener session.

194
Returns (Cont’d) Type Description

Last Confirmed string Within each listener submessage, the Last
Confirmed field contains the sequence
number of the last message for which this
listener session confirmed delivery.
Line integer Row number in ledger file.
Unacknowledged integer Number of RVCM messages pending for this

Messages listener. The value is computed by subtracting
the last sent sequence number from the last
acknowledged sequence number.

setTraceSinks() 195
|
setTraceSinks()
Adds a role or changes the file limit of a previously specified sink.
Input
Sink Name string Name of the sink for which you want to add a
role or change the file limit.
Role Name string Name of the role you want to add to this sink
(warning, error, debug, or user defined). Default
is all.
File Size integer Maximum file size for this sink.

This parameter is ignored if the sink specified
by sinkName is not a file sink.
Returns OK if successful or an error if not successful.

196
stopApplicationInstance()
Stops the specified adapter by calling the internal stop() method. This method
returns OK if successful or an error if not successful.

unRegisterListener() 197
|
unRegisterListener()
Unregister a currently preregistered subscription service.
Input
Session Name string Name of the session that anticipates the

subscription service.
Publisher Name string Name of the publication service to which the

subscription service is preregistered.
Listener Session string Name of the subscription service to unregister.

Name
This method returns true if the subscription service was unregistered successfully,
false otherwise.

198
getActivityStatistics()
Returns the total number of objects processed for all the schemas, based on the
request type. Also, returns the number of success and error objects.

GetSubTotalBy string Indicates how to group the subtotals, by
Service or Operation.

Name string Service name or All Services which represents
the final tally of all the services
Total integer Total number of objects processed including both

success and failures.
Success integer Total number of objects successfully processed.
Failure integer Total number of objects that caused an error

during processing.
MeasurementIn integer Displays the time (in seconds) since last time the
terval adapter was reset, or if never reset, since the
adapter started.

getActivityStatisticsByOperation() 199
|
getActivityStatisticsByOperation()
Returns statistics about one operation.

Operation string Name of the operation.

Operation string Name of the operation.
Service Name string Name of the service.
Total integer Total number of objects processed, both success

and failures.

during processing.
adapter started.
LineIndex string Concatenated string of Service Name and

Operation separated by a comma.

200
getActivityStatisticsBySchema()
Returns the total number of objects processed for the given schema by each
service that uses the schema. Also, returns the number of success and error
objects.

Schema Name string Name of the schema.

Service Name string Name of the service that is associated with the
specified schema.
Total string Total number of objects processed for this schema

for a publication service.
Total number of objects received for this schema
for a subscription service.
Success string Number of objects that were successfully

identified for this schema, which will be
published or written to a file.
Failure string Number of objects that were identified for this

schema but were not published because the
header of the schema failed validation for a
publication service, or was written to a file
because the schema was not associated with a
subscriber for a subscription service.

getActivityStatisticsByService 201
|
getActivityStatisticsByService
Returns statistics about the data handled by a given adapter service or all adapter
services since the time the adapter was started.
Input parameter Type Description

Service Name string Name of service to get the statistics for. If no
service name is given, performance statistics for
all services is returned.

Service Name string Service name
Schema Name string Name of top level schema processed by this

service.
Operation string Type of operation this service provides.
Total integer Total number of objects processed, both success

and failures.

during processing.
adapter started.
LineIndex string Concatenated string of Service Name and

Operation separated by a comma.

202
getConnectionStatistics()
Returns the state and statistics for all the current connections used by the adapter.

Connection ID string Unique identification of a particular connection.
Connection Type string Type or key that will match this connection to a
thread or queue.
State string Current state: CONNECTED or

DISCONNECTED.
NumRetries integer Total number of times this connection had to be

reestablished.
TotalNumOperat integer Total number of operations processed by this

ions connection since the adapter started.
CurrentNumOpe integer Total number of operations processed by this

rations connection since the last reconnection.
NumLostConnec integer Total amount of time that this connection has

tions been lost.
MeasurementInte integer Displays the time (in seconds) since last time the
rval adapter was reset, or if never reset, since the
adapter started.

getPollingInterval() 203
|
getPollingInterval()
Returns the current polling interval setting.

PollingInterval integer Polling interval in milliseconds.

204
getQueueStatistics()
Return the current count of elements in any internal queue used by the adapter.
This includes the TIBCO Rendezvous event queues automatically spawned by
TIBCO Rendezvous for each adapter.

QueueID string Unique identification of a particular queue.
QueueType string Type or key that will match this queue to a

thread or connection.
QueueCount integer Current number of elements in the queue.
MaxQueueSize integer Maximum number of elements in the queue.
MeasurementInte integer Displays the time (in seconds) since last time the
rval adapter was reset, or if never reset, since the
adapter started.

getThreadStatistics() 205
|
getThreadStatistics()
Return the operation counts of the current threads.

ThreadID string Unique identification of a particular thread.
ThreadType string Type that tells what part of the adapter this
thread belongs. Valid types include
"Publisher", "Subscriber", "RPC", or
"Connection".
TaskType string One-word description of the tasks this thread

processes.
TaskCount integer Number of tasks processed by this thread.
MeasurementInterv integer Displays the time (in seconds) since last time
al the adapter was reset, or if never reset, since
the adapter started.

206
resetActivityStatistics()
Resets all the counts for the activity statistics.

resetConnectionStatistics() 207
|
resetConnectionStatistics()
Resets all the counts for the connection statistics.

208
resetThreadStatistics()
Resets all the counts for the thread statistics.

setPollingInterval() 209
|
setPollingInterval()
Set the polling interval for the publication service.

PollingInterval integer Polling interval in milliseconds.
ServiceName string Name of service where the polling interval is set.

210

| 211
Appendix A Trace Messages
This appendix explains the trace messages that are logged to a location specified
at configuration time.
Topics

• Trace Message Fields, page 214
• Status Messages, page 216

212
| Appendix A Trace Messages
Overview
Trace messages provide information about adapter activities. The messages are
logged to the console where the run-time adapter was started and to a log file.
Trace messages can also be redirected to the TIBCO Hawk Display application, or
sent to other applications using the TIBCO Rendezvous transport.
Each trace message can include the following fields:
<Timestamp> <Adapter Identifier> <Role> <Category> <Status Code>
<Tracking Identifier>
The above fields are explained in Trace Message Fields on page 214. The
following diagram shows an example trace message and calls out the fields.
Timestamp
2003 Jul 09 10:58:54:984 GMT +5
Adapter Identifier Role Category

ldap.LDAPAdapterConfiguration Info [Adapter]
Status Code
AELDAP-00004 Publisher LDAPPublicationService publishing
Tracking Identifier
tracking=#Kj2--7--Dkic3UxU-/gPzzw6E-zzw#
Example Trace Messages

The following trace messages were written during a session where TIBCO
Adapter for LDAP published a message that used the UPDATE operation, and then
processed the message.
The first message indicates that TIBCO Adapter for LDAP has started. The
timestamp indicates when the adapter started, and the role indicates that the trace
message is informational, which means the activity is normal for the adapter. The
category is identified, and the corresponding status code is displayed. The status
code indicates that the adapter started successfully.
2003 Jul 09 10:58:54:984 GMT +5 ldap.LDAPAdapterConfiguration Info
[Adapter] Adapter ldap started successfully
The next set of trace messages indicates the publication service of the adapter
publishing a message that uses the UPDATE operation. The
#Kj2--7--Dkic3UxU-/gPzzw6E-zzw# tracking identifier included in the trace
message uniquely identifies the message. The adapter provided the identifier.
[Adapter]

Overview 213
|
AELDAP-00004 Publisher LDAPPublicationService publishing
tracking=#Kj2--7--Dkic3UxU-/gPzzw6E-zzw#
[Adapter]
AELDAP-00008 Adapter publishing : Publisher :
LDAPPublicationService
publishing. Opcode = LDAP_MODIFY DN =
uid=pop,ou=unit5,o=BenchMark,dc=us.tibco.com
The final trace message indicates the subscription service has received the
message, and acknowledges that the UPDATE operation is complete with the
following message.
[Adapter]
AELDAP-00003 Service LDAPSubscriptionService invoked
tracking=#0vA--9--Dkic3k-w-/gQzzw6E-zzw#
[Adapter]
AELDAP-00013 Service: LDAPSubscriptionService Operation:
LDAP_MODIFY DN:
uid=pop,ou=unit5,o=BenchMark,dc=us.tibco.com

214
Trace Message Fields
Each trace message includes the following fields:
Table 7 Tracing Fields
Field Name Description

Timestamp Timestamp of occurrence. For example, 2003 Jul 09 10:58:54:984 GMT +5.
Adapter Name of the adapter that wrote the trace message. This is a combination of the
Identifier adapter acronym and adapter configuration name. For example, the
application identifier, LDAP.publisher1 identifies a TIBCO Adapter for
LDAP service named publisher1.
Role A role can be:

• Info. Indicates normal adapter operation. No action is necessary. A tracing
message tagged with Info indicates that a significant processing step was
reached and has been logged for tracking or auditing purposes. Only info
messages preceding a tracking identifier are considered significant steps.
• Warn. An abnormal condition was found. Processing will continue, but
special attention from an administrator is recommended.
• Error. An unrecoverable error occurred. Depending on the error severity,
the adapter may continue with the next operation or may stop altogether.
• Debug. A developer-defined tracing message. In normal operating
conditions, debug messages should not display.
When configuring the adapter you define what roles should or should not be
logged. For example, you may decide not to log Info roles to increase
performance.

Trace Message Fields 215
|
Table 7 Tracing Fields
Field Name Description

Category One of the following:
• Adapter. The adapter is processing an event.
• Application. The adapter is interacting with the LDAP server.
• Configuration. The adapter is reading configuration information.
• Database. The adapter is interacting with a database.
• Metadata. The adapter is retrieving metadata from the LDAP server.
• Palette. The adapter is interacting with the palette.
• Publisher Service. The publication service is reporting this trace message.
• Request-Response Server. The request-response service is reporting this
trace message.
• Shutdown. The adapter is shutting down.
• Startup. The adapter is starting.
• Subscription Service. The subscription service is reporting this trace
message.
• System. This category is not linked to a specific event process. The trace
message may be related to a Microsoft Windows service related messages,
memory allocation, file system error, and so on.
• TibRvComm. The adapter is communicating with TIBCO Rendezvous.
• XML. The adapter is parsing XML documents.
Status Code Unique code for the message and description. Status codes are identified by a
unique number and description. If a trace message includes an error or warn
role, the status code documentation includes a resolution. See Status Messages
on page 216 for details.
Tracking A unique identifier that is "stamped" on each message by the originating

Identifier adapter. The tracking identifier remains in effect from a message’s beginning
to its completion as it is exchanged by TIBCO applications. If the adapter is
the termination point of the message, the tracking identifier is not displayed
in the trace message.
You cannot modify the tracking identifier format or configure what
information is displayed.

216
Status Messages
Message Role Category Resolution

AELDAP-00001 Cannot connect to the LDAP server.
errorRole Adapter Verify connection parameters in the

Connection Tab for the adapter instance
configuration.
AELDAP-00002 Unable to open the audit log file for reading.
errorRole Adapter Ensure that the path for the audit log file is
correct as displayed in the Connection Tab
during adapter instance configuration.
AELDAP-00003 Service <service name> invoked.
infoRole Adapter Indicates normal adapter operation. No

action necessary.
AELDAP-00004 Publisher <service name> publishing.

action necessary.
AELDAP-00005 Unable to initialize the timer.
errorRole Adapter Internal error occurred. The repository

created through the adapter palette is
possibly corrupted. Please reconfigure the
adapter.
AELDAP-00006 Unable to fetch the schema for the LDAP server <server name>.
errorRole Adapter The adapter was unable to do a schema query

against the LDAP server. Verify that the
LDAP server is up and that connection
parameters specified in the Connection Tab
during configuration are correct.

Status Messages 217
|

AELDAP-00007 An internal error occurred on the LDAP Server: <server name>.
errorRole Adapter This may be due to a error in configuring the

adapter in TIBCO Designer. Please verify
your adapter and service configuration.
AELDAP-00008 Adapter publishing: <message>.

action necessary.
AELDAP-00009 Error occurred while creating persistent search control: <error description>.
errorRole Adapter This may be due to a error while configuring

the adapter in TIBCO Designer. Please verify
your adapter and service configuration.
AELDAP-00010 Operation <operation name> is not supported for the service: <service
name>.
errorRole Adapter The LDAP operation is not supported by the

service. Please check your adapter service
configuration in TIBCO Designer.
AELDAP-00011 <DN> is not a valid DN for the service: <service name>.
errorRole Adapter The DN of the specified entry is not within

the scope of the DIT selected for this service.
AELDAP-00012 RPC Service: <service name> sending the reply back.

action necessary.
AELDAP-00013 Service: <service name> Operation: <operation name> DN: <DN> <DN>.

action necessary.
AELDAP-00014 Trying to reestablish connection with the LDAP server.
warnRole Adapter The connection with the LDAP server was

lost, possibly due to the server going down.
The adapter will attempt to reconnect to the
server.

218

AELDAP-00015 Unable to reestablish connection with LDAP server in service <service
name> while executing operation <operation name> with DN as <DN>.
errorRole Adapter The adapter attempted to reconnect to the

LDAP server after a connection went down;
however this reconnect attempt was
unsuccessful. The adapter will now stop.
Please check your LDAP server.
AELDAP-00016 Service <service name> attempted operation <operation name> on DN

<DN> resulted in error: <error description>.
errorRole Adapter The error string in the message describes the

cause of the problem. This is an error
returned from the LDAP server.
AELDAP-00017 Cannot run the service <service name> on non windows platform against
Active Directory server.
errorRole Adapter An adapter instance working against Active

Directory must be run only on Microsoft
Windows. An attempt was made to start the
adapter on a non-Microsoft Windows
platform. Please run the adapter on Microsoft
Windows.
AELDAP-00018 Unable to reestablish connection with LDAP server in service <service

name>.
errorRole Adapter The adapter attempted to reconnect to the

LDAP server after a connection went down;
however this reconnect attempt was
unsuccessful. The adapter will now stop.
Please check your LDAP server.
AELDAP-00019 The logfile <logfile name> could not be opened. The adapter will not
publish any changes which occurred before the adapter was started. This is
normal if you are starting the adapter for the first time.
warnRole Adapter If you are not starting the adapter for the first
time, check if the file exists. If it does not,
check on file space and on write permissions
for the adapter to create the file.

Status Messages 219
|

AELDAP-00020 The logfile <logfile name> could not be read. The adapter will not publish
any changes which occurred before the adapter was started.
errorRole Adapter Files cannot be created and/or read. Contact

your system administrator.
AELDAP-00021 The logfile <logfile name> could not be written to.
errorRole Adapter Files cannot be created and/or read. Contact

your system administrator.
AELDAP-00022 This version of TIBCO Adapter for LDAP is not compatible with the
specified repository. Please install and use a newer version of the adapter.
errorRole Configuration Install the latest version of the adapter.
AELDAP-00023 Warning: Opening a repository corresponding to an older LDAP Adapter

version. It is recommended (but not necessary) that you open the repository
in the current TIBCO Adapter for LDAP palette, update all services and save
the repository.
warnRole Configuration Use the current palette to open the repository,

update all services and save the repository.
AELDAP-000024 Startup Error. Unable to create a connection with the target application using
connection parameters [Host = <host name>, Port = <port>, User DN = <user
DN>, Password = ******]. Target application error is <error description>.
errorRole Adapter Check connection parameters provided at

configuration time. Also check if the LDAP
server is running.
AELDAP-000025 Startup Error. Received target application error with the target application
LDAP. The connection <user DN>, Password = ***** and the Connection
pool size is <connection pool size>.
errorRole Adapter Check connection parameters provided at

configuration time. Also check if the LDAP
server is running.

220

AELDAP-890001 Reconnect attempt <attempt number>.

action necessary. Connections to the LDAP
server have been broken and a reconnect is
being attempted.
AELDAP-890002 Reconnect succeeded on attempt <attempt number at which reconnection

was successful>.

action necessary. Reconnects were attempted
and succeeded in current attempt.
AELDAP-890003 Reconnect failed on attempt <attempt number> - will retry in <time>

milliseconds
warnRole Adapter The reconnect failed, but the adapter will try
again after the specified time interval.
AELDAP-890004 Connection reestablished for publisher - message may be a duplicate of a

previously published message.
warnRole Adapter The connection was reestablished. However,

the message may be a duplicate of a
previously published message.
AELDAP-890005 The request received could not be processed due to connection errors. Error
reply sent back.
errorRole Adapter Due to connection errors, the request could

not be processed. If configured, reconnection
attempts have been started to the target
LDAP server.
AELDAP-890006 Adapter stopping due to persistent connection errors. Please check LDAP
Server and restart adapter.
infoRole Adapter Connection could not be established after the

configured number of reconnects. The
adapter will stop execution.

Status Messages 221
|

AELDAP-890007 Subscription services suspended due to reconnect failure.
infoRole Adapter Connection could not be re-established; as

configured, subscriber services are now
suspended and will be automatically revived
once the connection is back up.
AELDAP-890008 Connection reestablished; suspended subscriber services if any, reactivated.

action necessary.
AELDAP-890009 Operation did not succeed due to connection error in service <service name>.
The operation will be reattempted.
infoRole Adapter An operation such as Add, Delete, Modify

could not be performed by a subscriber
service due to connection errors. Will be
reattempted once the connection is back up.
AELDAP-920015 Subscription error. Subscription service <service name> listening on subject

<subject name> failed due to target application invocation error <error
description>. Target application is LDAP. The target application specific
commands and parameters are <parameters>.The bad message is = <error
message> and is logged for future reference.
errorRole Adapter The target application invocation error is

from the LDAP server. Please contact your
LDAP server administrator for information
on the cause of the error.

222

AELDAP-940009 Request-Response error. Request-Response service <service name> listening
on subject <subject name> failed due to target application invocation error
<error description>. Target application is 'LDAP' and the inbound event is
<inbound event>. The target application specific commands and parameters
are <target application commands and parameters>.
errorRole Adapter This error occurs when the request-response

service sends a request from TIBCO
IntegrationManager that has inaccurate or
incomplete data. The LDAP Server cannot
complete the specified operation using this
data. Make sure that you send accurate and
complete data to the LDAP server so that the
operation can be successfully completed.
AELDAP-000029 No object class specified for the service: <service name>.
errorRole Configuration Specify an object class in the adapter

configuration.

<DN> resulted in error: Invalid object class.
errorRole Adapter Check if the LDAP server entry that is being

acted on belongs to the object class
configured for the adapter service.

<DN> resulted in error: Unable to find the specified entry.
errorRole Adapter Check if the entry exists on the LDAP server.

<DN> resulted in error: Modify not performed since the server has identical
data.
warnRole Adapter For server synchronization through the

Update Only If Different option, a modify
request was ignored since incoming data is
the same as data on the LDAP server.

Status Messages 223
|

AELDAP-000033 Startup Error. Unable to create an SSL connection with the target application
using connection parameters [Host = <host name>, Port = <port>].
ldapssl_init() failed.
errorRole Adapter Check your LDAP server connection

parameters provided at configuration time.
AELDAP-000034 Startup Error. Unable to set automatic reconnectionoption on the SSL

connection. Non-fatal error. Continuing. Connection parameters [Host =
<host name>, Port = <port>, User DN = <user DN>].
warnRole Adapter Setting reconnect option through

ldap_set_option() has failed. Contact your
LDAP administrator.
AELDAP-000035 Startup Error. Unable to enable client EXTERNAL authentication using

parameters [Client certificate and key nickname =<certificate and key
nickname>, Key password = ******]. Target application error is: <error
description>.
warnRole Adapter Make sure that the right client certificate is

imported into the converted certificates and
keys directory and the client key password is
correct.
AELDAP-000036 Startup Error. Unable to initialize client library for SSL using parameters
[Client certificate and key directory = <client certificate and key directory>,
Server authentication = <authentication>]. Target application error is: <error
description>.
errorRole Adapter Check certificates and key directory as well as

connection parameters.
AELDAP-000037 Startup Error. Unable to bind to target LDAP server on SSL channel using
parameters [Host = <host name>, Port = <port>, Client authentication
mechanism = <authentication mechanism>, User DN = <user DN>]. Target
application error is: <error description>.
errorRole Adapter Check your LDAP server connection

parameters.

224

AELDAP-000038 Failed to connect to the server.
errorRole Adapter Check your connection parameters and

contact your Active Directory administrator.
AELDAP-000039 Failed to get the DnsHostName.

AELDAP-000040 Failed to open the Root DSE on an Active Directory Server using parameters
[ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL used>]. Target
application error code is: <error code>.

AELDAP-000041 Failed to open the DC Service on an Active Directory Server using

parameters [ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL
used>]. Target application error code is: <error code>.

AELDAP-000042 Failed to open the IDirectorySearch on an Active Directory Server using

parameters [ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL
used>]. Target application error code is: <error code>.

AELDAP-000043 Failed to open the IDirectorySearch with fast bind option on an Active
Directory Server using parameters [ADsPath = <path>, User DN = <user
DN>, Use SSL = <SSL used>]. Target application error code is: <error code>.

AELDAP-000044 Failed to open an object on an Active Directory Server using parameters

[ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL used>]. Target
application error code is: <error code>.


Status Messages 225
|

AELDAP-000045 Publisher <service name> on subject <subject name> did not find any
entries to publish.

action necessary.
AELDAP-910012 Startup Error. Unable to create a Custom Hawk Micro Agent Named
<microagent name> used for %2.
errorRole Adapter This occurs only if there is a problem with the

adapter configuration. Please verify your
configuration through the LDAP palette, save
and restart the adapter.
AELDAP-910006 Startup Error. SDK Exception <error description> occurred while creating a
shutdown listener with parameters <parameters>, <parameters>. The
Repository URL is <repository URL> and the Configuration URL is
<configuration URL>.
errorRole Adapter This occurs only if there is a problem with the

adapter configuration. Please verify your
configuration through the LDAP palette, save
and restart the adapter.
AELDAP-910003 Startup Error. The command line parameters <parameters> have not been
specified properly
errorRole Adapter Check the specified command line parameter

used while starting the adapter. Also, verify
that information in the .tra file is correct.
AELDAP-000100 Configuration Error. <error description>.
errorRole Configuration Check the error message for details on the

configuration error and fix those.
AELDAP-000208 Task raised exception. <error description>.
errorRole Adapter The adapter configuration does not seem to

have been saved correctly. Please review, edit
and save the configuration correctly from the
palette.

226

AELDAP-000216 Unable get connection object. <description>

palette.
AELDAP-000218 Unable to release connection object. <description>.

palette.
AELDAP-920001 Subscription error. Subscription service <service name> listening on

<subject name> received an unexpected event of type = <event type
received>, Expects event <event type expected>. The Repository URL is
<repository URL> and the Configuration URL is <configuration URL>.
errorRole Adapter Check the configuration of the application

that is publishing the event and make sure
that it matches the inbound event definition
for the above subscription service. Please
refer to Subscription Service Fields on
page 113 for details on the configuration of
AELDAP-920002 Subscription error. Subscription service <service name> failed to deserialize

the event received on subject <subject name> and SDK exception thrown is
<error description>. The Repository URL is <repository URL> and the
Configuration URL is <configuration URL>.


Status Messages 227
|

<subject name> received inbound event with null data. The Repository URL
is <repository URL> and the Configuration URL is <configuration URL>.


<subject name>, could not could not find the tracking data. The Repository
URL is <repository URL> and the Configuration URL is <configuration
URL>.


<subject name> received error <error description> in SDK message level
UserExit <user exit parameter>.
errorRole Adapter Make sure the UserExit parameters are valid

and the user exit is invokable from SDK.

228

AELDAP-930001 Publication error. Publication service <service name> publishing on subject
<subject name> encountered error <error description> while trying to
connect to target application <application name>. Connection parameters are
<connection parameters>, the connection timeout is <connection timeout>
milliseconds, and the number of retry efforts is <number of retry attempts>.
Polling timeout is <polling timeout> milliseconds.
errorRole Adapter Check the target application and make sure it

is up and running. Check the connection
parameters for right syntax and values.
Please refer to Setting LDAP Connection
Parameters on page 45 for details on how to
specify connection parameters
AELDAP-930014 Publication error. Publication service <service name> with publication

subject <subject name> received error while sending event over the wire.
The Publish endpoint details are <endpoint details>.
errorRole Adapter Please check your configuration file to verify

that the publisher service is configured
correctly.

subject <subject name> received error <error description> in the SDK
message level UserExit. The User exit names are <user exit name> and the
User exit parameters are <user exit parameters>.


subject <subject name> encountered error <error description> while trying
to create publish event with schema <schema>. The Target application
details are <application details>.

AELDAP-000401 Advisory warning message for %1
warnRole Adapter The adapter configuration does not seem to

palette.

Status Messages 229
|

AELDAP-000402 Error occurred while trying to publish. The exception is: <error description>.

palette.
AELDAP-940011 Request-Response error. Request-Response service <service name> listening

on subject <subject name> received a time out error. Time out period in
configuration file is <time> milli seconds.
errorRole Adapter Increase the timeout value for the

request-response service.
AELDAP-000204 AppManager already initialized. setMAppProperties() ignored.

palette.
AELDAP-000108 Invalid service type. Service <service name> contains invalid value for the
attribute 'type'.
errorRole Configuration The adapter configuration does not seem to

palette.
AELDAP-000103 Failed to find component <component name> in repository.

palette.
AELDAP-000110 Service contains incorrect endpoint type. <service name>

palette.

230

AELDAP-000102 Agent's publisher service not found. <agent name>

palette.
AELDAP-000107 Agent contains incorrect publisher service type. <agent name>

palette.
AELDAP-000205 Class inheritance error. <class name>

palette.
AELDAP-000206 Feature not implemented. <feature name>

palette.
AELDAP-000224 Connection Manager initialization failed. <name>

palette.
AELDAP-000223 Agent termination failed. <agent name>

palette.

Status Messages 231
|

AELDAP-000001 <information message>

action necessary.
AELDAP-000203 Application Manager initialization error.

palette.
AELDAP-000200 <error description>
errorRole Adapter The connection with the LDAP Server cannot

be established. Make sure that the LDAP
server is running.
AELDAP-000104 Operation contains invalid parameter type. <operation name>

palette.
AELDAP-000305 Transaction failed: <error description>

palette.
AELDAP-000211 Reply operation failed for server service <service name>

palette.
AELDAP-000115 Unable to create Hawk service: <service name>

palette.

232

AELDAP-000111 Operation contains incorrect number of parameters. <operation name>

palette.
AELDAP-000303 Remote operation invocation failed for service <service name>.
errorRole TibRvComm The adapter configuration does not seem to

palette.
AELDAP-000113 Invalid operation name. Service <service name> contains a operation name
that is not supported in the associated class.

palette.
AELDAP-000114 No operation match. Operation name specified for Service <service name>
does not match any of the operations in the associated class.

palette.
AELDAP-000213 Unable to deserialize reply message for publisher reply service: <service
name>.

palette.
AELDAP-000302 Invalid event received by publisherReplyService <service name>.

palette.

Status Messages 233
|

AELDAP-000212 Unable to deserialize incoming message for subscriber service: <service
name>.

palette.
AELDAP-000214 Unable to get the MPublisher associated with the data event for subscriber
reply service <service name>.

palette.
AELDAP-000304 Publisher reply service unable to send reply. <service name>.

palette.
AELDAP-000215 Unable to execute task <task name>.

palette.
AELDAP-000220 Task returned incorrect MInstance. <task name>

palette.
AELDAP-000209 Task execution error. <task name>

palette.

234

AELDAP-000221 Startup Warning. Connection pool size <current connection pool size> is
smaller than desired pool size <required connection pool size>. The
connection parameters are [Host = <host name>, Port = <port>, User DN =
<user DN>, Password = ******, SSL = <SSL>.
warnRole Adapter
AELDAP-970001 This field is mandatory
errorRole Palette Error message for the null field. This field is
mandatory.
AELDAP-970002 The port number must be greater than or equal to 0, and less than or equal to
65535.
errorRole Palette Error message if the port number is beyond

the standard range.
AELDAP-970003 This is not a valid value.
errorRole Palette Error message if the value entered in No. Of

Threads field is invalid.
AELDAP-970006 Invalid subject.
errorRole Palette Error message if an invalid subject is entered

in the Termination Subject or Topic field.
AELDAP-970010 You must select at least one LDAP action.
errorRole Palette Error message for the LDAP actions.
AELDAP-970015 The specified LDAP server type does not match with the actual LDAP server
type you are trying to connect to. Please select the correct server type.
errorRole Palette Error message while connecting to the LDAP

server, if it is different from the specified
server in the Server Type field.
AELDAP-970030 Connection could not be established with the LDAP server, so currently the
Schema View tab will not be available.Please ensure that valid parameters
have been specified in the Design-time Connection tab.
warnRole Palette Warning message when the Schema View tab

of a service could not be shown.

Status Messages 235
|

AELDAP-970031 No X509TrustManager implementation available. Please check your SSL
connection information and certificate keystore.
errorRole Palette While establishing the SSL connection, an

error occurs if the selected file for the
Trusted Certificate Authorities field is
not a valid keystore. Check that the CA
certificate is present in the trusted store and
that the keystore exists.
AELDAP-970032 Couldn't find trusted certificate. Please check your SSL connection
information and certificate keystore.
errorRole Palette While establishing the SSL connection, an

error occurs if the CA certificate is not present
in the selected trusted store or if the entered
keystore doesn't exist. Check that the CA
certificate is present in the trusted store and
that the keystore exists.
AELDAP-970033 Please wait...
infoRole Palette Indicates normal adapter operation. No

action necessary.
AELDAP-970034 Invalid number.
errorRole Palette Make sure that the number field does not
contain a hyphen (-) character.
AELDAP-970035 This DN does not exist.
errorRole Palette Check that the DN specified exists on the

LDAP server.
AELDAP-970036 Connecting to the LDAP server...
infoRole Palette Indicates normal adapter operation. No

action necessary.
AELDAP-970037 At least one service already exists with the previous server data.Make sure
that no service exists before attempting to configure the new server.
errorRole Palette Delete any services already configured if

these correspond to a different server.

236

AELDAP-970038 You have already configured adapter instances and services for a particular
LDAP server. The change that you are attempting will be valid only if the
new server has identical directory information tree and schemas. Please
confirm this and that you do wish to proceed with this change.
warnRole Palette Warning message for server name change.
AELDAP-970039 The selected resource cannot be moved.
warnRole Palette Warning message while moving the service

or instance.
AELDAP-970040 Fetching schema...
infoRole Palette Message while fetching the schema.
AELDAP-970041 Fetching descendants...
infoRole Palette Message while fetching the descendants.
AELDAP-970042 This field supports only integer values.
errorRole Palette Error message if non-integer values are

entered in the Maximum Number Of Entries
field of the Schema View tab.
AELDAP-970043 The maximum value for this field should not exceed 10000.
errorRole Palette Error message if the number of maximum

entries is specified as greater than 10,000 in
the Schema tab.
AELDAP-970044 The specified DN and sample schema entry values together do not form a
valid DN. Please enter correct values.
errorRole Palette Error message if the number of maximum

number of entries is specified as greater than
10,000 in the Schema tab.
AELDAP-970045 The number of search entries must be greater than or equal to 1 and less than
or equal to 1000.
errorRole Palette Error message if the specified number of

search entries is less than 1 or greater than
1000.

Status Messages 237
|

AELDAP-970046 The maximum number of retries cannot have a zero value.
errorRole Palette Make sure that you have not entered zero in
the Maximum Number of Reconnect
Attempts field. You can enter -1 or a positive
integer that is greater than zero in the
field.
AELDAP-970047 The maximum number of retries must be greater than or equal to -1, and less
than or equal to 65535, excluding zero.
errorRole Palette Make sure that the value entered in the

field, is not out of range.
AELDAP-970048 The maximum number of retries should be greater than or equal to number
of retries before suspend.

field is not less than the value entered in the
Number of Reconnect Attempts Before
Suspending Impacted Service(s) field.
AELDAP-970049 The number of retries before suspend must be greater than or equal to 1, and
less than or equal to 65535.

Number of Reconnect Attempts Before
Suspending Impacted Service(s) field is
not out of range.
AELDAP-970050 The sleep between retries must be greater than or equal to 100, and less than
or equal to 2147483647.

Interval Between Reconnect Attempts
(milliseconds) field is not out of range.

238

AELDAP-970051 Could not fetch schema due to insufficient access privilege. Please change
the authentication details in the Design-time Connection tab as necessary.
errorRole Palette Make sure that the schema in the Class

Reference field of the Schema View tab, for
a given DN and Sample Entry for Schema, is
populated.
AELDAP-970052 Adapter Service names must only have alphanumeric characters. Please type
in a valid name.
errorRole Palette Make sure that the name of the service does
not consist of non-alphanumeric characters.

Additional LDAP Directory Server Settings 239
|
Appendix B Additional LDAP Directory Server Settings
This appendix explains each of the additional LDAP directory server settings you
can make during design-time.
Topics
• Setting Default Naming Context in ADAM, page 240

• Configuring Global Catalog Server, page 241

240
| Appendix B Additional LDAP Directory Server Settings
Setting Default Naming Context in ADAM
The naming context container of ADAM provides you information about objects
deleted from LDAP server. You can specify a default naming context. The
following information provides information on how to set default naming context
in ADAM.
By default, an ADAM instance does not provide a default naming context. You
can, however, configure ADAM to provide a default naming context as follows:
1. In ADAM EDSI Edit, expand the My Connection tree as follows:
a. Select CN=Configuration > CN=Sites.
b. Expand the CN=Sites node upto CN=NTDS Settings.
2. Righ-click on the CN=NTDS Settings node.
The CN=NTDS Settings Properties dialog appears.
3. Select the attribute msDS-DefaultNamingContextBL.
4. Click the Edit button.
5. In the Multi-Valued String Editor dialog, enter the DN to be used as the
naming context.
6. Click the Add button and then the OK button.
The value is added to the Values panel of the Multi-Valued String Editor
dialog.

Configuring Global Catalog Server 241
|
Configuring Global Catalog Server
To enable the adapter to work with the global catalog server make the following
settings:
• Make the InvocationID attribute visible to the global catalog server.
• For retrieval of schemas and expected publisher and search operation, make
the following attributes of object class classSchema visible:
— subClassof
— systemAuxiliaryClass
With the adapter, the global catalog server allows only LDAP_SEARCH operation.
The default global catalog server TCP port is 3268.

242
| Appendix B Additional LDAP Directory Server Settings

TIBCO Software Inc. End User License Agreement
| 243

READ THIS END USER LICENSE AGREEMENT CAREFULLY. BY Customer's facility, TIBCO shall use reasonable efforts to correct or
DOWNLOADING OR INSTALLING THE SOFTWARE, YOU AGREE circumvent the problem according to its published support objectives.
TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TIBCO reserves the right to make changes only to the most currently
TO THESE TERMS, DO NOT DOWNLOAD OR INSTALL THE available version. TIBCO will use reasonable efforts to support the
SOFTWARE AND RETURN IT TO THE VENDOR FROM WHICH IT previously released version of the Software for a maximum of six
WAS PURCHASED. months.
Upon your acceptance as indicated above, the following shall govern TIBCO shall have no obligation to support the Software (i) for use on
your use of the Software except to the extent all or any portion of the any computer system running other than the operating system
Software (a) is subject to a separate written agreement, or (b) is software for which the Software is approved (as set forth in the
provided by a third party under the terms set forth in an Addenda at Software documentation) and licensed hereunder, or (ii) if Customer
the end of this Agreement, in which case the terms of such addenda has modified or authorized a third party to modify the Software.
shall control over inconsistent terms with regard to such portion(s). TIBCO shall have no obligation to modify any version of the Software
to run with any new versions of any operating system, or any other
License Grant. The Software is the property of TIBCO or its licensors third party software or hardware. If Customer purchases Support for
and is protected by copyright and other laws. While TIBCO continues any Software, Customer must purchase the same level of Support for
to own the Software, TIBCO hereby grants to Customer a limited, all copies of the Software for which it is licensed.
non-transferable, non-exclusive, license to use the number of
Permitted Instances set forth in the Ordering Document, in Support may be extended for one-year periods on the anniversary of
machine-readable, object code form and solely for Customer's internal each Purchase Date at the standard amounts set forth in its price list,
business use. for as long as TIBCO offers Support. Customer may reinstate lapsed
support for any then currently supported Software by paying all
Restrictions. Customer agrees not to (a) make more copies than the Support fees in arrears and any applicable reinstatement fee.
number of Permitted Instances plus a reasonable number of backups; Upgrades, patches, enhancements, bug fixes, new versions and/or
(b) provide access to the Software to anyone other than employees, new releases of the Software provided from time to time under
contractors, or consultants of Customer; (c) sublicense, transfer, Support shall be used only as replacements to existing Permitted
assign, distribute to any third party, pledge, lease, rent, or Instances, and shall not be deemed to increase that number, and use
commercially share the Software or any of Customer's rights under thereof shall be governed by the terms of this Agreement, except for
this Agreement (for the purposes of the foregoing a change in control the first paragraph of the Limited Warranty and any right of return or
of Licensee is deemed to be an assignment); (d) use the Software for refund.
purposes of providing a service bureau, including, without limitation,
providing third-party hosting, or third-party application integration or Consulting Services. Customer may request additional services
application service provider-type services, or any similar services; (e) ("Services") either in an Ordering Document, or by a separate
use the Software in connection with ultrahazardous activities, or any mutually executed work order, statement of work or other
activity for which failure of the Software might result in death or work-request document incorporating this Agreement (each, a "Work
serious bodily injury to Customer or a third party; or (f) directly or Order"). Unless otherwise expressly agreed to in a Work Order, all
indirectly, in whole or in part, modify, translate, reverse engineer, Services and any work product therefrom shall be (a) performed on a
decrypt, decompile, disassemble, make error corrections to, create time and materials basis, plus meals, lodging, travel, and other
derivative works based on, or otherwise attempt to discover the expenses reasonably incurred in connection therewith, (b) deemed
source code or underlying ideas or algorithms of the Software. accepted upon delivery, and (c) exclusively owned by TIBCO (except
for confidential information of Customer identified to TIBCO in the
Beta and Evaluation Licenses. Notwithstanding the foregoing, if the Ordering Document), including all right, title and intellectual property
Software is being provided for demonstration, beta testing, or or other right or interest therein. Each Work Order is intended to
evaluation purposes, then Customer agrees (a) to use the Software constitute an independent and distinct agreement of the parties,
solely for such purposes, (b) that the Software will not be used or notwithstanding that each shall be construed to incorporate all
deployed in a production environment, and (c) that such use shall applicable provisions of this Agreement. Specific to TIBCO training
automatically terminate upon the earlier of thirty days from the date services, additional information regarding courses, registration,
Customer receives the right to install the Software, or Customer's restrictions or limitation can be found at TIBCO's website at
receipt of notice of termination from TIBCO. http://www.tibco.com/services/educational under Education Programs.
Fees for Services shall be due and payable in United States dollars
Technical Support. Provided Customer has paid applicable support net 30 from the date of TIBCO's invoice.
fees (not included with Software fees unless separately listed), TIBCO
shall provide support for generally available TIBCO Software on an Limited Warranty. If Customer obtained the Software directly from
annual basis commencing on the Purchase Date, as follows TIBCO, then TIBCO warrants that for a period of thirty (30) days from
("Support"): Customer shall designate at TIBCO's support website the Purchase Date: (i) the media on which the Software is furnished
https://support.tibco.com/eSupport/newuser.html, the number of will be free of defects in materials and workmanship under normal
technical support contacts permitted under the level of Support use; and (ii) the Software will substantially conform to its published
purchased (contacts are changeable upon 48-hours prior written specifications. This limited warranty extends only to the original
notice to TIBCO). Each contact may contact TIBCO for problem Customer hereunder. Customer's sole and exclusive remedy and the
resolution during TIBCO's published support hours corresponding to entire liability of TIBCO and its licensors under this limited warranty
the level of Support fees paid. will be, at TIBCO's option, repair, replacement, or refund of the
Software and applicable Support fees, in which event this Agreement
Upon notice from a contact of a Software problem which can be shall terminate upon payment thereof.
reproduced at a TIBCO support facility or via remote access to

244
| TIBCO Software Inc. End User License Agreement
This warranty does not apply to any Software which (a) is licensed for INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE,
beta, evaluation, testing or demonstration purposes for which TIBCO EXEMPLARY OR ANY SIMILAR TYPE DAMAGES ARISING OUT OF
does not receive a license fee, (b) has been altered or modified, THIS AGREEMENT, THE USE OR THE INABILITY TO USE THE
except by TIBCO, (c) has not been installed, operated, repaired, or SOFTWARE, OR THE PROVISION OF ANY SUPPORT OR
maintained in accordance with instructions supplied by TIBCO, (d) has SERVICES, EVEN IF A PARTY HAS BEEN ADVISED OF THE
been subjected to abnormal physical or electrical stress, misuse, POSSIBILITY OF SUCH DAMAGES. EXCEPT FOR THE EXCLUDED
negligence, or accident, or (e) is used in violation of any other term of MATTERS, IN NO EVENT SHALL A PARTY BE LIABLE TO THE
this Agreement. Customer agrees to pay TIBCO for any Support or OTHER, WHETHER IN CONTRACT, TORT (INCLUDING ACTIVE
Services provided by TIBCO related to a breach of the foregoing on a OR PASSIVE NEGLIGENCE), BREACH OF WARRANTY, CLAIMS
time, materials, travel, lodging and other reasonable expenses basis. BY THIRD PARTIES OR OTHERWISE, EXCEED THE PRICE PAID
If Customer obtained the Software from a TIBCO reseller or BY CUSTOMER UNDER THE APPLICABLE ORDERING
distributor, the terms of any warranty shall be as provided by such DOCUMENT.
reseller or distributor, and TIBCO provides Customer no warranty with
respect to such Software. THE FOREGOING LIMITATIONS SHALL APPLY EVEN IF THE
ABOVE-STATED REMEDY OR LIMITED WARRANTY FAILS OF ITS
EXCEPT AS SPECIFIED IN THIS LIMITED WARRANTY, THE ESSENTIAL PURPOSE. BECAUSE SOME STATES OR
SOFTWARE, SUPPORT AND SERVICES ARE PROVIDED "AS IS", JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF
ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE
AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY LIMITATION MAY NOT APPLY TO CUSTOMER.
IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, Confidentiality. "Confidential Information" means the terms of this
SATISFACTORY QUALITY OR ARISING FROM A COURSE OF Agreement; all information marked by the disclosing party as
DEALING, USAGE, OR TRADE PRACTICE, ARE HEREBY proprietary or confidential; any provided software, related
EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. documentation or related performance test results derived by
NO WARRANTY IS MADE REGARDING THE RESULTS OF ANY Licensee; and any methods, concepts or processes utilized in
SOFTWARE, SUPPORT OR SERVICES OR THAT THE SOFTWARE provided software or related documentation. Confidential Information
WILL OPERATE WITHOUT ERRORS, PROBLEMS OR shall remain the sole property of the disclosing party and shall not be
INTERRUPTIONS, OR THAT ERRORS OR BUGS IN THE disclosed to any non-Authorized User without the prior written consent
SOFTWARE WILL BE CORRECTED, OR THAT THE SOFTWARE'S of the disclosing party. If Confidential Information is communicated
FUNCTIONALITY OR SERVICES WILL MEET CUSTOMER'S orally, such communication shall be confirmed as "Confidential" in
REQUIREMENTS. NO TIBCO DEALER, DISTRIBUTOR, AGENT OR writing within thirty days of such disclosure. The parties agree to
EMPLOYEE IS AUTHORIZED TO MAKE ANY MODIFICATIONS, protect the Confidential Information of the other in the same manner it
EXTENSIONS OR ADDITIONS TO THIS WARRANTY. protects the confidentiality of similar information and data of its own
(and at all times exercising at least a reasonable degree of care).
Indemnity. If Customer obtained the Software from TIBCO directly, Except with respect to the Software, items will not be deemed
then TIBCO shall indemnify Licensee from and against any final Confidential Information if (i) available to the public other than by a
judgment by a court of competent jurisdiction, including reasonable breach of an agreement with TIBCO, (ii) rightfully received from a third
attorneys' fees, that the unmodified TIBCO Software infringes any party not in breach of any obligation of confidentiality, (iii)
patent issued by the United States, Canada, Australia, Japan, or any independently developed by one party without use of the Confidential
member of the European Union, or any copyright, or any trade secret Information of the other; (iv) known to the recipient at the time of
of a third party; provided that TIBCO is promptly notified in writing of disclosure (other than under a separate confidentiality obligation); or
such claim, TIBCO has the exclusive right to control such defense (v) produced in compliance with applicable law or court order,
and/or settlement, and Licensee shall provide reasonable assistance provided the other party is given reasonable notice of the same. Both
(at TIBCO's expense) in the defense thereof. In no event shall parties agree to indemnify the other for any damages the other may
Licensee settle any claim, action or proceeding without TIBCO's prior sustain resulting from their unauthorized use and/or disclosure of the
written approval. In the event of any such claim, litigation or threat other's Confidential Information. Such damages shall include
thereof, TIBCO, at its sole option and expense, shall (a) procure for reasonable expenses incurred in seeking both legal and equitable
Licensee the right to continue to use the TIBCO Software or (b) remedies. To the extent required by law, at Customer's request,
replace or modify the TIBCO Software with functionally equivalent TIBCO shall provide Customer with the interface information needed
software. If such settlement or modification is not commercially to achieve interoperability between the Software and another
reasonable (in the reasonable opinion of TIBCO), TIBCO may cancel independently created program, on payment of TIBCO's applicable
this Agreement upon sixty days prior written notice to Licensee, and fee. Customer agrees to observe obligations of confidentiality with
refund to Licensee the unamortized portion of the license fees paid to respect to such information.
TIBCO by Licensee based on a five-year straight-line depreciation.
This Section states the entire liability of TIBCO with respect to the Export. Software, including technical data, is subject to U.S. export
infringement of any Intellectual Property rights, and Licensee hereby control laws, including the U.S. Export Administration Act and its
expressly waives any other liabilities or obligations of TIBCO with associated regulations, and may be subject to export or import
respect thereto. The foregoing indemnity shall not apply to the extent regulations in other countries. Customer agrees to comply strictly with
any infringement could have been avoided by use of the then-current all such regulations and agrees to obtain all necessary licenses to
release. export, re-export, or import Software.
Limitation of Liability. EXCEPT AS PROVIDED UNDER Government Use. If the Customer is an agency, department, or other
INDEMNITY OR RESULTING FROM A BREACH OF entity of the United States Government ("Government"), the use,
CONFIDENTIALITY (THE "EXCLUDED MATTERS"), IN NO EVENT duplication, reproduction, release, modification, disclosure or transfer
WILL EITHER PARTY OR TIBCO'S LICENSORS BE LIABLE FOR of the Software, or any related documentation of any kind, including
ANY LOST DATA, LOST REVENUE, LOST PROFITS, DAMAGE TO technical data or manuals, is restricted in accordance with Federal
REPUTATION, BUSINESS INTERRUPTION, OR ANY OTHER Acquisition Regulation ("FAR") 12.212 for civilian agencies and

| 245
Defense Federal Acquisition Regulation Supplement ("DFARS") of TIBCO's income taxes. No delay in the performance of any
227.7202 for military agencies. The Software is commercial computer obligation by either party, excepting all obligations to make payment,
software and commercial computer software documentation. Use of shall constitute a breach of this Agreement to the extent caused by
the Software and related documentation by the Government is further force majeure. Customer hereby grants TIBCO and its independent
restricted in accordance with the terms of this Agreement, and any auditors the right to audit Customer's compliance with this Agreement.
modification thereto. If any portion of this Agreement is found to be void or unenforceable,
the remaining provisions shall remain in full force and effect. This
Orders. An Ordering Document shall be deemed accepted only by Agreement shall be governed by and construed in accordance with
issuance of a TIBCO invoice and solely for purposes of administrative the laws of the State of California, United States of America, as if
convenience. None of the terms of the Ordering Document (other than performed wholly within the state and without giving effect to the
the Software product name, number of Permitted Instances, level of principles of conflict of law. The state and/or federal courts in San
Support, description of Services, and fees due in connection Francisco, California, shall have exclusive jurisdiction of any action
therewith) shall apply for any reason or purpose whatsoever, arising out of or relating to this Agreement. The United Nations
regardless of any statement on any Ordering Document to the Convention on Contracts for the International Sale of Goods is
contrary, unless countersigned by an officer of TIBCO. This excluded from application hereto. If any portion hereof is found to be
Agreement constitutes the entire agreement between the parties with void or unenforceable, the remaining provisions of this Agreement
respect to the use of the Software, Support and Services, and shall remain in full force and effect.
supersedes all proposals, oral or written, and all other
representations, statements, negotiations and undertakings relating to Definitions. In connection with this Agreement, the following
the subject matter hereof. All orders of Software, Support or Services capitalized terms shall have the following meaning: "Agreement"
by Customer from TIBCO shall be deemed to occur under the terms of means this End User License Agreement; "Case Start" means the
this Agreement (with or without reference to this Agreement), unless initiation of a single instance of a defined business process;
expressly superseded by a signed written Agreement between the "Connection" for the following TIBCO Software products shall mean:
parties. Software shall be delivered electronically, and such delivery for TIBCO Enterprise Message Service, a TIBCO Enterprise Message
shall occur when the TIBCO Software is made available for download Service client connection to the TIBCO Enterprise Message Service
by Customer. Physical deliveries (as applicable) of Software and server for the purpose of sending or receiving messages, for TIBCO
documentation which typically accompanies the Software on delivery SmartSockets and TIBCO SmartMQ, any network protocol link
shall be on CD-ROM, FOB Palo Alto, and delivery shall occur by established with such TIBCO Software (directly or indirectly) to any
depositing the CD-ROM with TIBCO's overnight carrier (at no charge other entity, including but not limited to software, firmware or
to Customer). hardware, for TIBCO Enterprise RTView - Standard Monitor System,
the number of monitored server instances to TIBCO Rendezvous
Term and Termination. Support or Services may be terminated: (a) daemons or TIBCO Hawk agents; for TIBCO Enterprise RTView- EMS
by either party upon a default of the other, such default remaining Monitor System, a monitored TIBCO Enterprise Message Service
uncured for fifteen days from written notice from the non-defaulting Connection (as defined above for that product); for TIBCO General
party; (b) upon the filing for bankruptcy or insolvency of the other Interface, an electronic data interface to a CPU on a server (which
party, (c) by either party upon prior written notice at least sixty days excludes CPUs on devices such as routers, switches, proxies, or
prior to the end of any annual Maintenance period; or (d) by Licensee HTTP or application servers configured to substantially pass-through
(for Services), upon ten days prior written notice. Termination of information or messages to TIBCO General Interface) that produces
Support or Services shall not terminate this Agreement. Customer information or messages consumed by TIBCO General Interface;
may terminate this Agreement in its entirety at any time by destroying "Customer" means the original purchaser or licensee of the Software
all copies of the Software. Upon termination of this Agreement in its and any permitted successors and assigns; "Developer" means one
entirety, for any reason, Customer must cease using and return or user/developer of a TIBCO Software product for use in Development;
destroy all copies of the Software. Customer's obligation to pay "Development" means used for software development purposes only;
accrued charges and any fees due as of the date of termination, as "Enterprise" means an unlimited number of Permitted Instances for a
well as the sections entitled "Confidentiality", "Limited Warranty" and period of one year from the Purchase Date (unless otherwise set forth
"Limitation of Liability" shall survive any such termination. in the Ordering Document), at which time existing licenses convert to
perpetual and Customer may not thereafter deploy additional
Authority. You hereby represent and warrant that you have full power Permitted Instances, and in any event, shall (during the one-year
and authority to accept the terms of this Agreement on behalf of unlimited deployment period) exclude any entity which acquires, is
Customer, and that Customer agrees to be bound by this Agreement. acquired by, merged into, or otherwise combined with Customer.
Customer hereby agrees to provide TIBCO with notice of the number
General. Fees on the Ordering Document (all to be paid on the latter of Permitted Instances deployed at the end of such one-year period
of thirty days from Invoice by TIBCO or the date set forth in the within thirty days thereafter; "Fab" means unlimited use for shop-floor
Ordering Document) do not include sales, use, withholding, manufacturing applications at a Site; "Workstation" shall mean a
value-added or similar taxes, and Customer agrees to pay the same, single end-user computer that is generally intended to be accessed by
excluding therefrom taxes related to TIBCO's income and corporate one person at a time; "Ordering Document" means any purchase
franchise tax. Customer agree to pay all reasonable costs incurred order or similar document or agreement requesting Software, Support
(including reasonable attorneys' fees) in collecting past due amounts or Services; "Permitted Instance(s)" means the number of copies of
under this Agreement. Except as set forth in the Section entitled Software running on a Server Instance, Workstation, User, or
Limited "Warranty" all fees paid under or in connection with this Development basis, on a designated Platform, as set forth in an
Agreement are non-refundable and no right of set-off exists. All Ordering Document, including, without limitation, Enterprise, Site and
payments of fees due shall be made in U.S. dollars, net 30 from Fab licensing; "Platform" means the operating system set forth in an
Purchase Date, or, for any other amounts coming due hereafter, net Ordering Document; "Purchase Date" means the date of the Ordering
30 from TIBCO's invoice. A service charge of one and one-half Document is accepted by TIBCO; "Server Instance" means a
percent per month will be applied to all invoices that are not paid on computer with 1 CPU (unless otherwise set forth in the Ordering
time. Licensee agrees to pay all sales, use, value-added, withholding, Document) performing common services for multiple machines; "Site"
excise and any other similar taxes or government charges, exclusive means an unlimited number of Permitted Instances at a specific

246
| TIBCO Software Inc. End User License Agreement
physical address set forth in the Ordering Document (or, in the
absence of any address, at Customer's corporate headquarters);
Third-Party Software Notices
"Software" means the software products listed in an Ordering
Document (except as provided in the second paragraph hereof), in
whole and in part, along with their associated documentation; "TIBCO" Netscape Portable Runtime 4.1.1
means TIBCO Software Inc.; and "Named User" means the number of
named users with access to the Software. This product includes Mozilla NSS Security Tools. The source code for
this software may be obtained from
Special Product Provisions. TIBCO BusinessPartner: Customer ftp://ftp.mozilla.org/pub/s ecurity/nss.
may sublicense to third parties ("Partners") up to the total Number of
Copies of TIBCO BusinessPartner, provided that for every such Netscape Security Services 3.2.1
sublicense, the Number of Copies Customer is licensed to use shall
be reduced by the same number, and provided further that prior to This product includes Mozilla NSS Security Tools. The source code for
delivery of TIBCO BusinessPartner to a Partner, such Partner agrees this software may be obtained from
in writing (a) to be bound by terms and conditions at least as ftp://ftp.mozilla.org/pub/s ecurity/nss.
protective of TIBCO as the terms of this Agreement, (b) that TIBCO
BusinessPartner be used solely to communicate with Customer's
implementation of TIBCO BusinessConnect, and (c) for such Partner ADDENDA: Third-Party License Agreements
to direct all technical support and Maintenance questions directly to
Customer. Customer agrees to keep records of the Partners to which
it distributes TIBCO BusinessPartner, and to provide TIBCO the
names thereof (with an address and contact name) within sixty days of
the end of each quarter. Third Party Software: Use of any other
third-party software identified by its company and/or product name or
otherwise designated in Licensee's Ordering Document (collectively
"Third Party Software") is subject solely to the terms and conditions of
the click-wrap or shrink-wrap license agreement included with the
Third Party Software products, and for which TIBCO shall be an
intended third-party beneficiary of same. TIBCO shall have no
obligation whatsoever in connection with the Third Party Software
(including, without limitation, any obligation to provide maintenance or
support) and the provision of Third Party Software is accomplished
solely as an accommodation and in lieu of Customer purchasing a
license to Third Party Software directly from the third party vendor.
Embedded/Bundled Products. Some TIBCO Software embeds or
bundles other TIBCO Software (e.g., TIBCO InConcert bundles
TIBCO Rendezvous). Use of such embedded or bundled TIBCO
Software is solely to enable the functionality of the TIBCO Software
licensed on the Cover Page, and may not be used or accessed by any
other TIBCO Software, or for any other purpose. Open Source
Software: If Licensee uses Open Source software in conjunction with
the TIBCO Software, Licensee must ensure that its use does not: (i)
create, or purport to create, obligations of use with respect to the
TIBCO Software; or (ii) grant, or purport to grant, to any third party any
rights to or immunities under TIBCO's intellectual property or
proprietary rights in the TIBCO Software. You also may not combine
the TIBCO Software with programs licensed under the GNU General
Public License ("GPL") in any manner that could cause, or could be
interpreted or asserted to cause, the TIBCO Software or any
modifications thereto to become subject to the terms of the GPL.
Version 5.2, 3/05

Third-Party Software License Agreements
| 247
Third-Party Software License Agreements

The following are the software licenses for the Third-Party Software This product includes cryptographic software written by Eric
provided in connection with the software. Young(eay@cryptsoft.com). This product includes software written by
Tim Hudson (tjh@cryptsoft.com).
License Issues Original SSLeasy License
The OpenSSL toolkit stays under a dual license, i.e. both the Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com). All rights
conditions of the OpenSSL License and the original SSLeay license reserved.
apply to the toolkit.
This package is an SSL implementation written by Eric Young
See below for the actual license texts. Actually both licenses are (eay@cryptsoft.com).
BSD-style Open Source licenses. In case of any license issues related
to OpenSSL please contact openssl-core@openssl.org. The implementation was written so as to conform with Netscapes
SSL.
The OpenSSL License This library is free for commercial and non-commercial use as long as
the following conditions are aheared to. The following conditions apply
Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. to all code found in this distribution, be it the RC4, RSA,lhash, DES,
etc., code; not just the SSL code. The SSL documentation included
Redistribution and use in source and binary forms, with or without with this distribution is covered by the same copyright terms except
modification, are permitted provided that the following conditions are that the holder is Tim Hudson (tjh@cryptsoft.com).
met:
Copyright remains Eric Young's, and as such any Copyright notices in
1. Redistributions of source code must retain the above copyright the code are not to be removed. If this package is used in a product,
notice, this list of conditions and the following disclaimer. Eric Young should be given attribution as the author of the parts of the
library used. This can be in the form of a textual message at program
2. Redistributions in binary form must reproduce the above copyright startup or in documentation (online or textual) provided with the
notice, this list of conditions and the following disclaimer in the package.
documentation and/or other materials provided with the distribution.
Redistribution and use in source and binary forms, with or without
3. All advertising materials mentioning features or use of this software modification, are permitted provided that the following conditions are
must display the following acknowledgment: "This product includes met:
software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)" 1. Redistributions of source code must retain the copyrightnotice, this
list of conditions and the following disclaimer.
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to endorse or promote products derived from this software 2. Redistributions in binary form must reproduce the above copyright
without prior written permission. For written permission, please notice, this list of conditions and the following disclaimer in the
contact openssl-core@openssl.org. documentation and/or other materials provided with the distribution.
5. Products derived from this software may not be called "OpenSSL" 3. All advertising materials mentioning features or use of this software
nor may "OpenSSL" appear in their names without prior written must display the following acknowledgement: "This product includes
permission of the OpenSSL Project. cryptographic software written by Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library
6. Redistributions of any form whatsoever must retain the following being used are not cryptographic related :-).
acknowledgment:"This product includes software developed by the
OpenSSL Project for use in the OpenSSL Toolkit 4. If you include any Windows specific code (or a derivative thereof)
(http://www.openssl.org/)" from the apps directory (application code) you must include an
acknowledgement: "This product includes software written by Tim
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS Hudson (tjh@cryptsoft.com)"
IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
OF THE POSSIBILITY OF SUCH DAMAGE.

248
| Third-Party Software License Agreements
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
The licence and distribution terms for any publically available version
or derivative of this code cannot be changed. i.e. this code cannot
simply be copied and put under another distribution licence [including
the GNU Public Licence.]

| 249
Index
A C
activateTraceRole() Class Microagent Name field, adapter 102
Hawk method 180 command line arguments 184
adapter compatible software 23
compatible software 23 configuration
components 23 converting certificates to use SSL 85
configuration overview 84 configuration tab 91
encoding 98 publication service 104
installation on UNIX 30 request-response service 122
installing on Microsoft Windows 25 subscription service 113
instance fields 91 configuration tasks 84
instance tabs 91 configuring SSL 85
integration with LDAP 2
overview 2
preparing the LDAP server for use 41
publication service 10 D
request-response service 11
role 2 deactivateTraceRole()
services available 4 Hawk method 181
subscription service 10 design-time connection tab 92
supported messaging transports 4 directory store 3
adapter components 23
adapter instance
configuration tab 91
design-time connection tab 92 E
general tab 98
logging tab 99 enabling SSL on the LDAP server 41
monitoring tab 101 encoding 98
multithreading tab 98 setting options 156
run-time connection tab 95 example
startup tab 101 configuring the adapter 49
tabs available 91 configuring the project with TIBCO
adapter services 4, 103
agents 170
alerts 170

250
| Index
IntegrationManager 59 getThreadStatistics()
configuring the publication service 52 Hawk method 205
configuring the request-response service 56 getTraceSinks()
configuring the subscription service 54 Hawk method 189
converting the project 58 getVersion()
creating the project 47 Hawk method 190
deploying the project 80 global variables 152
prerequisites 44 predefined variables 154
setting LDAP connection parameters 45 specifying using TIBCO Designer 152
starting the adapter 80 using 152
G H
general tab 98 Hawk
getActivityStatisticeBySchema() auto-discovery process 172
Hawk method 200 available microagents 176
getActivityStatistics() defining a session 150
Hawk method 198 invoking microagent methods 173
getActivityStatisticsByOperation() overview 170
Hawk method 199
getActivityStatisticsByService()
Hawk method 201
getAdapterServiceInformation()
Hawk method 182
getComponents()
Hawk method 183
getConfig()
Hawk method 184
getConfigProperties()
Hawk method 185
getConnectionStatistics()
Hawk method 202
getHostInformation()
Hawk method 186
getPollingInterval()
Hawk method 203
getQueueStatistics()
Hawk method 204
getRvConfig()
Hawk method 187
getStatus()
Hawk method 188

Index 251
|
Hawk methods L
_onUnsolictedMsg() 191
activateTraceRole() 180 LDAP
deactivateTraceRole() 181 directory store 3
getActivityStatistics() 198 server synchronization 157
getActivityStatisticsByOperation() 199 supported operations 131
getActivityStatisticsBySchema() 200 LDAP integration with adapter 2
getActivityStatisticsByService() 201 LDAP server
getAdapterServiceInformation() 182 enabling SSL 41
getComponents() 183 preparation for use with adapter 41
getConfig() 184 setting search size limit 41
getConfigProperties() 185 ledger files
getConnectionStatistics() 202 retrieving information through TIBCO Hawk 193
getHostInformation() 186 logging tab 99
getPollingInterval() 203
getQueueStatistics() 204
getRvConfig() 187
getStatus() 188 M
getThreadStatistics() 205
getTraceSinks() 189 messaging transports 4
getVersion() 190 microagent methods supported 176
preRegisterListener() 192 Microagent Session field, adapter 102
resetActivityStatistic() 206 monitoring tab 101
resetConnectionStatistics() 207 multiple object classes
resetThreadStatistics() 208 handling entries 139
reviewLedger() 193 multithreading tab 98
setPollingInterval() 209
setTraceSinks() 195
stopApplicationInstance() 196
unRegisterListener() 197 O
overview 2
I
installation P
FAQs 34
on Microsoft Windows 25 preparing server interfaces 39
on UNIX 30 preRegisterListener()
troubleshooting 34 Hawk method 192
instance fields publication service 10
adapter 91 configuration tab 104
configuring timers

252
| Index
configuring timers 162 setPollingInterval()
fields 104 Hawk method 209
schema tab 112 setting encoding options 156
schema view tab 109 setTraceSinks()
transport tab 105 Hawk method 195
SSL
configuring 85, 87
conveting certificates for use at run-time 87
R design-time use without external authentication 86
use at design-time 85
request-response service 11 use at design-time with external authentication 86
configuration tab 122 use at run-time 87
fields 122 use at run-time with external authentication 89
schema tab 130 use at run-time without external authentication 89
schema view tab 127 startup tab 101
transport tab 124 status messages 216
resetActivityStatistics() stopApplicationInstance()
Hawk method 206 Hawk method 196
resetConnectionStatistics() subscription service 10
Hawk method 207 configuration tab 113
resetThreadStatistics() fields 113
Hawk method 208 schema tab 121
reviewLedger() schema view tab 118
Hawk method 193 transport tab 115
reviewLedger, TIBCO Hawk method 193
run-time connection tab 95
S TIBCO Hawk
background information 170
schema for Publication Service 109, 112 enterprise monitor components 170
schema for Request-Response Service 127 TIBCO Hawk methods
schema for Subscription Service 118 getComponents 183
schema support 5 getRvConfig 187
schema tab getStatus 188
publication service 112 reviewLedger 193
request-response service 130 trace message
subscription service 121 example 212
schema view tab fields 214
publication service 109 structure 212
request-response service 127 Tracing 212
subscription service 118 Tracing Levels and Fields 214
server interfaces
preparing 39

Index 253
|
transport tab
publication service 105
request-response service 124
subscription service 115
U
UNIX
combining options 33
installing adapter 31
post-installation 33
supported LDAP servers 30
unregisterListener()
Hawk method 197
Use Advanced Logging field, adapter 99
using
global variables 152
V
variable substitution 152

254
| Index

TIBCO Adapter For LDAP - User's Guide

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

TIBCO Adapter For LDAP - User's Guide

Transféré par

Droits d'auteur :

Formats disponibles

TIBCO Adapter™ for LDAP

TIBCO Adapter for LDAP User’s Guide

Chapter 3 Preparing LDAP Server Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Chapter 4 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

TIBCO Adapter for LDAP User’s Guide

Chapter 5 Adapter Instance Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

TIBCO Adapter for LDAP User’s Guide

Chapter 7 Advanced Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Chapter 8 Monitoring the Adapter Using TIBCO Hawk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

TIBCO Adapter for LDAP User’s Guide

Appendix A Trace Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Appendix B Additional LDAP Directory Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

TIBCO Adapter for LDAP User’s Guide

TIBCO Adapter for LDAP User’s Guide

Figure 1 Logical Architecture for Integration with LDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

TIBCO Adapter for LDAP User’s Guide

TIBCO Adapter for LDAP User’s Guide

Table 1 TIBCO Adapter components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

TIBCO Adapter for LDAP User’s Guide

TIBCO Adapter for LDAP User’s Guide

TIBCO Adapter™ for LDAP is a bidirectional gateway between applications

• Related Documentation, page xiv

TIBCO Adapter for LDAP User’s Guide

This section lists documentation resources you may find useful.

TIBCO Product Documentation

Other TIBCO Product Documentation

TIBCO Adapter for LDAP User’s Guide

• TIBCO Administrator™ software:

TIBCO Adapter for LDAP User’s Guide

• TIBCO Adapter™ SDK

TIBCO Adapter for LDAP User’s Guide

How to Contact TIBCO Customer Support

TIBCO Adapter for LDAP User’s Guide

TIBCO Adapter for LDAP User’s Guide

• Adapter Overview, page 2

TIBCO Adapter for LDAP User’s Guide

Integration With LDAP

TIBCO Adapter for LDAP User’s Guide

Figure 1 Logical Architecture for Integration with LDAP

LDAP Server LDAP Directory

TIBCO Adapter for LDAP User’s Guide

Support for Dual TIBCO Messaging Transports

TIBCO Adapter for LDAP User’s Guide

Support for Distributed Queues

Support for Multithreading

Support for Internationalization

TIBCO Adapter for LDAP User’s Guide

Support for Basic Authentication

TIBCO Adapter for LDAP User’s Guide

Support for SSL

Refined Search Capabilities

Support for Retrieval of the DN of Searched Entries

TIBCO Adapter for LDAP User’s Guide

Publication Service Filter

Support for SEARCH Operation on Sub Class

TIBCO Adapter for LDAP User’s Guide

Enhanced Logging Capability

LDAP Schema Browser for Specifying Object Classes

TIBCO Adapter for LDAP User’s Guide

The adapter provides the following services: Publication Service, Subscription

Figure 2 Typical Publication Service Flow

LDAP Server LDAP Directory

Publish an LDAP TIBCO Adapter