Directory Services Markup Language (DSML) identity feed

The Directory Services Markup Language (DSML) identity feed provides capability for reading a DSML file to add users to IBM Security Identity Manager.

DSML service type

The ISIM Server allows for integration of various human resource (HR) type data feeds. We can add large numbers of individuals to ISIM Server without manually adding each individual. An identity record in HR data becomes an instance of a person object in ISIM. One type of HR type data feed is the DSML Identity Feed service. The service can receive the information in one of two ways: a reconciliation or an unsolicited event notification through an event notification program.

The mechanisms that handle HR data in ISIM requires that the HR data be in an XML format. The format uses the standard schema defined by the Directory Services Markup Language (DSML version 1). See the DSML website at http://www.oasis-open.org for DSMLv1. When sending asynchronous notifications, an XML message format defined by Directory Access Markup Language (DAML version 1) is used. DAML is an XML specification defined by IBM that allows specification of add, modify, and delete operations.

DSML file format

DSML is an XML format that describes directory information. A DSML file represents directory structure information in an XML file format. The DSML file must contain only valid attributes of ISIM profile. The identity feed process uses all objects in the file. The erPersonPassword attribute is used in an identity feed only during a Person create process, not in a Person modify process. If the value of the erPersonPassword attribute is set, then ISIM account password is set to that value when the person and account are created. The following statement sets a value for the erPersonPassword attribute:

<attr name="erpersonpassword"><value>panther2</value></attr>

If we select a DSML file format for an identity feed, specify a DSML file similar to this one:

<entry dn="uid=sparker">
    <objectclass><oc-value>inetOrgPerson</oc-value></objectclass>
    <attr name="givenname"><value>Mike</value></attr>
    <attr name="initials"><value>Map</value></attr>
    <attr name="sn"><value>Pareene</value></attr>
    <attr name="cn"><value>Mike</value></attr>
    <attr name="telephonenumber"><value>(919) 222-2222</value></attr>
    <attr name="postaladdress"><value>222 E. Main Street Des Moines, IA  27788</value></attr>
</entry>

UTF-8 encoding in an identity feed file

The identity feed file must be in UTF-8 format. We must use an editor that supports UTF-8 encoding.

• Windows

  The following are UTF-8 capable: Microsoft Word 97 or later, or the Notepad editor that is included with the Windows 2003 Server or Windows XP operating systems. To save a file in UTF-8 format using Notepad, click File > Save As. Then, expand the list of choices for the Encoding field and select UTF-8.

• Linux

  The Vim text editor (a version of the classic vi editor) is UTF-8 capable. To work with files in UTF-8 format using the Vim text editor, specify the following.

  :set encoding=utf-8:set guifont=-misc-fixed-medium-r-normal--18-120-100-100-c-90-iso10646-1

  If your version of UNIX does not include this text editor, access this Web site.

  http://www.vim.org

For the 7-bit ASCII code subset, the UTF-8 encoded Unicode format is identical to 7-bit ASCII format. For input files that contain 7-bit ASCII (ASCII character values between hex 20 to hex 7e), we can use a normal text editor to create the file. For files containing any other character values (including extended European characters), we must save the file in UTF-8 format.

For an exact list of the 7-bit ASCII characters as supported by UTF-8, access the Unicode site and click the Basic Latin link in the first column.

• JavaScript code within DSML identity feeds
  
• JNDI service provider for DAML
  
• Event notifications of HR data
  
• Import HR data with reconciliation
  

Parent topic: Configure

Parent topic: Identity feed management