TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP User's Guide ™

TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP User's Guide ™
TIBCO ActiveMatrix BusinessWorks™ Plug-in
for LDAP User's Guide
Software Release 7.0
January 2015
Two-Second Advantage®
2
Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH
EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY
(OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE
EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY
OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.
USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND
CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED
SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE
CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD
OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE)
OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER
LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE
SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND
YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE
BOUND BY THE SAME.
This document contains confidential information that is subject to U.S. and international copyright laws
and treaties. No part of this document may be reproduced in any form without the written
authorization of TIBCO Software Inc.
TIBCO, Two-Second Advantage, TIBCO ActiveMatrix BusinessWorks, TIBCO Enterprise
Administrator, TIBCO Business Studio, and TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP are
either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other
countries.
Enterprise Java Beans (EJB), Java Platform Enterprise Edition (Java EE), Java 2 Platform Enterprise
Edition (J2EE), and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle Corporation in the U.S. and other countries.
All other product and company names and marks mentioned in this document are the property of their
respective owners and are mentioned for identification purposes only.
THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT
ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED
AT THE SAME TIME. SEE THE README FILE FOR THE AVAILABILITY OF THIS SOFTWARE
VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM.
THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL
ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE
CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO
SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S)
AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.
THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR
INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE,
INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.
Copyright © 1998-2015 TIBCO Software Inc. ALL RIGHTS RESERVED.
TIBCO Software Inc. Confidential Information
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
3
Contents
TIBCO Documentation and Support Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Product Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
TIBCO Business Studio Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Creating a Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Creating an LDAP Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Creating an Identity Provider Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Configuring a Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Testing a Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Deploying an Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuring SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Configuring SSL on LDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Converting Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Creating a Keystore Provider Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Configuring SSL in the Plug-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring One-Way SSL Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Configuring Two-Way SSL Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
LDAP Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
LDAP Palette . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Search Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Authenticate Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Create Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Update Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Lookup Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Delete Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
ModifyDN Entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
LDAP Entry Listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
LDIF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Working with the Sample Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Importing the Sample Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Running the LDIFImport Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Running the Sample Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Managing Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Log Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Setting Up Log Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Exporting Logs to a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
4
TIBCO Documentation and Support Services
All TIBCO documentation is available on the TIBCO Documentation site, which can be found here:
https://docs.tibco.com
Product-Specific Documentation
Documentation for TIBCO products is not bundled with the software. Instead, it is available on the
TIBCO Documentation site. To directly access documentation for this product, double-click the
following file:
TIBCO_HOME/release_notes/TIB_bwpluginldap_version_docinfo.html
The following documents for this product can be found on the TIBCO Documentation site:
●
TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP Installation
●
TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP User's Guide
●
TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP Release Notes
How to Contact TIBCO Support
For comments or problems with this manual or the software it addresses, contact TIBCO Support as
follows:
●
For an overview of TIBCO Support, and information about getting started with TIBCO Support,
visit this site:
http://www.tibco.com/services/support
●
If you already have a valid maintenance or support contract, visit this site:
https://support.tibco.com
Entry to this site requires a user name and password. If you do not have a user name, you can
request one.
How to Join TIBCOmmunity
TIBCOmmunity is an online destination for TIBCO customers, partners, and resident experts. It is a
place to share and access the collective experience of the TIBCO community. TIBCOmmunity offers
forums, blogs, and access to a variety of resources. To register, go to:
http://www.tibcommunity.com
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
5
Product Overview
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP is a bridge between TIBCO ActiveMatrix
BusinessWorks™ and an LDAP server.
TIBCO ActiveMatrix BusinessWorks is a leading integration platform that can integrate a wide variety
of technologies and systems within enterprise and on cloud. TIBCO ActiveMatrix BusinessWorks
includes an Eclipse-based graphical user interface (GUI) provided by TIBCO Business Studio™ for
design, testing, and deployment. If you are not familiar with TIBCO ActiveMatrix BusinessWorks
before using the plug-in. See the TIBCO ActiveMatrix BusinessWorks documentation for more details.
TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP plugs into TIBCO ActiveMatrix BusinessWorks
and adds an LDAP palette to TIBCO Business Studio. You can create a connection between the plug-in
and an LDAP server, and then configure a process using the activities in the LDAP palette to manage
LDAP entries, monitor an LDAP server, or validate LDAP users. See Getting Started for more details
about how to use the plug-in.
TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP provides the following features:
●
Authentication Modes
The plug-in acts as a client. You can connect to an LDAP server by using the simple authentication
mode, the external authentication mode, or without authentication.
●
SSL Authentication
The plug-in supports using the Secure Sockets Layer (SSL) to secure the data exchange between the
plug-in and LDAP servers.
●
Persistent Monitoring
The plug-in monitors the changes of an LDAP server even if the plug-in is not running when those
changes are made on the server.
This feature is available for the Microsoft ADS/ADAM server, Oracle Internet Directory
server, and OpenLDAP server.
●
Importing and Exporting Entries
The plug-in supports importing entries from an LDAP Data Interchange Format (LDIF) file to an
LDAP server, or exporting the searched and monitored entries to an LDIF file.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
6
●
Alias Dereferencing
The plug-in supports alias dereferencing for the Search Entry activity. In an LDAP directory, an
alias entry is an entry that points to another entry. Following an alias pointer is known as
dereferencing an alias. When you look up an object by using the alias, the alias is dereferenced so
what is returned is the object pointed by the alias DN (distinguished name).
●
Data Information Tree Browsing
Data on an LDAP server is stored as entries, each of which stores the information of an object or an
entity. All entries are organized into a tree structure, which is called Data Information Tree. The
plug-in supports selecting an entry from a Data Information Tree (DIT). You can specify the number
of entries loaded in DIT.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
7
Getting Started
This tutorial is designed for the beginners who want to use TIBCO ActiveMatrix BusinessWorks Plugin for LDAP in TIBCO Business Studio.
All the operations are done in TIBCO Business Studio. See TIBCO Business Studio Overview to get
familiar with TIBCO Business Studio.
A basic procedure of using TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP includes:
1. Creating a Project
2. Creating an LDAP Connection
3. Configuring a Process
4. Testing a Process
5. Deploying an Application
TIBCO Business Studio Overview
TIBCO Business Studio is an Eclipse-based integration development environment that is used to
design, develop, and test ActiveMatrix BusinessWorks applications.
TIBCO Business Studio provides a workbench in which you can create, manage, and navigate resources
in your workspace. A workspace is the central location on your machine where all data files are stored.
The workbench consists of:
●
Menu: Contains menu items such as File, Edit, Diagram, Navigate, Search, Project, Run, Window,
and Help.
●
Toolbar: Contains buttons for frequently used commands such as New
Disable Business Studio Capabilities
, Save
, Enable/
, Create a new BusinessWorks Application Module
Create a new BusinessWorks Shared Module
, Debug
, Run
,
, and so on.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
8
●
Perspective: Contains an initial set and layout of views that are required to perform a certain task.
TIBCO Business Studio launches the Modeling perspective by default. You can change the
perspective from the menu Window > Open Perspective > Perspective_Name.
●
View: Displays resources. For example, the Project Explorer view displays the ActiveMatrix
BusinessWorks applications, modules, and other resources in your workspace, and the Properties
view displays the properties for the selected resource. You can open a view from the menu Window
> Show View > View_Name.
●
Editor: Provides a canvas to configure, edit, or browse a resource. Double-click on a resource in a
view to open the appropriate editor for the selected resource. For example, double-click on an
ActiveMatrix BusinessWorks process (MortgageAppConsumer.bwp) in the Project Explorer view to
open the process in the editor.
●
Palette: Contains a set of widgets and a palette library. A palette groups activities that perform
similar tasks and provide quick access to activities when configuring a process.
Creating a Project
The first task using the plug-in is creating a project. After creating a project, you can add resources and
processes.
An Eclipse project is an application module configured for TIBCO ActiveMatrix BusinessWorks. An
application module is the smallest unit of resources that is named, versioned, and packaged as part of
an application.
Procedure
1. Start TIBCO Business Studio using one of the following ways:
●
Microsoft Windows: click Start > All Programs > TIBCO > TIBCO_HOME > TIBCO Business
Studio version_number > Studio for Designers.
●
Mac OS and Linux: run the TIBCO Business Studio executable file located in the TIBCO_HOME/
studio/version_number/eclipse directory.
2. From the menu, click File > New > BusinessWorks Resources to open the BusinessWorks Resource
wizard.
3. In the Select a wizard dialog, click BusinessWorks Application Module and click Next to open the
New BusinessWorks Application Module wizard.
4. In the Project dialog, configure the project that you want to create:
a) In the Project name field, enter a project name.
b) If you do not want to use the default location for the project, clear the Use default location check
box and click Browse to select a new location.
c) Use the default version of the application module, or enter a new version in the Version field.
d) Keep the Create empty process and Create Application check boxes selected to automatically
create an empty process and an application when creating the project.
e) Select the Use Java configuration check box if you want to create a Java module.
A Java module provides the Java tooling capabilities.
f) Click Finish to create the project.
Result
The project with the specified settings is displayed in the Project Explorer view.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
9
Creating an LDAP Connection
After creating a project, you add an LDAP Connection shared resource to create a connection between
the plug-in and an LDAP server.
Prerequisites
The LDAP Connection shared resource is available at the Resources level. Ensure that you have created
a project, as described in Creating a Project.
Procedure
1. Expand the created project in the Project Explorer view.
2. Right-click the Resources folder and click New > LDAP Connection to open the LDAP Connection
wizard.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
10
3. The resource folder, package name, and resource name of the LDAP connection are provided by
default. If you do not want to use the default configurations, change them accordingly. Click Finish
to open the LDAP Connection Editor.
4. From the Server Type list, select the type of the LDAP server that the plug-in connects to.
5. In the Server Name field, enter the IP address of the machine where the LDAP sever that the plugin connects to is running.
6. In the LDAP Port field, enter the port number to communicate with the LDAP server.
7. In the Authentication Mode field, select an authentication mode from the following options:
●
Simple: The user credential used to access the selected LDAP server is required.
If you select the Simple authentication mode, the Authentication check box is automatically
selected and an Identity Provider field is displayed.
to select the Identity Provider resource that contains the user name and password
Click
used to log in to the selected LDAP server. See Creating an Identity Provider Resource to create
an Identity Provider resource for use.
●
Anonymous: No user credential is required.
●
External: This option is available only when you select the Use SSL check box. Select the
external mode to enable the two-way SSL authentication.
8. If you select the Use SSL check box, click
next to the SSL Client Configuration field to select an
SSL Client Configuration resource.
An SSL Client Configuration resource contains the client information to be authenticated by the
LDAP server.
See Configuring SSL for more details.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
11
9. Optional: In the LDAP Reconnection for Runtime Configuration panel, change the reconnection
settings.
10. Click Test Connection to validate the connection.
Creating an Identity Provider Resource
Create an Identity Provider shared resource to access the LDAP server when you select the simple or
external authentication mode.
Procedure
1. In the Project Explorer view, right-click the Resources folder and click New > Identity Provider to
open the Identity Provider resource.
2. In the Identity Provider Resource Template dialog, specify the resource folder, package and
resource name. Click Finish.
3. In the Identity Provider panel, enter the user name and password used to log in to the LDAP server
that the plug-in connects to.
Configuring a Process
After creating a project, an empty process is created. You can add activities to the empty process to
complete a task. For example, update an existing LDAP entry.
Prerequisites
Ensure that you have created an empty process when Creating a Project. If you have not created an
empty process when creating a project, see TIBCO ActiveMatrix BusinessWorks Application Development
for more details about how to create a process.
Procedure
1. In the Project Explorer view, click the created project and open the empty process from the
Processes folder.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
12
2. Select an activity from the Palette view and drop it in the Process editor.
For example, select and drop the Timer activity from the General Activities palette and the Update
Entry activity from the LDAP palette.
3. Drag the
icon to create a transition between the added activities.
4. Configure the added LDAP activities, as described in LDAP Palette.
An LDAP connection is required when configuring the LDAP activities. See Creating an
LDAP Connection for more details about how to create an LDAP connection.
5. Click File > Save to save the project.
Testing a Process
After configuring a process, you can test the configured process to check if the designed process
completes the task.
Prerequisites
Ensure that you have configured a process, as described in Configuring a Process.
Procedure
1. On the toolbar, click
Debug > Debug Configurations.
2. Click BusinessWorks Application > BWApplication in the left panel.
3. Ensure that only the application you want to debug is selected in the Applications tab in the right
panel.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
13
4. Click Debug to test the process in the selected application.
TIBCO Business Studio changes to the Debug perspective. The debug information is displayed in
the Console view.
5. In the Debug tab, expand the running process and click an activity.
6. In the upper-right corner, click the Job Data tab, and then click the Output tab to check the activity
output.
Deploying an Application
If after testing the configured process works as expected, you can deploy the application that contains
the configured process into a runtime environment, and then use the bwadmin utility to manage the
deployed application.
Before deploying an application, you must generate an application archive, which is an enterprise
archive (EAR) file that is created in TIBCO Business Studio.
Deploying an application involves the following steps:
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
14
1. Uploading an application archive
2. Deploying an application archive
3. Starting an application
See TIBCO ActiveMatrix BusinessWorks Administration for more details about how to deploy an
application.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
15
Configuring SSL
The plug-in supports using Secure Sockets Layer (SSL) to secure the data exchange between the plug-in
and an LDAP server.
TIBCO ActiveMatrix BusinessWorks provides a Keystore Provider resource to get access to a keystore.
A keystore is a mechanism designed to create and manage private keys/digital certificate pairs and
trusted Certificate Authority (CA) signed certificates.
A Keystore Provider resource can either be used as a trust store or an identity store depending on the
certificate that the keystore stores:
●
A trust store contains the CA signed certificate.
The plug-in uses the provided trust store to verify the identity of the LDAP server.
●
An identity store contains the private key/digital certificate pairs.
The LDAP server uses the provided identity store to verify the identity of the client.
In a design-time connection, the plug-in accesses a trust store to authenticate the connected LDAP
server, or accesses an identity store to pass the client information to the connected LDAP server.
Complete the following tasks to use SSL to secure the data exchange:
1. Configuring SSL on LDAP Servers
2. Converting Certificates
3. Creating a Keystore Provider Resource
4. Configuring SSL in the Plug-in
Configuring SSL on LDAP Servers
To use SSL to secure the data exchange, you must generate a key pair and configure it on the connected
LDAP server.
Get the following information from the LDAP server administrator after configuring SSL in the
connected LDAP server:
●
A Certificate Authority (CA) signed certificate that contains a public key of the connected LDAP
server.
●
To use the External (client certificate based) authentication, the certificate and the private key of the
LDAP user that are exported by the administrator tool are required. The certificate and the private
key are saved in a JKS file.
What to do next
Converting Certificates
Converting Certificates
Use the keytool utility to convert a CA certificate to a keystore for use in a design-time connection.
On the command line, run the following command to convert a certificate to a keystore:
TIBCO_HOME\jre\1.7.0\bin\keytool -import -v -alias <alias> -file <cert_file> keystore <keystore>
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
16
where:
●
TIBCO_HOME is the top-level directory where TIBCO ActiveMatrix BusinessWorks is installed.
●
-alias
●
-file
●
-keystore
aliasname is the alias of the keystore. Each alias corresponds to a domain name.
filename is the file name of the certificate.
keystore is the name of the keystore to be converted.
For example, to convert the cacert.der certificate to a keystore with the alias CAcert, run the
following command:
TIBCO_HOME\jre\1.7.0\bin\keytool -import -v -alias CAcert -file cacert.der -keystore
TIBCO_HOME/jre/1.7.0/lib/security/cacerts
By default, the converted keystore is imported to the TIBCO_HOME/bw6/tibcojre64/1.7.0/lib/
directory.
security
The password that you specified when converting the certificate is used to access to the keystore in the
design-time configuration.
What to do next
Create a Keystore Provider Resource
Creating a Keystore Provider Resource
The Keystore Provider resource provides an access to a keystore.
Create a Keystore Provider resource according to the role of the keystore, either be a trust store or an
identity store.
Procedure
1. In the Project Explorer view, right-click the Resources folder and click New > Keystore Provider.
2. In the Resource Name field, enter a name for the Keystore Provider resource.
3. In the Keystore panel, specify the following properties of the keystore:
●
Provider: The provider of the keystore.
●
URL: The location of the keystore file that you want to use.
●
Password: The password to access the specified keystore.
4. Save the created Keystore Provider resource.
What to do next
Configuring SSL in the Plug-in
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
17
Configuring SSL in the Plug-in
After converting the CA certificate, you can configure SSL settings in the plug-in to secure the data
exchange.
The plug-in supports both the one-way and two-way SSL authentication:
●
In the one-way SSL authentication mode, the connected LDAP server passes its identity to the client.
You can create a Keystore Provider resource as the trust store to authenticate the connected LDAP
server.
For more details, see Configuring One-Way SSL Authentication.
●
In the two-way SSL authentication mode, the client verifies the identity of the server and passes its
identity to the connected LDAP server. The connected LDAP server then validates the identity of
the client. You can create two keystore Provider resources, one is used as the trust store and the
other one is used as the identity store.
For more details, see Configuring Two-Way SSL Authentication.
Configuring One-Way SSL Authentication
In the one-way SSL authentication mode, the plug-in authenticates the connected LDAP server. To use
one-way SSL authentication, you have to configure a trust store.
Procedure
1. Create an LDAP connection in TIBCO Business Studio, as described in Creating an LDAP
Connection.
2. From the Authentication Mode list, select Simple to enable the one-way SSL authentication.
to select an Identity Provider resource to log in to the
3. In the Identity Provider field, click
connected LDAP server.
See Creating an Identity Provider Resource to create an Identity Provider resource.
4. Select the Use SSL check box.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
18
5. In the SSL Client Configuration field, click
to select an SSL client Configuration resource. If no
SSL client configuration instance is available, click Create Shared Resource to create one:
a) In the Create SslClientResource Resource Template dialog, specify the resource folder,
package, and resource name. Click Finish to create an SSL Client Provider resource.
The SSL Client Configuration editor is displayed.
b) In the Keystore Provider as Trust Store field, click
to select a Keystore Provider resource.
The selected Keystore Provider resource provides an access to a trust store. The plug-in accesses
the keystore to verify the identity of the connected LDAP server.
If no Keystore Provider resource is available, click Create Shared Resource to created one. See
Creating a Keystore Provider Resource for more details.
Configuring Two-Way SSL Authentication
In the one-way SSL authentication mode, the plug-in authenticates the connected LDAP server and the
connected LDAP server also authenticates the plug-in. To use two-way SSL authentication, you have to
configure a trust store and an identity store.
Procedure
1. Create an LDAP connection in TIBCO Business Studio, as described in Creating an LDAP
Connection.
2. Select the Use SSL check box.
3. From the Authentication Mode list, select External to enable the two-way SSL authentication.
4. In the Identity Provider field, click
to select an Identity Provider resource to log in to the
connected LDAP server.
See Creating an Identity Provider Resource to create an Identity Provider resource.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
19
5. In the SSL Client Configuration field, click
to select an SSL client Configuration resource. If no
SSL client configuration instance is available, click Create Shared Resource to create one:
a) In the Create SslClientResource Resource Template dialog, specify the resource folder,
package, and resource name. Click Finish to create an SSL Client Provider resource.
b) In the Keystore Provider as Trust Store field, click
to select a Keystore Provider resource.
The selected Keystore Provider resource provides an access to a trust store. The plug-in accesses
the keystore to verify the identity of the connected LDAP server.
If no Keystore Provider resource is available, click Create Shared Resource to created one. See
Creating a Keystore Provider Resource for more details.
c) Select the Enable Mutual Authentication check box and configure an identity store:
●
Identity Store Provider: A Keystore Provider resource that provides an access to the keystore
of the client. The LDAP server accesses to the keystore to verify the identity of the client.
If no identity Keystore Provider resource is available, click Create Shared Resource to
created one. See Creating a Keystore Provider Resource for more details.
●
Key Alias Name: The alias of the keystore.
●
Key Alias Password: The password of the keystore.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
20
LDAP Connection
The LDAP Connection shared resource creates a connection to an LDAP server.
See Creating an LDAP Connection for more details about how to create an LDAP connection.
General
In the General panel, you can specify the package that stores the LDAP Connection shared resource,
the shared resource name, and so on.
The General panel contains the following fields:
Field
Module
Property?
Package
No
The name of the package where the new shared resource is
added.
Name
No
The name to be displayed as the label for the shared resource.
Description
No
A short description for the shared resource.
Description
LDAP Connection Configuration
In the LDAP Connection Configuration panel, you can provide the information of the LDAP server
that the plug-in connects to.
The LDAP Connection Configuration panel contains the following fields:
Field
Module
Property?
Description
Server Type
No
The type of the LDAP server that the plug-in connects to.
Server Name
Yes
The host name or IP address of the machine where the LDAP
server is running.
LDAP Port
Yes
The port number to communicate with the LDAP server.
Authentication
Mode
No
The authentication mode to authenticate the client. The
following authentication modes are supported:
●
Simple: The user name and password used to access an
LDAP server are required.
●
Anonymous: No user credential is required.
●
External: This option is available only when you select the
Use SSL check box. When you select the external
authentication mode, two-way SSL authentication is
enabled.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
21
Field
Module
Property?
Authentication
No
Description
The user credential used to log in to the LDAP server, which is
specified in the Identity Provider shared resource. See Creating
an Identity Provider Resource for more details.
This option is automatically selected when you
select the simple authentication mode.
Use SSL
No
If the LDAP server that the plug-in connects to is encrypted by
SSL, select the Use SSL check box.
See Configuring SSL for more details about how to configure
SSL.
LDAP Reconnection for Runtime Configuration
In the LDAP Reconnection for Runtime Configuration panel, you can specify the reconnection related
settings.
The LDAP Reconnection for Runtime Configuration panel contains the following fields:
Field
Module
Property?
Description
Reconnection
Times
Yes
The number of attempts that the plug-in makes to connect to
the LDAP server when the connection is broken. The default
value is 3.
Reconnection
Interval (ms)
Yes
The time interval (in milliseconds) that the plug-in make an
attempt. The default value is 3000.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
22
LDAP Palette
A palette groups the activities that connect the same external applications together. An LDAP palette is
added after installing TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP.
The LDAP palette contains the following activities to manage LDAP entries and monitor a connected
LDAP server:
●
Search Entry
●
Authenticate Entry
●
Create Entry
●
Update Entry
●
Lookup Entry
●
Delete Entry
●
ModifyDN Entry
●
LDAP Entry Listener
●
LDIF
Search Entry
Use the Search Entry activity to search entries according to the search conditions that you have
configured.
When using the Search Entry activity, you can add an LDIF activity to export search results to an LDIF
file.
General
In the General tab, you can establish a connection to an LDAP server, and specify whether or not to
enable the extended search.
The following is the General tab of the Search Entry activity:
Field
Module
Property?
Description
Name
No
The name to be displayed as the label for the activity in the process.
LDAP
Connection
Yes
Click
to select an LDAP Connection shared resource. The LDAP
Connection shared resource creates a connection between the plugin and an LDAP server.
If no matching LDAP Connection shared resources are found, click
Create Shared Resource to create one. For more details, see Creating
an LDAP Connection.
Extended
Search
Yes
Select this option to search entries without checking the object
classes.
Limit Search
Results
No
Select this option to limit the search results.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
23
Field
Enter The
Number Of
Entries
Module
Property?
Description
Yes
The number of entries to be returned.
If you enter 0, all the entries that match the search condition are
returned. The default value is 2,147,483,647, the maximum 32-bit
integer value.
This field is available only when you select the Limit
Search Results check box.
Description
In the Description tab, you can enter a short description for the Search Entry activity.
Advanced
In the Advanced tab, you can specify the object class of the entry that you want to search. The specified
object class will be displayed in the Input tab.
If you select Extended Search in the General tab, the object classes specified in the Advanced tab are
ignored.
The following is the Advanced tab of the Search Entry activity:
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of the selected base entry.
Click Browse DIT to select a base entry from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Select Object
Classes From
Sample Entry
No
No
Select a way to specify the object class of the entry that you want to
search:
●
Sample Entry: If you select this option, the object class is
retrieved from a sample entry.
●
LDAP Schema: If you select this option, the object class is
selected from the LDAP schema.
Click Browse DIT to select a sample entry. The object class defined
for the selected entry is automatically populated in the
Objectclasses field.
This option is available only when you select Sample
Entry in the Select Object Classes From field.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
24
Field
LDAP Schema
Classes
Module
Property?
No
Description
Click Browse Schema to select one or more object classes. The
selected object classes are automatically populated in the
Objectclasses field.
This option is available only when you select LDAP
Schema in the Select Object Classes From field.
Objectclasses
No
Displays the object classes of the entry that you want to search. Only
the entries with the identical object classes are returned.
If you select the Extended Search option, the plug-in does
not check object classes.
Handle Any
Subset of
Configured
Object Classes
Yes
Select this option to perform the search on any subset of the
specified object classes.
This option is available only when you select a composite
object class.
Input
In the Input tab, you can specify the entry that you want to search, a search scope, and a search
condition.
The following is the Input tab of the Search Entry activity:
Input Item
Data Type
Description
DN
string
(Required) Enter the distinguished name (DN) of an entry. This
entry is a base where the entry that you want to search is located.
If you do not enter a distinguished name, all the entries
that match with the search condition and belong to the
base entry specified in the Advanced tab are returned.
Scope
ObjectClass
string
string
Specify the search scope to limit the search operation:
●
Enter SEARCH_BASE or SB to search the entire base entry.
●
Enter SEARCH_ONELEVEL or SO to search one level below the
specified base entry, not including the base entry.
●
Enter SEARCH_SUBTREE or SS to search the entire subtree under
the base entry.
Enter the object class of the entry that you want to search. The
entered object class will replace the object class that you have
specified in the Advanced tab.
Object classes are separated by periods (.), for example,
"person.container".
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
25
Input Item
Data Type
Description
SearchCondition
string
Specify a search condition. Ensure that the search syntax conforms
to the filter rules described in http://www.ietf.org/rfc/rfc1558.txt.
AliasDeferFlag
boolean
Set the value to true to enable the alias dereferencing function.
When you enable the alias dereferencing function, the entry alias is
dereferenced so what is returned is the object pointed by the alias
DN.
Attribute
No
Expand the Attribute element and enter an attribute value to
limit the search results.
Output
In the Output tab, you can find the search results.
The following is the Output tab of the Search Entry activity:
Output Item
Data Type
Description
DN
string
Displays the distinguished name (DN) of the searched entry.
Object Class
Name
complex
Displays the object class of the searched entry. Expand the object
class to view the attributes configured for the object class.
Fault
In the Fault tab, you can find the error code and error message of the Search Entry activity. See Error
Codes for more detailed explanation of the error.
The following is the Fault tab of the Search Entry activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
Authenticate Entry
Use the Authenticate Entry activity to check whether a user is authorized on the connected LDAP
server.
General
In the General tab, you can establish a connection to an LDAP server.
The following is the General tab of the Authenticate Entry activity:
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
26
Field
Module
Property?
Description
Name
No
The name to be displayed as the label for the activity in the process.
LDAP
Connection
Yes
Click
to select an LDAP Connection shared resource. The LDAP
Connection shared resource creates a connection between the plugin and an LDAP server.
If no matching LDAP Connection shared resources are found, click
Create Shared Resource to create one. For more details, see Creating
an LDAP Connection.
Description
In the Description tab, you can enter a short description for the Authenticate Entry activity.
Advanced
In the Advanced tab, you can select a base entry. The plug-in authenticates the specified user entry in
this selected based entry.
The following is the Advanced tab of the Authenticate Entry activity:
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of the selected base entry.
Click Browse DIT to select a base entry from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Input
In the Input tab, you can specify the user entry that you want to authenticate.
The following is the Input tab of the Authenticate Entry activity:
Input Item
Data Type
Description
DN
string
(Required) Enter the distinguished name of the user entry that you
want to authenticate.
The object class of the user entry can be any of the following ones:
person, organizationalPerson, user, or inteOrgPerson.
Password
string
(Required) Enter the password of the user entry.
If you do not enter the password, the authentication fails.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
27
Output
In the Output tab, you can find the authentication result of the user entry.
The following is the Output tab for the Authenticate Entry activity:
Output Item
Data Type
Description
Result
boolean
A value of true indicates that the user entry is authorized, whereas
a value of false indicates that the user entry is not authorized.
Fault
In the Fault tab, you can find the error code and error message of the Authenticate Entry activity. See
Error Codes for a more detailed explanation of the error.
The following is the Fault tab of the Authenticate Entry activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
Create Entry
Use the Create Entry activity to add entries to the connected LDAP server.
General
In the General tab, you can establish a connection to an LDAP server, and specify whether to validate
the entry before creating.
The following is the General tab of the Create Entry activity:
Field
Module
Property?
Description
Name
No
The name to be displayed as the label for the activity in the process.
LDAP
Connection
Yes
Click
to select an LDAP Connection shared resource. The LDAP
Connection shared resource creates a connection between the plugin and an LDAP server.
If no matching LDAP Connection shared resources are found, click
Create Shared Resource to create one. For more details, see Creating
an LDAP Connection.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
28
Field
Validate
Object
Module
Property?
Yes
Description
When you select this option, the plug-in checks if the configured
object class matches the objectClass attribute:
●
If the configured object class matches the objectClass attribute,
the creation succeeds.
When the configured object class is a composite object
class and you select the Handle Any Subset of
Configured Object Classes option, the creation also
succeeds if the objectClass attribute is a subset object
class of the configured object class.
●
If the configured object class does not match the objectClass
attribute, the creation fails.
The configured object class refers to the object class that you select
from the Advanced tab or the object class specified in the Input tab.
The object class specified in the Input tab can overwrite the object
class specified in the Advanced tab.
The objectClass attribute is one attribute of the specified object
class.
Description
In the Description tab, you can enter a short description for the Create Entry activity.
Advanced
In the Advanced tab, you can specify the object class of the entry that you want to add. The specified
object class will be displayed in the Input tab.
The following is the Advanced tab of the Create Entry activity:
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
29
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of the selected base entry.
Click Browse DIT to select a base entry from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Select Object
Classes From
Sample Entry
No
No
Select a way to specify the object class of the entry that you want to
add:
●
Sample Entry: If you select this option, the object class is
retrieved from a sample entry.
●
LDAP Schema: If you select this option, the object class is
selected from the LDAP schema.
Click Browse DIT to select a sample entry. The object class defined
for the selected entry is automatically populated in the
Objectclasses field.
This option is available only when you select Sample
Entry in the Select Object Classes From field.
LDAP Schema
Classes
No
Click Browse Schema to select one or more object classes. The
selected object classes are automatically populated in the
Objectclasses field.
This option is available only when you select LDAP
Schema in the Select Object Classes From field.
Objectclasses
No
Displays the object classes of the entry that you want to add.
Handle Any
Subset of
Configured
Object Classes
Yes
Select this option to perform the creation on any subset of the
specified object classes.
This option is available only when you select a composite
object class.
Input
In the Input tab, you can specify the entry that you want to add.
The following is the Input tab of the Create Entry activity:
Input Item
Data Type
Description
DN
string
(Required) Enter the distinguished name (DN) of the entry that you
want to add.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
30
Input Item
Data Type
Description
ObjectClass
string
Enter the object class of the entry that you want to add. The entered
object class will replace the object class that you have specified in the
Advanced tab.
Object classes are separated by periods (.), for example,
"person.container".
Object Class
complex
Expand the object class and enter a value for the corresponding
attribute.
Output
In the Output tab, you can find the creation result.
The following is the Output tab of the Create Entry activity:
Output Item
Data Type
Result
boolean
Description
A value of true indicates the creation succeeds, whereas a value of
indicates the creation fails.
false
Fault
In the Fault tab, you can find the error code and error message of the Create Entry activity. See Error
Codes for a more detailed explanation of the error.
The following is the Fault tab of the Create Entry activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
Update Entry
Use the Update Entry activity to update an existing entry. If the entry does not exist, the plug-in can
add it to the connected LDAP server.
General
In the General tab, you can establish a connection to an LDAP server, and specify whether to add the
entry when the entry that you want to update does not exist.
The following is the General tab of the Update Entry activity:
Field
Module
Property?
Description
Name
No
The name to be displayed as the label for the activity in the process.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
31
Field
LDAP
Connection
Module
Property?
Yes
Description
Click
to select an LDAP Connection shared resource. The LDAP
Connection shared resource creates a connection between the plugin and an LDAP server.
If no matching LDAP Connection shared resources are found, click
Create Shared Resource to create one. For more details, see Creating
an LDAP Connection.
Allow Create
If Entry Does
Not Exist
Yes
Select this option to add the entry when the entry that you want to
update does not exist.
Description
In the Description tab, you can enter a short description for the Update Entry activity.
Advanced
In the Advanced tab, you can specify the object class of the entry that you want to update. The specified
object class will be displayed in the Input tab.
The following is the Advanced tab of the Update Entry activity:
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of the selected base entry.
Click Browse DIT to select a base entry from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Select Object
Classes From
Sample Entry
No
No
Select a way to specify the object class of the entry that you want to
update:
●
Sample Entry: If you select this option, the object class is
retrieved from a sample entry.
●
LDAP Schema: If you select this option, the object class is
selected from the LDAP schema.
Click Browse DIT to select a sample entry. The object class defined
for the selected entry is automatically populated in the
Objectclasses field.
This option is available only when you select Sample
Entry in the Select Object Classes From field.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
32
Field
LDAP Schema
Classes
Module
Property?
No
Description
Click Browse Schema to select one or more object classes. The
selected object classes are automatically populated in the
Objectclasses field
This option is available only when you select LDAP
Schema in the Select Object Classes From field.
Objectclasses
No
Displays object classes of the entry that you want to update.
Handle Any
Subset of
Configured
Object Classes
Yes
Select this option to perform the update on any subset of the
specified object classes.
This option is available only when you select a composite
object class.
Input
In the Input tab, you can specify the entry that you want to update, and the modification that you want
to make.
The following is the Input tab of the Update Entry activity:
Input Item
Data Type
Description
DN
string
(Required) Enter the distinguished name (DN) of the entry that you
want to update.
ModifyType
string
Specify the type of modification that you want to make:
●
Enter MA or ma to add a new attribute for the entry that you want
to update.
●
Enter MR or mr to replace the attributes of the entry that you want
to update.
●
Enter MD or md to delete the attributes of the entry that you want
to update.
If you do not enter a value, the plug-in uses the MR/mr
type.
ObjectClass
string
Enter object class of the entry that you want to update. The entered
object class will replace the object class that you have specified in the
Advanced tab.
Object classes are separated by periods (.), for example,
"person.container".
Object Class
complex
Expand the object class and enter a value for the corresponding
attribute.
Output
In the Output tab, you can find the update result.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
33
The following is the Output tab of the Update Entry activity:
Output Item
Data Type
Description
Result
boolean
A value of true indicates the update succeeds, whereas a value of
false indicates the update fails.
Fault
In the Fault tab, you can find the error code and error message of the Update Entry activity. See Error
Codes for a more detailed explanation of the error.
The following is the Fault tab of the Update Entry activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
Lookup Entry
Use the Lookup Entry activity to validate whether an entry exists in an LDAP server.
General
In the General tab, you can establish a connection to an LDAP server.
The following is the General tab of the Lookup Entry activity:
Field
Module
Property?
Description
Name
No
The name to be displayed as the label for the activity in the process.
LDAP
Connection
Yes
Click
to select an LDAP Connection shared resource. The LDAP
Connection shared resource creates a connection between the plugin and an LDAP server.
If no matching LDAP Connection shared resources are found, click
Create Shared Resource to create one. For more details, see Creating
an LDAP Connection.
Description
In the Description tab, you can enter a short description for the Lookup Entry activity.
Advanced
In the Advanced tab, you can specify the object class of the entry that you want to validate. The
specified object class will be displayed in the Input tab.
The following is the Advanced tab of the Lookup Entry Activity:
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
34
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of a selected base entry.
Click Browse DIT to select a base entry from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Select Object
Classes From
Sample Entry
No
No
Select a way to specify the object class of the entry that you want to
validate:
●
Sample Entry: If you select this option, the object class is
retrieved from a sample entry.
●
LDAP Schema: If you select this option, the object class is
selected from the LDAP schema.
Click Browse DIT to select a sample entry. The object class defined
for the selected entry is automatically populated in the
Objectclasses field.
This option is available only when you select Sample
Entry in the Select Object Classes From field.
LDAP Schema
Classes
No
Click Browse Schema to select one or more object classes. The
selected object classes are automatically populated in the
Objectclasses field.
This option is available only when you select LDAP
Schema in the Select Object Classes From field.
Objectclasses
No
Displays the object classes of the entry that you want to validate.
Input
In the Input tab, you can specify the entry that you want to validate.
The following is the Input tab of the Lookup Entry activity:
Input Item
Data Type
Description
DN
string
(Required) The distinguished name (DN) of the entry that you want
to validate.
Output
In the Output tab, you can find the validation result of the entry.
The following is the Output tab of the Lookup Entry activity:
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
35
Output Item
Data Type
Description
Result
boolean
A value of true indicates that the specified entry exists, whereas a
value of false indicates that the specified entry does not exist.
Fault
In the Fault tab, you can find the error code and error message of the Lookup Entry activity. See Error
Codes for a more detailed explanation of the error.
The following is the Fault tab of the Lookup Entry activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
Delete Entry
Use the Delete Entry activity to delete entries.
General
In the General tab, you can establish a connection to an LDAP server.
The following is the General tab of the Delete Entry activity:
Field
Module
Property?
Description
Name
No
The name to be displayed as the label for the activity in the process.
LDAP
Connection
Yes
Click
to select an LDAP Connection shared resource. The LDAP
Connection shared resource creates a connection between the plugin and an LDAP server.
If no matching LDAP Connection shared resources are found, click
Create Shared Resource to create one. For more details, see Creating
an LDAP Connection.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
36
Field
Validate
Object
Module
Property?
Yes
Description
When you select this option, the plug-in checks if the configured
object class matches the objectClass attribute:
●
If the configured object class matches the objectClass attribute,
the deletion succeeds.
When the configured object class is a composite object
class and you select the Handle Any Subset of
Configured Object Classes option, the deletion also
succeeds if the objectClass attribute is a subset object
class of the configured object class.
●
If the configured object class does not match the objectClass
attribute, the deletion fails.
The configured object class refers to the object class that you select
from the Advanced tab or the object class specified in the Input tab.
The object class specified in the Input tab can overwrite the object
class specified in the Advanced tab.
The objectClass attribute is one attribute of the specified object
class.
Description
In the Description tab, you can enter a short description for the Delete Entry activity.
Advanced
In the Advanced tab, you can specify the object class of the entry that you want to delete. The specified
object class will be displayed in the Input tab.
The following is the Advanced tab of the Delete Entry activity:
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
37
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of the selected base entry.
Click Browse DIT to select a base entry from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Select Object
Classes From
Sample Entry
No
No
Select a way to specify the object class of the entry that you want to
delete:
●
Sample Entry: When this option is selected, the object class is
retrieved from a sample entry.
●
LDAP Schema: When this option is selected, the object class is
specified directly from the LDAP schema.
Click Browse DIT to select a sample entry. The object class defined
for the selected entry is automatically populated in the Objectclass
field.
This option is available only when you select Sample
Entry from the Select Object Classes From field.
LDAP Schema
Classes
No
Click Browse Schema to select one or more object classes. The
selected object classes are automatically populated in the
Objectclasses field.
This option is available only when you select LDAP
Schema from the Select Object Classes From field.
Objectclasses
No
Displays the object classes of the entry to be deleted.
Handle Any
Subset of
Configured
Object Classes
Yes
Select this option to perform the deletion on any subset of the
specified object classes.
This option is available only when you select a composite
object class.
Input
In the Input tab, you can specify the entry that you want to delete.
The following is the Input tab of the Delete Entry activity:
Input Item
Data Type
Description
DN
string
(Required) Enter the distinguished name (DN) of the entry that you
want to delete.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
38
Input Item
Data Type
Description
ObjectClass
string
Enter the object class of the entry that you want to delete. The
entered object class will replace the object class that you have
specified in the Advanced tab.
Object classes are separated by periods (.), for example,
"person.container".
Output
In the Output tab, you can find the deletion result.
The following is the Output tab of the Delete Entry activity:
Output Item
Data Type
Description
Result
boolean
A value of true indicates the deletion succeeds, whereas a value of
false indicates the deletion fails.
Fault
In the Fault tab, you can find the error code and error message of the Delete Entry activity. See Error
Codes for a more detailed explanation of the error.
The following is the Fault tab of the Delete Entry activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
ModifyDN Entry
Use the ModifyDN Entry activity to modify the distinguished name of an entry.
General
In the General tab, you can establish a connection to an LDAP server, and specify whether to validate
the entry before modifying.
The following is the General tab of the ModifyDN Entry activity:
Field
Module
Property?
Description
Name
No
The name to be displayed as the label for the activity in the process.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
39
Field
LDAP
Connection
Module
Property?
Yes
Description
Click
to select an LDAP Connection shared resource. The LDAP
Connection shared resource creates a connection between the plugin and an LDAP server.
If no matching LDAP Connection shared resources are found, click
Create Shared Resource to create one. For more details, see Creating
an LDAP Connection.
Validate
Object
Yes
When you select this option, the plug-in checks if the configured
object class matches the objectClass attribute:
●
If the configured object class matches the objectClass attribute,
the modification succeeds.
When the configured object class is a composite object
class and you select the Handle Any Subset of
Configured Object Classes option, the modification
also succeeds if the objectClass attribute is a subset
object class of the configured object class.
●
If the configured object class does not match the objectClass
attribute, the modification fails.
The configured object class refers to the object class that you select
from the Advanced tab or the object class specified in the Input tab.
The object class specified in the Input tab can overwrite the object
class specified in the Advanced tab.
The objectClass attribute is one attribute of the specified object
class.
Description
In the Description tab, you can enter a short description for the ModifyDN Entry activity.
Advanced
In the Advanced tab, you can specify the object class of the entry that you want to modify the DN for.
The specified object class will be displayed in the Input tab.
The following is the Advanced tab of the ModifyDN Entry activity:
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
40
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of the selected base entry.
Click Browse DIT to select a base entry from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Select Object
Classes From
Sample Entry
No
No
Select a way to specify the object class of the entry that you want to
modify DN for:
●
Sample Entry: If you select this option, the object class is
retrieved from a sample entry.
●
LDAP Schema: If you select this option, the object class is
selected from the LDAP schema.
Click Browse DIT to select a sample entry. The object class defined
for the selected entry is automatically populated in the
Objectclasses field.
This option is available only when you select Sample
Entry in the Select Object Classes From field.
LDAP Schema
Classes
No
Click Browse Schema to select one or more object classes. The
selected object classes are automatically populated in the
Objectclasses field.
This option is available only when you select LDAP
Schema in the Select Object Classes From field.
Objectclasses
No
Displays the object classes of the entry that you want to modify.
Handle Any
Subset of
Configured
Object Classes
Yes
Select this option to perform the modification on any subset of the
specified object classes.
This option is available only when you select a composite
object class.
Input
In the Input tab, you can specify the entry that you want to modify the distinguished name for.
The following is the Input tab of the ModifyDN Entry activity:
Input Item
Data Type
Description
DN
string
(Required) Enter the distinguished name (DN) of the entry that you
want to modify.
NewDN
string
(Required) Enter the new distinguished name (DN) of the entry.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
41
Input Item
Data Type
Description
ObjectClass
string
Enter the object class of the entry that you want to modify. The
entered object class will replace the object class that you have
specified in the Advanced tab.
Object classes are separated by periods (.), for example,
"person.container".
Output
In the Output tab, you can find the modification result.
The following is the Output tab of the ModifyDN Entry activity:
Output Item
Data Type
Description
Result
boolean
A value of true indicates the modification succeeds, whereas a
value of false indicates the modification fails.
Fault
In the Fault tab, you can find the error code and error message of the ModifyDN Entry activity. See
Error Codes for a more detailed explanation of the error.
The following is the Fault tab of the ModifyDN Entry activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
LDAP Entry Listener
Use the LDAP Entry Listener activity to monitor an LDAP server and retrieve entries based on the
configured filters.
When using the LDAP Entry Listener activity to retrieve entries, you can add the LDIF activity to
export the monitored results to an LDIF file.
General
In the General tab, you can establish a connection to an LDAP server, and specify a polling interval.
The following is the General tab of the LDAP Entry Listener activity:
Field
Module
Property?
Name
No
Description
The name to be displayed as the label for the activity in the
process.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
42
Field
LDAP
Connection
Module
Property?
Description
Yes
Click
to select an LDAP Connection shared resource. The
LDAP Connection shared resource creates a connection between
the plug-in and an LDAP server.
If no matching LDAP Connection shared resources are found,
click Create Shared Resource to create one. For more details, see
Creating an LDAP Connection.
Polling Interval
(ms)
Yes
Enter the polling interval (in milliseconds) to check the LDAP
server.
Description
In the Description tab, you can enter a short description for the LDAP Entry Listener activity.
Advanced
In the Advanced tab, you can specify the object class of the entry that you want to monitor. The
specified object class will be displayed in the Input tab.
The following is the Advanced tab of the LDAP Entry Listener activity:
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of the selected base entry.
Click Browse DIT to select a base entry from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Select Object
Classes From
Sample Entry
No
No
Select a way to specify the object class of the entry that you want to
monitor:
●
Sample Entry: If you select this option, the object class is
retrieved from a sample entry.
●
LDAP Schema: If you select this option, the object class is
selected from the LDAP schema.
Click Browse DIT to select a sample entry. The object class defined
for the selected entry is automatically populated in the
Objectclasses field.
This option is available only when you select Sample
Entry in the Select Object Classes From field.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
43
Field
LDAP Schema
Classes
Module
Property?
No
Description
Click Browse Schema to select one or more object classes. The
selected object classes are automatically populated in the
Objectclasses field.
This option is available only when you select LDAP
Schema in the Select Object Classes From field.
Objectclasses
No
Displays the specified object classes of the entry to be monitored and
retrieved.
Filter
Yes
Specify a filter option. The plug-in only monitors entries that
conform to the specified filter.
Entries that are deleted before monitoring cannot be
retrieved.
Enable
Monitor
Attributes
No
Monitor
Attributes
Yes
When you select this option, the plug-in only monitors the attributes
specified in the Monitor Attributes field.
Only the Microsoft ADS/ADAM server supports this
feature and ensure that the selected base DN is a root
domain.
Enter the attributes that you want to monitor. Separate attributes by
commas (,).
This option is available only when you select Enable
Monitor Attributes.
Sequence Key
No
This field contains an XPath expression that specifies the order in
which the process run. Process instances with sequencing keys that
have the same value are executed sequentially in the order in which
the process instances were created.
Custom Job ID
No
This field contains an XPath expression that specifies a custom job
ID for the process instance. This ID is displayed in the TIBCO
Administrator View Service dialog, and it is also available in the
$_processContext process variable.
Output
In the Output tab, you can find the operations that have been made to the monitored entry.
The following is the Output tab of the LDAP Entry Listener activity:
Output Item
Data Type
Description
OpCode
boolean
Displays the change type of the monitored entry.
DN
string
Displays the distinguished name (DN) of the monitored entry.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
44
Output Item
Data Type
Description
New DN
string
Displays the new distinguished name (DN) for the entry.
This element is displayed only when the distinguished
name of the monitored entry is changed.
Object Class
string
Displays the object class of the monitored entry. Expand the object
class to view the attributes configured for the object class.
Fault
In the Fault tab, you can find the error code and error message of the LDAP Entry Listener activity. See
Error Codes for a more detailed explanation of the error.
The following is the Fault tab of the LDAP Entry Listener activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
LDIF
Use the LDIF activity to export entries that are fetched by the Search Entry and LDAP Entry Listener
activities to an LDAP Data Interchange Format (LDIF) file, or import entries from an LDIF file to an
LDAP server.
General
In the General tab, you can establish a connection to an LDAP server, and specify to import entries or
export entries.
The following is the General tab of the LDIF activity:
Field
Module
Property?
Description
Name
No
The name to be displayed as the label for the activity in the process.
LDAP
Connection
Yes
Click
to select an LDAP Connection shared resource. The LDAP
Connection shared resource creates a connection between the plugin and an LDAP server.
If no matching LDAP Connection shared resources are found, click
Create Shared Resource to create one. For more details, see Creating
an LDAP Connection.
File Name
Yes
Click
to.
to select the file that imports entries from or exports entries
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
45
Field
Import LDIF
File to Server
Module
Property?
Yes
Description
By default, the LDIF activity exports the searched or monitored
entries to an LDIF file.
If you select this option, the LDIF activity imports entries from a
selected LDIF file to the connected LDAP server.
Description
In the Description tab, you can enter a short description for the LDIF activity.
Advanced
In the Advanced tab, you can specify the object class of the entry that you want to export. The specified
object class will be displayed in the Input tab.
The following is the Advanced tab of the LDIF activity:
Field
Module
Property?
Description
Base DN
Yes
Displays the distinguished name of the selected base entry.
Click Browse DIT to select the base DN from the Directory
Information Tree (DIT).
The Select Base DN dialog is displayed when clicking Browse DIT.
In the Select Base DN dialog, move the slider to specify the
maximum number of entries to be displayed in the DIT. The
maximum number is 10000.
Select Object
Classes From
Sample Entry
No
No
Select a way to specify the object class of the entry:
●
Sample Entry: If you select this option, the object class is
retrieved from a sample entry.
●
LDAP Schema: If you select this option, the object class is
selected from the LDAP schema.
Click Browse DIT to select a sample entry. The object class defined
for the selected entry is automatically populated in the
Objectclasses field.
This option is available only when you select Sample
Entry in the Select Object Classes From field.
LDAP Schema
Classes
No
Click Browse Schema to select one or more object classes. The
selected object classes are automatically populated in the
Objectclasses field.
This option is available only when you select LDAP
Schema in the Select Object Classes From field.
Objectclasses
No
Displays the object classes of the entry that you want to export.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
46
Input
In the Input tab, you can review the information related to the entry that you want to export. The entry
information is mapped from the Search Entry activity or the LDAP Entry Listener activity.
The following is the Input tab of the LDIF activity:
Output Item
Data Type
Description
OpCode
boolean
Displays the change type of the searched or monitored entry.
DN
string
Displays the distinguished name (DN) of the searched or monitored
entry.
New DN
string
Displays the new distinguished name (DN) for the searched or
monitored entry.
This element is displayed only when the distinguished
name of the searched or monitored entry is changed.
Object Class
string
Displays the object class of the searched or monitored entry and
expand the object class to view the attributes.
Fault
In the Fault tab, you can find the error code and error message of the LDIF activity. See Error Codes for
a more detailed explanation of the error.
The following is the Fault tab of LDIF activity:
Error Schema
Element
Data Type
Description
msgCode
string
Displays the error code.
msg
string
Displays the error message.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
47
Working with the Sample Project
The plug-in packages a sample project with the installer. The sample project shows how TIBCO
ActiveMatrix BusinessWorks Plug-in for LDAP works.
After installing the plug-in, you can locate the sample project in the TIBCO_HOME/bw/palettes/ldap/
version_number/samples directory. This sample project contains five processes, each process
corresponds to a task.
●
AllActivities_Except_LDAPEntryListener_LDIF.bwp
This process contains most of the LDAP activities.
First, use the Authenticate Entry activity to authenticate the specified user entry on the connected
LDAP server, and then use the Create Entry activity to add this user entry to the LDAP server.
Next, use the Lookup Entry activity to validate if the added user entry exists, and then use the
Update Entry activity and the ModifyDN Entry activity to update the user entry.
Finally, use the Delete Entry activity to delete the added user entry.
●
LDAPEntryListener_LDIFExport.bwp
This process shows how to use the LDAP Entry Listener activity to monitor the connected LDAP
server and how to use the LDIF activity to export entries retrieved by the LDAP Entry Listener
activity.
●
LDIFImport.bwp
This process shows how to use the LDIF activity to import entries in an LDIF file to the connected
LDAP server.
You must run this process first to import the test data.
●
Search_LDIFExport.bwp
This process shows how to use the Search Entry activity to search entries and how to use the LDIF
activity to export the search result to an LDIF file.
●
SearchAllScopes.bwp
This process shows how to use the Search Entry activity to search entries based on different search
scopes.
Importing the Sample Project
Before running the project, you must import the sample project to TIBCO Business Studio.
Procedure
1. Start TIBCO Business Studio using one of the following ways:
●
Microsoft Windows: click Start > All Programs > TIBCO > TIBCO_HOME > TIBCO Business
Studio version_number > Studio for Designers.
●
Mac OS and Linux: run the TIBCO Business Studio executable file located in the TIBCO_HOME/
studio/version_number/eclipse directory.
2. From the menu, click File > Import.
3. In the Import dialog, expand the General folder and select the Existing Studio Projects into
Workspace item. Click Next.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
48
4. Click Browse next to the Select archive file field to locate the sample. Click Finish.
The sample project is located in the TIBCO_HOME/bw/palettes/ldap/version_number/samples
directory.
Result
The sample project is imported to TIBCO Business Studio.
Running the LDIFImport Process
You must run the LDIFImport process first to import the test data to the connected LDAP server.
Prerequisites
Ensure that you have imported the sample project to TIBCO Business Studio, as described in Importing
the Sample Project.
Procedure
1. In the Project Explorer view, expand the Examples project, and then click Module Descriptors >
Module Properties to update the module properties used in the sample project.
2. In the Module Properties editor, expand the LDAP_Connection folder, and then update the LDAP
connection related module properties to create a connection to an LDAP server.
3. On the toolbar, click the
icon to save your changes.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
49
4. In the Project Explorer view, expand the Resources folder in the Examples project, and then click
examples > LDAPConnectionResource.ldapconnectionResource to open the LDAP Connection
editor.
5. In the LDAP Connection Configuration panel, click Test Connection to validate your connection.
6. After successfully connection the connected server, from the menu, click Run > Run Configurations
to run the LDIFImport process.
By default, the LDIFImport process is selected as the running component.
7. In the Run Configurations dialog, expand BusinessWorks Application and click BWApplication.
8. In the right panel, click the Applications tab, select the check box next to Examples.application.
9. Click Run to run the process.
icon to stop the process.
10. Click the
Running the Sample Processes
After importing the test data to the connected LDAP server, you can run the rest sample processes to
see how TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP works.
If you are connecting to a Microsoft ADS/ADAM server, ensure that you have enabled the user entry
that you want to authenticate before running the AllActivities_Except_LDAPEntryListener_LDIF
process.
Prerequisites
Ensure that you have import the test data by running the LDIFImport process.
Procedure
1. In the Project Explorer view, click Examples > Module Descriptors, and then double-click
Components.
2. In the Components editor, click the LDIFImport process and click
process from the running list.
3. Click
to remove the LDIFImport
to add the process to run.
4. In the Select a BusinessWorks Process dialog, click the process that you want to run and click OK.
5. On the toolbar, click the
icon to save your changes.
6. From the menu, click Run > Run Configurations to run the selected process.
7. In the Run Configurations dialog, expand BusinessWorks Application and click BWApplication.
8. In the right panel, click the Applications tab, select the check box next to Examples.application.
9. Click Run to run the process.
10. Click the
icon to stop the process.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
50
Managing Logs
When an error occurs, you can check logs to trace and troubleshoot the plug-in exceptions.
By default, error logs are displayed in the Console view when you run a process in the debug mode.
You can change the log level of the plug-in to trace different messages and export logs to a file.
Different log levels correspond to different messages, as described in Log Levels.
Log Levels
Different log levels include different information.
The plug-in supports the following log levels:
Log Level
Description
Error
Indicates that an unrecoverable error occurred. Depending on the severity of the
error, the plug-in might continue with the next operation or might stop.
If you set the log level to Error, only error logs are captured.
Info
Indicates normal plug-in operations. No action is required. A tracing message tagged
with Info indicates that a significant processing step is reached, and logged for
tracking or auditing purposes. Only info messages preceding a tracking identifier are
considered as significant steps.
If you set the log level to Info, error logs and info logs are captured.
Debug
Indicates a developer-defined tracing message.
If you set the log level to Debug, all the logs including error, info, and debug are
captured.
Setting Up Log Levels
You can configure a different log level for the plug-in and plug-in activities to trace different messages.
By default, the plug-in uses the log level configured for TIBCO ActiveMatrix BusinessWorks. The
default log level of TIBCO ActiveMatrix BusinessWorks is Error.
Procedure
1. Navigate to the TIBCO_HOME/bw/version_number/config/design/logback directory and open
the logback.xml file.
2. Add the following node in the BusinessWorks Palette and Activity loggers area to specify a log
level for the plug-in:
<logger name="com.tibco.bw.palette.ldap.runtime">
<level value="DEBUG"/>
</logger>
The value of the level element can be Error, Info, or Debug.
If you set the log level to Debug, the input and output for the plug-in activities are also
displayed in the Console view. See Log Levels for more details regarding each log level.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
51
3. Optional: Add the following node in the BusinessWorks Palette and Activity loggers area to
specify a log level for an activity:
<logger name="com.tibco.bw.palette.ldap.runtime.ActivityNameActivity">
<level value="DEBUG"/>
</logger>
When setting up a log level for the LDAP Entry Listener activity, you have to change the
activity name to MonitorEventSource. For other activities, you have to delete the word
Entry from activity name.
For example, add the following node to set the log level of the Search Entry activity to Debug:
<logger name="com.tibco.bw.palette.ldap.runtime.SearchActivity">
<level value="DEBUG"/>
</logger>
The activities that are not configured with specific log levels use the log level configured
for the plug-in.
4. Save the file.
Exporting Logs to a File
You can update the logback.xml file to export plug-in logs to a file.
Procedure
1. Navigate to the TIBCO_HOME/bw/version_number/config/design/logback directory and open
the logback.xml file.
After deploying an application in TIBCO Enterprise Administrator, navigate to the
TIBCO_HOME/bw/version_number/domains/domain_name/appnodes/space_name/
node_name
directory to find the logback.xml file.
2. Add the following node to specify the file where the log is exported:
<appender name="FILE" class="ch.qos.logback.core.FileAppender">
<file>c:/bw6-ldap.log</file>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36}-%msg%n</pattern>
</encoder>
</appender>
The value of the file element is the absolute path of the file that stores the exported log.
3. Add the following node to the root node at the bottom of the logback.xml file:
<root level="DEBUG">
<appender-ref ref="STDOUT" />
<appender-ref ref="FILE" />
</root>
4. Save the file.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
52
Error Codes
The following table lists error codes, detailed explanation of each error, and where applicable, ways to
solve different errors.
Error Code
Role
Category
Description
Solution
ERROR_CATCH_EXCEPT
ION.errorCode=501000
errorRole
BW-Plugin
An error occurs.
None.
errorRole
BW-Plugin
An error occurred in the
connected LDAP server.
Check the
LDAP server.
errorRole
BW-Plugin
The request sent by the
plug-in does not
conform to the LDAP
protocol.
Check the
activity input.
errorRole
BW-Plugin
Fails to complete the
operation in the
specified time interval.
None.
errorRole
BW-Plugin
The number of searched
entries exceeds the
specified maximum
number of entries to be
returned.
Modify the
search result
limit for the
Search activity.
ERROR_CATCH_EXCEPTION
={0}
EX_OPERATION_ERROR
.errorCode=500001
An internal error
occurred in the LDAP
server.
EX_PROTOCOL_ERROR.
errorCode=500002
TA LDAP server could
not correctly
interpret the request
sent by your client
because the request
does not strictly
comply with the LDAP
protocol.
EX_TIME_LIMIT_EXCEE
DED.errorCode=500003
The search operation
could not be
completed within the
maximum time limit.
EX_SIZE_LIMIT_EXCEED
ED.errorCode=500004
The search found more
than the maximum
number of results.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
53
Error Code
Role
Category
Description
Solution
EX_COMPARE_FALSE.er
rorCode=500005
errorRole
BW-Plugin
The specified attribute
and attribute value do
not exist in the entry.
None.
errorRole
BW-Plugin
The specified attribute
and attribute value exist
in the entry.
None.
errorRole
BW-Plugin
The connected LDAP
server does not support
the selected
authentication mode.
Change the
authentication
mode in the
LDAP
Connection
shared resource.
errorRole
BW-Plugin
The selected simple
authentication mode is
not supported by the
connected LDAP server.
Change the
authentication
mode in the
LDAP
Connection
shared resource
errorRole
BW-Plugin
The connected LDAP
server is referenced to
another LDAP server.
None.
Value returned by an
LDAP compare
operation if the
specified attribute
and value is not
found in the entry.
EX_COMPARE_True.erro
rCode=500006
Value returned by an
LDAP compare
operation if the
specified attribute
and value is not
found in the entry.
EX_AUTH_METHOD_N
OT_SUPPORTED.errorCo
de=500007
The specified
authentication method
is not supported by
the LDAP server that
you are connecting
to.
EX_STRONG_AUTH_RE
QUIRED.errorCode=50000
8
A stronger
authentication method
(more than
LDAP_AUTH_SIMPLE)is
required by the LDAP
server that you are
connecting to.
EX_LDAP_PARTIAL_RES
ULTS.errorCode=500009
The LDAP server is
referring your client
to another LDAP
server.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
54
Error Code
Role
Category
Description
Solution
EX_REFERRAL.errorCode
=500010
errorRole
BW-Plugin
The entry does not exist
in the connected LDAP
server.
None.
errorRole
BW-Plugin
The number of searched
entries exceeds the
specified maximum
number of entries to be
returned.
Modify the
search result
limit for the
Search activity.
errorRole
BW-Plugin
The LDAP server
receives an LDAP v3
control.
None.
EX_REFERRAL=[LDAP v3]
The server does not
hold the requested
entry.The referral
field of the server's
response contains a
reference to another
server (or set of
servers), which your
client can access
through LDAP or other
protocols. Typically,
these references are
LDAP URLs that
identify the server
that may contain the
requested entry.
EX_ADMIN_LIMIT_EXCE
EDED.errorCode=500011
[LDAP v3] The
adminstrative limit
on the maximum number
of entries to return
was exceeded.
EX_UNAVAILABLE_CRI
TICAL_EXTENSION.error
Code=500012
[LDAP v3] The server
received an LDAP v3
control that is
marked critical and
either (1) is not
recognized or
supported by the
server, or (2) is
inappropriate for the
operation requested.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
55
Error Code
Role
Category
Description
Solution
EX_CONFIDENTIALITY_
REQUIRED.errorCode=50
0013
errorRole
BW-Plugin
This operation requires
an SSL connection.
Create an SSL
connection.
errorRole
BW-Plugin
According to LDAP v3,
the LDAP server
requires the client to
send a new SASL
binding request when
authenticating the client
by using the SASL
mechanism.
None.
errorRole
BW-Plugin
Fails to find the
specified attribute.
None.
errorRole
BW-Plugin
The specified attribute
does not exist.
None.
errorRole
BW-Plugin
The matching type is
incorrect.
None.
[LDAP v3] A secure
connection is
required for this
operation.
EX_SASL_BIND_IN_PRO
GRESS.errorCode=500014
[LDAP v3] While
authenticating your
client by using a
SASL (Simple
Authentication
Security Layer)
mechanism, the server
requires the client
to send a new SASL
bind request
(specifying the same
SASL mechanism) to
continue the
authentication
process.
EX_NO_SUCH_ATTRIBU
TE.errorCode=500016
The specified
attribute could not
be found.
EX_UNDEFINED_ATTRI
BUTE_TYPE.errorCode=50
0017
The specified
attribute is not
defined.
EX_INAPPROPRIATE_M
ATCHING.errorCode=500
018
An inappropriate type
of matching was used.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
56
Error Code
Role
Category
Description
Solution
EX_ICONSTRAINT_VIOL
ATION.errorCode=500019
errorRole
BW-Plugin
An internal error occurs
in the connected LDAP
server.
None.
errorRole
BW-Plugin
The request contains
invalid syntax.
None.
errorRole
BW-Plugin
The specified entry does
not exist.
None.
errorRole
BW-Plugin
The specified alias
cannot be used.
None.
errorRole
BW-Plugin
The specified DN
contains invalid syntax.
None.
errorRole
BW-Plugin
The specified entry is a
leaf entry that contains
no sub entries.
None.
errorRole
BW-Plugin
An error occurs when
referencing the specified
alias.
None.
An internal error
occurred in the LDAP
server.
EX_INVALID_ATTRIBUT
E_SYNTAX.errorCode=50
0021
The request contains
invalid syntax.
EX_NO_SUCH_OBJECT.e
rrorCode=500032
The entry specified
in the request does
not exist.
EX_ALIAS_PROBLEM.err
orCode=500033
An problem occurred
with an alias.
EX_INVALID_DN_SYNT
AX.errorCode=500034
The specified
distinguished name
(DN) uses invalid
syntax.
EX_IS_LEAF.errorCode=5
00035
The specified entry
is a "leaf" entry (it
has no entries
beneath it in the
directory tree).
EX_ALIAS_DEREFEREN
CING_PROBLEM.errorCo
de=500036
An error occurred
when dereferencing an
alias.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
57
Error Code
Role
Category
Description
Solution
EX_INAPPROPRIATE_A
UTHENTICATION.errorC
ode=500048
errorRole
BW-Plugin
The authentication
mode is incorrect.
None.
errorRole
BW-Plugin
The specified
credentials are incorrect.
None.
errorRole
BW-Plugin
The client user does not
have the access
privilege to perform the
operation.
None.
errorRole
BW-Plugin
The LDAP server is
busy.
None.
errorRole
BW-Plugin
Fails to connect to the
LDAP server.
None.
errorRole
BW-Plugin
The LDAP server fails to
perform the specified
operation.
None.
errorRole
BW-Plugin
A loop is found.
None.
The authentication
presented to the
server is
inappropriate.
EX_INVALID_CREDENTI
ALS.errorCode=500049
The credentials
presented to the
server for
authentication are
not valid.
EX_INSUFFICIENT_ACC
ESS_RIGHTS.errorCode=5
00050
The client is
authenticated as a
user who does not
have the access
privileges to perform
this operation.
EX_BUSY.errorCode=5000
51
The LDAP server is
busy.
EX_UNAVAILABLE.error
Code=500052
The LDAP server is
unavailable.
EX_UNWILLING_TO_PE
RFORM.errorCode=50005
3
The LDAP server is
unable to perform the
specified operation.
EX_UNWILLING_TO_PE
RFORM.errorCode=50005
4
A loop has been
detected.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
58
Error Code
Role
Category
Description
Solution
EX_SORT_CONTROL_MI
SSING.errorCode=500060
errorRole
BW-Plugin
In the search request,
the "server-side storing"
control is not included
in the "virtual list view"
control.
None.
errorRole
BW-Plugin
An index range error
occurs.
None.
errorRole
BW-Plugin
A naming violation
error occurs.
None.
errorRole
BW-Plugin
Fails to perform the
requested operation.
Because the operation
will change data and the
data will not conform to
the schema.
None.
errorRole
BW-Plugin
Fails to perform the
request operation on a
leaf entry.
None.
The "server-side
sorting" control was
not included with the
"virtual list view
control in the search
request.
EX_INDEX_RANGE_ERR
OR.errorCode=500061
An index range error
occurred.
EX_NAMING_VIOLATIO
N.errorCode=500064
A naming violation
has occurred.
EX_OBJECT_CLASS_VIO
LATION.errorCode=50006
5
The requested
operation will add or
change data so that
the data no longer
complies with the
schema.
EX_NOT_ALLOWED_ON
_NONLEAF.errorCode=50
0066
The requested
operation can only be
performed on an entry
that has no entries
beneath it in the
directory tree (in
other words, a "leaf"
entry).
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
59
Error Code
Role
Category
Description
Solution
EX_NOT_ALLOWED_ON
_RDN.errorCode=500067
errorRole
BW-Plugin
The specified operation
is not supported by a
relative distinguished
name (RDN).
None.
errorRole
BW-Plugin
The specified entry
exists.
None.
errorRole
BW-Plugin
Fails to modify the
specified object class.
None.
errorRole
BW-Plugin
According to LDAP v3,
the LDAP client cannot
move entries and sub
entries between LDAP
servers.
None.
errorRole
BW-Plugin
An error occurs in the
result code type.
None.
errorRole
BW-Plugin
Fails to conneect to the
LDAP server.
None.
The specified
operation cannot be
performed on a
relative
distinguished name
(RDN).
EX_NOT_ALLOWED_ON
_RDN.errorCode=500068
The specified entry
already exists.
EX_OBJECT_CLASS_MO
DS_PROHIBITED.errorCo
de=500069
You cannot modify the
specified object
class.
EX_AFFECTS_MULTIPLE
_DSAS.errorCode=500071
[LDAP v3] The client
attempted to move an
entry from one LDAP
server to another by
requesting a "modify
DN" operation. In
general, clients
should not be able to
arbitrarily move
entries and subtrees
between servers.
EX_OTHER.errorCode=50
0080
General result code
for other types of
errors that may
occur.
EX_SERVER_DOWN.erro
rCode=500081
The LDAP server
cannot be contacted.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
60
Error Code
Role
Category
Description
Solution
EX_LDAP_TIMEOUT.erro
rCode=500085
errorRole
BW-Plugin
The operation cannot
complete in the limited
time.
None.
errorRole
BW-Plugin
One or more parameters
are incorrect when
calling a constructor or
a method.
None.
errorRole
BW-Plugin
The LDAP client fails to
connect to the LDAP
server.
None.
errorRole
BW-Plugin
The LDAP protocol in
use does not support the
request.
None.
errorRole
BW-Plugin
Fails to find the
requested control.
None.
errorRole
BW-Plugin
No results are returned
from the server.
None.
errorRole
BW-Plugin
The number of the
returned results exceeds
the specified number.
None.
The operation could
not be completed
within the maximum
time limit.
EX_PARAM_ERROR.error
Code=500089
When calling a
constructor or method
from your client, one
or more parameters
were incorrectly
specified.
EX_CONNECT_ERROR.er
rorCode=500091
Your LDAP client
failed to connect to
the LDAP server.
EX_LDAP_NOT_SUPPOR
TED.errorCode=500092
The request is not
supported by this
version of the LDAP
protocol.
EX_CONTROL_NOT_FO
UND.errorCode=500093
The requested control
is not found.
EX_NO_RESULTS_RETU
RNED.errorCode=500094
No results have been
returned from the
server.
EX_MORE_RESULTS_TO
_RETURN.errorCode=500
095
More results are
being returned from
the server.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
61
Error Code
Role
Category
Description
Solution
EX_CLIENT_LOOP.error
Code=500096
errorRole
BW-Plugin
A loop occurs in the
referral.
None.
errorRole
BW-Plugin
The number of
sequential referrals
exceeds the maximum
number of referrals.
None.
errorRole
BW-Plugin
The socket factory fails
to initialize a TLS
session.
None.
errorRole
BW-Plugin
An EXCEPTION error
occurs when retrieving
the XML output.
None.
errorRole
BW-Plugin
The operation has been
cancelled.
None.
Your LDAP client
detected a loop in
the referral.
EX_REFERRAL_LIMIT_E
XCEEDED.errorCode=500
097
The number of
sequential referrals
(for example, the
client may be
referred first from
LDAP server A to LDAP
server B, then from
LDAP server B to LDAP
server C, and so on)
has exceeded the
maximum number of
referrals (the
LDAPv2.REFERRALS_HOP_
LIMIT option).
EX_TLS_NOT_SUPPORT
ED.errorCode=500112
The socket factory of
the connection is not
capable of initiating
a TLS session.
EX_OCCURED_RETRIEV
E_RESULT.errorCode=500
113
IOException occurred
while retrieving XML
Output for activity
[{0}].
EX_CANCELED.errorCod
e=500118
An operation has been
canceled using the
Cancel extended
operation.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
62
Error Code
Role
Category
Description
Solution
EX_NO_SUCH_OPERATI
ON.errorCode=500119
errorRole
BW-Plugin
The server does not
receive the request of
cancelling the operation.
None.
errorRole
BW-Plugin
Fails to cancel the
operation.
None.
errorRole
BW-Plugin
The identified operation
does not support the
cancelling operation.
None.
errorRole
BW-Plugin
An unknown result
code is returned.
None.
errorRole
BW-Plugin
Fails to locate the
specified file.
None.
errorRole
BW-Plugin
No file name is entered.
Enter a file
name.
errorRole
BW-Plugin
The access log is not
configured for this entry
in OpenLDAP.
Configure the
access log for
this entry.
The server has no
knowledge of the
operation requested
for cancelation.
EX_NO_SUCH_OPERATI
ON.errorCode=500120
It is too late to
cancel the
outstanding
operation.
EX_CANNOT_CANCEL.e
rrorCode=500121
the identified
operation does not
support cancelation
or the cancel
operation could not
be performed.
EX_UNKNOWN.errorCod
e=500122
A unknown result
code.
EX_FILE_NOT_FOUND.e
rrorCode=500123
Specified file {0} is
not found.
EX_NOT_SPECIFY_FILE.e
rrorCode=500124
Not specify the file
name.
EX_NOT_SET_UP_ACCE
SSLOG.errorCode=500125
Accesslog has not
been set up, please
set up this entry for
OpenLDAP.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
63
Error Code
Role
Category
Description
Solution
EX_CREATE_CONNECTI
ON_FAILED.errorCode
=500126
errorRole
BW-Plugin
Fails to create the JNDI
connection.
None.
errorRole
BW-Plugin
An error occurs when
performing this
operation.
None.
errorRole
BW-Plugin
The attributes that are
monitoring do not exist.
None.
Create JNDI
Connection failed due
to {0}
EX_E_SYNC_REFRESH_R
EQUIRED.errorCode=5040
96
It is safe to do so
when it is unable to
perform the operation
EX_MONITOR_ATTRIBU
TE_NOT_CORRECT.error
Code=505000
Attribute(s) will be
monitored is(or are)
not recognized, it
doesn't(they don't)
exist in LDAP Server.
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP User's Guide
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement