TIBCO ActiveMatrix Adapter for LDAP Concepts. Software Release 6.0 August 2010

TIBCO ActiveMatrix Adapter for LDAP Concepts Software Release 6.0 August 2010

Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN LICENSE.PDF) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE LICENSE FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIB, TIBCO, TIBCO Adapter, TIBCO ActiveMatrix, Predictive Business, Information Bus, The Power of Now, TIBCO ActiveMatrix BusinessWorks, TIBCO Rendezvous, TIBCO Administrator, TIBCO Designer, TIBCO Runtime Agent, TIBCO Hawk, TIBCO Enterprise Message Service, TIBCO Designer Add-in for TIBCO Business Studio, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix BusinessWorks Service Engine, TIBCO ActiveEnterprise, and TIBCO Business Studio, are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries. EJB, Java EE, J2EE, and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. SEE THE README.TXT FILE FOR THE AVAILABILITY OF THIS SOFTWARE VERSION ON A SPECIFIC OPERATING SYSTEM PLATFORM. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright 1998-2010 TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information

iii Contents Figures.........................................................................v Preface......................................................................... i Related Documentation...................................................................... ii TIBCO ActiveMatrix Adapter for LDAP Documentation.......................................... ii Other TIBCO Product Documentation....................................................... ii Typographical Conventions...................................................................iii How to Contact TIBCO Support............................................................... vi Chapter 1 Introduction............................................................1 Adapter Overview.......................................................................... 2 Adapter Components........................................................................ 3 Overview.............................................................................. 3 Adapter Palette......................................................................... 3 Runtime Adapter........................................................................ 4 Design-time Adapter..................................................................... 4 Adapter Key Terms......................................................................... 6 Adapter Services........................................................................... 7 General Adapter Services................................................................ 7 Adapter Services Summary............................................................... 8 Choosing an Adapter Service.............................................................. 9 Adapter Life Cycle......................................................................... 11 Chapter 2 Adapter Infrastructure Tools.............................................13 TIBCO Runtime Agent...................................................................... 14 TIBCO Domain Utility................................................................... 14 TIBCO Designer........................................................................... 15 TIBCO Administrator....................................................................... 16 TIBCO Administration Domain............................................................ 16 TIBCO Administration Server............................................................. 17 TIBCO Administrator GUI................................................................ 17 TIBCO ActiveMatrix BusinessWorks........................................................... 18 TIBCO Hawk............................................................................. 19........................................................................................ 20

iv Contents Chapter 3 TIBCO ActiveMatrix Adapter for LDAP.................................... 21 Overview of Adapter for LDAP............................................................... 22 Integration With LDAP.................................................................. 22 Directory Store........................................................................ 23 Features of Adapter for LDAP................................................................ 24 Services of Adapter for LDAP................................................................ 30 Publication Service.................................................................... 30 Subscription Service................................................................... 30 Request-Response Service.............................................................. 31 Index......................................................................... 33

Figures v Figures Figure 1 Adapters Provide a Bridge for Data.................................................. 2 Figure 2 Example adapter palette.......................................................... 4 Figure 3 Design-time adapter connection to application......................................... 5 Figure 4 Adapter palette connection to application............................................. 5 Figure 5 Runtime adapter connection to application............................................ 5 Figure 6 A Business Integration Scenario.................................................... 9 Figure 7 Choosing an Adapter Service..................................................... 10 Figure 8 TIBCO Designer Main Window.................................................... 15 Figure 9 TIBCO Administrator GUI......................................................... 17 Figure 10 Logical Architecture for Integration with LDAP......................................... 23 Figure 11 Typical Publication Service Flow................................................... 30 Figure 12 Typical Subscription Service Flow.................................................. 31 Figure 13 Typical Request-Response Service Flow............................................. 32

vi Figures

i Preface TIBCO ActiveMatrix Adapter for LDAP is a bidirectional gateway between applications configured for the TIBCO environment and an LDAP server. Topics Related Documentation, page ii Typographical Conventions, page iii How to Contact TIBCO Support, page vi

ii Preface Related Documentation This section lists documentation resources you may find useful. TIBCO ActiveMatrix Adapter for LDAP Documentation The following documents form the TIBCO ActiveMatrix Adapter for LDAP documentation set: Read this manual before reading any other book in the documentation set to familiarize yourself with the product and its uses. TIBCO ActiveMatrix Adapter for LDAP Installation Read this manual for instructions on site preparation and installation. TIBCO ActiveMatrix Adapter for LDAP Configuration and Deployment Read this manual for instructions on creating, configuring, and deploying standalone adapter projects. TIBCO ActiveMatrix Adapter for LDAP Examples Read this manual to work through the examples provided with the adapter. TIBCO ActiveMatrix Adapter for LDAP Release Notes Read the release notes for a list of new and changed features. This document also contains lists of closed and known issues for this release. Other TIBCO Product Documentation You may find it useful to read the documentation for the following TIBCO products: TIBCO ActiveMatrix BusinessWorks TIBCO Adapter SDK TIBCO Administrator TIBCO Designer TIBCO Enterprise Message Service TIBCO Hawk TIBCO Rendezvous TIBCO Runtime Agent TIBCO ActiveEnterprise

Typographical Conventions iii Typographical Conventions The following typographical conventions are used in this manual. Table 1 General Typographical Conventions Convention TIBCO_HOME ENV_HOME Use Many TIBCO products must be installed within the same home directory. This directory is referenced in documentation as TIBCO_HOME. The value of TIBCO_HOME depends on the operating system. For example, on Windows systems, the default value is C:\tibco. Other TIBCO products are installed into an installation environment. Incompatible products and multiple instances of the same product are installed into different installation environments. The directory into which such products are installed is referenced in documentation as ENV_HOME. The value of ENV_HOME depends on the operating system. For example, on Windows systems the default value is C:\tibco. code font Code font identifies commands, code examples, filenames, pathnames, and output displayed in a command window. For example: Use MyCommand to start the foo process. bold code font Bold code font is used in the following ways: In procedures, to indicate what a user types. For example: Type admin. In large code samples, to indicate the parts of the sample that are of particular interest. In command syntax, to indicate the default parameter for a command. For example, if no parameter is specified, MyCommand is enabled: MyCommand [enable disable] italic font Italic font is used in the following ways: To indicate a document title. For example: See TIBCO ActiveMatrix BusinessWorks Concepts. To introduce new terms. For example: A portal page may contain several portlets. Portlets are mini-applications that run in a portal. To indicate a variable in a command or code syntax that you must replace. For example: MyCommand PathName

iv Preface Table 1 General Typographical Conventions (Cont d) Convention Key combinations Use Key name separated by a plus sign indicate keys pressed simultaneously. For example: Ctrl+C. Key names separated by a comma and space indicate keys pressed one after the other. For example: Esc, Ctrl+Q. The note icon indicates information that is of special interest or importance, for example, an additional action required only in certain circumstances. The tip icon indicates an idea that could be useful, for example, a way to apply the information provided in the current section to achieve a specific result. The warning icon indicates the potential for a damaging situation, for example, data loss or corruption if certain steps are taken or not taken. Table 2 Syntax Typographical Conventions Convention Use [ ] An optional item in a command or code syntax. For example: MyCommand [optional_parameter] required_parameter A logical OR that separates multiple items of which only one may be chosen. For example, you can select only one of the following parameters: MyCommand para1 param2 param3

Typographical Conventions v Table 2 Syntax Typographical Conventions (Cont d) Convention Use { } A logical group of items in a command. Other syntax notations may appear within each logical group. For example, the following command requires two parameters, which can be either the pair param1 and param2, or the pair param3 and param4. MyCommand {param1 param2} {param3 param4} In the next example, the command requires two parameters. The first parameter can be either param1 or param2 and the second can be either param3 or param4: MyCommand {param1 param2} {param3 param4} In the next example, the command can accept either two or three parameters. The first parameter must be param1. You can optionally include param2 as the second parameter. And the last parameter is either param3 or param4. MyCommand param1 [param2] {param3 param4}

vi Preface How to Contact TIBCO Support For comments or problems with this manual or the software it addresses, please contact TIBCO Support as follows. For an overview of TIBCO Support, and information about getting started with TIBCO Support, visit this site: http://www.tibco.com/services/support If you already have a valid maintenance or support contract, visit this site: https://support.tibco.com Entry to this site requires a user name and password. If you do not have a user name, you can request one.

1 Chapter 1 Introduction This chapter introduces basic concepts of adapters. Topics Adapter Overview, page 2 Adapter Components, page 3 Adapter Key Terms, page 6 Adapter Services, page 7 Adapter Life Cycle, page 11

2 Chapter 1 Introduction Adapter Overview To deploy the best solution for each aspect of a business, it is usually necessary to purchase applications from different application vendors. However, vendors typically have their own ways to format and expose data. Therefore, integrating various applications across an enterprise poses significant challenges. An adapter provides a bridge between an application and the TIBCO integration environment. Using a no-coding approach, TIBCO adapters enable packaged applications, databases, and other technologies to participate actively in the enterprise information flow, regardless of their data formats or communication protocols. Integration of new applications does not require programming and does not interfere with existing infrastructure. Adapters isolate the application from more complex actions. Message transformation and business process automation can be handled once the data is published to the TIBCO infrastructure. As shown in the Figure 1, adapters allow for the exchange of data among different technologies. Figure 1 Adapters Provide a Bridge for Data Packaged Applications Databases Legacy and MainFrame COM, CORBA, J2EE, and Custom Systems Adapter Adapter Adapter Adapter TIBCO Messaging Adapters are available for off-the-shelf applications from leading vendors. Each adapter integrates with one or more interfaces exposed by the vendor application. Database adapters enable the database of an enterprise to initiate business processes based on exception data they identify. Database adapters also make data available to the enterprise. Mainframe adapters enable real-time two-way communication between adapters, business applications, and databases of a company. Adapters can also enable integration with component or object development models and other messaging technologies.

Adapter Components 3 Adapter Components Overview Each adapter has two main components, an adapter palette and a runtime adapter. In addition, some adapters include a design-time adapter. The adapter palette and design-time adapter are used during configuration, and the runtime adapter is used at production time. Adapter Palette Each adapter includes a palette that is used for configuration. The palette is automatically loaded into TIBCO Designer during adapter installation and available the next time Designer is started. The palette enables you to configure adapter specific options, such as its connection to the vendor application, logging options, and adapter services. During the design phase, the palette connects to the vendor application and fetches information about connection options and data schemas. You can then graphically select the appropriate items. For example, during configuration of a TIBCO ActiveMatrix Adapter for LDAP instance, the palette fetches all pertinent tables in the database. You then choose the tables that the particular service is to send or receive. The following diagram shows the TIBCO ActiveMatrix Adapter for LDAP palette and the configuration options for a publication service.

4 Chapter 1 Introduction Figure 2 Example adapter palette Runtime Adapter Once the adapter has been configured using TIBCO Designer, it can be deployed. A deployed adapter instance is referred to as a runtime adapter (RTA). A runtime adapter operates in a production environment, handling communication between a vendor application and other applications that are configured for the TIBCO environment. Design-time Adapter Some adapters use a design-time adapter (DTA) to access a vendor application and return design-time configuration information. The palette is a client of the DTA process. The DTA connects to the vendor application, fetches data schemas and sends them to the palette. Component Details The next diagram shows components used at design-time for adapters that provide a design-time adapter. The DTA uses the native client libraries of the application to access schema from the application. The palette (in TIBCO Designer) communicates with the DTA.

Adapter Components 5 Figure 3 Design-time adapter connection to application Not all adapters require a design-time adapter. Where possible, the adapter palette communicates directly with the native client libraries of the application as shown in the next diagram. Figure 4 Adapter palette connection to application As shown in the following diagram, the adapter at runtime uses the native client libraries to communicate with the vendor application. Figure 5 Runtime adapter connection to application

6 Chapter 1 Introduction Adapter Key Terms The following key terms are used when describing adapter interactions in this manual. A palette is a standalone adapter component that contains the screens used to gather input at design-time when configuring an adapter with a service. The palette is accessed through TIBCO Designer. A project is a collection of configured adapter resources and it contains configuration information for one or more adapter instances. A local project is typically used at design-time for testing. For production, a project is typically managed by an administration server provided by the TIBCO Administrator for the standalone adapter. An.ear of an application contains global variables with values set at design-time by the standalone adapter. The global variables can be changed during deployment at the application level, the service level, or the service instance level.

Adapter Services 7 Adapter Services Adapters are responsible for making information from different applications available to other applications across an enterprise. To do so, an adapter is configured to provide one or more services. General Adapter Services This section lists four kinds of services which can be found in most of TIBCO adapter products. Not all adapters provide all these services and some adapters may provide services not listed here. See Services of Adapter for LDAP on page 30 for information about services available on TIBCO ActiveMatrix Adapter for LDAP. Publication Service An adapter publication service recognizes when business events happen in a vendor application, and asynchronously sends out the event data in real-time to interested systems in the TIBCO environment. For example, an adapter can publish an event each time a new customer account is added to an application. Other applications that receive the event can then update their records just as the original application did. Subscription Service An adapter subscription service asynchronously performs an action, such as updating business objects or invoking native APIs, on a vendor application. The adapter service listens to external business events, which trigger the appropriate action. Referring to the previous example, an adapter subscription service can listen for customer record creation events (happening in an application and published to the TIBCO infrastructure) and update another application. Request-Response Service In addition to asynchronously publishing and subscribing to events, an adapter can be used for synchronously retrieving data from or executing transactions within a vendor application. After the action is performed in the vendor application, the adapter service sends a response back to the requester with either the results of the action or a confirmation that the action occurred. This entire process is called request-response, and it is useful for actions such as adding or deleting business objects.

8 Chapter 1 Introduction For example, an adapter receives a request message from the TIBCO infrastructure and sends it to an application. The adapter receives a response from the application and returns it. Request-Response Invocation Service An adapter request-response invocation service is similar to the request-response service, except that the roles are reversed. The vendor application is now the requester or initiator of the service, instead of the provider of the service. The adapter service acts as a proxy, giving the vendor application the ability to invoke synchronously functionality on an external system. For example, the adapter sending a request message from application Y to application X. After application X processes the message, it is returned to the adapter, which sends the response back to application Y. Adapter Services Summary Table 3 summarizes the services introduced in this section. Table 3 Adapter Services Summary Service Initiator Target Event Mode Publishing Service (sends to target) Vendor application TIBCO infrastructure Asynchronous Subscribing Service (receives from initiator) TIBCO infrastructure Vendor application Asynchronous Request-Response Service (receives from initiator, waits for response then sends response to target) TIBCO infrastructure Vendor application Synchronous Request-Response Invocation Service (sends to target, waits for response, then sends response to initiator) Vendor application TIBCO infrastructure Synchronous

Adapter Services 9 Choosing an Adapter Service A business integration scenario determines the use of one adapter service or another. This section provides a simple flow chart that helps you to choose the service to use. Consider the following environment that involves application X, an adapter, and another application: Figure 6 A Business Integration Scenario Subnet Machine A Machine B Application X Other application TIBCO Adapter for Application X In this scenario, data is exchanged between the application X and another application. The other application could be a customer management system, such as PeopleSoft, or another TIBCO application, such as TIBCO ActiveMatrix BusinessWorks. To choose the adapter service to use, start by finding out where the scenario begins or what triggers it. For example, when a new customer account is created in application X, must the account information be propagated through the adapter to the other application? Or does a batch business process in TIBCO ActiveMatrix BusinessWorks need information from application X to generate a report? This question is the starting point of the decision chart provided in Figure 7.

10 Chapter 1 Introduction Figure 7 Choosing an Adapter Service business process starts application X where is the process initiated? another application update another application application X must response required? No Yes update one or many only one obtain information from another application many Subscription Service Request- Response Service no acknowledgement required? Yes Publication Service Request-Response Invocation Service Working through the decision chart, if the business process is the creation of a customer record in application X and if many other applications need to be updated when the event occurs, but no acknowledgements are required, the publication service should be used.

Adapter Life Cycle 11 Adapter Life Cycle In general, the life cycle of an adapter includes four stages: installation, configuration, deployment, and monitoring. Installation The installation stage includes installing the vendor application to which the adapter connects and other software from TIBCO on which the adapter depends. For many adapters, the adapter and vendor application need not be installed on the same machine, while the TIBCO Runtime Agent software must be installed on each computer that runs the adapter. Configuration In the configuration stage, an adapter instance can be created and configured with a design-time tool. The configuration information is required for a runtime adapter to interact with the vendor application and other applications. The standalone adapter uses TIBCO Designer as its design-time tool. Deployment An adapter instance created by TIBCO Designer can be deployed using TIBCO Administrator. Monitoring In this stage, use one of the following tools to manage and monitor the adapter: the built-in monitoring tools provided by TIBCO Administrator or TIBCO ActiveMatrix Administrator the TIBCO Hawk microagents

12 Chapter 1 Introduction

Adapter Infrastructure Tools 13 Chapter 2 Adapter Infrastructure Tools This chapter introduces the required and optional TIBCO infrastructure tools that work with an adapter. Topics TIBCO Runtime Agent, page 14 TIBCO Designer, page 15 TIBCO Administrator, page 16 TIBCO ActiveMatrix BusinessWorks, page 18 TIBCO Hawk, page 19

14 Chapter 2 Adapter Infrastructure Tools TIBCO Runtime Agent The TIBCO Runtime Agent (TRA) provides basic connectivity between the adapter and other TIBCO infrastructure tools. The TRA is required on any machine on which an adapter is installed. The TRA runs on each machine on which an adapter runs and executes scripts, sends alerts, and performs recovery as specified. The TRA has two main functions: It supplies an agent that runs in the background on each machine. The agent is responsible for starting and stopping processes that run on a machine according to the deployment information. The agent monitors the machine. That information is then visible through the TIBCO Administrator GUI. It supplies the runtime environment, that is, all shared libraries including third-party libraries required by the adapter. TIBCO Domain Utility The TRA contains the TIBCO Domain Utility, which is used to manage the components available on a TIBCO administration domain. The utility allows you to: Add or remove a machine to a TIBCO administration domain. Add or remove the TIBCO Enterprise Message Service server plug-in to a TIBCO administration domain. Change TIBCO Rendezvous parameters. This is an advanced option performed only by users familiar with TIBCO Rendezvous. If you want to perform this task, you must perform it on each machine in the TIBCO administration domain, then restart the TIBCO Administration Server. Change TIBCO administration domain credentials. This is an advanced option. You must perform it on the machine that hosts the TIBCO Administration Server. Remove a secondary TIBCO Administration Server. Enable TIBCO administration domain and security management on a machine that hosts TIBCO Administrator. Migrate previous TIBCO Administrator installations.

TIBCO Designer 15 TIBCO Designer TIBCO Designer provides the design-time environment for configuring a standalone adapter project. Using Designer, you create a project, add adapter services to it with a simple drag-and-drop interface, and specify the configuration information for each adapter service. Before using TIBCO Designer, ensure that you have read the TIBCO Designer documentation. The documentation can be accessed via the TIBCO Designer Help > Designer Help from the menu bar. Figure 8 shows the TIBCO Designer interface. The standalone adapter adds a palette to the TIBCO Designer environment which provides the adapter specific resources. Figure 8 TIBCO Designer Main Window Menu bar Toolbar Project Panel Design Panel Palette Panel Configuration Panel

16 Chapter 2 Adapter Infrastructure Tools TIBCO Administrator TIBCO Administrator provides user, resource, and application management modules for adapters. User Management This module allows you to set permissions for adapter users. You can define authentication, users, and groups, and assign access control lists to users. This includes security for server-based projects at design-time and for deployed applications at runtime. Resource Management This module allows you to monitor machines and running applications in a TIBCO administration domain. Alerts can be created, for example, to notify an administrator if the number of processes or disk usage exceed a certain level. Application Management This module allows you to upload Enterprise Archive (EAR) files, and create, configure, and deploy adapters. This module is also used to start and stop adapters. Load balancing An adapter can be served by a primary and secondary TIBCO Administration Server. The primary server allows read and write operations, while the secondary server supports read operations. Load balancing is implemented through the use of the TIBCO Rendezvous distributed queue protocol (RVDQ) and therefore is not available for HTTP. To get the load balancing benefit with HTTP, you must either use an IP redirector or explicitly point to a backup server. Refer to the IP Redirector or HTTP Server documentation for instructions on how to do this. Failure recovery You can use a load-balanced TIBCO Administration Server for failure recovery. In a completely trusted environment, you can also use a database back-end for your server and use checkpoints in the database for failure recovery. TIBCO Administration Domain A TIBCO administration domain is installed only if you have installed the User Management module. A TIBCO administration domain is a collection of users, machines, and components that an administration server manages. There is only one Administration Server for each administration domain. Components within an administration domain can communicate with systems outside of the domain, but the domain is the administrative boundary of your enterprise integration project. Each TIBCO administration domain contains one or more machines. Each machine can belong to only one TIBCO administration domain.

TIBCO Administrator 17 By default, all machines within an administration domain are expected to be in the same subnet. You can set up your system to use TIBCO Rendezvous rvrd and then use the components across subnets. See the TIBCO Administrator Server Configuration Guide for details. TIBCO Administration Server The TIBCO Administration Server provides a central storage and distribution point for configuration data and schema data needed by an adapter. The server is included in both Administrator editions. Each administration domain has one and only one TIBCO Administration Server. The TIBCO Administration Server is the machine process that handles the stored projects and requests to manage the TIBCO administration domain. The TIBCO Administrator Server contains its own web server (Apache Tomcat) that can be accessed through the TIBCO Administrator GUI for configuration and monitoring information. The TIBCO Administration Server supports centralized authentication and authorization. Using the TIBCO Administrator GUI, users with full administrative privileges can define who has access to projects that are managed by the repository server. TIBCO Administrator GUI You can access the TIBCO Administration Server using the web-based TIBCO Administrator GUI. The GUI allows you to create user profiles and assign access to projects managed by the Administration Server. You can invoke the GUI from any machine in a TIBCO administration domain. Figure 9 TIBCO Administrator GUI

18 Chapter 2 Adapter Infrastructure Tools TIBCO ActiveMatrix BusinessWorks TIBCO ActiveMatrix BusinessWorks is a scalable, extensible, and easy to use integration platform that allows you to develop integration projects. TIBCO ActiveMatrix BusinessWorks includes a graphical user interface for defining business processes and an engine that executes the process. In TIBCO ActiveMatrix BusinessWorks, adapter services publish or subscribe to business data in a decoupled yet reliable manner. The business process receives data from, and routes data to, an adapter service. TIBCO ActiveMatrix BusinessWorks provides the following activities for use with adapters: Publish to Adapter Publishes data from the process to an adapter, which subscribes to data coming from the process and passes the data to the target application. Adapter Subscriber Subscribes to incoming data published by the adapter. Invoke an Adapter Request-Response Service Communicates (as a client) with an adapter Request-Response Service. Adapter Request-Response Server Starts a process based on the receipt of a request from an adapter. Respond to Adapter Request Sends a response to an adapter for a previously received request. Wait for Adapter Message Waits for the receipt of a message from the publication service of the specified adapter. Wait for Adapter Request Waits for the receipt of a request from a request-response invocation service. See the TIBCO ActiveMatrix BusinessWorks documentation for more information.

TIBCO Hawk 19 TIBCO Hawk TIBCO Hawk monitors and manages distributed applications and systems throughout the enterprise. System administrators can monitor application parameters, behavior, and loading activities for all nodes in a local or wide-area network and take action when pre-defined conditions occur. In many cases, runtime failures or slowdowns can be repaired automatically within seconds of their discovery, reducing unscheduled outages and slowdowns of critical business systems. TIBCO Hawk features include: Extensive monitoring capabilities at the operating system and application levels including process data, disk, and CPU utilization, network statistics, log, and system files. Built-in routines within other TIBCO ActiveEnterprise components that allow for proactive management. Problems can be found and fixed before failure occurs. Hawk Application Management Interface (AMI) routines that can be embedded within custom adapters, allowing active management of those adapters by the Hawk microagents. Distributed microagents that support autonomous network behavior so local management and problem resolution can continue during an outage. Fault tolerance that is achieved through the independent operation of Hawk agents, which continue to perform local tasks even in the event of network failure. TIBCO Hawk consists of (1) a console display, (2) a central repository for storage of configuration objects, (3) agents, and (4) microagents whose monitoring duties are defined by the rule bases. Agents monitor local conditions and take action or publish alert information that appears in the TIBCO Hawk display. Microagents act as an interface to the managed objects and are invoked through their supported methods.

20 Chapter 2 Adapter Infrastructure Tools

21 Chapter 3 TIBCO ActiveMatrix Adapter for LDAP This chapter introduces the TIBCO Adapter for LDAP product by providing background information about its features and product elements, and about the applications that use it. Topics Overview of Adapter for LDAP, page 22 Features of Adapter for LDAP, page 24 Services of Adapter for LDAP, page 30

22 Chapter 3 TIBCO ActiveMatrix Adapter for LDAP Overview of Adapter for LDAP TIBCO ActiveMatrix Adapter for LDAP brings LDAP servers into the TIBCO interoperability framework. The adapter allows applications configured for the TIBCO environment to communicate with LDAP servers without any knowledge of LDAP protocol, LDAP APIs, and LDAP server implementation. Applications can retrieve information from or update LDAP servers. The adapter provides publication services, subscription services, and request-response services. The publication service publishes the changes occurring on the LDAP server to the TIBCO environment. The subscription service receives messages from the TIBCO environment, and updates the LDAP server appropriately. The request-response service receives requests for LDAP information from applications, contacts the configured LDAP server for it, and sends the results in its response to the TIBCO environment for the applications. TIBCO ActiveMatrix Adapter for LDAP helps organizations to move transparently from proprietary, application-specific directories to organization-wide LDAP directories. Integration With LDAP LDAP is a client-server protocol for accessing a directory service. LDAP lets you locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet. An LDAP directory can be distributed among many servers on a network, then replicated and synchronized regularly. The adapter is a bidirectional gateway between an LDAP server and the TIBCO environment. The distributed architecture of a typically-deployed TIBCO ActiveMatrix Adapter for LDAP makes seamless integration into an LDAP-served enterprise possible. The following figure is a high-level view of how the adapter is integrated with LDAP in the TIBCO environment.

Overview of Adapter for LDAP 23 Figure 10 Logical Architecture for Integration with LDAP TIBCO Environment Messages LDAP Server LDAP Directory Store TIBCO Adapter for LDAP Directory Store In LDAP terminology, a directory store is a repository of information, typically including information on resources, services, users, applications, devices and configuration. Unlike a database, a directory is used mostly for read operations and is rarely updated. A server, which implements the directory store and supports the LDAP protocol and API is typically referred to as an LDAP server. Data on an LDAP server is stored as entries, each of which stores information about some object or entity. Each entry has a number of attributes. Each attribute has a type. Each LDAP entry belongs to one or more object classes. An object class defines what attributes entries can have, so object classes define the schema on an LDAP server. All entries on an LDAP server are organized into a tree structure, which is called the Directory Information Tree (DIT). LDAP servers allow users to add, update, delete, look up, and search for entries. LDAP clients can be configured to connect to LDAP servers with or without authentication.

24 Chapter 3 TIBCO ActiveMatrix Adapter for LDAP Features of Adapter for LDAP The following adapter features are described in detail in this manual. Services of Adapter for LDAP The following adapter services are supported: Publication Service Publishes the changes occurring on the LDAP server to JMS or TIBCO Rendezvous, for other applications to use. Subscription Service Subscribes to messages from other applications on JMS or TIBCO Rendezvous, and applies the requests contained in them to the LDAP server. Request-Response Service Receives requests for LDAP information from applications through JMS or TIBCO Rendezvous. It performs the required operations on the LDAP server and sends the results in its reply. An Easy-to-Use GUI The adapter provides its own design-time component, namely the adapter palette, which seamlessly integrates with TIBCO Designer. This easy-to-use interface allows you to quickly configure adapter-specific features. You can use it to enter, delete, and modify configuration information. You can easily specify operational parameters and change them as needed. Support for Dual TIBCO Messaging Transports The adapter supports the following TIBCO messaging transports: TIBCO Rendezvous transport This transport uses subject-based addressing to provide support for both multicast or broadcast, and point-to-point communications. You can configure the delivery modes of the messages and specify the wire format to be used when you configure the adapter service. JMS transport TIBCO Enterprise Message Service must be installed to use the JMS transport. The JMS administration interfaces allow you to create and manage administered objects such as Connection Factories, Topics, and Queues. JMS clients can retrieve references to these objects by using Java Naming and Directory Interface (JNDI). Creating static administered objects allows clients to use these objects without having to implement the object within the client. When a JMS client starts, it performs a JNDI lookup for the connection factories that it needs. For details on JNDI, see the TIBCO Enterprise Message Service User s Guide. You can specify the connection factory

Features of Adapter for LDAP 25 type and the delivery mode to be used when you configure the adapter service. Support for Distributed Queues A distributed queue is a group of cooperating transport objects, each in a separate process. Each transport object is called a member. To balance the transmission load among servers, the adapter can use distributed queues for one-of-n delivery of messages to a group of servers. Each member of a distributed queue must listen for the same subject using TIBCO Rendezvous Distributed Queue listener objects. Even though many members listen for each inbound message (or task), only one member processes the message. For details on distributed queues, see TIBCO Rendezvous Concepts. In the queue mode within TIBCO Enterprise Message Service, each listener is a single receiver of a point-to-point message. However, the listeners can be configured as a set of receivers, each of which receives a fraction of the messages. For details on TIBCO Enterprise Message Service distributed queues, see the TIBCO Enterprise Message Service User s Guide. Load balancing for the processing of TIBCO Rendezvous or JMS certified messages is supported using distributed queuing. The messages from TIBCO Rendezvous or TIBCO Enterprise Message Service are distributed equally among all instances that belong to the same group. This distributes the data load over several adapter instances. However, the order in which the data is sent to the application server is not guaranteed. Support for Multithreading The adapter maintains a pool of threads allowing it to respond to and process multiple events simultaneously, thereby improving its performance. One thread pool is maintained for an adapter configuration, allowing publication, subscription, and request-response services to use the same thread pool. Support for Internationalization The adapter provides support for many encodings. The default encoding used by the adapter is ASCII. Schema Support With the ActiveEnterprise wire format, you can configure a schema to describe the structure of messages processed by the adapter. This feature is especially useful in the following situations:

26 Chapter 3 TIBCO ActiveMatrix Adapter for LDAP Every adapter service supports one (and only one) schema. The service restricts its operation (publish, subscribe, or request-response) to the chosen schema as well as to a user-specified part of the DIT (Directory Information Tree). If the schema information has changed on the LDAP server, you can reconfigure the adapter instance to reflect the changes. DIT Browsing You can restrict the scope of a service to a specific part of the DIT. When you begin configuring a service, only the top-level entries in the tree are visible. Entries below these are fetched dynamically when you explicitly expand the subtrees. You can specify the number of entries. The maximum number of entries you can specify is 50000. The tree expands if the number of entries is equal to, or less than the value you specify. You can only select a single entry at any time since a service can be associated only with one subtree. Each service lets you select a subtree of the LDAP DIT. The adapter supports selection by example. For example, if you need to select object class X, you can choose any entry belonging to object class X. Therefore, when you select a particular LDAP entry type under a DIT, all the entries of that type, irrespective of their position in the tree, will be supported by the service. If the tree selection is not required, all you need to do is select the root of the tree for each service. The adapter service will log an error and return an error message if the incoming message tries to access other LDAP entry types or other portions of the DIT tree. Support for Basic Authentication The adapter supports basic authentication, the most simple security mechanism in LDAP. When using basic authentication with LDAP, the client identifies itself to the server by means of a DN (Distinguished Name) and a password which are sent in the clear over the network. The server considers the client authenticated if the DN and password sent by the client matches the password for that DN stored in the directory.

Features of Adapter for LDAP 27 Support for SSL All data exchange between the adapter and LDAP server can now be secured via a Secure Sockets Layer (SSL) connection. Attribute Filtering The adapter provides support for retrieving the attributes of an entry by specifying the names of the attributes. This functionality is available only for the Search operation in the request-response service. Refined Search Capabilities The adapter provides refined search capabilities in the request-response service through the use of LDAP_SEARCH_BASE, LDAP_SEARCH_ONELEVEL and LDAP_SEARCH_SUBTREE search options. LDAP_SEARCH_BASE helps you to search for a particular entry, LDAP_SEARCH_ONELEVEL helps you to search one level below the base, not including the base, and LDAP_SEARCH_SUBTREE lets you search the entire subtree. Support for Retrieval of the DN of Searched Entries The adapter can retrieve the Distinguished Name (DN) of an entry retrieved through search, in addition to the attributes of the entry. This functionality is available for the Search operation in the request-response service. Alias Dereferencing In an LDAP directory, an alias entry is an entry that points to another entry. Following an alias pointer is known as dereferencing an alias. In the LDAP directory, you can set a leaf entry to point to another object in the namespace. This alias entry contains the DN of the object to which it is pointing. When you look up an object by using the alias, the alias is dereferenced so that what is returned is the object pointed to by the alias's DN. You can use aliases to organize the directory's namespace so that as the namespace evolves, old names may be used. Suppose, for example, that in the o=wiz, c=us company, the departments ou=hardware and ou=software are merged into ou=engineering. You can move the contents of ou=hardware and ou=software to ou=engineering, and change the entries ou=hardware and ou=software into alias entries that point to ou=engineering. The adapter only supports alias dereferencing for the SEARCH operation.

28 Chapter 3 TIBCO ActiveMatrix Adapter for LDAP Active Directory Server does not support alias operations. Publication Service Filter While configuring the LDAP Adapter instance, you can specify an additional filter for the publication service. Support for SEARCH Operation on Sub Class The adapter can perform the SEARCH operation on a sub class. Selecting the Handle Any Subset of Configured Object classes check box in the Schema View tab enables the adapter to perform a service-specific operation on any subset of the configured object class. For example, the adapter can retrieve the entries belonging to sub class c when a service is configured for an object class a.b.c.d. Therefore, if you configure a publication service for the object class inetorgperson and a publication filter telephonenumber>1000, then all entries that satisfy both these criteria will be published by the adapter. The filter should comply with the LDAP Search Filter Syntax described in the LDAP specification. Persistent Publisher The adapter supports publication of the changes on an LDAP server even if the adapter is not running when those changes are made on the server. This functionality is available for all supported LDAP servers. Server Synchronization The adapter supports synchronization of changes between two supported LDAP servers. This requires the Update Only If Different check box to be selected from the subscriber service. Referrals The adapter supports referrals. A server that does not store the requested data can refer the adapter to another server. Since a server might not store the entire DIT, servers need to be linked together in some way to form a distributed directory that contains the entire DIT. This is accomplished with referrals. The referral acts like a pointer that can be followed to where the desired information is stored.

Features of Adapter for LDAP 29 Enhanced Logging Capability If the adapter receives a message that causes an LDAP invocation error, then the adapter traces the complete message on the console and also logs it to a file so that you can manually recover and process these messages. LDAP Schema Browser for Specifying Object Classes In previous versions of the adapter, it was possible to specify the object classes associated with a service using the DIT browser. This required a suitable sample entry to exist in the DIT. This version of the adapter adds an LDAP schema browser that allows you to browse and select from all the LDAP object classes available in the server s LDAP schema. When using the LDAP schema browser to specify the object class, no sample entry is needed.

30 Chapter 3 TIBCO ActiveMatrix Adapter for LDAP Services of Adapter for LDAP The adapter provides the following services: publication service, subscription service, and request-response service. Publication Service The adapter gets a message from the LDAP server and sends the message to the TIBCO environment. For example, a new employee joins Company A. The administrator updates the corporate LDAP server with the details of the new employee. The Publication Service of the adapter receives this information from the LDAP server, assigns a structure to it, and publishes it using TIBCO Rendezvous or JMS messaging for other applications to pick up. All other applications that need to be aware of this change are informed by the Publication Service via TIBCO Rendezvous or JMS messaging. Figure 11 Typical Publication Service Flow TIBCO Environment Message LDAP Server LDAP Directory Store Publish an LDAP Business Event TIBCO Adapter for LDAP Subscription Service The adapter gets a message from the TIBCO environment and sends the message to the LDAP server.

Services of Adapter for LDAP 31 For example, Company A adds 50 computers to its existing infrastructure, as part of its expansion program. This asset information needs to be reflected on the corporate LDAP server. This information is published by the application using TIBCO Rendezvous or JMS messaging, probably through an application adapter. When the Subscription Service of the adapter receives this information from TIBCO Rendezvous or JMS messaging, it uses the standard LDAP API to update the LDAP server by adding the required entries. Figure 12 Typical Subscription Service Flow TIBCO Environment Message LDAP Server LDAP Directory Store Subscribe to an LDAP Business Event TIBCO Adapter for LDAP Request-Response Service The adapter gets a request from the TIBCO environment and sends the request to an LDAP server. When a response is returned to the adapter from the LDAP server, the adapter sends the response to the TIBCO environment. The adapter supports request-response scenarios with an RPC server. For example, User A of an email client does not know the first name or email address of the contact to whom a mail must be sent. Therefore, the user searches for all names ending with Smith using the Find Contact option on the email client. The email client publishes this request using TIBCO Rendezvous or JMS messaging, probably through an application adapter. When the Request-Response Server Service of the adapter receives this query, it uses the standard LDAP API to contact the LDAP server, and uses the Search operation to find all names (or the specified number of names) ending with Smith. It then returns the search results in its response to TIBCO Rendezvous or JMS messaging.

32 Chapter 3 TIBCO ActiveMatrix Adapter for LDAP Figure 13 Typical Request-Response Service Flow TIBCO Environment Request Message Response Message LDAP Server LDAP Directory Store TIBCO Adapter for LDAP

33 Index A Adapter standalone 3 adapter integration with LDAP 22 overview 22 publication service 30 request-response service 31 role 22 services available 24 subscription service 30 supported messaging transports 24 adapter life cycle configuration 11 deployment 11 installation 11 monitoring 11 adapter services 24 application management 16 F failure recovery 16 L LDAP directory store 23 LDAP integration with adapter 22 load balancing 16 M messaging transports 24 O C overview 22 customer support vi P D directory store 23 palette 6 project 6 publication service 30 E EAR file 6 R request-response service 31 resource management 16

34 Index S schema support 25 Service Oriented Architecture (SOA) 6 subscription service 30 support, contacting vi T technical support vi TIBCO ActiveMatrix BusinessWorks Adapter Request-Response Server 18 Adapter Subscriber 18 Invoke an Adapter Request-Response Service 18 Publish to Adapter 18 Respond to Adapter Request 18 Wait for Adapter Message 18 Wait for Adapter Request 18 TIBCO administration domain 16 TIBCO Administration Server 17 TIBCO Administrator application management 16 failure recovery 16 load balancing 16 resource management 16 user management 16 TIBCO Administrator GUI 17 TIBCO Business Studio 20 TIBCO Designer 15 TIBCO Domain Utility 14 TIBCO Hawk 19 TIBCO Runtime Agent 14 TIBCO_HOME iii TRA 14 U user management 16