The directory abstraction layer is a set of XML-based files that define a logical view of an Identity Vault for the User Application. The User Application uses the directory abstraction layer definitions to determine:
The Identity Vault objects and attributes that the User Application can display or modify.
How the User Application displays Identity Vault data.
The relationships the User Application can display.
The provisioning request categories, e-mail notification types, and delegate relationships the User Application can display.
The User Application ships with a default set of entities, relationships, and lists that it needs to function, but you can add new or modify existing directory abstraction layer objects to customize the User Application for your own business needs. You use the directory abstraction layer editor (described in Section 3.1.2, About the Directory Abstraction Layer Editor) to define the contents of the directory abstraction layer.
Before you make changes to the directory abstraction layer objects, analyze how you want to display your Identity Vault data in the User Application. Consider:
What parts of the Identity Vault you want to make available to the User Application.
For example, what objects do you want your users to be allowed to search and display? Check this list against the base set of abstraction layer definitions to determine if you need to add any new objects.
What is the structure of your Identity Vault schema? Have you added custom extensions and auxiliary classes?
What is the structure of your data?
What is required and what is optional?
What validation rules are in place?
What are the relationships between objects (DN references)?
How are the attributes defined? (For example, an attribute that represents a phone number might be multi-valued for home, office, and cell phone numbers)
Who sees the data? Is the User Application available as a public or private site?
Use the information about your data needs to map your Identity Vault objects to abstraction layer entities.
The directory abstraction layer editor is a graphical tool for defining the directory abstraction layer files. When you add a User Application driver to an Identity Manager project and run the configuration wizard, Designer creates an initial set of directory abstraction layer files. If you do not run the configuration wizard, the initial files are not created. These base files are displayed when you start the directory abstraction layer editor.
To start the directory abstraction layer editor:
Open the
and double-click the node.Designer displays the directory abstraction layer tree containing nodes for
, , , and .Use the left pane to navigate the directory abstraction layer nodes. When you select an item in the left pane, the right pane displays the properties for the selection.
Use the right pane to define the properties for the selection. For more information about the properties, see Section 3.7, Directory Abstraction Layer Property Reference.
The following table describes the directory abstraction layer toolbar:
Table 3-1 Directory Abstraction Layer Toolbar
The directory abstraction layer files you work with are stored in the Designer project’s Provisioning\AppConfig\DirectoryModel directory. The filenames are derived from the object key.
Table 3-2 Local Directory Abstraction Layer Directories
Designer creates the base set of directory abstraction layer files for each provisioning project. An identical set is ed to the User Application driver when the User Application is installed.
To customize the Identity Manager User Application, you change the directory abstraction layer objects and the changes to the User Application driver. Some entities, attributes, lists, and relationships are required for the User Application to function properly. The editor displays a lock next to the definitions that you should not delete. From the list below, you can see that you should not delete the
, or entities.Figure 3-1 DAL User Application Default Entities, Lists, and Relationships
If you define multiple User Application drivers in a single project, Designer creates multiple AppConfig folders and names them AppConfig, AppConfig1, AppConfig2, and so on.