SDI terms

IBM Security Directory Integrator terms

Action Manager (AM)

Action Manager is a stand-alone Java application used to configure failure-response behavior for Security Directory Integrator solutions. AM executes rules defined with AMC v3. An AM rule consists of one or more triggers that define a failure situation, such as the termination of an AL that should not stop running, or if an AL has not been executed within a given time period, and so forth Furthermore, each rule also defines actions to be carried out in case of this failure. Actions include operations like sending events or e-mail, starting ALs (locally or remotely) and changing configuration settings. Action Manager requires IBM Security Directory Integrator Version 7.1.1 or later and AMC v3.Note: The AMC feature is deprecated and will be removed in a future version of SDI.

Accumulator

A special object that can be set in a Task Call Block (TCB) for use when starting another AssemblyLine either using a scripted call, or a component like the AssemblyLine Connector or the AssemblyLine FC. The Accumulator is either a collection of Work Entry objects handled by the called AL, or it is a component that is called to output each Entry. Accumulator handling is done at the end of each AssemblyLine Cycle.

AES

Shorthand for Advanced Encryption Standard. AES is an encryption algorithm for transmitting sensitive, but unclassified, content by U.S. Government agencies.

Adapter

Adapter is a word used in many contexts and with different meanings. An IBM Security Directory Integrator adapter refers to an AssemblyLine that is packaged as a single Connector. Creating an IBM Security Directory Integrator Adapter requires setting up an AssemblyLine that is written to perform, and expose, one or more business-related tasks. Each task is defined as an AssemblyLine Operation (for example, "EnableAccount", or "ReturnGroupMembers"). This AL can then be published for sharing, and can be leveraged by the AssemblyLine Connector that offers mode settings reflecting these operations¹.

AL

Shorthand for AssemblyLine.

Administration and Monitoring Console (AMC)

AMC is a browser-based console for managing and monitoring solutions. AMC Version 3, which is part of IBM Security Directory Integrator Version 7.1.1 and later run on the WebSphere® Application Server (enterprise and express versions), as well as Tomcat. Each AMC version is designed to work with a specific release of IBM Security Directory Integrator and may be incompatible with other versions. AMC V.3 is designed for IBM Security Directory Integrator Version 7.1.1 and later; however, it also works with IBM Security Directory Integrator Version 6.1 and 6.0 (albeit with some restrictions). AMC V.2 works with IBM Security Directory Integrator Version 6.0 and AMC V.1 runs with IBM Security Directory Integrator Version 5.2.

API

Application Program Interface. A way of programmatically (local or networked) calling another application, as opposed to using a command-line or a shell script.

Appender

Appender is a Log4J term (a third party Java library) for a module that directs log messages to a certain device or repository. In IBM Security Directory Integrator you control logging for your AssemblyLines by creating and configuring Appenders, either under the Logging tab of a specific AL, or under Solution Logging and Settings > Log in the Config Editor to control how all AssemblyLines in a project do their logging.

AssemblyLine (AL)

The basic unit-of-work in an IBM Security Directory Integrator solution. Each AL runs as a JVM thread in the Server and is made up of a series of AssemblyLine components (one or more Connectors, Functions, Scripts, Attribute Maps and Branches) linked together and driven by the built-in workflow of the AssemblyLine.

AssemblyLine Component

This term denotes an IBM Security Directory Integrator component used to construct AssemblyLines. The possible Components are:

Connectors
Function Components
Script Component
Attribute Map Component
Branches (including Loops and Switches)
The components list in an AssemblyLine is divided into two sections: Feeds where the Work Entry for each AL cycle is created from input data by a Connector in Iterator or Server mode, and the Flow section that holds the Connectors (in any mode except Server), Functions, Attribute Maps and Scripts providing the additional data access and processing.

AssemblyLine Operation

A business task implemented by an AssemblyLine and published using its Operations tab. Each Operation can have its own Input and Output Attributes Maps for defining the parameters expected when this Operation is invoked (Input Map), as well as those returned (Output Map). This is also called the Schema of the Operation.

AssemblyLine Phases

An AssemblyLine goes through three phases:
Initialization

At this point the IBM Security Directory Integrator Server uses the "blueprint" for the AssemblyLine in the Config to create the various components as well as set up the AL environment, including processing the TCB, starting the script engine of the AL and invoking theProlog Hooks of the AL. All components that are configured for Initialization At Startup are initialized at this point causing their Prolog Hooks to get run as well.

Cycling

The AL workflow drives each of its components in turn, starting each cycle by invoking the On Start of Cycle Hook. Then the currently active Feeds Connector reads in data, creates the Work Entry and passes it to the Flow section. The Work Entry is passed from component to component until the end of Flow is reached, at which time control is returned to the start of the AssemblyLine again². Cycling continues until an unhandled error occurs or there is no more data available, for example, when the Iterator reaches End-of-Data.

Shutdown

When cycling stops then the AssemblyLine goes into Shutdown phase: Epilog Hooks are called and all initialized components are closed down, which flushes output buffers and executes their Epilog Hooks as well. Finally, the AssemblyLine closes down its environment and its thread terminates.

AssemblyLine Pool

A collection of AL Flow sections that can be configured to allow a Server mode Connector to service more clients. Available for ALs that use Server mode Connectors and is set up in the AssemblyLine Settings window of the AssemblyLine.

Attribute

Part of the IBM Security Directory Integrator Entry data model. Attributes are carried by Entry objects (Java "buckets," like the Work Entry) and they can hold zero or more values. These values are the actual data values read from, or written to, connected systems, and are represented in IBM Security Directory Integrator as Java objects.

Attribute Map (AttMap)

An Attribute Map is a list of rules (individual Attribute mapping instructions) for creating or modifying Attributes in an Entry object typically based on the values of Attributes found in another Entry object. Components like Functions and Connectors have an Input Map for taking data read into local cache (the conn Entry) and use this to define Attributes in the Work Entry. These components also have an Output Map that takes Attributes carried by the AssemblyLine (in its Work Entry) and use this to set up the conn Entry used by the output operation of the component. Attribute Map components use the Work Entry as both the source and target of the mappings.
Attributes can be mapped in one of three ways: Simply (copying values between Attributes), Advanced (using a snippet of JavaScript), or with an IBM Security Directory Integrator Expression.

Attribute Map component

A free-standing list of individual Attribute mappings that take values from the Work Entry and use them to create and update other Attributes in the Work Entry. They can be tied to Connector and Functions to define their Input or Output Maps. Note that Input and Output Maps can be copied to the library as AttMap components for reuse.

Best Practices

Recommended methodology and techniques for working with IBM Security Directory Integrator. These include the ABCs: Automation, Brevity and Clarity:
Automation

Use the automated features of IBM Security Directory Integrator in preference to our own custom scripted logic whenever possible; for example, using Branches/Loops instead of extensive scripting in Hooks. Not only does this make your solution easier to read, maintain, and can step through with the AL Debugger, but the solution benefits directly as built-in logic is strengthened and extended with each new release.

Brevity

Keep your AssemblyLines as short and simple as possible, as well as your script snippets. Break complex logic into simpler patterns that can be tested individually and reused in other solutions.

Clarity

Choose legibility over elegance. Write solutions for others to read and maintain.

Branches

A construct used to control the flow of logic in an AssemblyLine. IBM Security Directory Integrator Version 7.1.1 and later provide three types of Branches:

Simple Branches (IF, ELSE-IF and ELSE)
Loops (Connector-based, Attribute-based or Conditional)
Switches (for example, switching on the Work Entry delta operation code, or the Operation an AL is called with).

CBE

Common Base Event. A term used in the Common Base Infrastructure. See "Common Base Event" in the chapter about the CBE Generator Function Component in the IBM Security Directory Integrator v7.2 Reference Guide.

CEI

The IBM Common Event Infrastructure. See "The Common Event Infrastructure", in IBM Security Directory Integrator v7.2 Reference Guide.

Change Detection Connector (CDC)

A Connector that returns changes made in the connected system. Typically, a CDC can be configured to return only a subset of Entries: new, modified, deleted, unchanged or a combination of these. Some CDCs provide only the changed Attributes in the case of a modified Entry, while others return them all. Change Detection Connectors also tag the data with special delta operation codes to indicate what has changed, and how.³

CLI

Command-line Interface, such as the tdisrvctl utility.

cipher

A cipher is any method of encrypting text to hide its readability and its meaning. The resulting encrypted text message is called ciphertext.

ciphertext

Ciphertext is encrypted text, the result of applying a cipher, or an encryption.

Components

The architecture of IBM Security Directory Integrator is divided into two parts: generic functionality and technology-specific features. Generic functionality is provided by the IBM Security Directory Integrator kernel, which provides automated behaviors to simplify building integration solutions. The kernel also lets you extend or override these behaviors as desired, as well as doing the housekeeping for the solution: logging and tracing, Hooks for error handling, API and CLI access, and so forth. Technology-specific "intelligence" is handled by helper objects called components, such as Connectors, Functions, Branches, Scripts and Attribute Map components. Components provide a consistent and predictable way to access heterogeneous systems and platforms, and the kernel lets you "click" together components to build AssemblyLines.

Compute Changes

A special feature of the Connector Update mode that instructs the Connector to compare the Attributes about to be written to the connected system with those that exist in this data source already; in other words, it compares the value of each Attribute in the conn Entry (the result of the Output Map) with the corresponding ones found during the Update mode lookup operation, which is stored in the current Entry.

Config or Config File

A collection of AssemblyLines and components that comprise a solution. A Config is stored in XML format, typically in a Config file and is written, tested and maintained using the Config Editor.

Config Editor (CE)

The graphical development environment used to write, test and maintain Configs. Configs are stored in XML format and are deployed by assigning them to one or more IBM Security Directory Integrator Servers to execute.

Config Instance

A copy of an IBM Security Directory Integrator Config that is running on a Server. Typically loaded only once on a given Server, IBM Security Directory Integrator allows you to start the same Config multiple times if desired. Each running copy is given its own context and can be accessed individually through the API.

Config View

This term is used in the context of AMC to describe how a particular Config appears in the management screens of AMC. A Config View is a selection of the AssemblyLines and properties that are to be visible onscreen (user- or role-based), providing solution-oriented Config administration and management. Config Views can be combined to define a Monitoring View in AMC.

conn Entry

This is the local Entry object maintained by a Connector or Function. The conn Entry is used as a local cache for read and write operations, and data is moved between this cache and the Work Entry of the AssemblyLine using Attribute Maps (specifically, Input and Output Maps).

Connector

One of the component types available in IBM Security Directory Integrator to build AssemblyLines. Connectors are used to abstract away the technical details of a specific data store, API, protocol or transport, providing a common methodology for accessing diverse technologies and platforms.
Unlike the other components, Connectors can perform different tasks based on their mode setting (for example, Iterate, Delete, Server and Lookup). Modes are provided by the AssemblyLine component part of the Connector. However, the list of modes supported is dependent on the Connector Interface.

Connector Interface

When a component is used in an AssemblyLine, a distinction must be made between the Connector Interface (CI), containing the "intelligence" for working with a connected system, for example, LDAP, JDBC, Lotus Notes®, and the AssemblyLine Connector. ⁴ This latter object is the AL wrapper that allows the CI to be plugged into an AssemblyLine and provides them with a consistent set of generic features, like input or output maps, Link Criteria, Hooks and the Delta Engine. See "Objects", and "Connectors" in IBM Security Directory Integrator v7.2 Reference Guide for more information.

Connector Pool

Unlike the AssemblyLine Pool feature available to ALs using Server mode Connectors, a Connector Pool is a global collection of pre-initialized Connectors that can be used in multiple ALs. Note that the Connector Initialization setting "Initialize and terminate every time it is used" means that no AssemblyLine gains exclusive rights to a pooled Connector, giving you detailed control over resources used by the solution.

current Entry

This Entry object is local to a Connector Interface (just like the conn Entry) and contains the Attributes read in from a lookup operation (for example, as carried out by Lookup, Update and Delete modes). It is used to provide the Compute Changes feature.

Delta Engine

Available for Connectors in Iterator mode, the Delta Engine provides functionality for detecting changes in data sources that do not offer any changelog or change notification features. See Delta Operation Codes, as well as Delta mode for more information.

Delta mode (for Connectors)

This Connector mode is used to the apply changes specified with delta operation codes in the Work Entry, and to do so as efficiently as possible by performing incremental modifications. Note that Delta mode is only available for the LDAP and JDBC Connectors, and does not work with Entries without a valid delta operation code. See Delta mode.

Delta Operation Codes

These are special values assigned to Entries, Attributes and their values to reflect change information detected in some data source. An Entry that has delta codes assigned is called a Delta Entry, and these are only returned by a limited set of components: Change Detection Connectors, the Delta Engine and the DSML and LDIF Parsers.⁵ Delta Operation Codes can be queried and used in Branch Conditions or our own JavaScript code, and are used by Delta mode to apply all types of changes to target systems as efficiently as possible.

Derby

Apache Derby (previously known as IBM Cloudscape) is a small footprint relational database implemented entirely in Java. Apache Derby Version 10.8 is included as the default System Store for IBM Security Directory Integrator.

DES

Short for Data Encryption Standard. DES is a widely-used method of data encryption using a secret key. DES is superseded by the Advanced Encryption Standard (AES).

Distinguished Name (DN)

An LDAP term that refers to the fully qualified name of an object in the directory, representing the path from the root to this node in the directory information tree (DIT). It is usually written in a format known as the User Friendly Name (UFN). The dn is a sequence of relative distinguished names (RDNs) separated by a single comma ( , ).

ECB

Short for Electronic Code Book. Electronic Code Book (ECB) is a method of operation for a block cipher. In an ECB, each possible block of plaintext has a defined corresponding ciphertext value and the other way around. The same plaintext value always results in the same ciphertext value. Electronic Code Book is used when a volume of plaintext is separated into several blocks of data, each of which is then encrypted independently of other blocks. Moreover, Electronic Code Book can create a separate encryption key for each block type.

Entry

An Entry is an IBM Security Directory Integrator object used to carry data, and forms the core of the IBM Security Directory Integrator Entry model. The Entry object can be thought of as a "Java bucket" that can hold any number of Attributes, which in turn carry the actual data values read from, or written to connected systems. Each Entry corresponds to a single row in a database table or view, a record from a file or an entry in a directory (or similar unit of data), and there are a number of named Entry objects available in the system. The Work Entry and conn Entry are the most commonly used ones, but there is also a current Entry available in some Connector modes, an error Entry that contains the details of the last exception that occurred, and an Operation Entry (Op-Entry) for accessing details of an AL operation.

Epilog

A set of Hooks that, if enabled, are run during the AssemblyLine Shutdown phase. Note that the shutdown of components occurs between the two AL Epilog Hooks, which means that the Epilog Hooks of these components are all completed before the AssemblyLine Epilog - After Close Hook is called.

Error Entry

An Entry object that is created by an AssemblyLine during initialization, and contains Attributes like "status", "connectorname" (applies for all types of components) and "exception".⁶ See also Error Handling.

Error Handling

Error Handling in IBM Security Directory Integrator is based on the concept of exceptions. Exceptions are a feature of a programming language, like Java, C and C++, that lets you build error handling like a wall around your program. It also lets you fortify smaller parts within any wall, so we can add specific handling where necessary. IBM Security Directory Integrator leverages the power of exception handling so that we can design the error handling in the solution the same way. First you have the On Failure Hook of the AssemblyLine, which is called if the AL stops due to an unhandled exception.⁷ This is the outer line of defense.⁸ The next level is a component, given that it provides Error Hooks. Connectors actually provide two levels of handling: the mode-specific Error Hook, as well as the Default On Error (same goes for Success Hooks as well). Finally, in your JavaScript code we can do exception handling yourself. Use the try-catch statement, for example:
try { myObj = someFunctionCallThatCanThrowAnException(); } catch ( excptThrown ) { task.logmsg("**ERROR - The call failed: " + excptThrown ); }

ERP

Enterprise Resource Planning, usually indicates a software suite of programs that aims to manage enterprise resources, usually after heavy customization by the software vendor.

Exception

See Error Handling.

External Properties

A type of Property Store that uses a flat file for storing configuration settings (like passwords and other component parameter settings) outside the Config itself.

Feeds

The first section of an AssemblyLine and can only hold Iterator and Server mode Connectors. The Feeds section is where the Work Entry is created from data retrieved from a connected system or client. The Feeds section is like a built-in Loop that drives the Flow section components list, once for each Entry read.

FIPS

Short for Federal Information Processing Standard. IBM Security Directory Integrator uses FIPS 140-2, a standard that defines requirements for cryptographic modules that handle sensitive information.

Flow

The second (and usually the main) section of an AssemblyLine and holds a list of components; any type, except Connectors in Server mode. The Flow section receives a Work Entry from the currently active Feeds Connector and passes it from component to component for processing.

Function Component (FC)

One of the component types available in IBM Security Directory Integrator to build AssemblyLines. Functions are used to abstract away the technical details of a specific service or method call. Typical examples are the AssemblyLine FC used to execute ALs and the Java Class FC that lets you browse jar files and call class methods. Unlike Connectors, FCs do not have mode settings.

Global Prolog

A Script component that is defined in the Scripts library folder of the workspace, and which is configured to be executed when an AssemblyLine starts up. The simplest way to do this is to select which Scripts to use with the "Include Addition Prologs - Select" button. Note that Global Prologs are executed before the Prolog Hooks of the AssemblyLine.

GUI (ibmditk or ibmditk.bat)

The term IBM Security Directory Integrator GUI is sometimes used to refer to the Config Editor.

Hook

This is a waypoint in the built-in workflow of the AssemblyLine, or of a Connector or Function, where we can customize behavior by writing JavaScript. In a Connector, the Hooks available are also dependent on the mode setting.

HTML

HyperText Markup Language. a more or less standardized way of describing and formatting a page of text on the Web. Different manufacturers' interpretations of the standard are often the cause of different renderings of a given page on various Web browsers.

HTTP

HyperText Transfer Protocol. The protocol in use for the Web, another protocol on top of TCP.

IEHS

IBM Eclipse Help System. Used to host the IBM Security Directory Integrator documentation locally. The documentation hosted by IBM in the Documentation Library also uses IEHS.

Initial Work Entry (IWE)

An Entry that is passed into an AssemblyLine by the process that called it (for example, an AssemblyLine Connector or Function, or by using script calls like main.startAL().
Note that the presence of an IWE causes any Iterators in the Flow section to skip on this cycle.

Iterator

A Connector mode ⁹ that first creates a data result set (for example, by issuing a SQL SELECT statement, a LDAP search operation, opening a file for input) and then returns one Entry at a time to the AL for processing. Iterators can reside in the AssemblyLine Feeds section where they drive data to Flow components. If they are placed in the Flow section then they still retrieve the next Entry from their result set for each AL cycle, but they do not drive AL cycling in this case.

IU

Installation Unit. A term specific to Solution installation (SI). Each major component of the product is broken into separate IUs - for ease of maintenance, installation and updates.

Java Virtual Machine or JVM

IBM Security Directory Integrator runs inside what is known as a Java Virtual Machine. The JVM runs programs written in the Java language, has its own memory management and is in most respects a computer within the computer.

Javadocs

A set of low-level API documentation, embedded in the source code of the product, and extracted by means of a special process during the build of the product. In IBM Security Directory Integrator the Javadocs can be viewed by selecting Help > Javadocs from the Config Editor.Note: Not currently visible in IBM Security Directory Integrator Version 7.1.1 and later.

JavaScript

The language we can use to fine tune the behavior of your AssemblyLines. IBM Security Directory Integrator Version 7.1.1 and later use the IBM JSEngine, version 2.0.

JMS

Java Messaging Service. A standard protocol used to perform guaranteed delivery of messages between two systems.

JNDI

Java Naming and Directory Interface. See "JNDI Connector", in the IBM Security Directory Integrator v7.2 Reference Guide.

Link Criteria

Link Criteria represent the matching rules defined for a Connector in Update, Lookup or Delete, and they must result in a single entry match in the connected system; otherwise either an Not Found or Multiple Found exception occurs. Note that a Lookup Connector tied to a Loop is an efficient way of dealing with lookup operations where no match (or multiple matches) are expected.

LDAP

Lightweight Directory Access Protocol. This protocol, which uses TCP, provides an easier way of accessing a name services directory than the older Directory Access Protocol. For example, LDAP is used in querying the IBM Security Directory Server.

Memory Queue (MemQ)

The MemQ is an IBM Security Directory Integrator object that lets you pass any type of Java object (like Entries) between AssemblyLines running on the same server. This feature is usually accessed through the MemQueue Connector (or the deprecated Memory Queue FC). See also System Queue for more on how to pass data between running ALs.

Message Prefix

All error messages and Info messages in IBM Security Directory Integrator are prefixed with a unique message prefix. The prefix assigned to IBM Security Directory Integrator is CTGDI.

Mode

Connectors have a mode setting that determines how this component participates in AssemblyLine processing. In addition to any custom modes (implemented through Adapters) there is a set of standard modes:

Iterator
AddOnly
Lookup
Update
Delete
CallReply
Server
Delta
Dependent on the features provided by the underlying system or functionality built into the Connector, the list of modes supported by the different Connectors varies. See Connector modes, and "Connectors" in IBM Security Directory Integrator v7.2 Reference Guide for more information about Connector modes.

Null Value Behavior

Refers to how IBM Security Directory Integrator deals with Attribute mappings that result in NULL values. Null Behavior configuration can be done for a Server by setting Global/Solution properties. These Server-level settings can be overridden for an Attribute Map by clicking the Null button in the button bar at the top of the map; or for a specific Attribute using the Null button in the Details Window for its mapping.
IBM Security Directory Integrator lets you both configure what constitutes a NULL value situation (for example, missing values, empty string or a specific value) as well as how to handle this.

Op-Entry (Operation Entry)

An entry that contains information about the Operation for the currently executing AL. An Op-Entry persists its value over successive cycles for the same AL run and is available for scripting using the task.getOpEntry() method.

Parameter Substitution

A way of specifying patterns based on Java MessageFormat class - for simpler and quicker editing. Available in various places in IBM Security Directory Integrator, wherever properties are used.

Parser

IBM Security Directory Integrator components used to interpret or generate the structure for a byte stream. Parsers are used by attaching them to a Connector that reads or writes byte streams, or to a Function component like the Parser FC used to parse data in the Work Entry.

Persistent Object Store

See System Store.

Persistent Parameter Store

See Property Store.

plaintext

Plaintext is unencrypted text. In cryptography, plaintext is ordinary readable text before being encrypted into ciphertext or after being deciphered.

Prolog

A set of Hooks that, if enabled, are run during the AssemblyLine Phases. We can also define Global Prologs: scripts that are run before either of the AL Prolog Hooks. Note that the "At Startup" initialization of components occurs between the two AL Prolog Hooks, which means that the Prolog Hooks of these components are all completed before the AssemblyLine Prolog - after the Initialization Hook is called. See also Epilog.

Properties

This term refers to values maintained in a Property Store and used to configure AssemblyLine and Component settings at run-time. ¹⁰

Property Store

This is a feature for reading and writing all types of properties. This includes:

Java-Properties, which are settings of the JVM.
Global-Properties, IBM Security Directory Integrator Server settings that are kept in a file called global.properties in the etc folder of your installation directory.
Solution-Properties, which typically override Global-Properties and are found in a file in the solution directory called solution.properties.
System-Properties, for keeping custom property settings (uses the System Store).
In addition, we can define our own Property Stores using a Property Connector. The Property Store feature also lets you designate one of your Property Stores as a Password Store, giving you automatic protection of sensitive configuration details.

Raw Connector

Deprecated term; this is now called the Connector Interface and refers to the part of an AL Connector that contains the logic needed to access a specific API, protocol or transport.

Relative Distinguished Name (RDN®)

In LDAP terms the name of an object that is unique relative to its siblings. RDNs have the form attribute name=attribute value. For example,
cn=John Doe

Resource Library

A simple method for sharing AssemblyLines and components between Configs. In the Config Editor, the Resources folder appears just below the AssemblyLines folder in the workspace.

RMI

Remote Method Invocation; a way of making procedure or method calls on a remote system using a network communication channel. In IBM Security Directory Integrator, used by the Remote API functionality.

RSA

RSA is an internet encryption and authentication system that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman. The encryption system is owned by RSA Security. RSA is an algorithm for public-key cryptography, suitable both for signing and for encryption.

Sandbox

The feature of the IBM Security Directory Integrator that enables you to record AssemblyLine operations for later playback without any of the data sources being present. See Sandbox.

SAP

Used to stand for "Systeme, Anwendungen, Produkte" (Systems, Applications, Products) but today, the abbreviation just stands for itself. A large, German provider of an integrated suite of ERP applications. Mostly known for its R/3 distributed ERP software suite, but also known for its mainframe-based R/2 software.

Script Component (SC)

A Script Component is a block of JavaScript that is stored as a single component in IBM Security Directory Integrator. In addition to appearing in the Scripts library folder of the workspace¹¹, Script Components can be dropped anywhere in the Flow section of an AssemblyLine.

Script Engine

The component that interprets the Java scripts written inside an IBM Security Directory Integrator Config. IBM Security Directory Integrator Version 7.1.1 and later use the IBM JSEngine 2.0, which replaces Rhino from earlier releases.

Schema

Schema, unfortunately, can mean different although related things, depending on context. In a relational database context, a Schema is the collection of tables and objects a user has defined and owns (including content); and each table in a schema is described by a Data Definition. In an LDAP context, the Schema is the actual layout of the LDAP database, with its attributes and objects.
In addition, Connectors and Functions can have Input and Output schemas that represent the data model discovered in a connected system. Furthermore, an AssemblyLine Operation can have an Input and Output schema as well.
In a product like IBM Security Directory Integrator, which can access both relational databases as well as LDAP databases, the word Schema can therefore mean different things, depending on where it is used.

Script Connector

A Script Connector is a Connector where you write the Interface functionality yourself: It is empty in the sense that, in contrast to an already-existing Connector, the Script Connector does not have the base methods getNextEntry(), findEntry() and so forth implemented. Not to be confused with the Script Component.

Server (ibmdisrv or ibmdisrv.bat)

This is the part of IBM Security Directory Integrator that is used to deploy and execute Configs.

Server (mode)

This is a Connector mode used for providing a request/response service (like an HTTP server). This mode also provides an AssemblyLine Pool feature to enable support for more connections or traffic.

Solution Directory

The directory in which you store your Config files, Derby databases, properties files, keystores and so forth. The solution directory is selected when you install IBM Security Directory Integrator, and the filepaths used in the solution can be relative to this folder. The solution directory can be explicitly specified when you start the Config Editor or Server using the -s commandline option. Note that the counterpart of global.properties is kept in this folder and called solution.properties, unless the solution directory is the same as your installation directory.

SI

Solution Installer. A common IBM utility for installation of many IBM products. The IBM Security Directory Integrator 6.1.1 installer is one such product.

SSL

Secure Socket Layer; a protocol used in Internet communications to encrypt data such that if someone where to eavesdrop on the packets going back and forth he would not be able to see what the packets contain. The protocol was invented by Netscape; and we can see if a Web page uses the SSL protocol to talk to the Web server if it has the 'https//' prefix instead of 'http'. SSL is not limited to Web pages; in fact, IBM Security Directory Integrator uses it (if configured that way) to talk between different Servers and AssemblyLines if network access is called for.

State

Defines the level of participation for an AssemblyLine component. It can be in either Enabled State, which means it participates in AL processing, or Disabled in which case the component is not used in any way.
Connectors and Functions can be set to a third State: Passive. Passive State causes the component to be initialized and closed during the Assemblyline Initialization and Shutdown phases, but never used during AL cycling. However, we can drive these components manually through script calls.

System Queue

A built-in queue infrastructure to facilitate the guaranteed delivery of messages between AssemblyLines, even running on different IBM Security Directory Integrator Servers. By default, the System Queue uses the bundled MQe (WebSphere MQ Everyplace®), but can be configured to leverage other JMS-compliant messaging systems. IBM Security Directory Integrator provides a SystemQueue Connector to help you leverage this feature.
For more information about the System Queue and how to enable it, see the "System Queue" chapter in the IBM Security Directory Integrator v7.2 Installation and Administrator Guide.

System Store

Called the Persistent Object Store, or POS in earlier IBM Security Directory Integrator versions, the System Store is a relational database used to store state information, like Delta Tables (used by the Delta Engine) or Iterator state for Change Detection Connectors. It also provides the User Property Store which is accessible through the system.setPersistentObject(), system.getPersistentObject() and system.deletePersistentObject() methods. In the current implementation, the Apache Derby product (previously known as IBM CloudScape) is used. See http://db.apache.org/derby for more details.

Task

By convention, all threads (AssemblyLines, EventHandlers and so forth) are referred to as tasks and are accessible from script code using the pre-registered task variable.Note: EventHandlers are no longer a feature in IBM Security Directory Integrator Version 7.1.1 and later; they were, however, part of previous releases.

Task Call Block

A Java structure used to pass parameters to and from AssemblyLines. Often referred to by its abbreviation: TCB.

TCP

Transmission Control Protocol; a level 4 (transmission integrity) protocol usually seen in combination with its layer 3 (routing) Internet Protocol as in TCP/IP. A stack of protocols designed to achieve a standardized way of communicating across a network, be it local (as in on the premises) or over long distances. Originally invented and specified by DARPA, the US Defense Advanced Research Projects Agency. Successor to ARPANET, which was a network of a small number of universities and the US Department of Defense, the civil side of which was managed by the Stanford Research Institute (SRI). TCP is related to UDP.

SDI

Unofficial monicker for this product, IBM Security Directory Server.

TMS XML

Tivoli® Message Standard XML. A Tivoli standardized way of formatting messages. Each message is prefixed by a unique TMS code, which can be looked up in the Message Guide for explanation and user response. A code that ends in an "E" indicates an Error, "W" indicates a Warning and "I" indicates an Information message. All Tivoli messages issued by IBM Security Directory Integrator start with the unique identifier of this product, which is "CTGDI".

Tombstone

A record or trace showing that an AssemblyLine, an EventHandler or Config has terminated. Configured through the Tombstone Manager in the CE. The trace includes a timestamp and the AL exit status. The Tombstone Manager creates a tombstone for each AssemblyLine as it terminates.

TWiki

TWiki is a flexible and easy-to-use enterprise collaboration system software. Its structure is similar to the WikiPedia, except that is not linked into that. It is rather meant as an independent community resource for a group of people with common interest. There is one for IBM Security Directory Integrator, at http://www.tdi-users.org. Note: The TWiki site is a volunteer effort, and is not an official IBM support forum. If you need immediate assistance, contact your local IBM support organization.

Update

One of the standard Connector modes. Update mode causes the Connector to first perform a lookup for the entry you want to update,¹² and if found it modifies this entry. If no match is found then a new entry is added instead. See also Computed Changes.

UDP

User Datagram Protocol. A protocol used on top of the Internet Protocol (IP) which, unlike TCP does guarantee that the packet of data sent with it reaches the other end. Also see TCP.

URL

Unified Resource Locator. A way of defining where a resource is, be it a fileserver or a HTML page on the Web.

User Property Store

See User Property Store.

Value (data values and types)

See Entries, and Attribute.

WikiPedia

A Web-based worldwide encyclopedia, where (registered) users can add articles or pictures, edit them, browse them, search for applicable content, and so forth. For IBM Security Directory Integrator there is one similar in functionality but not linked into the WikiPedia, a "TWiki" at http://www.tdi-users.org. The TWiki is a groupware product.

Work Entry

An Entry object used by the AssemblyLine to carry data from component to component.¹³ This object can be accessed in script code using the pre-defined variable work. The Work Entry is typically built by a Server or Iterator mode Connector in the Feeds section before being passed to the AL Flow section. We can also have an Initial Work Entry (IWE) passed in if the AL was called from another process; or we can create it in the Prolog by using task.setWork():
init_work = system.newEntry(); // Create a new Entry object init_work.setAttribute("uid", "cchateauvieux"); // populate it task.setWork(init_work); // make it known as "work" to the Connectors

Note that an Iterator in the Feeds section does not return any data if the Work Entry is already defined at this point in the AL. So if an IWE is passed into an AssemblyLine, any Iterators in the Feeds section simply pass control to the next component in line. It is also the reason why multiple Iterators in the Feeds section run sequentially, one starting up when the previous one reaches End-of-Data.

XML

The Xtensible Markup Language. A general purpose markup language (See also HTML) for creating special-purpose markup languages, and also capable of describing many types of data. IBM Security Directory Integrator uses XML to store Config files.

¹ AL Operations are also accessible using the AssemblyLine Function Component.² If the current cycle was fed by a Server mode Connector, then the reply is created by the Output Map of that Server mode Connector, and sent to the client.³ For LDAP there is also a special kind of modify operation where the directory entry has been moved in the tree: modrdn, that is, a "renamed" entry.⁴ Functions are similar to Connectors in that they are divided into two parts: the Function Interface and the AssemblyLine Function. Unlike Connectors, Functions have no mode setting.⁵ Note that these Parsers only return Delta Entries if the DSML or LDIF entries read contain change information.⁶ The "exception" Attribute holds the actual Java exception object, in the case of an error – in which case the "status" Attribute would also be changed from a value of "ok" to "error" and "message" would contain the error text.⁷ An unhandled error is one that is caught in an enabled Error Hook (no actual script code is necessary). If we wish to escalate an error to the next level of error handling logic, you need to re-throw the exception:
throw error.getObject("exception");

⁸ If you want to share this logic (or that in any Hook) between AssemblyLines, implement it as a function stored in script and then include them as a Global Prolog for the AL.⁹ Connectors running in Iterator mode are often referred to as "Iterators".¹⁰ Note that an Entry object can also hold properties (in addition to Attribute and delta operation codes) and these can be accessed using the getProperty() and setProperty() methods of the Entry class.¹¹ In order to be used as Global Prologs (which are executed at the very start of Assemblyline Initialization) the Script must be in the Scripts library folder and selected for inclusion in the Config tab of an AssemblyLine.¹² Data is read into both the conn and current Entry objects. After the Output Map, the contents of conn are now the Attributes to be written. The original entry data is still available in current.¹³ Note that the "Work Entry" window shown in the Config Editor is actually a list of all Attributes that appear in Input Maps or in the Loop Attribute field of Loops in the AssemblyLine.