Microsoft Identity Integration Server 2003 Developer Reference

Creating and Checking Attribute Values

Microsoft Identity Integration Server 2003 creates and distributes an integrated view of all the connected directories through a synchronization process of inbound synchronization and outbound synchronization. As part of the synchronization process, you can configure your synchronization rules to use rules extensions to ensure that the integrated view contains the necessary attribute values and that these values are unique.

Creating and Checking Attribute Values

When identity information is sent to Identity Integration Server from a connected data source, the synchronization process uses the rules configured in the Identity Manager to either create a new or use an existing connector space object. As part of the synchronization process, you can check if the connector space object contains the necessary attribute values as a processing requirement by implementing the IMASynchronization.FilterForDisconnection method to determine if the object has the necessary attribute values.

If data transformations or other operations beyond those provided by attribute flow mapping in the Identity Manager should be performed when setting attribute values on Metaverse entries, implement the IMASynchronization.MapAttributesForImport method to create new attribute values or check for necessary attributes on the connector space entry. If necessary, you can use Util.FindMVEntries method to search for existing attribute values to ensure that your new attribute value is unique.

The following topics show you how to create and check attribute values using rules extensions:

Creating a Unique Naming Attribute

Every connected data source uses a naming attribute for entries, objects, or identities. In LDAP-based connected directories, for example, the distinguished name is used as the naming attribute. To ensure that the entries, objects, or identities are uniquely identified, each distinguished name must be unique.

These naming attributes are constructed based upon the integrated view in the metaverse. You can use a rules extension to create a value for the naming attribute and check that the value is unique.

To create a naming attribute, implement the IMVSynchronization.Provision method for metaverse objects that have changed or the IMASynchronization.Deprovision method when a metaverse object is deleted.

To ensure that the naming attribute is unique, the synchronization rules will throw the ObjectAlreadyExistsException exception if the naming attribute value already exists. Handle this exception by creating a new value for the naming attribute (retry until the operation succeeds).

The following topics show you how to create unique naming attributes using rules extensions:

Distinguished Name Considerations

Be sure you change the attributes of an object before you construct a distinguished name. If you change a component of the distinguished name, the corresponding object attribute remains the same unless you manually change the attribute value.

Improving Performance

To improve the performance of your rules extension, use the specified case for attribute and class names. If you use the specified case for attribute and class names, your rules extension does not have to determine the correct name from the schema and then obtain the name from the object model a second time.