Provisioning Objects in the Connector Space

After installing Microsoft Identity Integration Server 2003, one of the first steps after you project identity information from the different data sources into the metaverse is to create and export new objects into other connected data sources. This process is known as provisioning. Provisioning is implemented by creating a rules extension that implements the IMVSynchronization.Provision method. When the method is called, the method gets passed the metaverse object as an MVEntry object.

We recommend that you follow these steps when implementing the provisioning logic:

1. Determine the State of the Object.
2. Start Creating a New Connector or Use the Existing Connector.
3. Set the Appropriate Distinguished Name or Attribute Values
4. Finish Creating the New Connector or Disconnect or Rename the Existing Connector
5. Handle Any Exceptions

Determine the State of the Object

Provisioning the objects in the connector space by first investigating attribute values to determine the current state of the MVEntry object as passed to the method. If the MVEntry object meets a certain condition by matching expected attribute values, then you can apply the appropriate provisioning logic to the CSEntry object. MVEntry objects that do not meet a certain condition stay in the same state without having to add additional logic into the provisioning code.

Start Creating the New Connector or Use the Existing Connector

After determining the state of the metaverse object, you can create a new connector or use an existing connector depending upon the value of the ConnectorCollection.Count property. If this value is zero, then start creating a new connector with the ConnectorCollection.StartNewConnector method. If the property is 1, then use the existing connector. Throw an UnexpectedDataException exception if the property value is greater than 1 and if this is an unexpected value.

To start creating the connector, use the ConnectorCollection.StartNewConnector method. When calling this method, use the object type selected in the management agent as the parameter. To determine the object type that has been selected, go to Select Object Types in the management agent properties.

To use the existing connector, use the ConnectorCollection.ByIndex or the ConnectorCollection.ByDN property.

The following example shows you how to get the number of connectors and then create a new connector, use an existing connector, or throw an exception depending upon the number of connectors:

' Get the number of connectors for this MVEntry object under
' this management agent
Dim ManagementAgent As ConnectedMA
Dim Connectors As Integer
Dim csentry As CSEntry
Dim DN As ReferenceValue

Connectors = ManagementAgent.Connectors.Count
DN = ManagementAgent.EscapeDNComponent(System.Guid.NewGuid().ToString)

If 0 = Connectors Then
	' Create the new connector
	CSEntry = ManagementAgent.Connectors.StartNewConnector("person")

	' Assign the distinguished name
	CSEntry.DN = DN

	' Finish creating the new connector
	CSEntry.CommitNewConnector()

ElseIf 1 = Connectors Then
	' Assign the distinguished name using the existing connector
	CSEntry = ManagementAgent.Connectors.ByIndex(0)
	CSEntry.DN = DN

Else
	Dim ExceptionMessage As String
	ExceptionMessage = "Multiple Connectors on Management Agent"
	Throw New UnexpectedDataException(ExceptionMessage)

End If

//Get the number of connectors for this MVEntry object under
// this management agent.
int Connectors;
ReferenceValue DN;

Connectors = ManagementAgent.Connectors.Count;
DN = ManagementAgent.EscapeDNComponent(System.Guid.NewGuid().ToString());

if(0 == Connectors)
{
	//Create the new connector
	csentry = ManagementAgent.Connectors.StartNewConnector("person");

	// Assign the distinguished name
	csentry.DN = DN;

	// Finish creating the new connector.
	csentry.CommitNewConnector();
}

else if(1 == Connectors)
{
	// Assign the distinguished name using the existing connector
	csentry = ManagementAgent.Connectors.ByIndex[0];
	csentry.DN = DN;
}

else
{
	string ExceptionMessage;
	ExceptionMessage = "Multiple Connectors on Management Agent";
	throw new UnexpectedDataException(ExceptionMessage);
}

Set the Appropriate Distinguished Name or Attribute Values

To create a new valid connector, additional information must be set on the new CSEntry object. The information that need to be set depends upon the connected data source:

• LDAP-based connected data sources. These connected data sources require a distinguished name for each object. Some examples of LDAP-based data sources are those data sources that use the management agents for Active Directory, Sun ONE Directory Server 4.1x and 5.x (formerly iPlanet Directory Server), Netscape Directory Server 4.1 and 6.01, Exchange 5.5, LDAP Data Interchange Format (LDIF), Directory Service Markup Language Services for Windows (DSML). For these data sources, construct a distinguished name with either the ManagementAgent.EscapeDNComponent or the ManagementAgent.CreateDN method. Use the CSEntry object returned by one of these methods to set the CSEntry.DN property. Finish the connector creation process with the CSEntry.CommitNewConnector method.

  For a code example that shows you how to provision objects in the connector space for LDAP-based connected directories, see Example: LDAP-based Connected Directories.

• Connected data sources that expect the anchor attributes to be provided by Microsoft Identity Integration Server 2003. These connected data sources use the attribute specified in Set anchor of Configure special attributes in the management agent properties for the primary key. The anchor attribute can be a calculated value based on a single or multiple attributes. These data sources require the specified anchor attribute values to be set on the new connector object. For a code example on provisioning these objects, see Example: Connected Data Sources that Expect Identity Integration Server to Provide the Anchor Attributes.
• Connected data sources that generate the anchor attributes. These connected data sources typically generate a primary key value from an auto-incremented identity column. For these types of data sources, you set the CSEntry.DN property to a temporary value and then add the new connector. When the new connector object is exported, the connected data source provides the permanent anchor. For a code example that shows you how to provision objects from data sources that provide the primary key, see Example: Connected Data Sources that Generate the Anchor Attribute.
• Other Connected Data Sources. These connected data sources require specified property values prior to adding the connector to the connector collection. For a code example that shows you how to provision these objects, see the following code examples:
  • Lotus Notes Connected Data Sources
  • Microsoft Exchange Connected Data Sources
  • Example: Microsoft Windows  NT Server 4.0 Connected Data Sources

Finish Creating the New Connector or Disconnect or Rename the Existing Connector.

After setting the appropriate attribute values, you can do one of the following:

• Finish creating the new connector with the CSEntry.CommitNewConnector method.
• Disconnect the existing connector with the CSEntry.Deprovision method. For an example of disconnecting an existing connector, see Example: Deprovisioning An Object After a Specified Time
• Rename the existing connector. For an example, see Example: Creating a New Connector or Renaming an Existing Connector

Handle Any Exceptions

During the provisioning process an exception may be thrown by the operating system, the .NET Framework, or the rules extension. Decide if the exceptions should stop or continue the provisioning process. For more information, see Catching Exceptions.