Académique Documents
Professionnel Documents
Culture Documents
User’s Guide
Software Release 5.4
September 2006
Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH
EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY
(OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE.
THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY
ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.
USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND
CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED
SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT,
THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING
DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN
TIBCO ADAPTER FOR LDAP USER’S GUIDE). USE OF THIS DOCUMENT IS SUBJECT TO
THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE
ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.
This document contains confidential information that is subject to U.S. and international copyright
laws and treaties. No part of this document may be reproduced in any form without the written
authorization of TIBCO Software Inc.
TIB, TIBCO, TIBCO Software, TIBCO Adapter, Predictive Business, Information Bus, The Power of
Now, TIBCO Adapter, TIBCO Rendezvous, TIBCO Administrator, TIBCO IntegrationManager,
TIBCO Designer, TIBCO Hawk, and TIBCO Enterprise Message Service are either registered
trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.
EJB, J2EE, JMS and all Java-based trademarks and logos are trademarks or registered trademarks of
Sun Microsystems, Inc. in the U.S. and other countries.
All other product and company names and marks mentioned in this document are the property of
their respective owners and are mentioned for identification purposes only.
This software may be available on multiple operating systems. However, not all operating system
platforms for a specific software version are released at the same time. Please see the readme.txt file
for the availability of this software version on a specific operating system platform.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL
ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE
CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO
SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S)
AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.
THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY
OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE,
INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.
Copyright © 1999-2006 TIBCO Software Inc. ALL RIGHTS RESERVED.
TIBCO Software Inc. Confidential Information
| iii
Contents
Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
TIBCO Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Other TIBCO Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
How to Contact TIBCO Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
Chapter 1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Adapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Integration With LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Directory Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Adapter Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Adapter Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Publication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Subscription Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Preparing your Environment for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
LDAP Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Pre-Installation Worksheet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Adapter Machine Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
LDAP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
LDAP Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Installer Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Upgrading the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Uninstalling the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Installation Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Microsoft Windows Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
UNIX Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Installation History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Chapter 6 Deploying and Starting the Adapter Using TIBCO Administrator . . . . . . . . . . . . . 141
Create an EAR File in TIBCO Designer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Figures
Tables
Preface
Topics
Related Documentation
For comments or problems with this manual or the software it addresses, please
contact TIBCO Support Services as follows.
• For an overview of TIBCO Support Services, and information about getting
started with TIBCO Product Support, visit this site:
http://www.tibco.com/services/support/
• If you already have a valid maintenance or support contract, visit this site:
http://support.tibco.com
Entry to this site requires a username and password. If you do not have a
username, you can request one.
Chapter 1 Concepts
This chapter introduces the TIBCO Adapter for LDAP product by providing
background information about its features and product elements, and about the
applications that use it.
Topics
Adapter Overview
TIBCO Adapter for LDAP brings LDAP servers into the TIBCO interoperability
framework. The adapter allows applications configured for the TIBCO
environment to communicate with LDAP servers without any knowledge of
LDAP protocol, LDAP APIs, and LDAP server implementation. Applications can
retrieve information from or update LDAP servers.
The adapter provides a Publication Service, a Subscription Service, and a
Request-Response Server Service. The Publication Service publishes the changes
occurring on the LDAP server to the TIBCO environment. The Subscription
Service receives messages from the TIBCO environment, and updates the LDAP
server appropriately. The Request-Response Server Service receives requests for
LDAP information from applications, contacts the configured LDAP server for it,
and sends the results in its response to the TIBCO environment, for the
applications.
TIBCO Adapter for LDAP helps organizations to move transparently from
proprietary, application-specific directories to organization-wide LDAP
directories.
TIBCO Environment
Messages
TIBCO Adapter
for LDAP
Directory Store
In LDAP terminology, a directory store is a repository of information, typically
including information on resources, services, users, applications, devices and
configuration. Unlike a database, a directory is used mostly for read operations
and is rarely updated.
A server, which implements the directory store and supports the LDAP protocol
and API is typically referred to as an LDAP server.
Data on an LDAP server is stored as entries, each of which stores information
about some object or entity. Each entry has a number of attributes. Each attribute
has a type.
Each LDAP entry belongs to one or more object classes. An object class defines
what attributes entries can have, so object classes define the schema on an LDAP
server.
All entries on an LDAP server are organized into a tree structure, which is called
the Directory Information Tree (DIT).
LDAP servers allow users to add, update, delete, look up, and search for entries.
LDAP clients can be configured to connect to LDAP servers with or without
authentication.
Adapter Features
The following adapter features are described in detail in this manual. For
additional adapter features, refer to the TIBCO Adapter Concepts book.
Adapter Services
The following adapter services are supported:
• Publication Service — Publishes the changes occurring on the LDAP server to
JMS or TIBCO Rendezvous, for other applications to use.
• Subscription Service — Subscribes to messages from other applications on
JMS or TIBCO Rendezvous, and applies the requests contained in them to the
LDAP server.
• Request-Response Service — Receives requests for LDAP information from
applications, through JMS or TIBCO Rendezvous. It performs the required
operations on the LDAP server and sends the results in its reply.
An Easy-to-Use GUI
The adapter provides its own design-time component, namely the adapter
palette, which seamlessly integrates with TIBCO Designer. This easy-to-use
interface allows you to quickly configure adapter-specific features. You can use it
to enter, delete, and modify configuration information. You can easily specify
operational parameters and change them as needed.
Enterprise Message Service User’s Guide. You can specify the connection factory
type and the delivery mode to be used when you configure the adapter
service.
Schema Support
With the ActiveEnterprise wire format, you can configure a schema to describe
the structure of messages processed by the adapter. This feature is especially
useful in the following situations:
• Every adapter service supports one (and only one) schema. The service
restricts its operation (publish, subscribe, or request-response) to the chosen
schema as well as to a user-specified part of the DIT (Directory Information
Tree).
• If the schema information has changed on the LDAP server, you can
reconfigure the adapter instance to reflect the changes.
DIT Browsing
You can restrict the scope of a service to a specific part of the DIT.
• When you begin configuring a service, only the top-level entries in the tree are
visible. Entries below these are fetched dynamically when you explicitly
expand the subtrees.
• You can specify the number of entries. The maximum number of entries you
can specify is 10, 000. The tree expands if the number of entries is equal to, or
less than the value you specify.
• You can only select a single entry at any time since a service can be associated
only with one subtree.
• Each service lets you select a subtree of the LDAP DIT. The adapter supports
selection by example. For example, if you need to select object class X, you can
choose any entry belonging to object class X. Therefore, when you select a
particular LDAP entry type under a DIT, all the entries of that type,
irrespective of their position in the tree, will be supported by the service.
• If the tree selection is not required, all that you need to do is select the root of
the tree for each service.
• The adapter service will log an error and return an error message if the
incoming message tries to access other LDAP entry types or other portions of
the DIT tree.
Attribute Filtering
The adapter provides support for retrieving the attributes of an entry by
specifying the names of the attributes. This functionality is available only for the
Search operation in the request-response service.
Alias Dereferencing
In an LDAP directory, an alias entry is an entry that points to another entry.
Following an alias pointer is known as dereferencing an alias. In the LDAP
directory, you can set a leaf entry to point to another object in the namespace. This
alias entry, it contains the DN of the object to which it is pointing. When you look
up an object by using the alias, the alias is dereferenced so that what is returned is
the object pointed to by the alias's DN.
You can use aliases to organize the directory's namespace so that as the
namespace evolves, old names may be used. Suppose, for example, that in the
o=Wiz, c=us company, the departments ou=hardware and ou=software are
merged into ou=engineering. You can move the contents of ou=hardware and
ou=software to ou=engineering, and change the entries ou=hardware and
ou=software into alias entries that point to ou=engineering.
The adapter only supports alias dereferencing for the SEARCH operation.
So, if you configure a publication service for the object class inetorgperson and a
publication filter telephoneNumber>1000, then all entries that satisfy both these
criteria will be published by the adapter.
The filter should comply with the LDAP Search Filter Syntax described in the
LDAP specification.
Persistent Publisher
The adapter supports publication of the changes on an LDAP server even if the
adapter is not running when those changes are made on the server. This
functionality is available for all supported LDAP servers.
Server Synchronization
The adapter supports synchronization of changes between two supported LDAP
servers. This requires the Update Only If Different check box to be selected
for the subscriber service.
Referrals
The adapter supports referrals. A server that does not store the requested data can
refer the adapter to another server. Since a server might not store the entire DIT,
servers need to be linked together in some way to form a distributed directory
that contains the entire DIT. This is accomplished with referrals. The referral acts
like a pointer that can be followed to where the desired information is stored.
Adapter Services
Publication Service
The adapter gets a message from the LDAP server and sends the message to the
TIBCO environment.
For example, a new employee joins Company A. The administrator updates the
corporate LDAP server with the details of the new employee. The Publication
Service of the adapter receives this information from the LDAP server, assigns a
structure to it, and publishes it using TIBCO Rendezvous or JMS messaging for
other applications to pick up. All other applications that need to be aware of this
change are informed by the Publication Service via TIBCO Rendezvous or JMS
messaging.
TIBCO Environment
Message
Subscription Service
The adapter gets a message from the TIBCO environment and sends the message
to the LDAP server.
TIBCO Environment
Message
Request-Response Service
The adapter gets a request from the TIBCO environment and sends the request to
an LDAP server. When a response is returned to the adapter from the LDAP
server, the adapter sends the response to the TIBCO environment. The adapter
supports request-response scenarios with an RPC server.
For example, User A of an email client does not know the first name or email
address of the contact to whom a mail must be sent. Therefore, the user searches
for all names ending with Smith, using the Find Contact option on the email
client. The email client publishes this request using TIBCO Rendezvous or JMS
messaging, probably through an application adapter. When the
Request-Response Server Service of the adapter receives this query, it uses the
standard LDAP API to contact the LDAP server, and uses the Search operation to
find all names (or the specified number of names) ending with Smith. It then
returns the search results in its response to TIBCO Rendezvous or JMS messaging.
TIBCO Environment
Request Message
Response Message
TIBCO Adapter
for LDAP
Chapter 2 Installation
This chapter explains how to install the adapter on Microsoft Windows and UNIX
systems.
Topics
System name:
System IP address:
Username and password to access the system and run the adapter:
Username:
Password:
You must have write permissions to these directories to install the adapter. In
addition, on UNIX systems certain other permissions must be set to run the
adapter. See Permission Requirements on UNIX Systems on page 33 for details.
• To run the adapter you must have permissions to access the project where
adapter configuration is stored.
• Depending on whether TIBCO Administrator is used to set access
permissions, you may need an account identified by Administrator. See the
TIBCO Administrator User’s Guide for details.
Determine how the adapter installation files are to be transferred to this system.
The installation files can be downloaded from download.tiboc.com (if you have
an account setup to download). Do you plan to use FTP, NFS, HTTP, or install
from a CD?
LDAP Requirements
Determine which LDAP versions are supported.
• See Supported LDAP Servers on page 26 for Microsoft Windows.
• See Supported LDAP Servers on page 30 for UNIX systems.
Obtain the following information from your LDAP administrator. This is a list of
LDAP server parameters that you will need to configure the adapter, along with
the LDAP credentials that the adapter requires.
Note that the parameters listed here use LDAP terminology. This is the
information that you would typically be prompted for during a LDAP client
installation.
Test Connectivity
If you install the LDAP client, start it and ensure you can connect to the LDAP
server using the username and password that you were provided by your
administrator.
Use this form to capture the information you will need to collect before starting
installing the adapter
Pre-Installation Worksheet
Use this form to capture the information you will need to collect before starting
installing the adapter.
User password
LDAP Information
User password
LDAP Port
LDAP Software
Please specify where software for the LDAP server can be found within your
organization:
[ ] It's already installed on adapter machine.
Location on disk: ………………………….
[ ] Installation files are available via:
FTP (Server: ………… User: ………… Password: ……… )
Disk mount (full path: ………………………………………..)
CD provided during install by (name/extension): ………………………..
Installer Overview
The installer allows you to run in different modes. Each mode is supported on all
platforms.
• GUI mode
• Console mode
• Silent mode
GUI Mode
In GUI mode, the installer presents panels that allow you to make choices about
product selection, product location, and so on. When you invoke the installer by
double-clicking on the icon, GUI mode is used.
Console Mode
Console mode allows you to run the installer from the command prompt or
terminal window. This is useful if your machine does not have a Windows
environment.
Silent Mode
Silent mode either installs using default settings or uses a response file that was
saved during an earlier installation. Silent mode installs without prompting you
for information.
• If no response file has been recorded earlier and you invoke the installer with
the -silent argument, the default installation parameters are used.
• If a response file exists, and the installer is started with -options
<responseFileName> as an argument, the installer uses the values specified by the
user when the response file was generated.
For a major and minor release, the installer prompts whether you wish to
upgrade, and informs you if incompatible products are on your system. If you
proceed, major or minor releases are installed under a new directory that is
named using the major or minor release numbers.
For example, if you have installed the 5.0.0 release and are upgrading to a 5.1.0
minor release, it will be installed under the 5.1 directory. This allows both the 5.0
and 5.1 releases to coexist on the same machine.
If you are upgrading the adapter, or reinstalling a clean version of the software,
you may uninstall the product first or allow the installer to perform the upgrade
or reinstall.
Note that, if you are reinstalling over the same adapter version:
• You are not prompted to supply the installation location. The software is
automatically reinstalled where the previous version was installed.
• If any files are currently locked (that is, in use), the installer marks the file for
deletion in the install location. After installation, the installer prompts you to
reboot your system. You must reboot before using the software.
Microsoft Windows
Use one of the following options to uninstall the Adapter from the Microsoft
Windows platform:
• Click Start>Programs>TIBCO><Adapter>Uninstall
• Navigate to the _uninst directory located in the Adapter installation
directory and invoke the Tibuninstall.exe program.
• Click Start>Programs>TIBCO>TIBCO Installation Manager
• Use Add/Remove Programs from the Control Panel.
UNIX
Use one of the following options to uninstall the Adapter from the supported
UNIX platform:
• Navigate to the _uninst directory located in the Adapter installation
directoryand invoke the Tibuninstall.bin program.
Installation Registry
Do not edit, modify, rename, move, or remove any of the registry vpd files.
UNIX Platforms
The installation registry is maintained in the following files in the user's home
directory:
User_Home_Directory/vpd.properties
User_Home_Directory/vpd.properties.tibco.systemName
Installation History
The installer and uninstaller creates a file called
TIBCOInstallationHistory.xml in the same location where the installation
registry is created. Each time an installation and uninstallation is performed,
entries are appended to the file.
On Microsoft Windows:
SystemDrive:\WINNT\TIBCOInstallationHistory.xml
On UNIX: Users_Home_Directory/TIBCOInstallationHistory.xml
The file TIBCOInstallationHistory.xml therefore contains the record of all
installation and uninstallation activities of all products, features and components.
You can install different adapter components on different machines. For example,
you can run the run-time adapter on one machine and install the design-time
components on another machine. This allows you to configure an adapter on one
machine and run it on another.
Adapter Components
Table 1 describes the adapter components in the adapter installation package.
Component Purpose
Run-time adapter This process does the actual work of passing and converting data to and from
the vendor application. Parameters of data exchanges are stored in projects
created using the adapter palette.
Adapter palette Adapter-specific GUI that is loaded in TIBCO Designer (see next section for
details) at configuration time.
Component Purpose
TIBCO Runtime Agent Required. TIBCO Runtime Agent supplies a number of TIBCO and
third-party libraries used by the adapter and other TIBCO products both
at design time and run time. This includes, for example, TIBCO
Rendezvous and TIBCO Designer software.
You must install TIBCO Runtime Agent on each machine that hosts an
adapter. TIBCO Runtime Agent must be installed before you install the
adapter.
Component Purpose
TIBCO Administrator Required. Required. TIBCO Administrator includes the following
modules:
• User Management. Management of authentication, roles and users,
that is, connecting roles (groups) and users to access control lists
(ACLs). This includes security for server-based projects at
design-time and for deployed applications at runtime.
• Resource Management. Monitoring of machines and of all running
applications in a TIBCO administration domain. Alerts can be
created, for example, to notify an administrator if the number of
processes or disk usage exceed a certain number.
• Application Management. Uploading of Enterprise Archive (EAR)
files, creation, configuration, deployment, and monitoring of
applications. This console is also used to start and stop applications.
TIBCO Administrator is available as a separate installation and can be
installed after installing the adapter separate installation and can be
installed after installing the adapter.
TIBCO Enterprise Optional. TIBCO Enterprise Message Service allows you to use the Java
Message Service Messaging Services (JMS) as the messaging transport for your adapter.
TIBCO Enterprise Message Service is available as a separate installation
and can be installed after the adapter is installed.
Before starting the installation procedure, review the topics in this section to
determine that your system meets the basic requirements and that you have the
prerequisite software installed.
The following is a list of prerequisites for installing the adapter on Microsoft
Windows systems. See Installer Disk Space Requirements in Temporary Area on
page 21 for additional disk space requirements.
The following table also lists the platform-specific installation packages, where
<version_num> is the Adapter release number. For example, the installation
package name for TIBCO Adapter for LDAP 5.4.0on the Microsoft Windows 2000
platform is TIB_adldap-simple_<version_num>_w32.exe.
Table 3 Supported platforms, package names, service packs and disk space for Microsoft
Windows
Disk
Spac
Platform Package Names Hardware
e
(MB)
Microsoft x86 30
Windows 2000
Microsoft
Windows XP TIB_adldap-simple_<version_num
Professional >_w32.exe
Microsoft
Windows
Server 2003
Installer Account
You must have administrator privileges for the machine on which the adapter is
installed.
If you do not have administrator privileges, the installer will exit. You must then
log out of the system and log in as a user with the required privileges, or request
your system administrator to assign the privileges to your account.
Microsoft Windows Terminal Server must be running in the remote admin mode,
not application sharing mode. The adapter is not supported if installed on a
machine that is using Microsoft Windows Terminal Server in the application
sharing mode.
The best way to install the adapter on Microsoft Windows Terminal Server is to
use the Add/Remove Programs control panel applet. This automatically sets your
mode to Install during the installation and then back to Execute afterwards.
Alternatively, you can manually change your mode to Install before starting the
installation by typing the following at a command prompt:
C:\> change user /install
When running in console mode you can move through the installation process as
described next:
Enter Key = Moves forward in the installer
2 = Goes back to previous screen
3 = Cancels the Wizard and exits the installation or uninstallation
4 = Redisplays the current screen
The response file does not record selections at the component level. It does record
all other selections, for example, which products you wished to install.
Combining Options
You can combine the different available options. For example, to install in silent
mode using a response file, use:
TIB_adldap-simple_<version_num>_w32.exe -silent -options
<responseFileName>
Your operating system must meet the minimum patch requirements listed next.
See Installer Disk Space Requirements in Temporary Area on page 22 for
additional disk space requirements.
Table 4 Supported platforms, hardware, package names, patches and disk space for UNIX
systems
Disk
Platform Hardware Package Names Space
(MB)
Solaris 8 SPARC TIB_adldap-simple_<versi 35
on_num>_s4_58.bin
Solaris 9 36
Solaris 10
The adapter can be used with the Active Directory and ADAM directory servers
only on windows platform. However if you use it on any other platform, the
adapter displays the status message, AELDAP-00017. For more information about
the message, see , Status Messages, on page 216.
Installer Account
TIBCO 5.x products can be installed by a regular (non-root) user and super-user
(root). Different users can install the same product at different locations.
Product dependencies at install time are resolved at user level through the
installation registry maintained at user's home directory. See Installation Registry
on page 21 for more information.
Windows Environment
A window environment such as CDE (i.e. X Windows) is required to run the
installer in GUI mode. It is not required for a console installation.
When running in console mode you can move through the installation process as
described next:
Enter Key = Moves forward in the installer
2 = Goes back to previous screen
3 = Cancels the Wizard and exits the installation or uninstallation
4 = Redisplays the current screen
The response file does not record selections at the component level It does record
all other selections, for example, which products you wished to install.
Combining Options
You can combine the different available options. For example, to install in silent
mode using a response file, use:
% ./TIB_adldap-simple_<version_num>_s4_58.bin -silent -options
<responseFileName>
Post Installation
For example, if the adapter has been installed in /opt/tibco, the user who
installed the adapter can make these directories writable for all other users by
executing the following commands:
% chmod a+w /opt/tibco/adapter/adldap/5.4/bin/
% chmod a+w /opt/tibco/adapter/adldap/5.4/bin/logs
% chmod a+w /opt/tibco/tra/5.4/logs
This section lists some common errors along with their causes and solutions.
Why and how should I set the DISPLAY variable on UNIX platforms for GUI
mode?
The installer on UNIX, must open an additional window, generally for graphics. It
uses the DISPLAY environment variable to tell it on what computer to open the
window. If the environment variable is not set, the installer will either wait or
abort after displaying:
InstallShield Wizard
Initializing InstallShield Wizard...
Preparing Java(tm) Virtual Machine...
...................................
The DISPLAY variable must be set to the IP address or name of the computer (on
which the installer graphics window are to be displayed), followed by a screen
address, which can be :0.0. For example:
# Bourne shell
DISPLAY=<ip_address>:0.0; export DISPLAY
# Korn shell
export DISPLAY=<ip_address>:0.0
# C-shell
setenv DISPLAY <ip_address>:0.0
For example, consider a scenario where you need to install the adapter on a
remote HPUX machine (named itaska). Because you have a Solaris 5.6 machine
(named alaska) that has a video card and monitor installed, you can run an
X-window application on it. So you decide to telnet to itaska from alaska.
When you telnet to itaska, you will not get access to itaska's monitor and will
be unable to display an X-window application. That is why you must set the
DISPLAY variable, which instructs the X-server to redirect all Windows to the
computer set in the variable. Before doing so, the computer (specified in the
DISPLAY variable) must give permissions to share its monitor.
Solution
While performing installation, avoid running other processes that consume disk
space in product home location.
Error message
Installation on a HPUX 11.00 64 bit system may crash with the following error
message:
Pid nnn killed due to trashed stack.
Pid nnn was killed due to failure in writing the signal context.
This happens only on HPUX 11.00 64 bit systems. It does not happen on HPUX
11.00 32 bit system and HPUX 11.11 (or 11.i) system.
To determine the OS version on your system, run:
uname -a
Resolution
HPUX kernel patch PHKL_27282, resolves the above crash.
To determine if your system has the kernel patch, run:
/usr/sbin/swlist -l product PHKL_27282
or
what /stand/vmunix | grep PHKL_27282
If your system is an HPUX 11.00 64 bit system and it does not have the patch, first
install HPUX kernel patch PHKL_27282 and then proceed with the installation.
Installation of patch PHKL_27282, will reboot your system.
Error
TIBCO Runtime Agent includes the TIBCO Hawk Agent only. If you install the
full TIBCO Hawk package after installing TIBCO Runtime Agent and do not have
a Java Runtime Environment (other then the TIBCO JRE) installed, the TIBCO
Hawk Configuration tool is unable to determine the Java home location and the
JVM executable. The TIBCO Hawk services will not start correctly and you will be
unable to start the TIBCO Hawk Display.
Resolution
1. Start the TIBCO Hawk Configuration tool. For example, on Microsoft
Windows:
Start > TIBCO > TIBCO Hawk > Hawk Configuration
2. Under the General tab, click Advanced.
3. In the Java Home Directory field, provide the path to Java. For example:
C:\tibco\jre\1.4.2
4. In the JVM Executable field, provide the JVM executable. For example:
java.exe
The services will start properly and the TIBCO Hawk Display will run.
Resolution
On Unix platforms, the installer registry file vpd.properties.tibco.systemName
is located in the user's home directory.
Case 1: If the vpd.properties.tibco.systemName file exists:
$ cd user's_home_directory
$ ln -s vpd.properties.tibco.systemName
vpd.properties.tibco.systemName.domainName
For example:
$ cd ~
$ ln -s vpd.properties.tibco.upside
vpd.properties.tibco.upside.tibco.com
For example:
$ cd ~
$ ln -s vpd.properties.tibco.upside.tibco.com
vpd.properties.tibco.upside
This chapter explains how to configure the LDAP server to interoperate with the
adapter.
Topics
• Overview, page 40
• Preparing the LDAP Server for Use with the Adapter, page 41
Overview
Before configuring the adapter, you must prepare the LDAP Server applications’
interfaces so that the adapter can interoperate with it.
To proceed, you will need to log on to the server and change the value for the
search size limit:
• For the Sun ONE Directory Server, click the Configuration tab. Select
Database Settings and click the LDBM Plugin Settings tab. Change the
value of the Look-through limit entry. While you are in the Configuration
tab, select the root of the tree, and click the Performance tab. Change the
value for the Size Limit entry too.
For details, see the documentation shipped with the server you are using.
This chapter presents examples that demonstrate key adapter features. Work
through these examples to get a hands-on understanding of how the adapter
works.
Topics
• Prerequisites, page 44
• Setting LDAP Connection Parameters, page 45
• Create the Project, page 47
• Configure the Adapter, page 49
• Configure the Publication Service, page 52
• Configure the Subscription Service, page 54
• Configure the Request-Response Service, page 56
• Convert the Project to a Repository File, page 58
• Configuring the Project Using TIBCO IntegrationManager, page 59
• Deploy the Project and Start the Adapter, page 80
• Configuring the Exercises Using TIBCO IntegrationManager, page 81
Prerequisites
Before starting the configuration exercise, make sure that all required software
has been installed and is operating correctly. For a list of required software, see
the installation instructions in Chapter 2, Installation, on page 13.
You should know how to drag and drop icons in TIBCO Designer and be familiar
with saving projects. If you are not familiar with these topics, refer to the TIBCO
Designer User’s Guide, which is available by clicking Help>Designer Help in
TIBCO Designer.
Scenario Overview
The exercises in this chapter are designed to help you become familiar with basic
adapter configuration. You can also view the activity on the adapter console when
you perform LDAP operations supported by the services, using TIBCO
IntegrationManager.
Running through these exercises will familiarize you with the different LDAP
operations that a service supports. You will also learn how to integrate the
adapter with other TIBCO products like TIBCO IntegrationManager.
Connections to LDAP
Make sure that the adapter is connected to the LDAP Server. See Chapter 3,
Preparing LDAP Server Interfaces, on page 39 for details.
Other Examples
A set of examples are included online. TIBCO IntegrationManager examples are
available in the examples\IM directory and TIBCO BusinessWorks examples are
available in the examples\BW directory. The ActiveDirectory folder includes
examples for the Active Directory Server. The eDirectory folder includes
examples for the eDirectory Server. The SunOneDirectory folder includes
examples for the Sun One Server. For more information, see the TIBCO Adapter for
LDAP Examples Guide.
where:
Parameter Description
<Machine-Name> Server name or the IP Address of the machine on which the
LDAP server is installed. For example, 192.168.2.27.
<Username> User name that will be used to connect to the LDAP server.
Use quotation marks around the name. For example,
"cn=Directory Manager".
Parameter Description
<Base DN> DN from the Directory Information Tree on your LDAP
server under which sample data will be created to run the
example. For example,
"o=TestExample,o=BenchMark,dc=us.tibco.com"
The TIBCO Designer GUI is used to configure adapter instances. When starting
TIBCO Designer, you must create or select a project. A project contains the
configuration files that define options used by a run-time adapter. After a project
is configured, it is converted to a repository file and available for use by the
run-time adapter.
Make sure that you are using JRE 1.4.2 to run this example.
To create a project:
1. Run the modified SunOneDirectory-run.bat or SunOneDirectory-run.sh
file to create entries on the LDAP server.
2. Start TIBCO Designer by executing the following command, depending on
your operating system.
On Microsoft Windows, select: Start > Programs > TIBCO > TIBCO Designer
5.2 > Designer 5.2
On UNIX, from a command window change directory to the
<install-path>/tibco/designer/5.2/bin directory and type ./designer
3. In the TIBCO Designer dialog, click New empty project.
4. In the Save Project dialog, select Multi-File Project (if it is not selected) and
click the Browse button for the Root Directory field. Navigate to the
C:\tibco\adapter\adldap\<version_num>\examples folder and click the
Create New Folder icon. Name the new directory LDAPConfig and click
OK.
5. In the Save Project dialog, click OK. The project will be saved in the
LDAPConfig directory.
The next diagram shows the TIBCO Designer GUI with the LDAPConfig project
defined.
Configuration
panel
Palette panel
2. Click the Design-time Connection tab to specify the LDAP Server access
details and select the Sun ONE Directory Server in the Server Type
drop-down.
The values specified in the Design-time Connection tab must be the same as the
values specified in the SunOneDirectory-run.bat or SunOneDirectory-run.sh
file.
need not be set. The variable automatically substitutes the adapter name at
run-time.
This section explains how to configure an adapter with a publication service that
publishes a message from the specified LDAP Directory. The steps are:
• Configure the Publication Service
• Configure the Transport Information
• Configure the Schema Definitions
2. Drag the LDAP Publication Service icon from the palette panel to the
design panel.
3. In the Configuration tab, specify the Service Name that this service should
use, and select JMS in the Transport drop-down.
This section explains how to configure an adapter with a subscription service that
subscribes to a message from the JMS Transport. You must use the project created
in the previous exercise. The steps in this exercise are:
• Configure the Subscription Service
• Configure the Transport Information
• Configure the Schema Definitions
2. Drag the LDAP Subscription Service icon from the palette panel to the
design panel.
3. In the Configuration tab, specify the Service Name that this service should
use, and select JMS in the Transport drop-down.
2. Drag the LDAP Request-Response Service icon from the palette panel to the
design panel.
3. In the Configuration tab, specify the Service Name that this service should
use, and select JMS in the Transport drop-down.
The project must be exported to the DAT (repository) format for use by the
adapter.
To export the project to a local repository:
1. Select Project >Export Full Project.
2. In the Export Project dialog box, specify the project name and the directory to
save to. Click OK.
This section helps you configure the project files using TIBCO
IntegrationManager. You must have TIBCO IntegrationManager installed.
Additionally, you must complete this task before you run the exercises.
7. Click OK.
8. Create a new Channel, for example, PubChannel.
9. Select JMS from the Transport drop-down.
20. Select Predefined from the Channel (Source) drop-down and decoded ae
message from the adjacent drop-down.
If decoded ae message is not available, choose message instead and then run the
TIBCO IntegrationManager transforms. Stop TIBCO IntegrationManager and
return to this configuration step. The decoded ae message option will display.
Select it.
7. Click OK.
8. Create a new Channel, SubChannel.
9. Select JMS in the Transport drop-down.
10. Select 5.3 from the AE Version drop-down.
11. Choose the wire schema that you had configured earlier in the Class field. It
will be adapter/ldap/<server name>/<machine name>/organizationalUnit.
12. Enter the subscription service subject as ldapexample.sub. This is the subject
the LDAPSubscriptionService is listening on.
16. Double-click SubProcess and drag a Start Task, End Task, Mapper Task,
and Signal Out Task.
17. Double-click Mapper Task and then choose the schema as mentioned above
in step 11 in the Mapper output.
Depending on the operation, the values you must enter are given below:
— attribute ou=newunit
Also, specify the values of the attributes that you want to modify for this
entry.
For the MODIFYADD operation:
— OpCode value = LDAP_MOD_ADD
Also, specify the values of the attribute values that you want to add for this
entry.
For the MODIFYDELETE operation:
— OpCode value = LDAP_MOD_DELETE
Also, specify the values of the attribute values that you want to delete for this
entry.
For the MODIFYREPLACE operation:
— OpCode value = LDAP_MOD_REPLACE
Also, specify the values of the attribute values that you want to replace for this
entry
For the MODIFY DN operation:
— OpCode = LDAP_MODIFYKEY
If the specified DN does not exist on the LDAP server, the adapter will add
this entry provided ou and objectclass attribute values have been
specified. If the specified DN exists, the adapter will update the entry with
the specified attribute values in the schema.
18. Save the values entered for doing a particular operation and enter the Job Slot
name in the Slot text field of the Mapper Task, for example, SubSlot.
19. Click OK.
20. Double-click Signal Out Task.
21. Choose JMS and choose SubChannel.
22. Create a job slot. Specify the SubSlot name as mentioned above. Select
message in the Channel (Source).
25. Create a Channel that will be used for triggering the Subscription Process,
called TestChannel.
26. Specify test.sub as the value of the subject field. Click OK.
27. Create a Job slot, TestJob and choose TestChannel as the channel, and
SubProcess as the process.
30. Drag TestChannel, TestJob, and SubProcess to the Design Panel. These are
connected by arrows and this indicates that your configuration is correct. If
the arrows are missing, check your configuration.
7. Click OK.
8. Create a Channel, for example, rpcchannel.
9. Select JMS from the Transport drop-down.
10. Select client/server from the Channel Type drop-down.
11. Select the value of the RPC Server endpoint that you have configured in the
Endpoint field.
When you select the endpoint, the Class and Subject fields are automatically
populated.
14. Double-click rpcprocess and drag the Start Task, Stop Task, Execute
Task, and Invoke Task to the design panel.
15. Connect the tasks in the following sequence by the Trigger Task as
mentioned below:
Start Task ===>Execute Task ===>Invoke Task ===>Stop Task
16. Open Execute Task and write the following script lines for a LOOKUP
operation using the RPC Server service of the adapter.
var orgUnit;
orgUnit = new
aeclass.adapter.ldap.iplanet.anand.organizationalUnit();
orgUnit.OpCode="LDAP_LOOKUP";
orgUnit.DN="ou=unit1,o=BenchMark,dc=tibco.com";
To execute any other LDAP operation, changes will be required to the script.
20. Specify the name of the Job Slot that was specified in the script, that is, input.
21. Select the class configured for this rpc server service in the Parameter
drop-down, that is, organizationalUnit.
22. Click OK.
23. Select Entire Reply from the Operation drop-down and enter reply in the
Slot Name field.
32. Drag testchannel, testjob and rpcprocess to the design panel. These are
connected by arrows and this indicates that your configuration is correct. If
the arrows are missing, check your configuration.
Before starting the adapter, you must create a properties file for the adapter.
Before you run this command, in the TIBCO IntegrationManager Editor, go to the
Tools > Global Variables menu, and add InstanceId and AppName to the
existing global variables.
b. Look for any messages published on the Engine Console and also look for
the entry on which the LDAP operation as implemented by the process
was performed.
c. Check your LDAP Server for changes effected by the process.
For the Request-Response Service:
a. Open a command prompt window and send any message on the subject
test.rpc. For example: tibrvsend test.rpc "trigger rpc"
b. Look for messages published on the Engine Console and for the entry on
which the LDAP operation as implemented by the process was performed.
c. Check your LDAP Server for changes effected by the process.
This chapter explains how to create an adapter instance and assign it services by
configuring standard settings. All configuration tasks are performed in TIBCO
Designer and the information is stored in a project that is later used by the
run-time adapter.
Topics
• Overview, page 84
• Configuring the SSL Environment, page 85
• Adapter Instance Fields, page 91
• Adapter Services, page 103
• Publication Service Fields, page 104
• Subscription Service Fields, page 113
• Request-Response Service Fields, page 122
• Supported LDAP Operations and Message Structure, page 131
• Specifying an Attribute Filter as a Sequence, page 138
• Handling Entries Belonging to Multiple Object Classes, page 139
Overview
You can configure adapter instances and add and configure adapter services
using TIBCO Designer.
Configuration Tasks
Use the following sequence to create and configure an adapter service.
1. Start TIBCO Designer and open a multi-file project. See the TIBCO Designer
User’s Guide for details on multi-file projects.
2. Drag the LDAP Adapter Configuration icon from the palette panel to the
design panel. This creates an adapter named, by default,
LDAPAdapterConfiguration.
3. Define the adapter instance by assigning a new name and optionally change
logging options. See Logging Tab on page 99 for details.
4. Specify the LDAP Design Time Connection and test the connection.
5. Add a service to the adapter instance by dragging the service icon from the
palette panel and dropping it in the design panel.
6. Define the configuration, transport, and schema options for the service.
7. To select a Base DN for a service, in the Schema View tab, click the Browse
DIT button. The Directory Information Tree is displayed in a dialog. Specify
the Maximum Number of Entries and then select an LDAP entry for the
service from the DIT. You can also browse the DIT to specify a sample entry
for the schema. This generates the class reference needed for the service.
Repeat step 2 through step 7 for each adapter service that you want to
configure. Set the combination of options required for your service. See the
Configuration Tab on page 91 for details.
8. Export the project as a local repository and exit TIBCO Designer.
After configuring the adapter, you must create the run-time adapter properties
file and add the project name and adapter instance name.
For AIX 5.2, $ADLDAPHOME/tools/openssl is not bundled with the installer. You
must download it from http://www.opnssl.org.
To import the CA certificate from the cacert.der file into the keystore file,
<TIBCO_HOME>\jre\1.4.2\lib\security\keystore with the alias CAcert, run
the following command:
<TIBCO_HOME>\jre\1.4.2\bin\keytool -import -v -alias CAcert
-file cacert.der -keystore <TIBCO_HOME>\jre\1.4.2\lib\security\ca
certs
You will be prompted to choose a password. You require this password to import
additional certificates into the keystore. Select yes when the keytool prompts you
to trust the imported certificate.
4. In the Identity Password field, provide the password to the PKCS12 file.
5. Click Test Connection to make sure that the design-time adapter can connect
to the LDAP server using SSL with the specified parameters.
You will be prompted to select a password for the security database. You will
need this password to import any additional certificates and the user PKCS12
file into the security database.
After you have run the command, the directory
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates will
contain the files cert7.db, key3.db and secmod.db.
3. Add the CA certificate to the security database. Type the command:
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.b
at -A -n CAcert -t "CT,," -i cacert.der -d
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates
The -n CAcert specifies the alias or display name for the CA certificate being
imported. Choose a unique alias for each certificate you add to the certificate
database. You will be prompted to enter the password you chose in step 2.
4. Verify that the certificates have been correctly added to the database. Use the
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.
bat -L -d
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates
command to produce the output CAcert CT.
5. Import the user PKCS12 file (required only for External authentication). The
following command imports the PKCS12 file userident.p12 into the
certificates directory
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates (this
should be the same directory you imported the CA certificate into):
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\pk12util
-i userident.p12 -d
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates
You will be prompted for the password to the security database that you chose
in step 3 and the password of the PKCS12 file.
6. List the contents of the security database by running the following command:
<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.
bat -L -d
<TIBCO_HOME>\adapter\adldap\<version_num>\certificates
You will obtain the Trust Attributes u,pu,u output only if you imported a
user PKCS12 file for External authentication.
4. In the Client Key Password field, enter the password you selected when you
prepared the security database directory.
If you are using Active Directory as the LDAP server and setting up a
publication service, you must also import the certificate to the systems
certificate store on the Microsoft Windows machine that will run the adapter.
You can configure SSL separately for the design-time and run-time connections.
Configuration Tab
Instance Name
Use the default name or replace it with a name of your choice.
• An instance name must use alphanumeric characters. An underscore (_)
character can be used. The entire instance name must be less than 80
characters. The space character cannot be used in an instance name.
• An instance name cannot use global variables.
• An instance name must be unique with respect to other adapter instances for
the same adapter in the project. The same instance name can be used to name
an adapter instance for a different adapter in the same project. For example,
an R/3 adapter instance named TEST and a Siebel adapter instance named
TEST can coexist in the same project.
• Each instance name must be unique per adapter within a project even if each
instance is defined in a different folder. That is, configuring same-named
adapter instances in different folders will not make their names unique.
When you create an adapter instance, the palette automatically creates several
resources for it. The names of these resources derive from the name of the instance
to which they belong. Changing the adapter instance name results in an
automatic regeneration of the resources names. If you manually modify any
resource name, that particular name will not be automatically regenerated next
time you rename the adapter instance.
Description
Provide information about the adapter instance that you want stored in the
project. The field is optional.
Version
The version string indicates the ActiveEnterprise (AE) format in which the
adapter instance is saved. An adapter instance can be saved in AE Version 4.0
or AE Version 5.1, AE Version 5.2 and AE Version 5.3 format.
When a new adapter instance is created in TIBCO Designer 5.x, the version string
is set to AE Version 5.3. When a 4.x adapter instance is opened in TIBCO
Designer 5.x, the Version field is set to AE Version 4.0.
• If a 4.x adapter instance is to be run against a 4.x run-time adapter, the
instance must be saved with the Version field set to AE Version 4.0.
If you are using TIBCO Designer 5.x to modify 4.x adapter instances, change
only features supported by the 4.x. run-time adapter and use the validation
utility to verify the instance before deploying the project. The validation
utility scans the project and returns warnings if any 5.x features are defined
for 4.x adapter instances. Invoke the utility from the Project>Validate
Project for Deployment menu command in TIBCO Designer.
Message Filter
Specify a message filter, if you have configured a message filter resource for use
with the adapter. The filter allows you to manipulate incoming and outgoing data
before sending it on the network or handing it to the target application. Filters can
be written using the TIBCO Adapter SDK. See the TIBCO Adapter SDK
Programmer’s Guide for information about writing a message filter.
Server Type
Specify the type of server. This is the name of the LDAP server that the adapter
will be connecting to. You can choose Microsoft Active Directory Server/ADAM,
IBM Directory Server, Sun ONE Directory Server, Novell eDirectory, or Oracle
Internet Directory.
Server Name
Specify the name of the machine where the LDAP server is installed.
If an existing dat file is opened and the machine name is changed, then the
following message displays:
You have already configured adapter instances and services for a
particular LDAP server. The change that you are attempting will be
valid only if the new server has identical directory information
tree and schemas. Please confirm this and that you do wish to
proceed with this change.
Click Yes to effect the changes to the machine name. Click No to revert to the
previous value.
Use SSL
Select this check box to specify whether the SSL protocol should be used. By
default, this check box is not selected.
LDAP Port
Specify the number of the port that the adapter is configured to listen at. The
default port number for LDAP servers is 389.
The default SSL port number is 636.
Authentication Mode
The mode of authentication used for connecting to the LDAP server. Currently,
the following are supported:
• Simple — If you select the Simple authentication mode, you must specify the
user name and password required to log on to the LDAP server. Click Test
Connection. If the entries are accurate, the adapter will connect to the server.
• Anonymous — If you select the Anonymous authentication mode, you do not
need to specify the user name and password. You will be logged on to the
LDAP server automatically. Click Test Connection. If the configuration is
accurate, the adapter will connect to the server.
• External — This field is only available if you select the Use SSL check box. If
you select the External authentication mode, you must ensure that the User
DN and Password fields are empty. In the Client Identity field, provide the
path to the userident.p12 file. Also, enter the password for the .p12 file in
the Identity Password field. Click Test Connection. If the entries are
accurate, the adapter will connect to the server.
User DN
Specify the user name that will be used to log on to the LDAP server. You must
specify the DN used to bind to the LDAP server. For example,
cn=Administrator,cn=Users,dc=adsldap.
Password
Specify the password that will be used to log on to the LDAP server at design
time.
Remember Password
If this check box is not selected, the password must be entered each time the
project is opened. If it is selected, the password will be stored in the project
repository. This password is for the design-time connection only.
The password for the run-time connection is stored in the adldap.tra file, either
in clear text or in obfuscated format.
Client Identity
You must specify the complete path of the client .pfx or .p12 file.
Identity Password
This is the password that is used to decrypt the private key of the client.
Test Connection
Click to test the validity of the connection information that you specified for the
adapter instance.
Server Type
Specify the type of server. This is the name of the LDAP server that the adapter
will be connecting to. You can choose Microsoft Active Directory Server/ADAM,
IBM Directory Server, Sun ONE Directory Server, Novell eDirectory, or Oracle
Internet Directory.
Server Name
Specify the name of the machine where the LDAP server is installed.
Use SSL
Select this check box to specify whether the SSL protocol should be used. By
default, this check box is not selected.
LDAP Port
Specify the number of the port that the adapter is configured to listen at. The
default port number for LDAP servers is 389.
The default SSL port number is 636.
Authentication Mode
The mode of authentication used for connecting to the LDAP server. Currently,
the following are supported:
• Simple — If you select the Simple authentication mode, you must specify the
user name and password required to log on to the LDAP server. Click Test
Connection. If the entries are accurate, the adapter will connect to the server.
• Anonymous — If you select the Anonymous authentication mode, you do not
need to specify the user name and password. You will be logged on to the
LDAP server automatically. Click Test Connection. If the configuration is
accurate, the adapter will connect to the server.
• External — This field is only available if you select the Use SSL check box. If
you select the External authentication mode, you must ensure that the User
DN and Password fields are empty. In the Client Identity field, provide the
path to the userident.p12 file. Also, enter the password for the .p12 file in
the Identity Password field. Click Test Connection. If the entries are
accurate, the adapter will connect to the server.
User DN
Specify the user name that will be used to log on to the LDAP server. You must
specify the DN used to bind to the LDAP server. For example,
cn=Administrator,cn=Users,dc=adsldap.
Password
Specify the password that the adapter must use at run time. The password is
encrypted and stored in the project file. If you select the Use Design-time
Connection for Run-time check box under the Design-time Connection tab,
the adapter uses the design-time password at run time too. To maintain backward
compatibility, if the run-time password is not specified or if the field is empty in
the project file, the adapter uses the password from the .tra file. This field is
mandatory.
The adapter handles the password at design time and run time as follows:
• In the 5.1.0 release and later, you can enter the run-time password in the
Password field under the Run-time Connection tab. The adapter looks for
the run-time password in the project file.
• In the 5.0.1 release, you cannot specify a run-time password through TIBCO
Designer. However, if you select both the Remember Password and Use
Design-time Connection for Run-time check boxes, the adapter first looks
for the password in the project file. If there is no specified password, the
adapter uses the password specified in the .tra file.
• In the 4.x release, the run-time password is not saved in the project file.
Therefore, the adapter uses the password that you specify in the .tra file.
You must select SSL under the Design-time Connection tab, or SSL options will
not be available at runtime.
If you are using Active Directory as the LDAP server and setting up a publication
service, you must also import the certificate to the systems certificate store on the
Microsoft Windows machine that will run the adapter. For more information on
this, see Converting Certificates to Use SSL at Run-Time on page 87.
General Tab
Adapter Encoding
This field has the ASCII and UTF8 values.
Multithreading Tab
It is possible to run the adapter in the multithreaded mode for improved
throughput and performance. You can specify the number of concurrent
dispatcher threads that are to be operated for a given session.
Session Name
Shows the TIBCO-enabled application session that has been created by TIBCO
Designer.
A termination service must use a different session from the session that is
configured because if all threads are waiting for a connection, there will be no
thread available to process the termination request. Setting a session for the
termination service that is different from the configured session ensures that the
request is processed immediately.
Number of Threads
Specifies the number of dispatch threads to be started for this session.
It is recommended that you set the threading after configuring all the services.
Setting the threads after configuring the services will allow you to inspect all the
different sessions and choose the appropriate thread counts.
Logging Tab
When File and STDIO sinks are created from the Generic log sink they offer
further configuration options. For the File sink, the file limit, file count, and the
option to append or overwrite can be specified. When created by default, this is
set to 30000 bytes, 3 and Append Mode respectively. For the STDIO sink, the
option to write to stdout or stderr can be selected. When created by default,
stdout is selected.
The Hawk sink uses the hawk session, created and used by the adapter for
monitoring purposes, to send tracing messages to the TIBCO Hawk monitor or
Display. For details on Hawk sessions, see Using Global Variables on page 152.
The configuration for the Hawk sink involves specifying the MicroAgent Name
that must be specified in the configuration panel.
The Network sink is used to publish tracing messages on TIBCO Rendezvous.
The configuration for the network sink involves specifying the session, and the
subject on which the trace messages needs to be published.
For all the sinks, optionally the name and description for the sink can be
provided.
Log File
Specify the name of the log file (log sink) to which trace messages are written.
Global variables can be used to specify the location of the log file. See Using
Global Variables on page 152 for more information.
The roles available are Info, Debug, Warning, and Error messages. The trace
message generated depends on the roles selected. Turning on the roles can affect
the performance of the adapter. Therefore, it is recommended that you turn on the
required roles only.
Startup Tab
Monitoring Tab
Many of the following fields make use of global variables. Click the Global
Variables tab in the project panel to enter a value for a global variable.
Adapter Services
After configuring an adapter instance, select one or multiple adapter services for
the instance. The following sections describe the services and fields that are
available to the adapter.
• Publication Service Fields on page 104
• Subscription Service Fields on page 113
• Request-Response Service Fields on page 122
Configuration Tab
Name
You can use the default name or replace it with a name of your choice.
• A service name must use alphanumeric characters. An underscore (_)
character can be used. The entire instance name must be less than 80
characters. The space character cannot be used in an instance name.
• A service name cannot use global variables.
Description
Provide information about the service that you want stored in the project. The
field is optional.
Transport Type
Select the transport to be used by the run-time adapter, JMS or TIBCO
Rendezvous. After selecting the transport, the transport-specific configuration
fields display.
The transport can be configured to use a trusted store and identity resource for
SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions and JMS
topics have an SSL configuration field that provides a dialog for SSL
configuration.
To enable and configure SSL, in the Project panel, expand the Advanced folder,
then expand the Sessions folder. Select the TIBCO Rendezvous session or JMS
topic and select the Use SSL check box. The SSL configuration options are
explained in the online help associated with the session dialog. Click the question
mark to display the online help.
Transport Tab
Message Subject
This field displays only if TIBCO Rendezvous is selected in the Transport Type
field (under the Configuration tab).
By default, a service uses a message subject that is generated using the Domain
and Deployment global variables, the adapter acronym, the adapter instance
name and the service name. If you use this default subject, make sure the values
for Domain and Deployment are not empty. You can type a TIBCO Rendezvous
subject name different from the default in this field. See TIBCO Rendezvous
Concepts for information about specifying subject names.
Destination
This field displays only if JMS is selected in the Transport Type field (under the
Configuration tab).
By default a service uses a dynamic destination that is generated using the Domain
and Deployment global variables, the adapter acronym, the adapter instance
name, and the service name. If you use this default dynamic destination, make
sure the values for Domain and Deployment are not empty. You can override the
default dynamic destination by specifying the static destination in this field. The
static destination must be defined on the JMS server before it can be used by the
run-time adapter. See the TIBCO Enterprise Message Service User’s Guide for
information about destinations.
Reply Destination
This field is not applicable to TIBCO Adapter for LDAP.
Quality of Service
If TIBCO Rendezvous is selected as the transport type, select:
• Certified
Guarantees that every certified message reaches its intended recipient in the
order sent. The message can be sent across network boundaries, and if a
network fails, delivery attempts continue until delivery succeeds or until the
message's time limit expires. This is often called certified message delivery.
If certified message delivery is used, data is stored in a ledger file. The size of
the ledger depends on several factors, the most important of which is the
retention rate of stored data. That is, the ledger grows fastest in response to
the cumulative length of undeliverable messages. You must ensure that
sufficient disk space is available for the expected size of the ledger.
• Reliable
Wire Format
Services must use the same wire format to exchange data.
• ActiveEnterprise Message (TIBCO Rendezvous only)
Control information for validation is sent in the message. If no control
information is included, an exception is returned to the subscriber.
ActiveEnterprise standard wire format provides class information and
packing rules for the TIBCO Adapter SDK set of data types. This format
allows ActiveEnterprise components to perform extra validation on messages
sent or received.
See the TIBCO Adapter SDK Programmer’s Guide for details about the control
information generated and sent with ActiveEnterprise messages.
• XML Message (TIBCO Rendezvous and JMS)
The XML Message wire format conforms to specifically constructed and fully
compliant XML Schema (XSD) based on the existing definition of the
ActiveEnterprise schema.
Delivery Mode
• Persistent (JMS only)
In general, a message marked persistent will be available to a JMS client even
if the JMS server goes down.
• Non-Persistent (JMS only)
A message marked non-persistent will not be available to a JMS client if the
JMS server goes down.
Messages sent with the persistent delivery mode are always written to persistent
storage, except when they are published to a topic that has no durable
subscribers. When a topic has no durable subscribers, there are no subscribers
that need messages resent in the event of a server failure. Therefore, messages do
not need to be saved, and performance is improved because disk I/O is not
required.
The semantics for these fields are more complex than the explanation given here.
See the TIBCO Enterprise Message Service User’s Guide for more information.
Typically, a publication service will publish INSERT, UPDATE, DELETE, and MODIFY
DN operations. For the publication service on the Active Directory server, a MODIFY
DN operation on any monitored entry is published as UPDATE and not as MODIFY
DN.
The adapter supports persistent publisher services. Therefore, the adapter will be
able to publish changes that occurred on the LDAP server even when the adapter
was not running. However, if the adapter is not running when the changes take
place on the LDAP server, only INSERT and UPDATE operations will be published.
MODIFY DN operations will be published as UPDATE while DELETE operations (for
Sun ONE Directory Server and eDirectory) will not be published at all. This is
because the deleted entries no longer exist on the LDAP server and information
on deleted entries is also no longer available.
For Active Directory, the DELETE operation will be published (whether or not the
adapter is running when the delete happens on the server), but Active Directory
moves the deleted entry to a Deleted Objects subtree, retaining only its RDN
(Relative Distinguished Name), if there is no conflict with other deleted items.
The DN of the entry itself is lost. The object GUID (a unique GUID) for the object
is retained and may be used to retrieve the object from a parallel store, if it exists.
When the adapter publishes a deleted object, it uses the new DN, not the original
DN of the entry. So, for example, the DN may look like:
DN = CN=Aparna DEL:aec6dadb-244d-4fd0-a058-4c6e7ef18a09,CN=Deleted
Objects,DC=adsldap
Since the information on the original DN and attribute values are not available on
the Active Directory server, the adapter cannot publish those details; only the DN
as used in the deleted objects container is available.
Session Reference
Every adapter can have one or more sessions configured for it. Sessions
encapsulate stateful connections to TIBCO Rendezvous and other messaging
sources. The session object shown in this field is initially supplied by the adapter,
depending on the Quality of Service selected. You can change the session by
browsing for it in the project panel.
Endpoint Reference
You can drag a different endpoint, browse for another endpoint resource, go to
the referenced endpoint to edit its properties or delete the endpoint. Endpoint
reference objects are explained in the TIBCO Designer Palette Reference.
Base DN
Displays the selected Base DN (Distinguished Name) of a specified node.
To display the Base DN, you can browse the Directory Information Tree by
clicking the Browse DIT button and then selecting the required node from the
DIT.
When the length of an object class name that is fetched from the Base DN field
exceeds 128 characters, the ActiveEnterprise schema created with this name
affects the run-time functionality. When you click Apply, a dialog box is displayed
that prompts you to enter a shorter name that can be stored in the schema. The
name you enter must be unique and less than 128 characters.
If the service has been configured with a long schema name, the dialog box will
not display if a service has already been configured for the same object class.
• Sample Entry — You can specify a sample entry so that the object class for
that entry is populated in the Objectclasses field.
• LDAP Schema — You can specify an object class by selecting it from the ldap
schema on the ldap server.
Sample Entry
This field is available only if you select the Sample Entry option for the Select
Object Classes From field.
In your LDAP server, you can specify an entry from the schema you will use for
this service. The service will only handle entries with identical object classes.
To specify a sample entry for the schema, you can browse the Directory
Information Tree by clicking the Browse DIT button and then selecting the
required node from the DIT. This generates the class reference needed for the
service, in the Objectclasses field.
For details on specifying object class names, see page 109.
You cannot specify a value greater than 10000 as the maximum number of entries.
If you need to select a node within a subtree that has more than 10000 entries, you
must specify the DN, in the DN (Base DN/Sample Entry) box.
You may come across the following exceptions The size of the result
exceeds server specific limit and The Number of Descendants for this
Node are more than the requested number. Additionally, if you are using the
Sun ONE Directory Server, you may come across the exception The
adminstrative limit on the maximum number of entries to return was
exceeded.
To proceed, you will need to log on to the server and change the value for the
search size limit:
• For the Sun ONE Directory Server, click the Configuration tab. Select
Database Settings and click the LDBM Plugin Settings tab. Change the
value of the Look-through limit entry. While you are in the
Configuration tab, select the root of the tree, and click the Performance tab.
Change the value for the Size Limit entry too.
For further details, see the documentation shipped with the server you are using.
Objectclasses
Displays the object class of the entry specified in the Base DN, or Sample Entry
fields, if these have been specified. Otherwise, the value from the LDAP Schema
Classes field is displayed. You cannot edit this field.
This field is not visible when the adapter instance is configured for the Microsoft
Active Directory server.
Filter
You can specify a filter option in this field. The adapter supports LDAP V3 filters.
Only entries that conform to the specified filter will be published. The conditions
used to specify a filter should be syntactically accurate. If the filter specified has
an incorrect syntax, the following message is displayed:
Syntax of the filter is not valid. Please ensure that you enter a
valid LDAP filter.
If the filter syntax is correct but no entries match the filter specifications, the
following warning is displayed:
No results are found on the LDAP server with the given filter.
Please ensure that filter is semantically correct.
This may mean that at the time of configuration, no entries may match the filter,
but the entries may be present at run-time.
Schema Tab
Class Reference
Displays the reference to the ActiveEnterprise schema that corresponds to the
object class that was configured under the Schema View tab.
Configuration Tab
Name
You can use the default name or replace it with a name of your choice.
• A service name must use alphanumeric characters. An underscore (_)
character can be used. The entire instance name must be less than 80
characters. The space character cannot be used in an instance name.
• A service name cannot use global variables.
Description
Provide information about the service that you want stored in the project. The
field is optional.
Transport Type
Select the transport to be used by the run-time adapter, JMS or TIBCO
Rendezvous. After selecting the transport, the transport-specific configuration
fields display.
The transport can be configured to use a trusted store and identity resource for
use in SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions
and JMS topics have an SSL configuration field that uses a dialog to perform SSL
configuration.
To enable and configure SSL, in the Project panel, expand the Advanced folder,
then expand the Sessions folder. Select the TIBCO Rendezvous session or JMS
topic and click Use SSL?. The SSL configuration options are explained in the
online help associated with the session dialog. Click the question mark to display
the online help.
LDAP Operations
Specify the operations that this service supports. At least one operation must be
selected. Select:
• Insert — To add an entry.
• Update — To update an existing entry.
• Delete — To remove an entry.
• Upsert — To update an entry if it already exists. If the entry does not exist,
running this operation will insert it.
• Validate Object — To validate the object class of a requested entry against
the configured object class for LDAP_DELETE and LDAP_MODIFY operations.
• Modify DN — To move an entry from one location to another by changing the
RDN (Relative Distinguished Name). If you select this option, all variations of
the UPDATE operation are used. If you do not select this option, none of the
UPDATE operation variations are used.
Chase Referrals
Select this check box to specify that if a referral is encountered during an
operation, the referral should be followed.
When you browse the DIT tree, the adapter palette will not follow a referral and
only entries on the configured server will be displayed.
The referring server returns an LDAP URL in the following format:
({ldap|ldaps}://<host>[:<port>]/<DN>).
Depending on the URL used, the following referral chasing scenarios are possible:
• If the URL is ldaps://, then referral chasing uses SSL.
• If the URL is ldap://, then referral chasing does not use SSL.
• If the bind to the original server is SSL-EXTERNAL and the referral URL is
ldap://, then the bind to referred server will be anonymous.
Transport Tab
Message Subject
This field displays only if TIBCO Rendezvous is selected in the Transport Type
field (under the Configuration tab).
By default a service uses a message subject that is generated using the Domain and
Deployment global variables, the adapter acronym, the adapter instance name
and the service name. If you use this default subject, make sure the values for
Domain and Deployment are not empty. You can type a TIBCO Rendezvous
subject name different from the default in this field. See TIBCO Rendezvous
Concepts for information about specifying subject names.
Destination
This field displays only if JMS is selected in the Transport Type field (under the
Configuration tab).
By default a service uses a dynamic destination that is generated using the Domain
and Deployment global variables, the adapter acronym, the adapter instance
name and the service name. If you use this default dynamic destination, make
sure the values for Domain and Deployment are not empty. You can override the
default dynamic destination by specifying the static destination in this field. The
static destination must be defined on the JMS server before it can be used by the
run-time adapter. See the TIBCO Enterprise Message Service User’s Guide for
information about destinations.
Quality of Service
If TIBCO Rendezvous is selected as the transport type, select:
• Certified
Guarantees that every certified message reaches its intended recipient in the
order sent. The message can be sent across network boundaries, and if a
network fails, delivery attempts continue until delivery succeeds or until the
message's time limit expires. This is often called certified message delivery.
If certified message delivery is used, data is stored in a ledger file. The size of
the ledger depends on several factors, the most important of which is the
retention rate of stored data. That is, the ledger grows fastest in response to
the cumulative length of undeliverable messages. You must ensure that
sufficient disk space is available for the expected size of the ledger.
• Distributed Queue
Wire Format
Services must use the same wire format to exchange data.
• ActiveEnterprise Message (TIBCO Rendezvous only)
Delivery Mode
For a subscription service, a message is marked as durable or non durable. This
field is available only if JMS transport is selected.
• Durable
Session Reference
Every adapter can have one or more sessions configured for it. Sessions
encapsulate stateful connections to TIBCO Rendezvous and other messaging
sources. The session object shown in this field is initially supplied by the adapter,
depending on the Quality of Service selected. You can change the session by
browsing for it in the project panel.
Endpoint Reference
You can drag a different endpoint, browse for another endpoint resource, go to
the referenced endpoint to edit its properties or delete the endpoint. Endpoint
reference objects are explained in the TIBCO Designer Palette Reference.
Base DN
Displays the selected Base DN (Distinguished Name) of a specified node.
To display the DN, you can browse the Directory Information Tree by clicking the
Browse DIT button and then selecting the required node from the DIT.
When the length of an object class name that is fetched from the Base DN field
exceeds 128 characters, the ActiveEnterprise schema created with this name
affects the run-time functionality. When you click Apply, a dialog box is displayed
that prompts you to enter a shorter name that can be stored in the schema. The
name you enter must be unique and less than 128 characters.
If the service is configured with a long schema name, the dialog box will not
display if the service has already been configured for the same object class and
has a shorter name.
Sample Entry
This field is available only if you select the Sample Entry option for the Select
Object Classes From field.
In your LDAP server, you can specify an entry from the schema you will use for
this service. The service will only handle entries with identical object classes.
To specify a sample entry for the schema, you can browse the Directory
Information Tree by clicking the Browse DIT button and then selecting the
required node from the DIT. This generates the class reference needed for the
service, in the Objectclasses field.
For details on specifying object class names, see page 109.
You cannot specify a value greater than 10000 as the maximum number of entries.
If you need to select a node within a subtree that has more than 10000 entries, you
must specify the DN, in the DN (Base DN/Sample Entry) box.
You may come across the following exceptions The size of the result
exceeds server specific limit and The Number of Descendants for this
Node are more than the requested number. Additionally, if you are using the
Sun ONE Directory Server, you may come across the exception The
adminstrative limit on the maximum number of entries to return was
exceeded.
To proceed, you will need to log on to the server and change the value for the
search size limit:
• For the Sun ONE Directory Server, click the Configuration tab. Select
Database Settings and click the LDBM Plugin Settings tab. Change the
value of the Look-through limit entry. While you are in the
Configuration tab, select the root of the tree, and click the Performance tab.
Change the value for the Size Limit entry too.
For further details, see the documentation shipped with the server you are using.
Objectclasses
Displays the object class of the entry specified in the Base DN, or Sample Entry
fields, if these have been specified. Otherwise, the value from the LDAP Schema
Classes field is displayed. You cannot edit this field.
Schema Tab
Class Reference
Displays the reference to the ActiveEnterprise schema that corresponds to the
object class that was configured under the Schema View tab.
Configuration Tab
Name
You can use the default name or replace it with a name of your choice.
• A service name must use alphanumeric characters. An underscore (_)
character can be used. The entire instance name must be less than 80
characters. The space character cannot be used in an instance name.
• A service name cannot use global variables.
Description
Provide information about the service that you want stored in the project. This
field is optional.
Transport Type
Select the transport to be used by the run-time adapter, JMS or TIBCO
Rendezvous. After selecting the transport, the transport-specific configuration
fields display.
The transport can be configured to use a trusted store and identity resource for
use in SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions
and JMS topics have an SSL configuration field which uses a dialog to perform
SSL configuration.
To enable and configure SSL, in the Project panel, expand the Advanced folder,
then expand the Sessions folder. Select the TIBCO Rendezvous session or JMS
topic and click Use SSL?. The SSL configuration options are explained in the
online help associated with the session dialog. Click the question mark to display
the online help.
LDAP Operations
Specify the operations that this service supports. At least one operation must be
selected. Select:
• Insert — To add an entry.
• Update — To update an existing entry.
• Delete — To remove an entry.
• Upsert — To update an entry if it already exists. If it does not exist, this
operation inserts it.
• Modify DN — To move an entry from one location to another by changing the
RDN.
• Lookup — To find an entry.
• Validate Object — To validate the object class of a requested entry against
the configured object class for LDAP_DELETE and LDAP_MODIFY operations.
• Authenticate — To validate or bind a user DN.
• Search — To find entries that match a search criteria.
The search filter defines criteria that an entry must match to be returned from
a search. The basic component of a search filter is an attribute value assertion
of the form: attribute operator value
For example: (|(sn=Smith)(sn=Miller)) matches entries with the surname
Smith or the surname Miller.
TIBCO Adapter for LDAP supports standard LDAP search. Therefore, if your
search filter is LDAP compatible, the adapter will be able to successfully
execute the action.
For more details on search filters and their syntax, see the following RFC at
http://www.ietf.org/rfc/rfc1558.txt
If you select this field, the Limit Search Results field is displayed.
• Limit Search Results — If you select this check box, the Enter the
Number of Entries field is displayed.
• Enter the Number of Entries — Specify the number of entries that the
adapter should search. The default is 1000.
• Extended Search — If you select this check box, the adapter returns all the
entries found in the search without checking for the configured objectclasses
that the entry belongs to.
Chase Referrals
Select this check box to specify that if a referral is encountered during an
operation, the referral should be followed.
When you browse the DIT tree, the adapter palette will not follow a referral and
only entries on the configured server will be displayed.
The referring server returns an LDAP URL in the following format:
({ldap|ldaps}://<host>[:<port>]/<DN>).
Depending on the URL used, the following referral chasing scenarios are possible:
• If the URL is ldaps://, then referral chasing uses SSL.
• If the URL is ldap://, then referral chasing does not use SSL.
• If the bind to the original server is SSL-EXTERNAL and the referral URL is
ldap://, then the bind to referred server will be anonymous.
Transport Tab
Message Subject
This field displays only if TIBCO Rendezvous is selected in the Transport Type
field (under the Configuration tab).
By default a service uses a message subject that is generated using the Domain and
Deployment global variables, the adapter acronym, the adapter instance name
and the service name. If you use this default subject, make sure the values for
Domain and Deployment are not empty. You can type a TIBCO Rendezvous
subject name different from the default in this field. See TIBCO Rendezvous
Concepts for information about specifying subject names.
Destination
This field displays only if JMS is selected in the Transport Type field (under the
Configuration tab).
By default a service uses a dynamic destination that is generated using the Domain
and Deployment global variables, the adapter acronym, the adapter instance
name and the service name. If you use this default dynamic destination, make
sure the values for Domain and Deployment are not empty. You can override the
default dynamic destination by specifying the static destination in this field. The
static destination must be defined on the JMS server before it can be used by the
run-time adapter. See the TIBCO Enterprise Message Service User’s Guide for
information about destinations.
Quality of Service
If TIBCO Rendezvous is selected as the transport type, select:
• Certified
Guarantees that every certified message reaches its intended recipient in the
order sent. The message can be sent across network boundaries, and if a
network fails, delivery attempts continue until delivery succeeds or until the
message's time limit expires. This is often called certified message delivery.
If certified message delivery is used, data is stored in a ledger file. The size of
the ledger depends on several factors, the most important of which is the
retention rate of stored data. That is, the ledger grows fastest in response to
the cumulative length of undeliverable messages. You must ensure that
sufficient disk space is available for the expected size of the ledger.
• Distributed Queue
• Reliable
Wire Format
Services must use the same wire format to exchange data.
• ActiveEnterprise Message (TIBCO Rendezvous only)
Control information for validation is sent in the message. If no control
information is included, an exception is returned to the subscriber.
ActiveEnterprise standard wire format provides class information and
packing rules for the TIBCO Adapter SDK set of data types. This format
allows ActiveEnterprise components to perform extra validation on messages
sent or received.
See the TIBCO Adapter SDK Programmer’s Guide for details about the control
information generated and sent with ActiveEnterprise messages.
• XML Message (JMS only)
The XML Message wire format conforms to specifically constructed and fully
compliant XML Schema (XSD) based on the existing definition of the
ActiveEnterprise schema.
Delivery Mode
For a subscription service, a message is marked as durable or non durable. This
field is available only if JMS transport is selected.
• Durable
Session Reference
Every adapter can have one or more sessions configured for it. Sessions
encapsulate stateful connections to TIBCO Rendezvous and other messaging
sources. The session object shown in this field is initially supplied by the adapter,
depending on the Quality of Service selected. You can change the session by
browsing for it in the project panel.
Endpoint Reference
You can drag a different endpoint, browse for another endpoint resource, go to
the referenced endpoint to edit its properties or delete the endpoint. Endpoint
reference objects are explained in the TIBCO Designer Palette Reference.
Base DN
Displays the selected Base DN (Distinguished Name) of a specified node.
To display the Base DN, you can browse the Directory Information Tree by
clicking the Browse DIT button and then selecting the required node from the
DIT.
When the length of an object class name that is fetched from the Base DN field
exceeds 128 characters, the ActiveEnterprise schema created with this name
affects the run-time functionality. When you click Apply, a dialog box is displayed
that prompts you to enter a shorter name that can be stored in the schema. The
name you enter must be unique and less than 128 characters.
If the service has been configured with a long schema name, the dialog box will
not display if a service has already been configured for the same object class.
Sample Entry
This field is available only if you select the Sample Entry option for the Select
Object Classes From field.
In your LDAP server, you can specify an entry from the schema you will use for
this service. The service will only handle entries with identical object classes.
To specify a sample entry for the schema, you can browse the Directory
Information Tree by clicking the Browse DIT button and then selecting the
required node from the DIT. This generates the class reference needed for the
service, in the Objectclasses field.
For details on specifying object class names, see page 109.
You cannot specify a value greater than 10000 as the maximum number of entries.
If you need to select a node within a subtree that has more than 10000 entries, you
must specify the DN, in the DN (Base DN/Sample Entry) box.
You may come across the following exceptions The size of the result
exceeds server specific limit and The Number of Descendants for this
Node are more than the requested number. Additionally, if you are using the
Sun ONE Directory Server, you may come across the exception The
adminstrative limit on the maximum number of entries to return was
exceeded.
To proceed, you will need to log on to the server and change the value for the
search size limit:
• For the Sun ONE Directory Server, click the Configuration tab. Select
Database Settings and click the LDBM Plugin Settings tab. Change the
value of the Look-through limit entry. While you are in the
Configuration tab, select the root of the tree, and click the Performance tab.
Change the value for the Size Limit entry too.
For further details, see the documentation shipped with the server you are using.
Objectclasses
Displays the object class of the entry specified in the Base DN, or Sample Entry
fields, if these have been specified. Otherwise, the value from the LDAP Schema
Classes field is displayed. You cannot edit this field.
Schema Tab
Class Reference
Displays the reference to the ActiveEnterprise schema that corresponds to the
object class that was configured under the Schema View tab.
}
.
.
.
}
Wire schema contains the native schema as well as the Opcode, DN, NewDN,
Objectclass, SearchCondition, and Attributes.
For example:
inetOrgPerson
{
Opcode
DN
NewDN
ObjectClass
Searchcondition
Attributes
{
sn
cn
telephoneNumber
.
.
.
}
}
You can specify the Opcode acronym for the operation to work. For example, if
you specify AT for the INSERT operation, the adapter will use only the first
character of the acronym. The same concept is applicable for all Opcodes. For
Opcodes that have a two-letter acronym, the adapter will use the first two
characters and ignore all subsequent characters. However, if the first letter of an
acronym is not valid, the adapter will display an error.
INSERT Operation
The INSERT operation uses the LDAP_ADD or A operation codes and will add an
entry to the LDAP server.
For an INSERT operation using the LDAP_ADD operation code, the inbound
message will be in the following format:
inetorgperson
{
Opcode = "LDAP_ADD"
DN = "uid=xyz,ou=People,o=abc.com"
inetOrgPerson
{
sn = "abc"
cn = "def"
telephoneNumber = "123233"
objectClass="inetOrgPerson"
}
}
The details specified in the native schema will be added for the entry specified in
the DN field.
DELETE Operation
The DELETE operation uses the LDAP_DELETE or D operation codes, and will delete
an entry from the LDAP server.
For a DELETE operation using the LDAP_DELETE Opcode, the inbound message
will be in the following format:
inetorgperson
{
Opcode = "LDAP_DELETE"
DN = "uid=xyz,ou=People,o=abc.com"
}
UPDATE Operation
The UPDATE operation uses the LDAP_MODIFY or M operation codes, and will
modify the entry on the LDAP server by overwriting the existing attribute values
in the entry.
The UPDATE operation can be specified as:
Opcode = LDAP_MODIFY
Opcode = LDAP_MOD_REPLACE or MR
Opcode = LDAP_MOD_ADD or MA
Opcode = LDAP_MOD_DELETE or MD
• LDAP_MOD_REPLACE or MR will overwrite the existing attribute values with the
new attribute values specified.
• LDAP_MOD_ADD or MA will add the new attribute values to the old entry only if
the original entry does not contain the attribute values being added.
• LDAP_MOD_DELETE or MD will delete the specified attribute values from an
entry.
For the UPDATE operation using the LDAP_MODIFY Opcode, the inbound message
will be in the following format:
inetorgperson
{
Opcode = "LDAP_MODIFY"
DN = "uid=xyz,ou=People,o=abc.com"
inetOrgPerson
{
sn = "abc1"
cn = "def1"
telephoneNumber = "1232331"
}
}
MODIFY DN Operation
The MODIFY DN operation replaces the RDN (Relative Distinguished Name) of an
entry specified in the DN field with the RDN specified in the NewDN field. This
operation uses the LDAP_MODIFYKEY or MK operation codes.
For example, for the MODIFY DN operation using the LDAP_MODIFYKEY Opcode,
the inbound message appears in the following format:
inetorgperson
{
Opcode = "LDAP_MODIFYKEY"
DN = "uid=xyz,ou=People,o=abc.com"
NewDN="uid=ijk"
}
UPSERT Operation
The UPSERT operation is an INSERT or an UPDATE operation. If the entry does not
exist, it will be added. If the entry exists, it will be modified. This operation uses
the LDAP_UPSERT or U operation codes.
For the UPSERT operation using the LDAP_UPSERT Opcode, the inbound message
will be in the following format:
inetorgperson
{
Opcode = "LDAP_UPSERT"
DN = "uid=xyz,ou=People,o=abc.com"
inetOrgPerson
{
sn = "abc"
cn = "def"
telephoneNumber = "123233"
objectClass="inetOrgPerson"
}
}
LOOKUP Operation
This operation is available with the request-response service. The LOOKUP
operation uses the LDAP_LOOKUP or L operation codes.
For the LOOKUP operation using the LDAP_LOOKUP operation code, the inbound
message will be in the following format:
inetorgperson
{
Opcode = "LDAP_LOOKUP"
DN = "uid=xyz,ou=People,o=abc.com"
For the LOOKUP operation, native schema is not required as you are merely
checking if the entry exists or not.
SEARCH Operation
This operation is available with the request-response service. The SEARCH
operation can be specified as:
Opcode = LDAP_SEARCH or SS
Opcode = LDAP_SEARCH_BASE or SB
Opcode = LDAP_SEARCH_ONELEVEL or SO
Opcode = LDAP_SEARCH_SUBTREE
For details on search filters and their syntax, see the following RFC at
http://www.ietf.org/rfc/rfc1558.txt
For the SEARCH operation, the inbound message will be in the following format:
inetorgperson
{
Opcode = "LDAP_SEARCH"
DN = "ou=People,o=abc.com"
SearchCondition = "mail=someone@somewhere.com"
}
OR
inetorgperson
{
Opcode = "LDAP_SEARCH"
DN = "ou=People,o=abc.com"
SearchCondition = "mail=someone@somewhere.com"
Attributes =
{
telephoneNumber
MobileNumber
}
}
In the first search condition, all entries that match the search criteria are returned
with all the details of each entry, including the DN.
In the second search condition, only the details specified as the Attributes
(telephoneNumber and MobileNumber) are returned along with the DN.
The outbound message will be in the following format:
inetorgperson
{
{
DN = "uid=abc,ou=People,o=abc.com"
inetorgperson
{
}
}
inetorgperson
{
DN = "uid=xyz,ou=People,o=abc.com"
inetorgperson
{
}
}
.
.
.
}
When you perform a search, a number of entries may be retrieved. Therefore, the
outbound message will be a sequence of wireschema that has details about each
entry specified in the native schema. Each entry is identified by its DN,
mentioned in the wireschema.
However, you can also set an attribute filter. The adapter search operation can
fetch attributes that are a subset of the attributes of the configured object class and
this can be specified in the Attributes attribute of the Request-Response Server
service schema.
AUTHENTICATE Operation
This operation is available only for the request-response service. The
AUTHENTICATE operation uses the LDAP_VALIDATE_USR or V operation codes.
For the AUTHENTICATE operation, there is no native schema as you are merely
checking if the entry can be authenticated or not.
The name of the Attributes node that you create must be unique.
The Mapper task allows independent repetitions of the original output schema;
also, you can have as many repetitions as needed. To delete the multiple copies,
right-click the copy and select Delete.
If an entry in the LDAP server belongs to a composite object class, for example,
a.b.c, you must use TIBCO IntegrationManager to map the entry to each object
class.
TIBCO IntegrationManager supports multiple policy mapping which is an
extension of repetition mapping. This means that you can have repetitions in the
output created by multiple sources in the input. For details, see Repetition
Mapping in the TIBCO IntegrationManager Process Design Guide.
To map entries to multiple object classes:
1. In TIBCO IntegrationManager, under the Design tab, select the process
diagram that contains the object class to be mapped.
2. Double-click a mapper class in the process diagram. The Mapper Task Edit
Dialog displays.
Add Multiple does not overwrite the datatype substitutions when using multiple
policy mapping.
4. Type the name of the new object class node in the Name of multiple policy
node field.
5. Double-click the node you created. Enter the names of the object classes you
want to map to this node, in the Formula field.
6. Click OK in the Mapper Task Edit dialog box.
7. Repeat step 3 to step 6 to create multiple objectClass nodes. You can map
each node to one or more object classes. Also, you can map two or more nodes
to the same object class.
The names of the objectClass nodes that you create must be unique.
The Mapper task allows you to have independent repetitions of the original
output schema and you can have as many repetitions as needed. Additionally,
you can remove all the multiple mappings you have created in the output, with
the exception of the original repeating node where you derived the copies from.
To delete the multiple copies, right-click the copy and select Delete.
Topics
Generate an Enterprise Archive file (EAR) that contains information about the
adapter services to deploy.
The EAR file contains information on what you wish to deploy. This could be one
or more adapter services, one or more TIBCO BusinessWorks process engines, or
both.
Building an archive creates the EAR file, which you can then deploy from TIBCO
Administrator. If you make changes to the business processes or adapter services
included in the archive, you need to rebuild the archive. Saving the project does
not affect the archive.
See Also
See the TIBCO Designer User’s Guide for more information about this procedure.
The guide is available from the TIBCO Designer Help menu.
Before deploying a project, the machine on which the adapter is installed must be
part of a TIBCO administration domain. After you have installed the TIBCO
Administration Server, any machine on which you install TIBCO Runtime Agent
(required by an adapter) is automatically added to the administration domain.
The TIBCO software installed on the machine is then visible and accessible via the
TIBCO Administrator GUI.
When you deploy a project, startup scripts and other information about the
different components are sent to the machines to which the components were
assigned. The project data store and TIBCO Administration Server are updated
with the deployed components.
To deploy a project:
1. Start TIBCO Administrator and import the EAR file into TIBCO
Administrator Enterprise Edition.
2. Assign adapter archives to adapters installed in the administration domain
and likewise assign process archives to process engines.
3. Specify startup options for each adapter service.
Password Handling
At design time, the adapter uses a password to connect to the backend application
and fetch metadata. At run-time, the adapter uses a password to connect to the
back-end application and interoperate with it. If you create a 4.x configuration
using TIBCO Designer 5.1, and use the configuration against a 4.x adapter
version, some special considerations are required for security.
When deploying the adapter, check that the password has been specified in the
adldap.adldapPassword property.
See Also
See the TIBCO Administrator User’s Guide for an introduction to the TIBCO
administration domain and detailed information about the above steps.
See Also
See the TIBCO Administrator User’s Guide for more information.
See Also
See the TIBCO Administrator User’s Guide for information about configuring the
above monitoring options.
Topics
When the project is saved and a revision control system has been specified, the
adapter displays a warning that additional files were created and should be
added to the revision control system. This warning appears only when the files
are created for the first time. The warning displays a Go To Resource button that
helps in navigating to the resource. Use the Multi-User > Add Resources to RCS
menu command to add these files to the revision control system. The following
figure shows a warning that may be displayed:
For information about how to use the Multi-User feature in TIBCO Designer, refer
to the TIBCO Designer User’s Guide.
To use TIBCO Hawk to monitor the adapter you must first define a TIBCO
Rendezvous session on which TIBCO Hawk messages will be sent and received.
Use the following steps to create the session.
1. In the project tree panel, click the LDAP Adapter Configuration icon defined
for your adapter instance.
2. Select the Show Advanced Settings check box, then click the Monitoring
tab.
3. The Default MicroAgent Session contains the name of the Hawk session:
DefaultHawkSession. Use default settings for the other fields.
The next diagram shows the definition for a Monitoring tab.
4. Open the Advanced folder for the adapter instance. Double-click the Sessions
folder.
6. In Service, type 7474 (the default used by TIBCO Hawk) or modify the
global variable by clicking the Global Variables tab.
7. In Daemon, type tcp:7474 (the default used by TIBCO Hawk) or modify the
global variable by clicking the Global Variables tab.
8. If you choose to change the defaults, click Apply and save the project.
The next diagram shows the HawkSession defined.
The project panel is updated to display all currently defined global variables.
You now have these choices:
— To assign or change a variable value, select that region and triple-click the
variable. The variable expands so you can change either the variable name
or the variable value. Press Enter when you’re done.
— To add a new global variable group, click the leftmost icon at the bottom of
the dialog box. Specify the name of the group, then press Enter. With the
group icon selected, you can click the abc icon to add variables to the
group.
— To add a global variable, click the abc icon. A new global variable item is
added to the bottom of the list. Supply the variable name and, optionally,
the value. Press Enter when you’re done.
where variablePathAndName is the name of the variable you wish to set, including
the path to the variable if it is contained in a folder. value is the value you wish to
set the variable to. For example, if you have a global variable named item1
contained in a folder named myGroup and you wish to set its value to 500, add the
following argument to the command line when starting the process engine:
-tibco.clientVar.myGroup/item1 500
Variable Description
Deployment Defaults to the TIBCO Designer project name. This value
can be any string value. This global variable is used by the
system to partially define the subject name defined for a
service.
DirTrace Specifies the path name for logging the file used by the
adapter. The default is the root installation directory.
JmsProviderUrl Specifies where the JMS server is located. Setting this value
mostly makes sense in the early stages of a project, when
only one JMS server is used.
JmsSslProvider Specifies where the JMS server, running in the SSL mode,
Url
is located. Setting this value mostly makes sense in the
early stages of a project, when only one JMS server is used.
Variable Description
RvNetwork TIBCO Rendezvous network. This variable need only be
set on computers with more than one network interface. If
specified, the TIBCO Rendezvous daemon uses that
network for all outbound messages.
In most cases, you can leave the default.
RvaPort TCP port where the TIBCO Rendezvous agent (rva) listens
for client connection requests. See TIBCO Rendezvous
Administration for details about specifying the rva
parameters. Defaults to 7501.
To synchronize two LDAP servers, you need to set up two adapter instances: one
instance for each server. Each adapter instance should contain a publication and a
subscription service. The publication and subscription services must be
configured to the same destination or subject to enable them to exchange data
between the two servers. The following two situations are possible:
• The two LDAP servers that you are trying to synchronize have changes
happening on separate directory information trees. This situation does not
require special configuration. You can configure an adapter instance for use
with both synchronized and non-synchronized LDAP servers using identical
methods.
• The two LDAP servers have changes occurring on the same or overlapping
directory information trees. If the adapter services in the adapter instances use
two different object classes, no special configuration is required.
However, if the adapter services use the same object class, you must select the
Update Only if Different check box on the Configuration tab of the
Subscription service. Selecting this check box enables the adapter subscription
service to look up the server and decide whether an update is required. For
more information on configuring synchronized LDAP servers, see
Configuration Tab on page 113.
Configuring two LDAP servers that have changes occurring on the same or
overlapping directory information trees affects the adapter performance because
every update through the subscription service involves an additional lookup,
which is unnecessary for a non-synchronized configuration.
If the adapter instance is configured for the Microsoft Active Directory Server, the
publication service publishes the data with the read-only fields such as
uSNCreated, uSNChanged, whenCreated, whenChanged and objectGUID. When
the subscription service fails to update these read-only fields, it displays the
following error:
Error [Adapter] AE_LDAP-00027 Subscription error. Subscription
service 'LDAPSubscriptionService' listening on subject '' failed
due to target application invocation error 'Invalid syntax'.
To prevent this error, you need to use TIBCO IntegrationManager to remove the
read-only fields from the publishing data.
The adapter provides support for binary attributes to enable you to work with
images, audio files, and so on using the adapter.
At design time, do the following before starting the adapter:
1. After you have configured the adapter services, navigate to the <Project_Root_
folder>/AESchemas/ae/scalar/ae/Sequences folder.
2. Drag and drop a Generic Sequence icon into the Sequences folder and enter
the name as sequence[binary].
3. Select Binary as the element type and click Apply.
4. Navigate to the
<Project_Root_folder>/AESchemas/ae/adapter/ldap/<LDAP server
type>/<LDAP server machine>/native/Classes/<required schema> directory to set
the type as binary for the required attributes. This contains the schema that
was created. The required schema is the schema that must be modified and
can be an object class name such as inetorgperson, user, organization, and
so on.
The <LDAP server type> and <LDAP server machine> values are the values that you
specified in the Server Type and Server Name fields under the Design-Time
Connection tab while configuring the adapter instance.
5. Expand the schema and identify the attributes that need to be modified for the
binary type. For each attribute, click Browse in the Sequence field and select
the sequence[binary] that was created in step 2.
6. Click Apply.
7. Save the project.
Message Acknowledgement
Publishing Messages
DN = CN=Aparna DEL:aec6dadb-244d-4fd0-a058-4c6e7ef18a09,CN=Deleted
Objects,DC=adsldap
Since the information about the original DN and attribute values are not available
on the Microsoft Active Directory Server, the adapter cannot publish those details;
only the DN used in the deleted objects container is available. Therefore, the
adapter will publish all deleted entries belonging to the object class irrespective of
whether it is a part of the Base DN you selected during configuration.
Additionally, if you configure a publication service with a filter (for example,
attribute1 = abc), the adapter cannot search for attribute1 as it no longer
exists. Therefore, the adapter will ignore the filter for publishing deleted entries,
for Microsoft Active Directory Server.
To add a user account with a password into Microsoft Active Directory Server,
you must make the following configuration changes:
1. Configure the adapter instance to use an SSL connection at run time. To do
this, configure the SSL parameters in the Run-time Connection tab of the
adapter instance. For details on configuring SSL, see Configuring the SSL
Environment on page 85.
2. Set the unicodePwd attribute type in the user schema to binary. For details on
setting binary attributes, see Configuring the Repository for Binary Attribute
Support on page 159.
In the request data that is to be sent to the adapter, the actual password must be
enclosed in double quotes. Supply the binary encoded value of the password,
including the double quotes, to the unicodePwd attribute.
In the 4.x version of the adapter, the connection parameters for the LDAP server
at design-time and run-time were the same. Also, the schema generated for an
adapter configuration during design time was stored under folders that derived
their names from the specified LDAP server type and the LDAP server name.
Therefore, changing the LDAP server after configuring the connection parameters
broke the schema references between associated TIBCO BusinessWorks and
TIBCO IntegrationManager processes, and the adapter stopped working. The
adapter only worked if the schemas of the previous and the current LDAP servers
were identical.
In the 5.x version of the adapter, the Run-time Connection tab was introduced.
Consequently, although you can continue to use the same connection parameters
for the LDAP server at design-time and run-time, you also have the option to
specify different design-time and run-time connection parameters. This ensures
that you can migrate from one LDAP server to another by specifying different
server details in the Design-time Connection and the Run-time Connection
tabs. Since the schemas are generated at design time using the server details
specified in the Design-time Connection tab, the references are not broken if
you change the server details in the Run-time Connection tab. However, for the
adapter to work, the schemas on both the servers must be identical.
Additionally, you can specify the global variables for the server details in the
Run-time Connection tab, and provide the values at run-time, using the
adapter’s properties file. This allows you to migrate the project from one LDAP
server to another without modifying the project file. You only need to modify the
adapter’s properties file (.tra).
To specify global variables for run-time connection parameters:
1. Open the project file in TIBCO Designer and select the adapter configuration
you want to modify.
2. Click the Design-time Connection tab and clear the Use Design-time
Connection For Run-time check box.
3. Click the Run-time Connection tab and specify global variables for the
server details. You can provide the values for these global variables at
run-time, using the adapter’s properties file.
For details on how to configure an LDAP server and specify global variables,
see the TIBCO Adapter for LDAP Examples Guide.
This ensures that schema references are not broken when the run-time
connection parameters of the LDAP server are changed.
This chapter explains how to use TIBCO Hawk microagents to monitor and
manage the adapter.
Topics
Overview
The TIBCO Hawk agent can be configured to start automatically during the
system boot cycle. See the TIBCO Hawk Installation and Configuration guide for
information about starting TIBCO Hawk.
The TIBCO Hawk Administrator’s Guide explains how to start the TIBCO Hawk
Display.
The guides are included in your TIBCO Hawk software installation area.
This dialog has two modes, Invoke and Subscribe. Invoking a method
immediately returns a single set of current results. Subscribing provides
updates of current results at regular intervals. Radio buttons at the bottom of
the dialog control these modes.
2. Click a microagent name, such as Self, to display a list of associated methods
and text descriptions in the panels below.
If the method accepts arguments, fields for each argument display in the
upper right panel. Detailed help text displays in the lower panel.
4. Specify any arguments for the method invocation.
5. Verify that the Invoke radio button is selected.
6. Click the Invoke button to invoke the selected method.
The Invocation Results dialog displays the results returned by the method.
Available Microagents
Each adapter has three microagents, a standard TIBCO Hawk microagent named
COM.TIBCO.ADAPTER.xyz where xyz is the adapter configuration name, a custom
microagent, and a class microagent (for PAM compliance). The microagents
provide:
• Business level statistics—statistics that report the progress of the adapter as it
interacts with the vendor application. For example, in a database adapter such
statistics might indicate whether objects were successfully or unsuccessfully
inserted, updated, or deleted in the database.
• Queries that return information about the state of the adapter. This can be an
important tool for seeing the internals of an adapter and debugging it if
something appears wrong. For example, methods can return information
about threads, internal queues, or connections to the target system. Using
these methods, one might be able to identify certain bottlenecks or gauge how
successfully an adapter is scaling with respect to the current environment.
• Updates of the adapter run-time parameters. This includes retrieving the
current run-time parameters and setting new run-time parameters without
restarting the adapter. An example of this is getting and setting the polling
interval. Updating a run-time parameter through the Hawk microagent only
affects the setting of the instance that is running. It does not make a
permanent change of the setting in either the repository or the .tra file.
By default, all three microagents are available at run time. You can disallow
adding custom methods to the standard microagent when deploying the adapter
by changing the addCustomHawkMethodsToClassMAgent property value in the
adapter’s property file.
The following table lists each method available for the adapter and page on which
the method is explained.
Custom Methods
getConnectionStatisti Returns the state and statistics for all the 202
cs()
current connections used by the adapter.
activateTraceRole()
Sink Name string Name of the sink for which to activate the role.
deactivateTraceRole()
Sink Name string Name of the sink for which to activate the role.
getAdapterServiceInformation()
Endpoint Name string Name of the endpoint used for this service.
getComponents()
Returns information about the currently active TIBCO Hawk components such as
publishers, subscribers, or timers.
Component Type string The name of the TIBCO Adapter SDK class for
this component, such as Publisher,
Subscriber, or IODescriptorSource. For
more information about the class, see your
TIBCO Adapter SDK documentation.
getConfig()
getConfigProperties()
Returns all attributes and elements for the given repository object.
getHostInformation()
getRvConfig()
Input
Parameter Type Description
Ledger File string Ledger file for this certified messaging session.
Returns the empty string for sessions that are
not certified messaging sessions.
getStatus()
New Errors integer Number of errors since the last call to this
method.
getTraceSinks()
Role Name string Name of the role for which you need
information for the specified sink or sinks.
Default is all.
getVersion()
Retrieves version information for the current application. Two lines may be
returned, one for the TIBCO Adapter SDK, one for the adapter.
Returns Description
Instance ID Configuration ID as a string, for example SDK.
_onUnsolictedMsg()
Displays all alert messages sent from the adapter or an error if not successful.
preRegisterListener()
reviewLedger()
Input
Parameters Type Description
Last Sent Message integer Sequence number of the most recently sent
message with this subject name.
setTraceSinks()
Input
Parameters Type Description
Sink Name string Name of the sink for which you want to add a
role or change the file limit.
Role Name string Name of the role you want to add to this sink
(warning, error, debug, or user defined). Default
is all.
stopApplicationInstance()
Stops the specified adapter by calling the internal stop() method. This method
returns OK if successful or an error if not successful.
unRegisterListener()
Input
Parameters Type Description
This method returns true if the subscription service was unregistered successfully,
false otherwise.
getActivityStatistics()
Returns the total number of objects processed for all the schemas, based on the
request type. Also, returns the number of success and error objects.
MeasurementIn integer Displays the time (in seconds) since last time the
terval adapter was reset, or if never reset, since the
adapter started.
getActivityStatisticsByOperation()
MeasurementIn integer Displays the time (in seconds) since last time the
terval adapter was reset, or if never reset, since the
adapter started.
getActivityStatisticsBySchema()
Returns the total number of objects processed for the given schema by each
service that uses the schema. Also, returns the number of success and error
objects.
getActivityStatisticsByService
Returns statistics about the data handled by a given adapter service or all adapter
services since the time the adapter was started.
MeasurementIn integer Displays the time (in seconds) since last time the
terval adapter was reset, or if never reset, since the
adapter started.
getConnectionStatistics()
Returns the state and statistics for all the current connections used by the adapter.
Connection Type string Type or key that will match this connection to a
thread or queue.
MeasurementInte integer Displays the time (in seconds) since last time the
rval adapter was reset, or if never reset, since the
adapter started.
getPollingInterval()
getQueueStatistics()
Return the current count of elements in any internal queue used by the adapter.
This includes the TIBCO Rendezvous event queues automatically spawned by
TIBCO Rendezvous for each adapter.
MeasurementInte integer Displays the time (in seconds) since last time the
rval adapter was reset, or if never reset, since the
adapter started.
getThreadStatistics()
ThreadType string Type that tells what part of the adapter this
thread belongs. Valid types include
"Publisher", "Subscriber", "RPC", or
"Connection".
MeasurementInterv integer Displays the time (in seconds) since last time
al the adapter was reset, or if never reset, since
the adapter started.
resetActivityStatistics()
resetConnectionStatistics()
resetThreadStatistics()
setPollingInterval()
This appendix explains the trace messages that are logged to a location specified
at configuration time.
Topics
Overview
Trace messages provide information about adapter activities. The messages are
logged to the console where the run-time adapter was started and to a log file.
Trace messages can also be redirected to the TIBCO Hawk Display application, or
sent to other applications using the TIBCO Rendezvous transport.
Each trace message can include the following fields:
<Timestamp> <Adapter Identifier> <Role> <Category> <Status Code>
<Tracking Identifier>
The above fields are explained in Trace Message Fields on page 214. The
following diagram shows an example trace message and calls out the fields.
Timestamp
2003 Jul 09 10:58:54:984 GMT +5
Tracking Identifier
tracking=#Kj2--7--Dkic3UxU-/gPzzw6E-zzw#
The next set of trace messages indicates the publication service of the adapter
publishing a message that uses the UPDATE operation. The
#Kj2--7--Dkic3UxU-/gPzzw6E-zzw# tracking identifier included in the trace
message uniquely identifies the message. The adapter provided the identifier.
2003 Jul 09 10:58:54:984 GMT +5 ldap.LDAPAdapterConfiguration Info
[Adapter]
The final trace message indicates the subscription service has received the
message, and acknowledges that the UPDATE operation is complete with the
following message.
2003 Jul 09 10:58:55:031 GMT +5 ldap.LDAPAdapterConfiguration Info
[Adapter]
AELDAP-00003 Service LDAPSubscriptionService invoked
tracking=#0vA--9--Dkic3k-w-/gQzzw6E-zzw#
2003 Jul 09 10:58:55:031 GMT +5 ldap.LDAPAdapterConfiguration Info
[Adapter]
AELDAP-00013 Service: LDAPSubscriptionService Operation:
LDAP_MODIFY DN:
uid=pop,ou=unit5,o=BenchMark,dc=us.tibco.com
Adapter Name of the adapter that wrote the trace message. This is a combination of the
Identifier adapter acronym and adapter configuration name. For example, the
application identifier, LDAP.publisher1 identifies a TIBCO Adapter for
LDAP service named publisher1.
Status Code Unique code for the message and description. Status codes are identified by a
unique number and description. If a trace message includes an error or warn
role, the status code documentation includes a resolution. See Status Messages
on page 216 for details.
Status Messages
errorRole Adapter Ensure that the path for the audit log file is
correct as displayed in the Connection Tab
during adapter instance configuration.
AELDAP-00006 Unable to fetch the schema for the LDAP server <server name>.
AELDAP-00009 Error occurred while creating persistent search control: <error description>.
AELDAP-00010 Operation <operation name> is not supported for the service: <service
name>.
AELDAP-00013 Service: <service name> Operation: <operation name> DN: <DN> <DN>.
AELDAP-00017 Cannot run the service <service name> on non windows platform against
Active Directory server.
AELDAP-00019 The logfile <logfile name> could not be opened. The adapter will not
publish any changes which occurred before the adapter was started. This is
normal if you are starting the adapter for the first time.
warnRole Adapter If you are not starting the adapter for the first
time, check if the file exists. If it does not,
check on file space and on write permissions
for the adapter to create the file.
AELDAP-00022 This version of TIBCO Adapter for LDAP is not compatible with the
specified repository. Please install and use a newer version of the adapter.
AELDAP-000024 Startup Error. Unable to create a connection with the target application using
connection parameters [Host = <host name>, Port = <port>, User DN = <user
DN>, Password = ******]. Target application error is <error description>.
AELDAP-000025 Startup Error. Received target application error with the target application
LDAP. The connection <user DN>, Password = ***** and the Connection
pool size is <connection pool size>.
warnRole Adapter The reconnect failed, but the adapter will try
again after the specified time interval.
AELDAP-890005 The request received could not be processed due to connection errors. Error
reply sent back.
AELDAP-890006 Adapter stopping due to persistent connection errors. Please check LDAP
Server and restart adapter.
AELDAP-890009 Operation did not succeed due to connection error in service <service name>.
The operation will be reattempted.
AELDAP-000036 Startup Error. Unable to initialize client library for SSL using parameters
[Client certificate and key directory = <client certificate and key directory>,
Server authentication = <authentication>]. Target application error is: <error
description>.
AELDAP-000037 Startup Error. Unable to bind to target LDAP server on SSL channel using
parameters [Host = <host name>, Port = <port>, Client authentication
mechanism = <authentication mechanism>, User DN = <user DN>]. Target
application error is: <error description>.
AELDAP-000040 Failed to open the Root DSE on an Active Directory Server using parameters
[ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL used>]. Target
application error code is: <error code>.
AELDAP-000043 Failed to open the IDirectorySearch with fast bind option on an Active
Directory Server using parameters [ADsPath = <path>, User DN = <user
DN>, Use SSL = <SSL used>]. Target application error code is: <error code>.
AELDAP-910012 Startup Error. Unable to create a Custom Hawk Micro Agent Named
<microagent name> used for %2.
AELDAP-910006 Startup Error. SDK Exception <error description> occurred while creating a
shutdown listener with parameters <parameters>, <parameters>. The
Repository URL is <repository URL> and the Configuration URL is
<configuration URL>.
AELDAP-910003 Startup Error. The command line parameters <parameters> have not been
specified properly
AELDAP-000108 Invalid service type. Service <service name> contains invalid value for the
attribute 'type'.
AELDAP-000113 Invalid operation name. Service <service name> contains a operation name
that is not supported in the associated class.
AELDAP-000114 No operation match. Operation name specified for Service <service name>
does not match any of the operations in the associated class.
AELDAP-000213 Unable to deserialize reply message for publisher reply service: <service
name>.
AELDAP-000214 Unable to get the MPublisher associated with the data event for subscriber
reply service <service name>.
warnRole Adapter
errorRole Palette Error message for the null field. This field is
mandatory.
AELDAP-970002 The port number must be greater than or equal to 0, and less than or equal to
65535.
AELDAP-970015 The specified LDAP server type does not match with the actual LDAP server
type you are trying to connect to. Please select the correct server type.
AELDAP-970030 Connection could not be established with the LDAP server, so currently the
Schema View tab will not be available.Please ensure that valid parameters
have been specified in the Design-time Connection tab.
AELDAP-970032 Couldn't find trusted certificate. Please check your SSL connection
information and certificate keystore.
errorRole Palette Make sure that the number field does not
contain a hyphen (-) character.
AELDAP-970037 At least one service already exists with the previous server data.Make sure
that no service exists before attempting to configure the new server.
AELDAP-970043 The maximum value for this field should not exceed 10000.
AELDAP-970044 The specified DN and sample schema entry values together do not form a
valid DN. Please enter correct values.
AELDAP-970045 The number of search entries must be greater than or equal to 1 and less than
or equal to 1000.
errorRole Palette Make sure that you have not entered zero in
the Maximum Number of Reconnect
Attempts field. You can enter -1 or a positive
integer that is greater than zero in the
Maximum Number of Reconnect Attempts
field.
AELDAP-970047 The maximum number of retries must be greater than or equal to -1, and less
than or equal to 65535, excluding zero.
AELDAP-970048 The maximum number of retries should be greater than or equal to number
of retries before suspend.
AELDAP-970049 The number of retries before suspend must be greater than or equal to 1, and
less than or equal to 65535.
AELDAP-970050 The sleep between retries must be greater than or equal to 100, and less than
or equal to 2147483647.
AELDAP-970052 Adapter Service names must only have alphanumeric characters. Please type
in a valid name.
errorRole Palette Make sure that the name of the service does
not consist of non-alphanumeric characters.
This appendix explains each of the additional LDAP directory server settings you
can make during design-time.
Topics
The naming context container of ADAM provides you information about objects
deleted from LDAP server. You can specify a default naming context. The
following information provides information on how to set default naming context
in ADAM.
By default, an ADAM instance does not provide a default naming context. You
can, however, configure ADAM to provide a default naming context as follows:
1. In ADAM EDSI Edit, expand the My Connection tree as follows:
a. Select CN=Configuration > CN=Sites.
b. Expand the CN=Sites node upto CN=NTDS Settings.
2. Righ-click on the CN=NTDS Settings node.
The CN=NTDS Settings Properties dialog appears.
3. Select the attribute msDS-DefaultNamingContextBL.
4. Click the Edit button.
5. In the Multi-Valued String Editor dialog, enter the DN to be used as the
naming context.
6. Click the Add button and then the OK button.
The value is added to the Values panel of the Multi-Valued String Editor
dialog.
To enable the adapter to work with the global catalog server make the following
settings:
• Make the InvocationID attribute visible to the global catalog server.
• For retrieval of schemas and expected publisher and search operation, make
the following attributes of object class classSchema visible:
— subClassof
— systemAuxiliaryClass
With the adapter, the global catalog server allows only LDAP_SEARCH operation.
The default global catalog server TCP port is 3268.
Upon your acceptance as indicated above, the following shall govern TIBCO shall have no obligation to support the Software (i) for use on
your use of the Software except to the extent all or any portion of the any computer system running other than the operating system
Software (a) is subject to a separate written agreement, or (b) is software for which the Software is approved (as set forth in the
provided by a third party under the terms set forth in an Addenda at Software documentation) and licensed hereunder, or (ii) if Customer
the end of this Agreement, in which case the terms of such addenda has modified or authorized a third party to modify the Software.
shall control over inconsistent terms with regard to such portion(s). TIBCO shall have no obligation to modify any version of the Software
to run with any new versions of any operating system, or any other
License Grant. The Software is the property of TIBCO or its licensors third party software or hardware. If Customer purchases Support for
and is protected by copyright and other laws. While TIBCO continues any Software, Customer must purchase the same level of Support for
to own the Software, TIBCO hereby grants to Customer a limited, all copies of the Software for which it is licensed.
non-transferable, non-exclusive, license to use the number of
Permitted Instances set forth in the Ordering Document, in Support may be extended for one-year periods on the anniversary of
machine-readable, object code form and solely for Customer's internal each Purchase Date at the standard amounts set forth in its price list,
business use. for as long as TIBCO offers Support. Customer may reinstate lapsed
support for any then currently supported Software by paying all
Restrictions. Customer agrees not to (a) make more copies than the Support fees in arrears and any applicable reinstatement fee.
number of Permitted Instances plus a reasonable number of backups; Upgrades, patches, enhancements, bug fixes, new versions and/or
(b) provide access to the Software to anyone other than employees, new releases of the Software provided from time to time under
contractors, or consultants of Customer; (c) sublicense, transfer, Support shall be used only as replacements to existing Permitted
assign, distribute to any third party, pledge, lease, rent, or Instances, and shall not be deemed to increase that number, and use
commercially share the Software or any of Customer's rights under thereof shall be governed by the terms of this Agreement, except for
this Agreement (for the purposes of the foregoing a change in control the first paragraph of the Limited Warranty and any right of return or
of Licensee is deemed to be an assignment); (d) use the Software for refund.
purposes of providing a service bureau, including, without limitation,
providing third-party hosting, or third-party application integration or Consulting Services. Customer may request additional services
application service provider-type services, or any similar services; (e) ("Services") either in an Ordering Document, or by a separate
use the Software in connection with ultrahazardous activities, or any mutually executed work order, statement of work or other
activity for which failure of the Software might result in death or work-request document incorporating this Agreement (each, a "Work
serious bodily injury to Customer or a third party; or (f) directly or Order"). Unless otherwise expressly agreed to in a Work Order, all
indirectly, in whole or in part, modify, translate, reverse engineer, Services and any work product therefrom shall be (a) performed on a
decrypt, decompile, disassemble, make error corrections to, create time and materials basis, plus meals, lodging, travel, and other
derivative works based on, or otherwise attempt to discover the expenses reasonably incurred in connection therewith, (b) deemed
source code or underlying ideas or algorithms of the Software. accepted upon delivery, and (c) exclusively owned by TIBCO (except
for confidential information of Customer identified to TIBCO in the
Beta and Evaluation Licenses. Notwithstanding the foregoing, if the Ordering Document), including all right, title and intellectual property
Software is being provided for demonstration, beta testing, or or other right or interest therein. Each Work Order is intended to
evaluation purposes, then Customer agrees (a) to use the Software constitute an independent and distinct agreement of the parties,
solely for such purposes, (b) that the Software will not be used or notwithstanding that each shall be construed to incorporate all
deployed in a production environment, and (c) that such use shall applicable provisions of this Agreement. Specific to TIBCO training
automatically terminate upon the earlier of thirty days from the date services, additional information regarding courses, registration,
Customer receives the right to install the Software, or Customer's restrictions or limitation can be found at TIBCO's website at
receipt of notice of termination from TIBCO. http://www.tibco.com/services/educational under Education Programs.
Fees for Services shall be due and payable in United States dollars
Technical Support. Provided Customer has paid applicable support net 30 from the date of TIBCO's invoice.
fees (not included with Software fees unless separately listed), TIBCO
shall provide support for generally available TIBCO Software on an Limited Warranty. If Customer obtained the Software directly from
annual basis commencing on the Purchase Date, as follows TIBCO, then TIBCO warrants that for a period of thirty (30) days from
("Support"): Customer shall designate at TIBCO's support website the Purchase Date: (i) the media on which the Software is furnished
https://support.tibco.com/eSupport/newuser.html, the number of will be free of defects in materials and workmanship under normal
technical support contacts permitted under the level of Support use; and (ii) the Software will substantially conform to its published
purchased (contacts are changeable upon 48-hours prior written specifications. This limited warranty extends only to the original
notice to TIBCO). Each contact may contact TIBCO for problem Customer hereunder. Customer's sole and exclusive remedy and the
resolution during TIBCO's published support hours corresponding to entire liability of TIBCO and its licensors under this limited warranty
the level of Support fees paid. will be, at TIBCO's option, repair, replacement, or refund of the
Software and applicable Support fees, in which event this Agreement
Upon notice from a contact of a Software problem which can be shall terminate upon payment thereof.
reproduced at a TIBCO support facility or via remote access to
Limitation of Liability. EXCEPT AS PROVIDED UNDER Government Use. If the Customer is an agency, department, or other
INDEMNITY OR RESULTING FROM A BREACH OF entity of the United States Government ("Government"), the use,
CONFIDENTIALITY (THE "EXCLUDED MATTERS"), IN NO EVENT duplication, reproduction, release, modification, disclosure or transfer
WILL EITHER PARTY OR TIBCO'S LICENSORS BE LIABLE FOR of the Software, or any related documentation of any kind, including
ANY LOST DATA, LOST REVENUE, LOST PROFITS, DAMAGE TO technical data or manuals, is restricted in accordance with Federal
REPUTATION, BUSINESS INTERRUPTION, OR ANY OTHER Acquisition Regulation ("FAR") 12.212 for civilian agencies and
The OpenSSL toolkit stays under a dual license, i.e. both the Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com). All rights
conditions of the OpenSSL License and the original SSLeay license reserved.
apply to the toolkit.
This package is an SSL implementation written by Eric Young
See below for the actual license texts. Actually both licenses are (eay@cryptsoft.com).
BSD-style Open Source licenses. In case of any license issues related
to OpenSSL please contact openssl-core@openssl.org. The implementation was written so as to conform with Netscapes
SSL.
The OpenSSL License This library is free for commercial and non-commercial use as long as
the following conditions are aheared to. The following conditions apply
Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. to all code found in this distribution, be it the RC4, RSA,lhash, DES,
etc., code; not just the SSL code. The SSL documentation included
Redistribution and use in source and binary forms, with or without with this distribution is covered by the same copyright terms except
modification, are permitted provided that the following conditions are that the holder is Tim Hudson (tjh@cryptsoft.com).
met:
Copyright remains Eric Young's, and as such any Copyright notices in
1. Redistributions of source code must retain the above copyright the code are not to be removed. If this package is used in a product,
notice, this list of conditions and the following disclaimer. Eric Young should be given attribution as the author of the parts of the
library used. This can be in the form of a textual message at program
2. Redistributions in binary form must reproduce the above copyright startup or in documentation (online or textual) provided with the
notice, this list of conditions and the following disclaimer in the package.
documentation and/or other materials provided with the distribution.
Redistribution and use in source and binary forms, with or without
3. All advertising materials mentioning features or use of this software modification, are permitted provided that the following conditions are
must display the following acknowledgment: "This product includes met:
software developed by the OpenSSL Project for use in the OpenSSL
Toolkit. (http://www.openssl.org/)" 1. Redistributions of source code must retain the copyrightnotice, this
list of conditions and the following disclaimer.
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be
used to endorse or promote products derived from this software 2. Redistributions in binary form must reproduce the above copyright
without prior written permission. For written permission, please notice, this list of conditions and the following disclaimer in the
contact openssl-core@openssl.org. documentation and/or other materials provided with the distribution.
5. Products derived from this software may not be called "OpenSSL" 3. All advertising materials mentioning features or use of this software
nor may "OpenSSL" appear in their names without prior written must display the following acknowledgement: "This product includes
permission of the OpenSSL Project. cryptographic software written by Eric Young (eay@cryptsoft.com)"
The word 'cryptographic' can be left out if the rouines from the library
6. Redistributions of any form whatsoever must retain the following being used are not cryptographic related :-).
acknowledgment:"This product includes software developed by the
OpenSSL Project for use in the OpenSSL Toolkit 4. If you include any Windows specific code (or a derivative thereof)
(http://www.openssl.org/)" from the apps directory (application code) you must include an
acknowledgement: "This product includes software written by Tim
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS Hudson (tjh@cryptsoft.com)"
IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
OF THE POSSIBILITY OF SUCH DAMAGE.
The licence and distribution terms for any publically available version
or derivative of this code cannot be changed. i.e. this code cannot
simply be copied and put under another distribution licence [including
the GNU Public Licence.]
Index
A C
activateTraceRole() Class Microagent Name field, adapter 102
Hawk method 180 command line arguments 184
adapter compatible software 23
compatible software 23 configuration
components 23 converting certificates to use SSL 85
configuration overview 84 configuration tab 91
encoding 98 publication service 104
installation on UNIX 30 request-response service 122
installing on Microsoft Windows 25 subscription service 113
instance fields 91 configuration tasks 84
instance tabs 91 configuring SSL 85
integration with LDAP 2
overview 2
preparing the LDAP server for use 41
publication service 10 D
request-response service 11
role 2 deactivateTraceRole()
services available 4 Hawk method 181
subscription service 10 design-time connection tab 92
supported messaging transports 4 directory store 3
adapter components 23
adapter instance
configuration tab 91
design-time connection tab 92 E
general tab 98
logging tab 99 enabling SSL on the LDAP server 41
monitoring tab 101 encoding 98
multithreading tab 98 setting options 156
run-time connection tab 95 example
startup tab 101 configuring the adapter 49
tabs available 91 configuring the project with TIBCO
adapter services 4, 103
agents 170
alerts 170
G H
general tab 98 Hawk
getActivityStatisticeBySchema() auto-discovery process 172
Hawk method 200 available microagents 176
getActivityStatistics() defining a session 150
Hawk method 198 invoking microagent methods 173
getActivityStatisticsByOperation() overview 170
Hawk method 199
getActivityStatisticsByService()
Hawk method 201
getAdapterServiceInformation()
Hawk method 182
getComponents()
Hawk method 183
getConfig()
Hawk method 184
getConfigProperties()
Hawk method 185
getConnectionStatistics()
Hawk method 202
getHostInformation()
Hawk method 186
getPollingInterval()
Hawk method 203
getQueueStatistics()
Hawk method 204
getRvConfig()
Hawk method 187
getStatus()
Hawk method 188
I
installation P
FAQs 34
on Microsoft Windows 25 preparing server interfaces 39
on UNIX 30 preRegisterListener()
troubleshooting 34 Hawk method 192
instance fields publication service 10
adapter 91 configuration tab 104
configuring timers
S TIBCO Hawk
background information 170
schema for Publication Service 109, 112 enterprise monitor components 170
schema for Request-Response Service 127 TIBCO Hawk methods
schema for Subscription Service 118 getComponents 183
schema support 5 getRvConfig 187
schema tab getStatus 188
publication service 112 reviewLedger 193
request-response service 130 trace message
subscription service 121 example 212
schema view tab fields 214
publication service 109 structure 212
request-response service 127 Tracing 212
subscription service 118 Tracing Levels and Fields 214
server interfaces
preparing 39
U
UNIX
combining options 33
installing adapter 31
post-installation 33
supported LDAP servers 30
unregisterListener()
Hawk method 197
Use Advanced Logging field, adapter 99
using
global variables 152
V
variable substitution 152