tibco adapter for ldap - user's guide

TIBCO Adapter™ for LDAP

User’s GuideSoftware Release 5.4September 2006

Important InformationSOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.

USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN TIBCO ADAPTER FOR LDAP USER’S GUIDE). USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME.

This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc.

TIB, TIBCO, TIBCO Software, TIBCO Adapter, Predictive Business, Information Bus, The Power of Now, TIBCO Adapter, TIBCO Rendezvous, TIBCO Administrator, TIBCO IntegrationManager, TIBCO Designer, TIBCO Hawk, and TIBCO Enterprise Message Service are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.

EJB, J2EE, JMS and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.

All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only.

This software may be available on multiple operating systems. However, not all operating system platforms for a specific software version are released at the same time. Please see the readme.txt file for the availability of this software version on a specific operating system platform.

THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.

THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES.

Copyright © 1999-2006 TIBCO Software Inc. ALL RIGHTS RESERVED.

TIBCO Software Inc. Confidential Information

| iii

Contents

Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix

Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xivTIBCO Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xivOther TIBCO Product Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

How to Contact TIBCO Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii

Chapter 1 Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Adapter Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Integration With LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Directory Store . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Adapter Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Adapter Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Publication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Subscription Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Chapter 2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Preparing your Environment for Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Operating System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14LDAP Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Pre-Installation Worksheet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Adapter Machine Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16LDAP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17LDAP Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Installer Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Upgrading the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Uninstalling the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Installation Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Microsoft Windows Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21UNIX Platforms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Installation History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

TIBCO Adapter for LDAP User’s Guide

iv | Contents

Adapter Components and Compatible Software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Adapter Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Required and Optional TIBCO Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Installing on Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Installing on Microsoft Windows 2000 and 2003 Terminal Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Installing the Adapter on Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Combining Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Installation on UNIX Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Installing the Adapter on UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Combining Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Post Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Installation FAQs and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Running Out of Disk Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Installation Errors on HPUX 11.00 64 bit Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Configuring TIBCO Hawk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Cannot Install the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Chapter 3 Preparing LDAP Server Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Preparing the LDAP Server for Use with the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Enabling SSL on the LDAP Servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Setting Search Size Limit on the LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 4 Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Scenario Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Connections to LDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Permissions to Access Repository Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Other Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

Setting LDAP Connection Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Create the Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Configure the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

Configure the Publication Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Configure the Subscription Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Configure the Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Convert the Project to a Repository File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Configuring the Project Using TIBCO IntegrationManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Configure the Publication Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Configure the Subscription Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Configure the Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71


Contents | v

Deploy the Project and Start the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Configuring the Exercises Using TIBCO IntegrationManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Chapter 5 Adapter Instance Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Configuring the SSL Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Converting Certificates to Use SSL at Design Time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Converting Certificates to Use SSL at Run-Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Using SSL with the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Adapter Instance Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Design-time Connection Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Run-time Connection Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95General Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Multithreading Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Logging Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Startup Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Monitoring Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Adapter Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Publication Service Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Transport Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Schema View Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Schema Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Subscription Service Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Transport Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Schema View Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Schema Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Request-Response Service Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Configuration Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122Transport Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Schema View Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Schema Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Supported LDAP Operations and Message Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Specifying an Attribute Filter as a Sequence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Handling Entries Belonging to Multiple Object Classes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Chapter 6 Deploying and Starting the Adapter Using TIBCO Administrator . . . . . . . . . . . . . 141

Create an EAR File in TIBCO Designer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142


vi | Contents

Deploy the Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Start or Stop the Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Monitor the Adapter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Chapter 7 Advanced Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Using the Adapter with a Revision Control System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Defining a TIBCO Hawk Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Using Global Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Changing Global Variable Values at Runtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Predefined Global Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Setting Encoding Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

LDAP Server Synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Password Synchronization between Sun ONE Directory Server and Microsoft Active Directory Server. . . 158

Configuring the Repository for Binary Attribute Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Message Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160Message Acknowledgement by the Request-Response Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160Message Acknowledgement by the Subscription Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Publishing Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Configuring Timers for Publication Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Publishing Messages in Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Persistent Publishing of Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162Publishing Duplicate Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163Publishing Deleted Entries in the Microsoft Active Directory Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Updating Entries in the LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

Adding a User Account with a Password into Microsoft Active Directory Server . . . . . . . . . . . . . . . . . . . . . . . . 166

Changing the LDAP Server Connection Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

Chapter 8 Monitoring the Adapter Using TIBCO Hawk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

Starting TIBCO Hawk Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

The Auto-Discovery Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

Invoking Microagent Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

Available Microagents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176activateTraceRole() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180deactivateTraceRole() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181getAdapterServiceInformation(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182getComponents() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183getConfig() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184getConfigProperties(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185getHostInformation() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186


Contents | vii

getRvConfig() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187getStatus() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188getTraceSinks(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189getVersion() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190_onUnsolictedMsg() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191preRegisterListener() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192reviewLedger() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193setTraceSinks() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195stopApplicationInstance() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196unRegisterListener() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197getActivityStatistics(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198getActivityStatisticsByOperation(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199getActivityStatisticsBySchema() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200getActivityStatisticsByService. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201getConnectionStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202getPollingInterval() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203getQueueStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204getThreadStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205resetActivityStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206resetConnectionStatistics(). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207resetThreadStatistics() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208setPollingInterval() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209

Appendix A Trace Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

Trace Message Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

Appendix B Additional LDAP Directory Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239

Setting Default Naming Context in ADAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Configuring Global Catalog Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249


viii | Contents


| ix

Figures

Figure 1 Logical Architecture for Integration with LDAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Figure 2 Typical Publication Service Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Figure 3 Typical Subscription Service Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Figure 4 Typical Request-Response Service Flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12


x | Figures


| xi

Tables

Table 1 TIBCO Adapter components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Table 2 Required and Optional TIBCO Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Table 3 Supported platforms, package names, service packs and disk space for Microsoft Windows . . . 25

Table 4 Supported platforms, hardware, package names, patches and disk space for UNIX systems . . . 30

Table 5 Predefined Global Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Table 6 Microagent Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Table 7 Tracing Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214


xii |


| xiii

Preface

TIBCO Adapter™ for LDAP is a bidirectional gateway between applications configured for the TIBCO environment and an LDAP server.

Topics

• Related Documentation, page xiv

• How to Contact TIBCO Customer Support, page xvii


xiv | Related Documentation

Related Documentation

This section lists documentation resources you may find useful.

TIBCO Product DocumentationThe following documents form the TIBCO Adapter™ for LDAP documentation set:

• TIBCO Adapter Concepts — Read this manual to gain an understanding of adapters in general that you can apply to the various tasks you may undertake.

• TIBCO Adapter for LDAP User’s Guide — This manual explains concepts relating to the adapter and the application with which it interacts. Installation, configuration, and deployment information is included in this manual.

• TIBCO Adapter for LDAP Examples Guide — This manual provides hands-on examples that demonstrate the use of the adapter.

• TIBCO Adapter for LDAP Release Notes — Read this document for information about new features, deprecated features, and open and closed issues.

• README for TIBCO Adapter for LDAP — Read this document to get information on the current release version, and see a summary of software and hardware requirements for installing and running the adapter.

Other TIBCO Product DocumentationYou may find it useful to read the documentation for the following TIBCO products. Note that only books that relate to adapters are listed. Each of the books is available from the doc directory in the product’s installation area.

• TIBCO ActiveEnterprise™ software:

— TIBCO ActiveEnterprise Concepts

• TIBCO Designer™ software:

— TIBCO Designer User’s Guide

— TIBCO Designer Palette Reference

— TIBCO Designer Release Notes


Preface | xv

• TIBCO Administrator™ software:

— TIBCO Administrator User’s Guide

— TIBCO Administrator Server Configuration Guide

— TIBCO Administrator Release Notes

• TIBCO BusinessWorks™ software:

— TIBCO BusinessWorks Concepts

— TIBCO BusinessWorks QuickStart

— TIBCO BusinessWorks Process Design Guide

— TIBCO BusinessWorks Palette Reference

— TIBCO BusinessWorks Installation

— TIBCO BusinessWorks Release Notes

• TIBCO IntegrationManager™ software:

— TIBCO IntegrationManager Concepts

— TIBCO IntegrationManager Administrator’s Guide

— TIBCO IntegrationManager Process Design Guide

— TIBCO IntegrationManager Reference

— TIBCO IntegrationManager Release Notes

• TIBCO Rendezvous™ software:

— TIBCO Rendezvous Concepts

— TIBCO Rendezvous Administration

— TIBCO Rendezvous Configuration Tools

• TIBCO Enterprise Message Service™ software:

— TIBCO Enterprise Message Service User’s Guide

— TIBCO Enterprise Message Service Installation

— TIBCO Enterprise Message Service Application Integration

— TIBCO Enterprise Message Service Release Notes

• TIBCO Hawk® software:

— TIBCO Hawk Installation and Configuration

— TIBCO Hawk Administrator’s Guide


xvi | Related Documentation

• TIBCO Adapter™ SDK

— TIBCO Adapter SDK Concepts

• TIBCO Runtime Agent™ software

— TIBCO Runtime Agent Release Notes

— TIBCO Runtime Agent Installation

— TIBCO Runtime Agent Domain Utility User’s Guide

— TIBCO Runtime Agent Upgrading to Release 5.4


Preface | xvii

How to Contact TIBCO Customer Support

For comments or problems with this manual or the software it addresses, please contact TIBCO Support Services as follows.

• For an overview of TIBCO Support Services, and information about getting started with TIBCO Product Support, visit this site:

http://www.tibco.com/services/support/

• If you already have a valid maintenance or support contract, visit this site:

http://support.tibco.com

Entry to this site requires a username and password. If you do not have a username, you can request one.


xviii | How to Contact TIBCO Customer Support


| 1

Chapter 1 Concepts

This chapter introduces the TIBCO Adapter for LDAP product by providing background information about its features and product elements, and about the applications that use it.

Topics

• Adapter Overview, page 2

• Adapter Features, page 4

• Adapter Services, page 10


2 | Chapter 1 Concepts

Adapter Overview

TIBCO Adapter for LDAP brings LDAP servers into the TIBCO interoperability framework. The adapter allows applications configured for the TIBCO environment to communicate with LDAP servers without any knowledge of LDAP protocol, LDAP APIs, and LDAP server implementation. Applications can retrieve information from or update LDAP servers.

The adapter provides a Publication Service, a Subscription Service, and a Request-Response Server Service. The Publication Service publishes the changes occurring on the LDAP server to the TIBCO environment. The Subscription Service receives messages from the TIBCO environment, and updates the LDAP server appropriately. The Request-Response Server Service receives requests for LDAP information from applications, contacts the configured LDAP server for it, and sends the results in its response to the TIBCO environment, for the applications.

TIBCO Adapter for LDAP helps organizations to move transparently from proprietary, application-specific directories to organization-wide LDAP directories.

Integration With LDAP LDAP is a client-server protocol for accessing a directory service. LDAP lets you locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet. An LDAP directory can be distributed among many servers on a network, then replicated and synchronized regularly.

The adapter is a bidirectional gateway between an LDAP server and the TIBCO environment. The distributed architecture of a typically-deployed TIBCO Adapter for LDAP makes seamless integration into an LDAP-served enterprise possible. The following figure is a high-level view of how the adapter is integrated with LDAP in the TIBCO environment.


Adapter Overview | 3

Figure 1 Logical Architecture for Integration with LDAP

Directory StoreIn LDAP terminology, a directory store is a repository of information, typically including information on resources, services, users, applications, devices and configuration. Unlike a database, a directory is used mostly for read operations and is rarely updated.

A server, which implements the directory store and supports the LDAP protocol and API is typically referred to as an LDAP server.

Data on an LDAP server is stored as entries, each of which stores information about some object or entity. Each entry has a number of attributes. Each attribute has a type.

Each LDAP entry belongs to one or more object classes. An object class defines what attributes entries can have, so object classes define the schema on an LDAP server.

All entries on an LDAP server are organized into a tree structure, which is called the Directory Information Tree (DIT).

LDAP servers allow users to add, update, delete, look up, and search for entries.

LDAP clients can be configured to connect to LDAP servers with or without authentication.

TIBCO Environment

TIBCO Adapter for LDAP

LDAP Directory Store

LDAP Server

Messages



Adapter Features

The following adapter features are described in detail in this manual. For additional adapter features, refer to the TIBCO Adapter Concepts book.

Adapter Services

The following adapter services are supported:

• Publication Service — Publishes the changes occurring on the LDAP server to JMS or TIBCO Rendezvous, for other applications to use.

• Subscription Service — Subscribes to messages from other applications on JMS or TIBCO Rendezvous, and applies the requests contained in them to the LDAP server.

• Request-Response Service — Receives requests for LDAP information from applications, through JMS or TIBCO Rendezvous. It performs the required operations on the LDAP server and sends the results in its reply.

An Easy-to-Use GUI

The adapter provides its own design-time component, namely the adapter palette, which seamlessly integrates with TIBCO Designer. This easy-to-use interface allows you to quickly configure adapter-specific features. You can use it to enter, delete, and modify configuration information. You can easily specify operational parameters and change them as needed.

Support for Dual TIBCO Messaging Transports

The adapter supports the following TIBCO messaging transports:

• TIBCO Rendezvous transport — This transport uses subject-based addressing to provide support for both multicast or broadcast and point-to-point communications. You can configure the delivery modes of the messages and specify the wire format to be used when you configure the adapter service.

• JMS transport — TIBCO Enterprise Message Service must be installed to use the JMS transport. The JMS administration interfaces allow you to create and manage administered objects such as Connection Factories, Topics, and Queues. JMS clients can retrieve references to these objects by using Java Naming and Directory Interface (JNDI). Creating static administered objects allows clients to use these objects without having to implement the object within the client. When a JMS client starts, it performs a JNDI lookup for the connection factories that it needs. For details on JNDI, see the TIBCO


Adapter Features | 5

Enterprise Message Service User’s Guide. You can specify the connection factory type and the delivery mode to be used when you configure the adapter service.

Support for Distributed Queues

A distributed queue is a group of cooperating transport objects, each in a separate process. Each transport object is called a member. To balance the transmission load among servers, the adapter can use distributed queues for one-of-n delivery of messages to a group of servers. Each member of a distributed queue must listen for the same subject using the TIBCO Rendezvous Distributed Queue listener objects. Even though many members listen for each inbound message (or task), only one member processes the message. For details on distributed queues, see TIBCO Rendezvous Concepts.

In the queue mode within TIBCO Enterprise Message Service, each listener is a single receiver of a point-to-point message. However, the listeners can be configured as a set of receivers, each of which receives a fraction of the messages. For details on TIBCO Enterprise Message Service distributed queues, see the TIBCO Enterprise Message Service User’s Guide.

Load balancing for the processing of TIBCO Rendezvous or JMS certified messages is supported using distributed queuing. The messages from TIBCO Rendezvous or TIBCO Enterprise Message Service are distributed equally among all instances that belong to the same group. This distributes the data load over several adapter instances. However, the order in which the data is sent to the application server is not guaranteed.

Support for Multithreading

The adapter maintains a pool of threads allowing it to respond to and process multiple events simultaneously, thereby improving its performance. One thread pool is maintained for an adapter configuration, allowing Publication, Subscription, and Request-Response services to use the same thread pool.

Support for Internationalization

The adapter provides support for many encodings. The default encoding used by the adapter is ASCII.

Schema Support

With the ActiveEnterprise wire format, you can configure a schema to describe the structure of messages processed by the adapter. This feature is especially useful in the following situations:



• Every adapter service supports one (and only one) schema. The service restricts its operation (publish, subscribe, or request-response) to the chosen schema as well as to a user-specified part of the DIT (Directory Information Tree).

• If the schema information has changed on the LDAP server, you can reconfigure the adapter instance to reflect the changes.

DIT Browsing

You can restrict the scope of a service to a specific part of the DIT.

• When you begin configuring a service, only the top-level entries in the tree are visible. Entries below these are fetched dynamically when you explicitly expand the subtrees.

• You can specify the number of entries. The maximum number of entries you can specify is 10, 000. The tree expands if the number of entries is equal to, or less than the value you specify.

• You can only select a single entry at any time since a service can be associated only with one subtree.

• Each service lets you select a subtree of the LDAP DIT. The adapter supports selection by example. For example, if you need to select object class X, you can choose any entry belonging to object class X. Therefore, when you select a particular LDAP entry type under a DIT, all the entries of that type, irrespective of their position in the tree, will be supported by the service.

• If the tree selection is not required, all that you need to do is select the root of the tree for each service.

• The adapter service will log an error and return an error message if the incoming message tries to access other LDAP entry types or other portions of the DIT tree.

Support for Basic Authentication

The adapter supports basic authentication, the most simple security mechanism in LDAP. When using basic authentication with LDAP, the client identifies itself to the server by means of a DN (Distinguished Name) and a password which are sent in the clear over the network. The server considers the client authenticated if the DN and password sent by the client matches the password for that DN stored in the directory.



Support for SSL

All data exchange between the adapter and LDAP server can now be secured via a Secure Sockets Layer (SSL) connection.

Attribute Filtering

The adapter provides support for retrieving the attributes of an entry by specifying the names of the attributes. This functionality is available only for the Search operation in the request-response service.

Refined Search Capabilities

The adapter provides refined search capabilities in the request-response service through the use of LDAP_SEARCH_BASE, LDAP_SEARCH_ONELEVEL and LDAP_SEARCH_SUBTREE search options. LDAP_SEARCH_BASE helps you to search for a particular entry, LDAP_SEARCH_ONELEVEL helps you to search one level below the base, not including the base, and LDAP_SEARCH_SUBTREE lets you search the entire subtree.

Support for Retrieval of the DN of Searched Entries

The adapter can retrieve the Distinguished Name (DN) of an entry retrieved through search, in addition to the attributes of the entry. This functionality is available for the Search operation in the request-response service.

Alias Dereferencing

In an LDAP directory, an alias entry is an entry that points to another entry. Following an alias pointer is known as dereferencing an alias. In the LDAP directory, you can set a leaf entry to point to another object in the namespace. This alias entry, it contains the DN of the object to which it is pointing. When you look up an object by using the alias, the alias is dereferenced so that what is returned is the object pointed to by the alias's DN.

You can use aliases to organize the directory's namespace so that as the namespace evolves, old names may be used. Suppose, for example, that in the o=Wiz, c=us company, the departments ou=hardware and ou=software are merged into ou=engineering. You can move the contents of ou=hardware and ou=software to ou=engineering, and change the entries ou=hardware and ou=software into alias entries that point to ou=engineering.

The adapter only supports alias dereferencing for the SEARCH operation.



Publication Service Filter

While configuring the LDAP Adapter instance, you can specify an additional filter for the publication service. For example, telephoneNumber>1000 against which the entries will be published.

Support for SEARCH Operation on Sub Class

The adapter can perform the SEARCH operation on a sub class. Selecting the Handle Any Subset of Configured Object classes check box in the Schema View tab enables the adapter to perform service specific operation on any subset of the configured object class. For example, the adapter can then retrieve the entries belonging to sub class c when a service is configured for an object class a.b.c.d

So, if you configure a publication service for the object class inetorgperson and a publication filter telephoneNumber>1000, then all entries that satisfy both these criteria will be published by the adapter.

The filter should comply with the LDAP Search Filter Syntax described in the LDAP specification.

Persistent Publisher

The adapter supports publication of the changes on an LDAP server even if the adapter is not running when those changes are made on the server. This functionality is available for all supported LDAP servers.

Server Synchronization

The adapter supports synchronization of changes between two supported LDAP servers. This requires the Update Only If Different check box to be selected for the subscriber service.

Referrals

The adapter supports referrals. A server that does not store the requested data can refer the adapter to another server. Since a server might not store the entire DIT, servers need to be linked together in some way to form a distributed directory that contains the entire DIT. This is accomplished with referrals. The referral acts like a pointer that can be followed to where the desired information is stored.



Enhanced Logging Capability

If the adapter receives a message that causes an LDAP invocation error, then the adapter traces the complete message on the console and also logs it to a file so that you can manually recover and process these messages.

LDAP Schema Browser for Specifying Object Classes

In previous versions of the adapter, it was possible to specify the object classes associated with a service using the DIT browser. This required a suitable sample entry to exist in the DIT. This version of the adapter adds an LDAP schema browser that allows you to browse and select from all the LDAP object classes available in the server’s LDAP schema. When using the LDAP schema browser to specify the object class, no sample entry is needed.



Adapter Services

The adapter provides the following services: Publication Service, Subscription Service, and Request-Response Service.

Publication ServiceThe adapter gets a message from the LDAP server and sends the message to the TIBCO environment.

For example, a new employee joins Company A. The administrator updates the corporate LDAP server with the details of the new employee. The Publication Service of the adapter receives this information from the LDAP server, assigns a structure to it, and publishes it using TIBCO Rendezvous or JMS messaging for other applications to pick up. All other applications that need to be aware of this change are informed by the Publication Service via TIBCO Rendezvous or JMS messaging.

Figure 2 Typical Publication Service Flow

Subscription ServiceThe adapter gets a message from the TIBCO environment and sends the message to the LDAP server.

Publish an LDAP Business Event

TIBCO Environment



LDAP Server

Message


Adapter Services | 11

For example, Company A adds 50 computers to its existing infrastructure, as part of its expansion program. This asset information needs to be reflected on the corporate LDAP server. This information is published by the application using TIBCO Rendezvous or JMS messaging, probably through an application adapter. When the Subscription Service of the adapter receives this information from TIBCO Rendezvous or JMS messaging, it uses the standard LDAP API to update the LDAP server by adding the required entries.

Figure 3 Typical Subscription Service Flow

Request-Response ServiceThe adapter gets a request from the TIBCO environment and sends the request to an LDAP server. When a response is returned to the adapter from the LDAP server, the adapter sends the response to the TIBCO environment. The adapter supports request-response scenarios with an RPC server.

For example, User A of an email client does not know the first name or email address of the contact to whom a mail must be sent. Therefore, the user searches for all names ending with Smith, using the Find Contact option on the email client. The email client publishes this request using TIBCO Rendezvous or JMS messaging, probably through an application adapter. When the Request-Response Server Service of the adapter receives this query, it uses the standard LDAP API to contact the LDAP server, and uses the Search operation to find all names (or the specified number of names) ending with Smith. It then returns the search results in its response to TIBCO Rendezvous or JMS messaging.

Subscribe to an LDAP Business Event

TIBCO Environment


LDAP DirectoryStore

LDAP Server

Message



Figure 4 Typical Request-Response Service Flow

Response Message

TIBCO Environment



LDAP Server

Request Message


| 13

Chapter 2 Installation

This chapter explains how to install the adapter on Microsoft Windows and UNIX systems.

Topics

• Preparing your Environment for Installation, page 14

• Pre-Installation Worksheet, page 16

• Installer Overview, page 18

• Installation Registry, page 21

• Adapter Components and Compatible Software, page 23

• Installing on Microsoft Windows, page 25

• Installation on UNIX Systems, page 30

• Installation FAQs and Troubleshooting, page 34

This software may be available on multiple operating systems. However, not all operating system platforms for a specific software version are released at the same time. Please see Table 3 on page 25 and Table 4 on page 30 for the availability of this software version on a specific operating system platform.


14 | Chapter 2 Installation

Preparing your Environment for Installation

The most time-consuming part of an adapter installation is the collection of environment information and parameters. This section helps you complete this process. It provides a check list of parameters you should obtain from various system administrators within your organization before installing the adapter. Note that obtaining a <vendor application> account can take some time depending on your corporate policies — so plan in advance!

Operating System RequirementsObtain the following information from the administrator of the machine on which you plan to install the adapter:

Username and password to access the system and run the adapter:

Do you have the required credentials to run the installer?

• On Microsoft Windows, administrator privileges are required to install.

• On UNIX systems, you can install as root or a regular user. See Installer Account on page 31 for details.

• Note that the TIBCO Runtime Agent (TRA) must be installed prior to installing the adapter and the adapter installation always places files under the TIBCO root directory that was set when the TRA was installed.

Is there enough space on that disk or partition to install the adapter? The adapter needs space in your temp area and the directory where it is installed.

• See Installation Registry on page 21 for details about temp folder space requirements on Microsoft Windows and UNIX systems.

• See Table 3 on page 25 for Microsoft Windows installations

• See Table 4 on page 30 for Unix System installations.

System name:

System IP address:

Username:

Password:


Preparing your Environment for Installation | 15

You must have write permissions to these directories to install the adapter. In addition, on UNIX systems certain other permissions must be set to run the adapter. See Permission Requirements on UNIX Systems on page 33 for details.

• To run the adapter you must have permissions to access the project where adapter configuration is stored.

• Depending on whether TIBCO Administrator is used to set access permissions, you may need an account identified by Administrator. See the TIBCO Administrator User’s Guide for details.

Determine how the adapter installation files are to be transferred to this system. The installation files can be downloaded from download.tiboc.com (if you have an account setup to download). Do you plan to use FTP, NFS, HTTP, or install from a CD?

LDAP RequirementsDetermine which LDAP versions are supported.

• See Supported LDAP Servers on page 26 for Microsoft Windows.

• See Supported LDAP Servers on page 30 for UNIX systems.

Obtain the following information from your LDAP administrator. This is a list of LDAP server parameters that you will need to configure the adapter, along with the LDAP credentials that the adapter requires.

Note that the parameters listed here use LDAP terminology. This is the information that you would typically be prompted for during a LDAP client installation.

Test Connectivity

If you install the LDAP client, start it and ensure you can connect to the LDAP server using the username and password that you were provided by your administrator.

Use this form to capture the information you will need to collect before starting installing the adapter



Pre-Installation Worksheet

Use this form to capture the information you will need to collect before starting installing the adapter.

Adapter Machine Information

Field Name Field Description Field Value

Hostname

(Example: adapter1.tibco.com)

Name of the machine on which the adapter is being installed.

IP address

(Example: 192.168.12.12)

IP address of the machine on which the adapter is being installed.

User account

(Example: administrator)

User account to be used for the installation.

User domain (if Microsoft Windows)

(Example: ENGR2)

Network domain to which the user belongs.

User password

Disk and path on which to install adapter

(Example: /opt/tibco)

How will machine be accessed

[ ] directly [ ] terminal server [ ] xterm [ ] telnet

[ ] other: ………………………

How will installation files be transferred to machine

[ ] CD-drive [ ] internet download [ ] FTP to machine

[ ] network disk mounting


Pre-Installation Worksheet | 17

LDAP Information

LDAP SoftwarePlease specify where software for the LDAP server can be found within your organization:

[ ] It's already installed on adapter machine.

Location on disk: ………………………….

[ ] Installation files are available via:

FTP (Server: ………… User: ………… Password: ……… )

Disk mount (full path: ………………………………………..)

CD provided during install by (name/extension): ………………………..

Field Name Field Description Field Value

User account

(Example: jsmith)

User account to be used for the installation.

User password

LDAP Server Type

LDAP Server Version

LDAP Server Name

(Example: peopleserver1.tibco.com)

LDAP Port

LDAP SSL Port (if SSL is used)

LDAP Server Certificate (if SSL is used)

LDAP Server Certificate Issuer (if SSL is used)



Installer Overview

The installer allows you to run in different modes. Each mode is supported on all platforms.

• GUI mode

• Console mode

• Silent mode

GUI Mode

In GUI mode, the installer presents panels that allow you to make choices about product selection, product location, and so on. When you invoke the installer by double-clicking on the icon, GUI mode is used.

Console Mode

Console mode allows you to run the installer from the command prompt or terminal window. This is useful if your machine does not have a Windows environment.

Silent Mode

Silent mode either installs using default settings or uses a response file that was saved during an earlier installation. Silent mode installs without prompting you for information.

• If no response file has been recorded earlier and you invoke the installer with the -silent argument, the default installation parameters are used.

• If a response file exists, and the installer is started with -options <responseFileName> as an argument, the installer uses the values specified by the user when the response file was generated.

Upgrading the AdapterSoftware from TIBCO uses three numbers to indicate whether the release is major, minor or a patch. For example, 5.0.0 indicates a major release, 5.1.0 indicates a minor release and 5.1.1 indicates a patch release. The installer for a patch release performs an automatic upgrade. For example, the installer automatically upgrades TRA 5.0.0 to 5.0.1 by overwriting the contents of the 5.0 directory.


Installer Overview | 19

For a major and minor release, the installer prompts whether you wish to upgrade, and informs you if incompatible products are on your system. If you proceed, major or minor releases are installed under a new directory that is named using the major or minor release numbers.

For example, if you have installed the 5.0.0 release and are upgrading to a 5.1.0 minor release, it will be installed under the 5.1 directory. This allows both the 5.0 and 5.1 releases to coexist on the same machine.

If you are upgrading the adapter, or reinstalling a clean version of the software, you may uninstall the product first or allow the installer to perform the upgrade or reinstall.

Note that, if you are reinstalling over the same adapter version:

• You are not prompted to supply the installation location. The software is automatically reinstalled where the previous version was installed.

• If any files are currently locked (that is, in use), the installer marks the file for deletion in the install location. After installation, the installer prompts you to reboot your system. You must reboot before using the software.

Uninstalling the AdapterIf another product is dependent on the product you wish to uninstall, you are informed that you must uninstall the other product first

Microsoft Windows

Use one of the following options to uninstall the Adapter from the Microsoft Windows platform:

• Click Start>Programs>TIBCO><Adapter>Uninstall

• Navigate to the _uninst directory located in the Adapter installation directory and invoke the Tibuninstall.exe program.

• Click Start>Programs>TIBCO>TIBCO Installation Manager

• Use Add/Remove Programs from the Control Panel.

UNIX

Use one of the following options to uninstall the Adapter from the supported UNIX platform:

• Navigate to the _uninst directory located in the Adapter installation directoryand invoke the Tibuninstall.bin program.



• Run TIBCO Installation Manager which is located in the <install-path>/tibco/TibcoInstallationManager.bin.


Installation Registry | 21

Installation Registry

The installer maintains an installation registry. The registry location depends on platform. This section explains where the registry files are located. The files have vpd as a prefix, which stands for Vital Product Database. Note that the installer does not recognize TIBCO ActiveEnterprise 4.x products.

Microsoft Windows PlatformsTIBCO ActiveEnterprise 5.x products maintain the installation registry in the SystemDrive:\WINNT directory. The following files represent the installation registry:

SystemDrive:\WINNT\vpd.propertiesSystemDrive:\WINNT\vpd.properties.tibco.systemName

Installer Disk Space Requirements in Temporary Area

The entire package is extracted into a temp folder, typically SystemDrive:\Temp or SystemDrive:\Documents and Settings\<user_name>\Local Settings\Temp.

The installer requires 33 MB of free space in the temp directory.

UNIX PlatformsThe installation registry is maintained in the following files in the user's home directory:

User_Home_Directory/vpd.propertiesUser_Home_Directory/vpd.properties.tibco.systemName

If installation is performed by super-user (root), the installation registry is maintained as follows:

• On Solaris and HP-UX, in the root user’s home directory (which is /) as two vpd files.

• On Linux, in the /root directory as two vpd files.

Do not edit, modify, rename, move, or remove any of the registry vpd files.



Installer Disk Space Requirements in Temporary Area

The installer launcher first extracts a Java Virtual Machine (JVM) in a temporary directory and uses this JVM to launch itself. The size of the extracted JVM differs from platform to platform.

On UNIX platforms the following disk space is required in the temporary area:

• On Solaris, 50 MB of free disk space in /var/tmp

• On HP-UX, 85 MB of free disk space in /var/tmp

• On Linux, 50 MB of free disk space in /tmp

If your system does not have sufficient free disk space in the above temporary area, you can still run the installer with a different temporary area by using the following option when starting the installer:

<install_package_name>.bin -is:tempdir /new_tmp

where /new_tmp has sufficient free disk space.

Disk Space Requirement in User's Home Directory

On UNIX platforms when a regular (non-root) user installs a TIBCO 5.1 product, the installation registry (two vpd files) is maintained in the user's home directory. As more products are installed, entries are added into these vpd files.

The user's home directory must at least have 500 KB of free disk space.

Installation HistoryThe installer and uninstaller creates a file called TIBCOInstallationHistory.xml in the same location where the installation registry is created. Each time an installation and uninstallation is performed, entries are appended to the file.

On Microsoft Windows: SystemDrive:\WINNT\TIBCOInstallationHistory.xml

On UNIX: Users_Home_Directory/TIBCOInstallationHistory.xml

The file TIBCOInstallationHistory.xml therefore contains the record of all installation and uninstallation activities of all products, features and components.

Do not edit, modify, rename, move, or remove the TIBCOInstallationHistory.xml file.


Adapter Components and Compatible Software | 23

Adapter Components and Compatible Software

You can install different adapter components on different machines. For example, you can run the run-time adapter on one machine and install the design-time components on another machine. This allows you to configure an adapter on one machine and run it on another.

Adapter ComponentsTable 1 describes the adapter components in the adapter installation package.

Required and Optional TIBCO ProductsDepending on the tasks you wish to perform, you must install one or more other TIBCO products. The following table describes required and optional products and their purpose. To know the version number of these products, see the adapter’s readme.txt.

Table 1 TIBCO Adapter components

Component Purpose

Run-time adapter This process does the actual work of passing and converting data to and from the vendor application. Parameters of data exchanges are stored in projects created using the adapter palette.

Adapter palette Adapter-specific GUI that is loaded in TIBCO Designer (see next section for details) at configuration time.

Table 2 Required and Optional TIBCO Products

Component Purpose

TIBCO Runtime Agent Required. TIBCO Runtime Agent supplies a number of TIBCO and third-party libraries used by the adapter and other TIBCO products both at design time and run time. This includes, for example, TIBCO Rendezvous and TIBCO Designer software.

You must install TIBCO Runtime Agent on each machine that hosts an adapter. TIBCO Runtime Agent must be installed before you install the adapter.



TIBCO Administrator Required. Required. TIBCO Administrator includes the following modules:

• User Management. Management of authentication, roles and users, that is, connecting roles (groups) and users to access control lists (ACLs). This includes security for server-based projects at design-time and for deployed applications at runtime.

• Resource Management. Monitoring of machines and of all running applications in a TIBCO administration domain. Alerts can be created, for example, to notify an administrator if the number of processes or disk usage exceed a certain number.

• Application Management. Uploading of Enterprise Archive (EAR) files, creation, configuration, deployment, and monitoring of applications. This console is also used to start and stop applications.

TIBCO Administrator is available as a separate installation and can be installed after installing the adapter separate installation and can be installed after installing the adapter.

TIBCO BusinessWorks Optional. TIBCO BusinessWorks is a scalable, extensible, and easy-to-use integration platform that allows you to develop integration projects. TIBCO Adapters are typically part of integration projects created using TIBCO BusinessWorks.

TIBCO BusinessWorks is available as a separate installation and can be installed after installing the adapter.

TIBCO Enterprise Message Service

Optional. TIBCO Enterprise Message Service allows you to use the Java Messaging Services (JMS) as the messaging transport for your adapter.

TIBCO Enterprise Message Service is available as a separate installation and can be installed after the adapter is installed.

Table 2 Required and Optional TIBCO Products

Component Purpose


Installing on Microsoft Windows | 25

Installing on Microsoft Windows

Before starting the installation procedure, review the topics in this section to determine that your system meets the basic requirements and that you have the prerequisite software installed.

The following is a list of prerequisites for installing the adapter on Microsoft Windows systems. See Installer Disk Space Requirements in Temporary Area on page 21 for additional disk space requirements.

The following table also lists the platform-specific installation packages, where <version_num> is the Adapter release number. For example, the installation package name for TIBCO Adapter for LDAP 5.4.0on the Microsoft Windows 2000 platform is TIB_adldap-simple_<version_num>_w32.exe.

Table 3 Supported platforms, package names, service packs and disk space for Microsoft Windows

Platform Package Names Hardware

Disk Space (MB)

Microsoft Windows 2000

TIB_adldap-simple_<version_num>_w32.exe

x86 30

Microsoft Windows XP Professional

Microsoft Windows Server 2003



Supported LDAP Servers

Before proceeding to adapter installation, ensure you can connect to the target application using the vendor client. The adapter works with the following LDAP directory servers:

— IBM Directory Server 5.2

— Microsoft Active Directory 2000

— Microsoft Active Directory 2003

— Microsoft Active Directory Application Mode Retail version

— Novell eDirectory Server 8.6.2

— Novell eDirectory Server 8.7

— Novell eDirectory Server 8.8

— OpenLDAP Server 2.2.26

— Oracle Internet Directory 9.2.0.1.0

— Oracle Internet Directory 10.1.2.0.2

— Oracle Virtual Directory 3.0.3

— Sun ONE Directory Server 5.1

— Sun ONE Directory Server 5.2

TIBCO Runtime Agent Must be Installed Before the Adapter

Before you can install the adapter, you must install the TRA. If you use the Typical installation, the installer places all libraries and other products required by the adapter into the TIBCO HOME directory.

During installation, the adapter installer checks for the availability of all dependent products in the target system. If any of the dependencies are not available, the installer will immediately exit. Otherwise installation will proceed.

Installer Account

You must have administrator privileges for the machine on which the adapter is installed.

The Sun ONE Directory Server was formerly called iPlanet.



If you do not have administrator privileges, the installer will exit. You must then log out of the system and log in as a user with the required privileges, or request your system administrator to assign the privileges to your account.

Installing from Network Drive

If you intend to install the product on a network drive, you must ensure that the account used for installation has permission to access the network drive.

Installing on Microsoft Windows 2000 and 2003 Terminal ServerThere are two modes in Microsoft Windows Terminal Server: Execute and Install. Users are logged on by default in the Execute mode, which allows them to run applications. To install an adapter so that everyone can use it, log on as administrator in the Install mode. When the adapter is installed in the Install mode, the installation registry is maintained in SystemDrive:\WINNT\.

The best way to install the adapter on Microsoft Windows Terminal Server is to use the Add/Remove Programs control panel applet. This automatically sets your mode to Install during the installation and then back to Execute afterwards. Alternatively, you can manually change your mode to Install before starting the installation by typing the following at a command prompt:

C:\> change user /install

Change back to Execute mode after installation is complete by typing:

C:\> change user /execute

To check your current mode, type the following:

C:\> change user /query

Installing the Adapter on Microsoft WindowsYou can either download the adapter package or install the package from a CD. The installer prompts you to accept the license agreement, then to choose to perform a typical install or custom install.

• A typical install has minimal prompts and installs standard components in default locations.

Microsoft Windows Terminal Server must be running in the remote admin mode, not application sharing mode. The adapter is not supported if installed on a machine that is using Microsoft Windows Terminal Server in the application sharing mode.



• A custom install prompts you to choose which components of the product suite to install and installs only those components.

The installer checks your system for the installation home directory that was established when TIBCO Runtime Agent was installed. The adapter is installed under the installation home directory.

Use one of the following modes to install the software.

Install Using GUI Mode

GUI Mode allows you input values in panels. Type the following at the command prompt:

TIB_adldap-simple_<version_num>_w32.exe

Install Using Console Mode

Console mode allows you to install the software in a non Windows environment. The installer will prompt you for values. Type the following at the command prompt:

TIB_adldap-simple_<version_num>_w32.exe -is:javaconsole -console

When running in console mode you can move through the installation process as described next:

Enter Key = Moves forward in the installer2 = Goes back to previous screen3 = Cancels the Wizard and exits the installation or uninstallation4 = Redisplays the current screen

Install Using Silent Mode

Silent mode allows you to install the software without prompts as it uses the default configuration. Type the following at the command prompt:

TIB_adldap-simple_<version_num>_w32.exe -silent

Install and Generate a Response File

You can generate a response file during installation which you can later use to invoke the installer with the selected values as default values (GUI mode) or as selected values (silent mode).

To install and generate a response file, type the following at the command prompt:



TIB_adldap-simple_<version_num>_w32.exe -options-record C:\directory\<responseFile>

Install Using a Response File

You can use a previously generated response file for installation. For non-silent modes, the response file determine the defaults that are presented. For silent mode, the response file determines what will be installed.

To install using a response file, type the following at the command prompt: TIB_adldap-simple_<version_num>_w32.exe -options

C:\directory\<responseFileName>

Combining OptionsYou can combine the different available options. For example, to install in silent mode using a response file, use: TIB_adldap-simple_<version_num>_w32.exe -silent -options <responseFileName>

To install using Console mode and generate a response file, use: TIB_adldap-simple_<version_num>_w32.exe -is:javaconsole -console

-options-record <responseFileName>

The response file does not record selections at the component level. It does record all other selections, for example, which products you wished to install.



Installation on UNIX Systems

Your operating system must meet the minimum patch requirements listed next. See Installer Disk Space Requirements in Temporary Area on page 22 for additional disk space requirements.

Supported LDAP Servers

The adapter supports many LDAP servers. Click , Supported LDAP Servers, on page 26 to view the list of LDAP servers the adapter supports.

Table 4 Supported platforms, hardware, package names, patches and disk space for UNIX systems

Platform Hardware Package NamesDisk Space (MB)

Solaris 8 SPARC TIB_adldap-simple_<version_num>_s4_58.bin

35

Solaris 9 36

Solaris 10

HP-UX 11.0 HPPA TIB_adldap-simple_<version_num>_h7_110.bin

38

HP-UX 11i TIB_adldap-simple_<version_num>_h7_110.bin

HP-UX 11i V2

IA64 Itanium TIB_adldap-simple_<version_num>_5.2.1_h7_ia64.b

51

Red Hat Linux 3.0

x86 TIB_adldap-simple_<version_num>_lnx86_24_323.bin

33

Red Hat Linux 4.0

TIB_adldap-simple_<version_num>_linux24gl23_x86.bin

35S

SUSE Linux Enterprise Server 9

x86

AIX 5.2 POWER TIB_adldap-simple_<version_num>_rs_51.bin

35

AIX 5.3 POWER 41


Installation on UNIX Systems | 31

TIBCO Runtime Agent Must be Installed Before the Adapter

Before you can install the adapter, you must install the TRA. If you use the Typical installation, the installer places all libraries and other products required by the adapter into the TIBCO HOME directory.

Installer Account

TIBCO 5.x products can be installed by a regular (non-root) user and super-user (root). Different users can install the same product at different locations.

Product dependencies at install time are resolved at user level through the installation registry maintained at user's home directory. See Installation Registry on page 21 for more information.

Windows Environment

A window environment such as CDE (i.e. X Windows) is required to run the installer in GUI mode. It is not required for a console installation.

Installing the Adapter on UNIXAfter unpacking the software and accepting the license agreement, you can choose to perform a typical install or custom install.

• A typical install has minimal prompts and installs standard components in default locations.

• A custom install prompts you to choose which pieces of the product suite to install and installs only those components.

The installer checks your system for the installation home directory that was established when TIBCO Runtime Agent was installed. The adapter is installed under the installation home directory.

Use one of the following modes to install the software. The examples assume you are installing the adapter on Solaris 8.

The adapter can be used with the Active Directory and ADAM directory servers only on windows platform. However if you use it on any other platform, the adapter displays the status message, AELDAP-00017. For more information about the message, see , Status Messages, on page 216.



Install Using GUI Mode

GUI Mode allows you input values in panels. Type the following in a terminal window:

% ./TIB_adldap-simple_<version_num>_s4_58.bin

Install Using Console Mode

Console mode allows you to install the software in a non Windows environment. The installer will prompt you for values. Type the following in a terminal window:

% ./TIB_adldap-simple_<version_num>_s4_58.bin -is:javaconsole -console

When running in console mode you can move through the installation process as described next:

Enter Key = Moves forward in the installer2 = Goes back to previous screen3 = Cancels the Wizard and exits the installation or uninstallation4 = Redisplays the current screen

Install Using Silent Mode with Default Values

Silent mode allows you to install the software without prompts using default values. Type the following in a terminal window:

% ./TIB_adldap-simple_<version_num>_s4_58.bin -silent

Install and Generate a Response File

You can generate a response file during installation which you can later use to invoke the installer with the selected values as default values (GUI mode) or as selected values (silent mode).

To install and generate a response file, type the following at the command prompt:

% ./TIB_adldap-simple_<version_num>_s4_58.bin -options-record /dir/<responseFile>

The response file does not record selections at the component level It does record all other selections, for example, which products you wished to install.


Installation on UNIX Systems | 33

Install Using a Response File

You can use a previously generated response file for installation. For non-silent modes, the response file determine the defaults that are presented. For silent mode, the response file determines what will be installed.

To install using a response file, type the following at the command prompt: % ./TIB_adldap-simple_<version_num>_s4_58.bin -options /dir/<responseFileName>

Combining OptionsYou can combine the different available options. For example, to install in silent mode using a response file, use: % ./TIB_adldap-simple_<version_num>_s4_58.bin -silent -options <responseFileName>

To install using Console mode and generate a response file, use: % ./TIB_adldap-simple_<version_num>_s4_58.bin -is:javaconsole -console -options-record <responseFileName>

Post Installation

Permission Requirements on UNIX Systems

All adapter users must have read, write, and execute permissions for the following directories:

$TIBCO_HOME/adapter/adldap/<version_num>/bin $TIBCO_HOME/adapter/adldap/<version_num>/logs$TIBCO_HOME/tra/<version_num>/logs$TIBCO_HOME/logs

For example, if the adapter has been installed in /opt/tibco, the user who installed the adapter can make these directories writable for all other users by executing the following commands:

% chmod a+w /opt/tibco/adapter/adldap/5.4/bin/% chmod a+w /opt/tibco/adapter/adldap/5.4/bin/logs% chmod a+w /opt/tibco/tra/5.4/logs



Installation FAQs and Troubleshooting

This section lists some common errors along with their causes and solutions.

Frequently Asked Questions

Where is the installation log file located?

Install and uninstall log files are created in the TIBCO_HOME\log directory.

What should I do, if JVM crashes when I run the installer?

The installer first extracts the bundled JVM into a temporary area and then uses it to launch itself. If for some reason, the JVM crashes, you could still run the installer using another JVM, preferably JVM 1.3.1 or higher. The examples assume you are installing the adapter on Solaris 8. The syntax is:

TIB_adldap-simple_<version_num>_w32.exe -is:javahome C:\j2sdk1.4.0TIB_adldap-simple_<version_num>_s4_58.bin -is:javahome /opt/jre142

The javahome directory must contain bin/java.exe or bin/java.

The installer will use the externally supplied JRE to launch itself.

Will 5.1 installer recognize a 3.x or 4.x installation?

TIBCO products follow a three digit release numbering scheme:

Major.Minor.Maintenance

Product releases that differ in either Major or Minor numbers will be a separate installation, and will not recognize the old installation. In this case, 5.0 is a major release and hence will not recognize either 3.x or 4.x product installations.

Why and how should I set the DISPLAY variable on UNIX platforms for GUI mode?

The installer on UNIX, must open an additional window, generally for graphics. It uses the DISPLAY environment variable to tell it on what computer to open the window. If the environment variable is not set, the installer will either wait or abort after displaying:

InstallShield WizardInitializing InstallShield Wizard...Preparing Java(tm) Virtual Machine......................................


Installation FAQs and Troubleshooting | 35

...................................

........

The DISPLAY variable must be set to the IP address or name of the computer (on which the installer graphics window are to be displayed), followed by a screen address, which can be :0.0. For example:

# Bourne shellDISPLAY=<ip_address>:0.0; export DISPLAY

# Korn shellexport DISPLAY=<ip_address>:0.0

# C-shellsetenv DISPLAY <ip_address>:0.0

For example, consider a scenario where you need to install the adapter on a remote HPUX machine (named itaska). Because you have a Solaris 5.6 machine (named alaska) that has a video card and monitor installed, you can run an X-window application on it. So you decide to telnet to itaska from alaska.

When you telnet to itaska, you will not get access to itaska's monitor and will be unable to display an X-window application. That is why you must set the DISPLAY variable, which instructs the X-server to redirect all Windows to the computer set in the variable. Before doing so, the computer (specified in the DISPLAY variable) must give permissions to share its monitor.

alaska> xhost + # give permission for all to its share monitoralaska> telnet itaskaWelcome to HPUX itaska 11.00User:Password:itaska> export DISPLAY=alaska:0.0 # set display on alaskaitaska> TIB_adldap-simple_<version_num>_odbc_h7_110.bin

What is uninst2 directory?

If the original uninstall directory is in use at uninstall time, it cannot be removed by the installer program. The installer then creates a second uninstall directory for the second installation. To remove the second installation, you must invoke the uninstall program from the second uninstall directory. The original uninstall directory can also be manually removed, if empty.

Running Out of Disk SpaceThe installer calculates the disk space required in product home location, for the selected components. The calculation is done before the actual installation (copying of files to system) begins. The installer will proceed only if sufficient free disk space is available in product home location.



However, if disk space is consumed by another process while the installer is copying the files, and if the required disk space is thereby reduced, the installer may fail and will then give a failure message.

Solution

While performing installation, avoid running other processes that consume disk space in product home location.

Installation Errors on HPUX 11.00 64 bit Platform

Error message

Installation on a HPUX 11.00 64 bit system may crash with the following error message:

Pid nnn killed due to trashed stack.Pid nnn was killed due to failure in writing the signal context.

This happens only on HPUX 11.00 64 bit systems. It does not happen on HPUX 11.00 32 bit system and HPUX 11.11 (or 11.i) system.

To determine the OS version on your system, run:

uname -a

To determine the kernel bits on your system, run:

getconf KERNEL_BITS

Resolution

HPUX kernel patch PHKL_27282, resolves the above crash.

To determine if your system has the kernel patch, run:

/usr/sbin/swlist -l product PHKL_27282

or

what /stand/vmunix | grep PHKL_27282

If your system is an HPUX 11.00 64 bit system and it does not have the patch, first install HPUX kernel patch PHKL_27282 and then proceed with the installation. Installation of patch PHKL_27282, will reboot your system.


Installation FAQs and Troubleshooting | 37

Configuring TIBCO Hawk

Error

TIBCO Runtime Agent includes the TIBCO Hawk Agent only. If you install the full TIBCO Hawk package after installing TIBCO Runtime Agent and do not have a Java Runtime Environment (other then the TIBCO JRE) installed, the TIBCO Hawk Configuration tool is unable to determine the Java home location and the JVM executable. The TIBCO Hawk services will not start correctly and you will be unable to start the TIBCO Hawk Display.

Resolution

1. Start the TIBCO Hawk Configuration tool. For example, on Microsoft Windows:

Start > TIBCO > TIBCO Hawk > Hawk Configuration

2. Under the General tab, click Advanced.

3. In the Java Home Directory field, provide the path to Java. For example:

C:\tibco\jre\1.4.2

4. In the JVM Executable field, provide the JVM executable. For example:

java.exe

The services will start properly and the TIBCO Hawk Display will run.

Cannot Install the AdapterOn HP-UX and AIX platforms, even though the correct version of TIBCO Runtime Agent version is already installed on the system, installation of an adapter that depends on TIBCO Runtime Agent may fail in the dependency resolution.

The TIBCO product installer maintains the registry information in the vpd.properties.tibco.systemName file. The value for systemName is determined by InetAddress.getLocalHost().getHostName(). However, the method getHostName(), returns different values based on the JRE versions used. For example, on AIX, JRE 1.3.1 returns only systemName, whereas JRE 1.4.0 returns systemName.domainName. Because of this, the installer is not able to load the correct registry file.



Resolution

On Unix platforms, the installer registry file vpd.properties.tibco.systemName is located in the user's home directory.

Case 1: If the vpd.properties.tibco.systemName file exists:

$ cd user's_home_directory$ ln -s vpd.properties.tibco.systemName

vpd.properties.tibco.systemName.domainName

For example:$ cd ~$ ln -s vpd.properties.tibco.upside vpd.properties.tibco.upside.tibco.com

where upside is systemName, and tibco.com is domainName

Case 2: If the vpd.properties.tibco.systemName.domainName file exists:

$ cd user's_home_directory$ ln -s vpd.properties.tibco.systemName.domainName vpd.properties.tibco.systemName

For example:

$ cd ~$ ln -s vpd.properties.tibco.upside.tibco.com vpd.properties.tibco.upside

where upside is systemName, and tibco.com is domainName.


| 39

Chapter 3 Preparing LDAP Server Interfaces

This chapter explains how to configure the LDAP server to interoperate with the adapter.

Topics

• Overview, page 40

• Preparing the LDAP Server for Use with the Adapter, page 41


40 | Chapter 3 Preparing LDAP Server Interfaces

Overview

Before configuring the adapter, you must prepare the LDAP Server applications’ interfaces so that the adapter can interoperate with it.


Preparing the LDAP Server for Use with the Adapter | 41

Preparing the LDAP Server for Use with the Adapter

Configuring the LDAP Server involves the following tasks:

1. Enabling SSL on the LDAP Servers

2. Setting Search Size Limit on the LDAP Server

Enabling SSL on the LDAP ServersSSL (Secure Sockets Layer) is a network protocol that allows authentication and encryption of data. SSL provides a secure connection between a client and a server.

Based on the SSL configurations of the client and the server, various levels of privacy are established. Understanding the basic operation of SSL will help you to correctly configure the required level of privacy for the client as well as the application data.

SSL supports, but does not require, server authentication (the client authenticates the server), client authentication (the server authenticates the client), and mutual authentication. SSL uses public key cryptography. One, or both the communicating applications has a public-private key pair; these keys are symmetric; data encrypted with the public key can be decrypted with the private key, and vice versa. To use SSL on all supported directory servers, the server's key pair must be pre generated and configured in the server.

Visit the following link to enable SSL on the LDAP server:

For Microsoft Active Directory,http://support.microsoft.com/default.aspx?scid=kb;en-us;247078#1

For Sun ONE Directory Server 5.1, http://docs.sun.com/source/816-5606-10/ssl.htm#996824

Setting Search Size Limit on the LDAP ServerYou may come across the following exceptions:

• The size of the result exceeds server-specific limit.

• The number of descendants for this node are more than the requested number.

Additionally, if you are using the Sun ONE Directory Server, you may come across the exception The adminstrative limit on the maximum number of entries to return was exceeded.


42 | Chapter 3 Preparing LDAP Server Interfaces

To proceed, you will need to log on to the server and change the value for the search size limit:

• For the Sun ONE Directory Server, click the Configuration tab. Select Database Settings and click the LDBM Plugin Settings tab. Change the value of the Look-through limit entry. While you are in the Configuration tab, select the root of the tree, and click the Performance tab. Change the value for the Size Limit entry too.

For details, see the documentation shipped with the server you are using.


| 43

Chapter 4 Getting Started

This chapter presents examples that demonstrate key adapter features. Work through these examples to get a hands-on understanding of how the adapter works.

Topics

• Prerequisites, page 44

• Setting LDAP Connection Parameters, page 45

• Create the Project, page 47

• Configure the Adapter, page 49

• Configure the Publication Service, page 52

• Configure the Subscription Service, page 54

• Configure the Request-Response Service, page 56

• Convert the Project to a Repository File, page 58

• Configuring the Project Using TIBCO IntegrationManager, page 59

• Deploy the Project and Start the Adapter, page 80

• Configuring the Exercises Using TIBCO IntegrationManager, page 81


44 | Chapter 4 Getting Started

Prerequisites

Before starting the configuration exercise, make sure that all required software has been installed and is operating correctly. For a list of required software, see the installation instructions in Chapter 2, Installation, on page 13.

You should know how to drag and drop icons in TIBCO Designer and be familiar with saving projects. If you are not familiar with these topics, refer to the TIBCO Designer User’s Guide, which is available by clicking Help>Designer Help in TIBCO Designer.

Scenario OverviewThe exercises in this chapter are designed to help you become familiar with basic adapter configuration. You can also view the activity on the adapter console when you perform LDAP operations supported by the services, using TIBCO IntegrationManager.

Running through these exercises will familiarize you with the different LDAP operations that a service supports. You will also learn how to integrate the adapter with other TIBCO products like TIBCO IntegrationManager.

Connections to LDAPMake sure that the adapter is connected to the LDAP Server. See Chapter 3, Preparing LDAP Server Interfaces, on page 39 for details.

Permissions to Access Repository ServerIf your site is using TIBCO Administrator to set access control to the repository server, you must have the account name and password that is used by the adapter to log onto the server.

Other ExamplesA set of examples are included online. TIBCO IntegrationManager examples are available in the examples\IM directory and TIBCO BusinessWorks examples are available in the examples\BW directory. The ActiveDirectory folder includes examples for the Active Directory Server. The eDirectory folder includes examples for the eDirectory Server. The SunOneDirectory folder includes examples for the Sun One Server. For more information, see the TIBCO Adapter for LDAP Examples Guide.


Setting LDAP Connection Parameters | 45

Setting LDAP Connection Parameters

Before starting the configuration exercise, you must modify the SunOneDirectory-run.bat (on Microsoft Windows platforms) or the SunOneDirectory-run.sh file (on Unix platforms) with information about your LDAP server connection. The SunOneDirectory-run.bat and SunOneDirectory-run.sh files are available in the <ADLDAP_HOME>\examples\IM\SunOneDirectory folder. Make sure you enter the values accurately as described below.

Open the SunOneDirectory-run.bat or SunOneDirectory-run.sh in any editor of your choice and modify the following properties:

set LDAP_SERVER_MACHINE_NAME=<Machine-Name>set LDAP_SERVER_PORT_NO=<Port-No>set LDAP_SERVER_USERNAME=<Username>set LDAP_SERVER_PASSWORD=<Password>set LDAP_SERVER_BASE_DN=<Base-Dn>

where: Parameter Description

<Machine-Name> Server name or the IP Address of the machine on which the LDAP server is installed. For example, 192.168.2.27.

<Port-No> Port on which the LDAP server is installed. For example, 389.

<Username> User name that will be used to connect to the LDAP server. Use quotation marks around the name. For example, "cn=Directory Manager".

<Password> Password for establishing the LDAP server connection. For example, admin123.



<Base DN> DN from the Directory Information Tree on your LDAP server under which sample data will be created to run the example. For example, "o=TestExample,o=BenchMark,dc=us.tibco.com"

The selected base DN should not have any child entries. The sample entries that will be created will be of type organization and below that, of type organizationalUnit. This implies that for eDirectory, the Base DN should be an entry of type Locality or Country and for Active Directory, the object class of the Base DN should be in the list of possible superiors for the type organization.

Parameter Description

The SunOneDirectory-run.bat and SunOneDirectory-run.sh files contain actual data that you must replace with details of the server you are using.


Create the Project | 47

Create the Project

The TIBCO Designer GUI is used to configure adapter instances. When starting TIBCO Designer, you must create or select a project. A project contains the configuration files that define options used by a run-time adapter. After a project is configured, it is converted to a repository file and available for use by the run-time adapter.

To create a project:

1. Run the modified SunOneDirectory-run.bat or SunOneDirectory-run.sh file to create entries on the LDAP server.

2. Start TIBCO Designer by executing the following command, depending on your operating system.

On Microsoft Windows, select: Start > Programs > TIBCO > TIBCO Designer 5.2 > Designer 5.2

On UNIX, from a command window change directory to the <install-path>/tibco/designer/5.2/bin directory and type ./designer

3. In the TIBCO Designer dialog, click New empty project.

4. In the Save Project dialog, select Multi-File Project (if it is not selected) and click the Browse button for the Root Directory field. Navigate to the C:\tibco\adapter\adldap\<version_num>\examples folder and click the

Make sure that you are using JRE 1.4.2 to run this example.



Create New Folder icon. Name the new directory LDAPConfig and click OK.

5. In the Save Project dialog, click OK. The project will be saved in the LDAPConfig directory.

The next diagram shows the TIBCO Designer GUI with the LDAPConfig project defined.

Project panel

Palette panel

Design panel

Configuration panel


Configure the Adapter | 49

Configure the Adapter

An adapter instance can contain publication services, subscription services, or request-response services. Options for logging, design-time connection, startup, and monitoring are set on the adapter instance. In this exercise, default values are used for all these options except design-time connection configuration.

To configure the adapter instance:

1. Drag the LDAP Adapter Configuration icon from the palette panel to the design panel. This creates an adapter named by default, LDAPAdapterConfiguration. The name can be changed, but in this exercise, names assigned by TIBCO Designer will be used.

2. Click the Design-time Connection tab to specify the LDAP Server access details and select the Sun ONE Directory Server in the Server Type drop-down.

The values specified in the Design-time Connection tab must be the same as the values specified in the SunOneDirectory-run.bat or SunOneDirectory-run.sh file.



a. Specify the machine name in the Server Name field.

b. Specify the port number in the LDAP Port field.

c. Specify the user name in the User DN field. TIBCO Designer uses this user name to access the Sun ONE Directory Server.

d. Specify the password in the Password field. TIBCO Designer uses this password to access the Sun ONE Directory Server.

e. Click Test Connection to verify that the values you entered are correct for your setup.

3. Click the Logging tab to identify the file log options.

In the next diagram, Information, Warning and Error messages are specified to be logged to the log file and standard input. The Log File field lists the global variables that are used to define the log file path and name. The DirTrace and Deployment variables are set using global variables. You can click the Global Variable tab to display the variables in the project panel. The default settings will be used in this example. The InstanceId variable


Configure the Adapter | 51

need not be set. The variable automatically substitutes the adapter name at run-time.

4. Select Project > Save to save the project information.



Configure the Publication Service

This section explains how to configure an adapter with a publication service that publishes a message from the specified LDAP Directory. The steps are:

• Configure the Publication Service

• Configure the Transport Information

• Configure the Schema Definitions

Task A Configure the Publication Service

1. In the project panel, expand the LDAP Adapter Configuration node, then highlight the Adapter Services folder to access the LDAP Publication Service icon.

2. Drag the LDAP Publication Service icon from the palette panel to the design panel.

3. In the Configuration tab, specify the Service Name that this service should use, and select JMS in the Transport drop-down.

Task B Configure the Transport Information

1. Click the Transport tab and enter ldapexample.pub in the Destination field.

2. Select Topic in the Connection Factory Type drop-down. Click Apply.

Task C Configure the Schema Definitions

1. Click the Schema View tab and in the Base DN field click Browse DIT.


Configure the Publication Service | 53

2. Navigate to o=MyOrg1, c=I0, dc=MyDomain, dc=portal, dc=com, LDAP_SERVER_BASE_DN in the Select Base DN dialog box. Note that the DN value is the same value specified for the LDAP_SERVER_BASE_DN parameter defined in the SunOneDirectory-run.bat or SunOneDirectory-run.sh file.

3. Specify 100 in the Maximum Number Of Entries field.

4. Click OK.

5. Click Browse DIT in the Sample Entry for Schema field.

6. Navigate to ou=MyOrgOu0, o=MyOrg1, c=I0, dc=MyDomain,dc=portal,dc=com in the Select Sample Entry for Schema dialog box.

7. Click OK.

8. Click Apply in the Schema View tab.




Configure the Subscription Service

This section explains how to configure an adapter with a subscription service that subscribes to a message from the JMS Transport. You must use the project created in the previous exercise. The steps in this exercise are:

• Configure the Subscription Service



Task A Configure the Subscription Service

1. In the project panel, expand the LDAP Adapter Configuration node, then highlight the Adapter Services folder to access the LDAP Subscription Service icon.

2. Drag the LDAP Subscription Service icon from the palette panel to the design panel.



1. Click the Transport tab and enter ldapexample.sub in the Destination field.



Configure the Subscription Service | 55



2. Navigate to o=MyOrg0,c=I0,dc=MyDomain,dc=portal,dc=com, LDAP_SERVER_BASE_DN in the Select Base DN dialog box. Note that the DN value is the same value specified for the LDAP_SERVER_BASE_DN parameter defined in the SunOneDirectory-run.bat or SunOneDirectory-run.sh file.


4. Click OK.



7. Click OK.





Configure the Request-Response Service

This section explains how to configure a request-response service to receive a request, execute the search criteria and publish the search results on JMS transport. You must use the project created in the previous exercise. The steps in this exercise are:

• Configure the Request-Response Service



Task A Configure the Request-Response Service

1. In the project panel, expand the LDAP Adapter Configuration node, then highlight the Adapter Services folder to access the LDAP Request-Response Service icon.

2. Drag the LDAP Request-Response Service icon from the palette panel to the design panel.



1. Click the Transport tab and enter ldapexample.rpc in the Destination field.



Configure the Request-Response Service | 57



2. Navigate to o=MyOrg0,c=I0,dc=MyDomain,dc=portal,dc=com, LDAP_SERVER_BASE_DN in the Select Base DN dialog box. Note that the DN value is the same value specified for the LDAP_SERVER_BASE_DN parameter defined in the SunOneDirectory-run.bat or SunOneDirectory-run.sh file.


4. Click OK.



7. Click OK.





Convert the Project to a Repository File

The project must be exported to the DAT (repository) format for use by the adapter.

To export the project to a local repository:

1. Select Project >Export Full Project.

2. In the Export Project dialog box, specify the project name and the directory to save to. Click OK.

It is recommended that you save the project as example.dat, as the exercises in this chapter use example.dat as the project name.


Configuring the Project Using TIBCO IntegrationManager | 59

Configuring the Project Using TIBCO IntegrationManager

This section helps you configure the project files using TIBCO IntegrationManager. You must have TIBCO IntegrationManager installed. Additionally, you must complete this task before you run the exercises.

Configure the Publication ServiceTo configure the publication service:

1. Save the configured example.dat as impubexample.dat.

2. Open the impubexample.dat in the TIBCO IntegrationManager Editor.

3. Create a new Shared Parameter, for example, JMSShared.

4. Enter tcp://localhost:7222 in the JNDI/JMS URL field.

5. Enter com.tibco.tibjms.naming.TibjmsInitialContextFactory in the JNDI Context Class field.

6. Enter TopicConnectionFactory in the JMS Connection Factory field.

7. Click OK.

8. Create a new Channel, for example, PubChannel.

9. Select JMS from the Transport drop-down.



10. Select 5.3 from the AE Version drop-down.

11. Choose the wire schema that you had configured earlier in the Class field. It will be adapter/ldap/<server name>/<machine name>/organizationalUnit.

12. Enter the publication service subject as ldapexample.pub. This is the subject the LDAPPublicationService is listening on.

13. Choose JMSShared in the Shared Parameters field.

14. Click OK.

15. Create a new job creator, PubJob.

16. Select JMS from the Transport Type drop-down.

17. Choose the channel PubChannel.

18. Create a new process, PubProcess.

19. Create a new job slot, PubMesg. A dialog box displays.



20. Select Predefined from the Channel (Source) drop-down and decoded ae message from the adjacent drop-down.

21. Click OK.

22. Double-click PubProcess and drag a Start Task, End Task, and an Execute Script Task.

23. In the Execute Script Task write the following line:writeln("The Publication Service message received :"+job.get("PubMesg"));

Connect the tasks in the following sequence by the Trigger Task as mentioned below:

If decoded ae message is not available, choose message instead and then run the TIBCO IntegrationManager transforms. Stop TIBCO IntegrationManager and return to this configuration step. The decoded ae message option will display. Select it.



'start task' ===> 'Execute Script task' ===> 'end task'

24. Click OK and save impubexample.dat.

To start the adapter and to run the process follow the steps explained in the section Deploy the Project and Start the Adapter on page 80 and Configuring the Exercises Using TIBCO IntegrationManager, page 81.

Configure the Subscription ServiceTo configure the subscription service:

1. Save the configured example.dat as imsubexample.dat.

2. Open imsubexample.dat in the TIBCO IntegrationManager Editor.







7. Click OK.

8. Create a new Channel, SubChannel.

9. Select JMS in the Transport drop-down.

10. Select 5.3 from the AE Version drop-down.

11. Choose the wire schema that you had configured earlier in the Class field. It will be adapter/ldap/<server name>/<machine name>/organizationalUnit.

12. Enter the subscription service subject as ldapexample.sub. This is the subject the LDAPSubscriptionService is listening on.



13. Choose JMSShared in the Shared Paramters field.

14. Click OK.

15. Create a new process, SubProcess.



16. Double-click SubProcess and drag a Start Task, End Task, Mapper Task, and Signal Out Task.

17. Double-click Mapper Task and then choose the schema as mentioned above in step 11 in the Mapper output.

Depending on the operation, the values you must enter are given below:



For the INSERT operation:

— OpCode = LDAP_ADD

— DN = ou=newunit,<DN as configured for the service>

— attribute ou=newunit

— objectclass attribute = organizationalUnit

For the DELETE operation:

— OpCode = LDAP_DELETE

— DN = ou=existingunit,<DN as configured for the service>


For the UPDATE operation:

— OpCode value = LDAP_MODIFY



Also, specify the values of the attributes that you want to modify for this entry.

For the MODIFYADD operation:

— OpCode value = LDAP_MOD_ADD



Also, specify the values of the attribute values that you want to add for this entry.

For the MODIFYDELETE operation:

— OpCode value = LDAP_MOD_DELETE



Also, specify the values of the attribute values that you want to delete for this entry.

For the MODIFYREPLACE operation:

— OpCode value = LDAP_MOD_REPLACE





Also, specify the values of the attribute values that you want to replace for this entry

For the MODIFY DN operation:

— OpCode = LDAP_MODIFYKEY


— NewDN = ou=modifiedunit


For the UPSERT operation, the

— OpCode = LDAP_UPSERT

— DN = ou=unit,<DN as configured for the service>

If the specified DN does not exist on the LDAP server, the adapter will add this entry provided ou and objectclass attribute values have been specified. If the specified DN exists, the adapter will update the entry with the specified attribute values in the schema.



18. Save the values entered for doing a particular operation and enter the Job Slot name in the Slot text field of the Mapper Task, for example, SubSlot.

19. Click OK.

20. Double-click Signal Out Task.

21. Choose JMS and choose SubChannel.

22. Create a job slot. Specify the SubSlot name as mentioned above. Select message in the Channel (Source).

23. Click OK.

24. Connect the tasks in the following sequence by the Trigger Task as mentioned below:



start task ===> Mapper task ===> Signal Out Task ==> end task

25. Create a Channel that will be used for triggering the Subscription Process, called TestChannel.

26. Specify test.sub as the value of the subject field. Click OK.



27. Create a Job slot, TestJob and choose TestChannel as the channel, and SubProcess as the process.

28. Click OK.

29. Create a message diagram, SubMesgDiagram.



30. Drag TestChannel, TestJob, and SubProcess to the Design Panel. These are connected by arrows and this indicates that your configuration is correct. If the arrows are missing, check your configuration.

31. Save imsubexample.dat.


Configure the Request-Response Service

1. Save the configured example.dat as imrpcexample.dat.

2. Open imrpcexample.dat in the TIBCO IntegrationManager Editor.







7. Click OK.

8. Create a Channel, for example, rpcchannel.

9. Select JMS from the Transport drop-down.

10. Select client/server from the Channel Type drop-down.

11. Select the value of the RPC Server endpoint that you have configured in the Endpoint field.

When you select the endpoint, the Class and Subject fields are automatically populated.



12. Choose JMSShared from the Shared Paramters field.

13. Create a process, rpcprocess.



14. Double-click rpcprocess and drag the Start Task, Stop Task, Execute Task, and Invoke Task to the design panel.

15. Connect the tasks in the following sequence by the Trigger Task as mentioned below:Start Task ===>Execute Task ===>Invoke Task ===>Stop Task

16. Open Execute Task and write the following script lines for a LOOKUP operation using the RPC Server service of the adapter.var orgUnit;

orgUnit = new aeclass.adapter.ldap.iplanet.anand.organizationalUnit();

orgUnit.OpCode="LDAP_LOOKUP";

orgUnit.DN="ou=unit1,o=BenchMark,dc=tibco.com";



job.put("input",orgUnit);

17. Click OK.

18. Open Invoke Task and select rpcchannel.

The Operation field is populated automatically.

19. Click the + sign to create new binds.

To execute any other LDAP operation, changes will be required to the script.



20. Specify the name of the Job Slot that was specified in the script, that is, input.

21. Select the class configured for this rpc server service in the Parameter drop-down, that is, organizationalUnit.

22. Click OK.

23. Select Entire Reply from the Operation drop-down and enter reply in the Slot Name field.



24. Click OK.

The Slot Name reply encapsulates all the information obtained from the server, in response to the request made by the RPC Server Service.

25. Create a channel, for example, testchannel.

26. Enter the subject in the Subject field as test.rpc.

27. Click OK.

28. Create a test job creator, for example, testjob.



29. Select testchannel as the channel, and rpcprocess as the process.

30. Click OK.

31. Create a message diagram, rpcmesg.



32. Drag testchannel, testjob and rpcprocess to the design panel. These are connected by arrows and this indicates that your configuration is correct. If the arrows are missing, check your configuration.

33. Save the imrpcexample.dat.




Deploy the Project and Start the Adapter

Before starting the adapter, you must create a properties file for the adapter.

Task A Deploy the Adapter

To create a properties file for the adapter:

1. Change directory to the adapter bin directory:cd C:\tibco\adapter\adldap\<version_num>\bin

2. Copy adldap.tra to a new text file named example.tra.

3. Using a text editor, open the example.tra file and change the following properties. Change: #TIBCO.repourl <repourl> to:TIBCO.repourl

C:/tibco/adapter/adldap/<version_num>/examples/example.dat

Change: #TIBCO.configurl <configurl> to:TIBCO.configurl adldap/LDAPAdapterConfiguration

Change: application.args adldap -system:propFile C:/tibco/adapter/adldap/<version_num>/bin/adldap.tra

to: application.args adldap-system:propFile

C:/TIBCO/adapter/adldap/<version_num>/bin/example.tra

Task B Start the Adapter

Open a command window.

1. Start the JMS Server by executing the following command:

On Microsoft Windows, select Start > Programs > TIBCO > TIBCO Enterprise Message Service > Start JMS Server.

On Unix, from a command window change directory to the <install-path>/tibco/jms/bin directory and type ./tibjmsd

2. In the second command window change directory to the <install-path>/tibco/adapter/adldap/<version_num>/bin directory.

3. Start the adapter:adldap --run --propFile example.tra


Configuring the Exercises Using TIBCO IntegrationManager | 81

Configuring the Exercises Using TIBCO IntegrationManager

After starting the adapter, run the exercise as follows:

1. Copy the project file into the bin folder of your TIBCO IntegrationManager directory. Depending on the service you want to run, copy:

— impubexample.dat - to run the Publication Service

— imsubexample.dat - to run the Subscription Service

— imrpcexample.dat - to run the Request- Response Service

2. Open a command prompt for TIBCO IntegrationManager.

3. Navigate to the bin folder of the TIBCO IntegrationManager install directory.

4. In the command prompt window type imse -name example -f <filename>.dat. This will start the IntegrationManager server and engine.

5. Run the adapter as mentioned in Start the Adapter on page 80.

6. Do any of the following, depending on the service you want to execute:

For the Publication Service:

a. Execute the LDAP Publication Service related operations on the LDAP Server under the DN specified during configuration.

b. You will see a message displayed on the TIBCO IntegrationManager Engine console and the adapter console.

For the Subscription Service:

a. Open one more command prompts and send any message on the subject test.sub. For example: tibrvsend test.sub "trigger sub"

b. Look for any messages published on the Engine Console and also look for the entry on which the LDAP operation as implemented by the process was performed.

c. Check your LDAP Server for changes effected by the process.

For the Request-Response Service:

Before you run this command, in the TIBCO IntegrationManager Editor, go to the Tools > Global Variables menu, and add InstanceId and AppName to the existing global variables.



a. Open a command prompt window and send any message on the subject test.rpc. For example: tibrvsend test.rpc "trigger rpc"

b. Look for messages published on the Engine Console and for the entry on which the LDAP operation as implemented by the process was performed.

c. Check your LDAP Server for changes effected by the process.


| 83

Chapter 5 Adapter Instance Options

This chapter explains how to create an adapter instance and assign it services by configuring standard settings. All configuration tasks are performed in TIBCO Designer and the information is stored in a project that is later used by the run-time adapter.

Topics


• Configuring the SSL Environment, page 85

• Adapter Instance Fields, page 91

• Adapter Services, page 103

• Publication Service Fields, page 104

• Subscription Service Fields, page 113

• Request-Response Service Fields, page 122

• Supported LDAP Operations and Message Structure, page 131

• Specifying an Attribute Filter as a Sequence, page 138

• Handling Entries Belonging to Multiple Object Classes, page 139


84 | Chapter 5 Adapter Instance Options

Overview

You can configure adapter instances and add and configure adapter services using TIBCO Designer.

Configuration TasksUse the following sequence to create and configure an adapter service.

1. Start TIBCO Designer and open a multi-file project. See the TIBCO Designer User’s Guide for details on multi-file projects.

2. Drag the LDAP Adapter Configuration icon from the palette panel to the design panel. This creates an adapter named, by default, LDAPAdapterConfiguration.

3. Define the adapter instance by assigning a new name and optionally change logging options. See Logging Tab on page 99 for details.

4. Specify the LDAP Design Time Connection and test the connection.

5. Add a service to the adapter instance by dragging the service icon from the palette panel and dropping it in the design panel.

6. Define the configuration, transport, and schema options for the service.

7. To select a Base DN for a service, in the Schema View tab, click the Browse DIT button. The Directory Information Tree is displayed in a dialog. Specify the Maximum Number of Entries and then select an LDAP entry for the service from the DIT. You can also browse the DIT to specify a sample entry for the schema. This generates the class reference needed for the service.

Repeat step 2 through step 7 for each adapter service that you want to configure. Set the combination of options required for your service. See the Configuration Tab on page 91 for details.

8. Export the project as a local repository and exit TIBCO Designer.

After configuring the adapter, you must create the run-time adapter properties file and add the project name and adapter instance name.


Configuring the SSL Environment | 85

Configuring the SSL Environment

Configuring the SSL environment involves the following tasks:

• Converting Certificates to Use SSL at Design Time

• Converting Certificates to Use SSL at Run-Time

You will need to obtain the following from your LDAP server administrator:

1. The CA (Certificate Authority) certificate that signed the LDAP server certificate. You will need the CA certificate in a DER format file. If you have the CA certificate in the PEM format, you can convert it to the DER format as follows:

<TIBCO_HOME>\adapter\adldap\<version_num>\tools\openssl\openssl.bat x509 -inform PEM -outform DER <cacertperm> cacert.der

The samples assume that the CA certificate file is called cacert.der.

2. To use External (client certificate based) authentication, the certificate and private key of the LDAP user that the adapter will authenticate to the LDAP server as a PKCS12 file. Use the administration tools of the LDAP server to export the LDAP user’s certificate and private key.

The samples assume that the PKCS12 file is called userident.p12. The PKCS12 file is encrypted with a password and you will need that as well.

To use SSL for the design-time connection, the certificates and keys must be imported into a keystore as described in Converting Certificates to Use SSL at Design Time.

To use SSL for the run-time connection, the certificates and keys must be converted to a different format as described in Run-time Connection Tab on page 95.

Converting Certificates to Use SSL at Design TimeTo use SSL for the design-time connection to the LDAP server, the CA certificate must be imported into a keystore. Use the Java utility keytool for this.

The command for using this utility is:<TIBCO_HOME>\jre\1.4.2\bin\keytool -import -v -alias <alias> -file <cert_file> -keystore <keystore>

For AIX 5.2, $ADLDAPHOME/tools/openssl is not bundled with the installer. You must download it from http://www.opnssl.org.



To import the CA certificate from the cacert.der file into the keystore file, <TIBCO_HOME>\jre\1.4.2\lib\security\keystore with the alias CAcert, run the following command:

<TIBCO_HOME>\jre\1.4.2\bin\keytool -import -v -alias CAcert -file cacert.der -keystore <TIBCO_HOME>\jre\1.4.2\lib\security\cacerts

You will be prompted to choose a password. You require this password to import additional certificates into the keystore. Select yes when the keytool prompts you to trust the imported certificate.

To use SSL at design time with anonymous or simple authentication:

In the Design-time Connection tab, specify the following values. For details, see Design-time Connection Tab on page 92.

• Specify the LDAP server (Hostname or IP address).

• Specify the port number in the LDAP Port field.

• Select the Use SSL check box.

• In the Trusted Certificate Authorities field, specify the path to the Java keystore you created earlier. In the example above, the keystore file is in the TIBCO_HOME\jre\1.4.2\lib\security\cacerts folder.

• Specify the authentication mode to be Simple or Anonymous. If you select Simple authentication, the User DN and Password are mandatory.

• Click Test Connection to make sure that the design-time adapter can connect to the LDAP server using SSL with the specified parameters.

To use SSL at design time with external authentication:

1. In the Design-time Connection tab, specify the following values. For details, see Design-time Connection Tab on page 92.

— Enter the LDAP Server (Hostname or IP address).

— Specify the port number in the LDAP Port field.

— Select the Use SSL check box.

— In the Trusted Certificate Authorities field, specify the path to the Java keystore you created earlier. In the example above, the keystore file is TIBCO_HOME\jre\1.4.2\lib\security\cacerts.

2. Select External for the Authentication mode.

3. In the Client Identity field, specify the full path to the PKCS12 file that has the LDAP user’s certificate and key.



4. In the Identity Password field, provide the password to the PKCS12 file.

5. Click Test Connection to make sure that the design-time adapter can connect to the LDAP server using SSL with the specified parameters.

Converting Certificates to Use SSL at Run-TimeTo use SSL for the run-time connection, the CA certificate and the user PKCS12 file (required only if the Authentication Mode is External) must be converted and imported into a security database. The security database is a directory with files that contain the same information as the CA certificate and the user PKCS12 in a format that can be used at run-time.

To create a directory for the security database:

1. Create a directory for the certificate database.

The following examples assume that <TIBCO_HOME>\adapter\adldap\<version_num>\certificates (or <TIBCO_HOME>/adapter/adldap/<version_num>/certificates on UNIX) is the directory chosen.

2. Use the following command to prepare the directory: <TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.ba

t -N -d <TIBCO_HOME>\adapter\adldap\<version_num>\certificates

You will be prompted to select a password for the security database. You will need this password to import any additional certificates and the user PKCS12 file into the security database.

After you have run the command, the directory <TIBCO_HOME>\adapter\adldap\<version_num>\certificates will contain the files cert7.db, key3.db and secmod.db.

3. Add the CA certificate to the security database. Type the command: <TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.bat -A -n CAcert -t "CT,," -i cacert.der -d

<TIBCO_HOME>\adapter\adldap\<version_num>\certificates

The -n CAcert specifies the alias or display name for the CA certificate being imported. Choose a unique alias for each certificate you add to the certificate database. You will be prompted to enter the password you chose in step 2.

4. Verify that the certificates have been correctly added to the database. Use the <TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.

On Unix, use certutil.sh instead of certutil.bat.



bat -L -d

<TIBCO_HOME>\adapter\adldap\<version_num>\certificates command to produce the output CAcert CT.

5. Import the user PKCS12 file (required only for External authentication). The following command imports the PKCS12 file userident.p12 into the certificates directory <TIBCO_HOME>\adapter\adldap\<version_num>\certificates (this should be the same directory you imported the CA certificate into):

<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\pk12util -i userident.p12 -d


You will be prompted for the password to the security database that you chose in step 3 and the password of the PKCS12 file.

6. List the contents of the security database by running the following command:

<TIBCO_HOME>\adapter\adldap\<version_num>\tools\nss\certutil.bat -L -d


The output should be similar to the following:Certificate Name

Trust Attributes

Userident

u,pu,u

CAcert

CT,,

On Unix, use certutil.sh instead of certutil.bat

You will obtain the Trust Attributes u,pu,u output only if you imported a user PKCS12 file for External authentication.



To use SSL with Anonymous or Simple authentication:

1. In the Run-time Connection tab, specify the following values. For details, see Run-time Connection Tab on page 95.




— In the Converted Certificates and Keys Directory field, specify the directory you chose for the security database.

2. Specify the Authentication Mode as Simple or Anonymous. If you select Simple authentication, the User DN and Password are mandatory.

To use SSL with external authentication:

1. In the Run-time Connection tab, specify the following values. For details, see Run-time Connection Tab on page 95.




— In the Converted Certificates and Keys Directory field, specify the directory you chose for the security database.

2. Specify the Authentication Mode as External.

3. In the Client Certificate Name field, enter the name of the certificate with Trust Attributes u,pu,u.

4. In the Client Key Password field, enter the password you selected when you prepared the security database directory.

Using SSL with the AdapterTo use the SSL protocol with the adapter:

1. Configure SSL support in the LDAP server. For further information, see Preparing the LDAP Server for Use with the Adapter on page 41.

2. Get the LDAP server's certificate and the certificate (chain) of the CA that issued the LDAP server's certificate. You must obtain the LDAP certificates in the DER format.



3. Create certificate stores containing the certificates.

— For the design-time connection, use the Java keytool to create a keystore. For details, refer to Converting Certificates to Use SSL at Design Time on page 85.

— For the run-time connection, use certutil to convert the certificates. For details, see Converting Certificates to Use SSL at Run-Time on page 87.

4. Configure the SSL parameters on the Design-time Connection tab. Refer to Design-time Connection Tab on page 92.

5. Configure the SSL parameters on the Run-time Connection tab. Refer to Run-time Connection Tab on page 95.

If you are using Active Directory as the LDAP server and setting up a publication service, you must also import the certificate to the systems certificate store on the Microsoft Windows machine that will run the adapter.

You can configure SSL separately for the design-time and run-time connections.


Adapter Instance Fields | 91

Adapter Instance Fields

The following tabs can be used to define an adapter instance:

• Configuration Tab on page 91

• Design-time Connection Tab on page 92

• Run-time Connection Tab on page 95

• General Tab on page 98

• Multithreading Tab on page 98

• Logging Tab on page 99

• Startup Tab on page 101

• Monitoring Tab on page 101

Configuration Tab

Instance Name

Use the default name or replace it with a name of your choice.

• An instance name must use alphanumeric characters. An underscore (_) character can be used. The entire instance name must be less than 80 characters. The space character cannot be used in an instance name.

• An instance name cannot use global variables.

• An instance name must be unique with respect to other adapter instances for the same adapter in the project. The same instance name can be used to name an adapter instance for a different adapter in the same project. For example, an R/3 adapter instance named TEST and a Siebel adapter instance named TEST can coexist in the same project.

• Each instance name must be unique per adapter within a project even if each instance is defined in a different folder. That is, configuring same-named adapter instances in different folders will not make their names unique.

When you create an adapter instance, the palette automatically creates several resources for it. The names of these resources derive from the name of the instance to which they belong. Changing the adapter instance name results in an automatic regeneration of the resources names. If you manually modify any resource name, that particular name will not be automatically regenerated next time you rename the adapter instance.



Description

Provide information about the adapter instance that you want stored in the project. The field is optional.

Version

The version string indicates the ActiveEnterprise (AE) format in which the adapter instance is saved. An adapter instance can be saved in AE Version 4.0 or AE Version 5.1, AE Version 5.2 and AE Version 5.3 format.

When a new adapter instance is created in TIBCO Designer 5.x, the version string is set to AE Version 5.3. When a 4.x adapter instance is opened in TIBCO Designer 5.x, the Version field is set to AE Version 4.0.

• If a 4.x adapter instance is to be run against a 4.x run-time adapter, the instance must be saved with the Version field set to AE Version 4.0.

If you are using TIBCO Designer 5.x to modify 4.x adapter instances, change only features supported by the 4.x. run-time adapter and use the validation utility to verify the instance before deploying the project. The validation utility scans the project and returns warnings if any 5.x features are defined for 4.x adapter instances. Invoke the utility from the Project>Validate Project for Deployment menu command in TIBCO Designer.

• If a 4.x adapter instance is to be run against a 5.x run-time adapter, the Version field should be set to AE Version 5.x.

To change versions, click the Change Version button.

Message Filter

Specify a message filter, if you have configured a message filter resource for use with the adapter. The filter allows you to manipulate incoming and outgoing data before sending it on the network or handing it to the target application. Filters can be written using the TIBCO Adapter SDK. See the TIBCO Adapter SDK Programmer’s Guide for information about writing a message filter.

Show All Tabs

Select this box to display additional tabs for configuring advanced options.

Design-time Connection TabMany of the following fields make use of global variables. Click the Global Variables tab in the project panel to enter a value for a global variable.



Server Type

Specify the type of server. This is the name of the LDAP server that the adapter will be connecting to. You can choose Microsoft Active Directory Server/ADAM, IBM Directory Server, Sun ONE Directory Server, Novell eDirectory, or Oracle Internet Directory.

Server Name

Specify the name of the machine where the LDAP server is installed.

Use SSL

Select this check box to specify whether the SSL protocol should be used. By default, this check box is not selected.

LDAP Port

Specify the number of the port that the adapter is configured to listen at. The default port number for LDAP servers is 389.

The default SSL port number is 636.

Authentication Mode

The mode of authentication used for connecting to the LDAP server. Currently, the following are supported:

• Simple — If you select the Simple authentication mode, you must specify the user name and password required to log on to the LDAP server. Click Test Connection. If the entries are accurate, the adapter will connect to the server.

• Anonymous — If you select the Anonymous authentication mode, you do not need to specify the user name and password. You will be logged on to the LDAP server automatically. Click Test Connection. If the configuration is accurate, the adapter will connect to the server.

If an existing dat file is opened and the machine name is changed, then the following message displays:

You have already configured adapter instances and services for a

particular LDAP server. The change that you are attempting will be

valid only if the new server has identical directory information

tree and schemas. Please confirm this and that you do wish to

proceed with this change.

Click Yes to effect the changes to the machine name. Click No to revert to the previous value.



• External — This field is only available if you select the Use SSL check box. If you select the External authentication mode, you must ensure that the User DN and Password fields are empty. In the Client Identity field, provide the path to the userident.p12 file. Also, enter the password for the .p12 file in the Identity Password field. Click Test Connection. If the entries are accurate, the adapter will connect to the server.

User DN

Specify the user name that will be used to log on to the LDAP server. You must specify the DN used to bind to the LDAP server. For example, cn=Administrator,cn=Users,dc=adsldap.

Password

Specify the password that will be used to log on to the LDAP server at design time.

Remember Password

If this check box is not selected, the password must be entered each time the project is opened. If it is selected, the password will be stored in the project repository. This password is for the design-time connection only.

The password for the run-time connection is stored in the adldap.tra file, either in clear text or in obfuscated format.

Audit Log File Path

If you specified the server type to be IBM Directory Server, enter the path for the audit log in the Audit Log File Path field.

Use Design-time Connection for Run-time

Select this check box to use the design-time connection information for the run-time adapter.

Trusted Certificate Authorities

This is the file that contains the list of trusted certificates and specifies which Certificate Authorities should be trusted as issuers of the LDAP server certificate. The file is created using keytool.



Client Identity

You must specify the complete path of the client .pfx or .p12 file.

Identity Password

This is the password that is used to decrypt the private key of the client.

Verify Server Certificate Common Name

The design-time connection does not support this option.

Test Connection

Click to test the validity of the connection information that you specified for the adapter instance.

Run-time Connection TabSpecify the run-time parameters on this tab.

Server Type

Specify the type of server. This is the name of the LDAP server that the adapter will be connecting to. You can choose Microsoft Active Directory Server/ADAM, IBM Directory Server, Sun ONE Directory Server, Novell eDirectory, or Oracle Internet Directory.

Server Name

Specify the name of the machine where the LDAP server is installed.

Use SSL

Select this check box to specify whether the SSL protocol should be used. By default, this check box is not selected.

LDAP Port

Specify the number of the port that the adapter is configured to listen at. The default port number for LDAP servers is 389.

The default SSL port number is 636.



Authentication Mode

The mode of authentication used for connecting to the LDAP server. Currently, the following are supported:

• Simple — If you select the Simple authentication mode, you must specify the user name and password required to log on to the LDAP server. Click Test Connection. If the entries are accurate, the adapter will connect to the server.

• Anonymous — If you select the Anonymous authentication mode, you do not need to specify the user name and password. You will be logged on to the LDAP server automatically. Click Test Connection. If the configuration is accurate, the adapter will connect to the server.

• External — This field is only available if you select the Use SSL check box. If you select the External authentication mode, you must ensure that the User DN and Password fields are empty. In the Client Identity field, provide the path to the userident.p12 file. Also, enter the password for the .p12 file in the Identity Password field. Click Test Connection. If the entries are accurate, the adapter will connect to the server.

User DN

Specify the user name that will be used to log on to the LDAP server. You must specify the DN used to bind to the LDAP server. For example, cn=Administrator,cn=Users,dc=adsldap.

Password

Specify the password that the adapter must use at run time. The password is encrypted and stored in the project file. If you select the Use Design-time Connection for Run-time check box under the Design-time Connection tab, the adapter uses the design-time password at run time too. To maintain backward compatibility, if the run-time password is not specified or if the field is empty in the project file, the adapter uses the password from the .tra file. This field is mandatory.

The adapter handles the password at design time and run time as follows:

• In the 5.1.0 release and later, you can enter the run-time password in the Password field under the Run-time Connection tab. The adapter looks for the run-time password in the project file.

• In the 5.0.1 release, you cannot specify a run-time password through TIBCO Designer. However, if you select both the Remember Password and Use Design-time Connection for Run-time check boxes, the adapter first looks for the password in the project file. If there is no specified password, the adapter uses the password specified in the .tra file.



• In the 4.x release, the run-time password is not saved in the project file. Therefore, the adapter uses the password that you specify in the .tra file.

Converted Certificates and Keys Directory

A directory containing the converted certificates is created via certutil.

Client Certificate Name

Specify the name of the certificate that you want to use for client authentication.

Client Key Password

Specify the password to the encrypted private key database.

Verify Server Certificate Common Name

Every certificate has a field called the Common Name (CN). If this box is selected, then the adapter will verify that the CN in the LDAP server's certificate is the same as the DNS name of the LDAP server host.

Maximum Number of Reconnect Attempts

Specify the total number of reconnection attempts to make before the run-time adapter or adapter service is stopped. A value of -1 means reconnection attempts will continue indefinitely. You cannot specify a value of zero.

Number of Reconnect Attempts Before Suspending Impacted Service(s)

Specify the number of reconnection attempts to make before suspending the adapter services.

Interval between Reconnect Attempts (milliseconds)

Specify the time interval in milliseconds, between each reconnection attempt.

You must select SSL under the Design-time Connection tab, or SSL options will not be available at runtime.

If you are using Active Directory as the LDAP server and setting up a publication service, you must also import the certificate to the systems certificate store on the Microsoft Windows machine that will run the adapter. For more information on this, see Converting Certificates to Use SSL at Run-Time on page 87.



Adapter Termination Criteria (after max number of reconnect attempts)

The adapter provides the following choices:

• When All Services Are Suspended — To stop the adapter when a service is suspended. Therefore, only the adapter service that cannot reconnect is stopped. Other adapter services that are connected continue to function normally.

• When Any Service is Suspended — To stop the adapter if any one service is unable to re-establish a connection after the specified number of reconnection attempts.

However, since the adapter currently supports only a single connection to a LDAP server, either choice results in the same behavior. The adapter stops after the maximum number of reconnection attempts.

General Tab

Termination Subject or Topic

A message sent on the termination subject (if TIBCO Rendezvous is the transport) or topic (if JMS is the transport) stops the adapter. In most cases, you should use the default value.

See TIBCO Rendezvous Concepts for information about specifying subject names. See the TIBCO Enterprise Message Service User’s Guide for information about publishing on a topic.

Adapter Encoding

This field has the ASCII and UTF8 values.

Multithreading TabIt is possible to run the adapter in the multithreaded mode for improved throughput and performance. You can specify the number of concurrent dispatcher threads that are to be operated for a given session.



Session Name

Shows the TIBCO-enabled application session that has been created by TIBCO Designer.

Number of Threads

Specifies the number of dispatch threads to be started for this session.

Logging Tab

Use Advanced Logging

When Use Advanced Logging is not selected (the default), you can set two standard output destinations (sinks) for trace messages and set the tracing level for the roles selected.

When Use Advanced Logging is selected, you have complete control on selecting the destinations and associating desired roles with each of the destinations.

To create and configure the sinks, select the log sinks folder under the Advanced folder in the project panel.

To create sinks, drag and drop the Generic log sink icon from the palette panel into the design panel. From the configuration panel, select the sink type. The following are the sink types available:

• File

• Hawk

• Network

• STDIO

A termination service must use a different session from the session that is configured because if all threads are waiting for a connection, there will be no thread available to process the termination request. Setting a session for the termination service that is different from the configured session ensures that the request is processed immediately.

It is recommended that you set the threading after configuring all the services. Setting the threads after configuring the services will allow you to inspect all the different sessions and choose the appropriate thread counts.



When File and STDIO sinks are created from the Generic log sink they offer further configuration options. For the File sink, the file limit, file count, and the option to append or overwrite can be specified. When created by default, this is set to 30000 bytes, 3 and Append Mode respectively. For the STDIO sink, the option to write to stdout or stderr can be selected. When created by default, stdout is selected.

The Hawk sink uses the hawk session, created and used by the adapter for monitoring purposes, to send tracing messages to the TIBCO Hawk monitor or Display. For details on Hawk sessions, see Using Global Variables on page 152. The configuration for the Hawk sink involves specifying the MicroAgent Name that must be specified in the configuration panel.

The Network sink is used to publish tracing messages on TIBCO Rendezvous. The configuration for the network sink involves specifying the session, and the subject on which the trace messages needs to be published.

For all the sinks, optionally the name and description for the sink can be provided.

Log to Standard I/O

(STDIO Sink) When selected, trace messages are displayed in the command prompt window where the adapter is started. When not selected, trace messages do not display in the window.

Log File

Specify the name of the log file (log sink) to which trace messages are written. Global variables can be used to specify the location of the log file. See Using Global Variables on page 152 for more information.

The roles available are Info, Debug, Warning, and Error messages. The trace message generated depends on the roles selected. Turning on the roles can affect the performance of the adapter. Therefore, it is recommended that you turn on the required roles only.

Log Info/Debug/Warning/Error Messages

Trace messages of the selected level(s) will be collected in the named log sink. You can configure what levels of trace messages you want logged, and where trace messages are sent. There are three types of logs (log sinks) that you can configure to hold trace messages, corresponding to three levels (roles) of trace messages, Information, Warning and Error. A fourth level of trace messages, Debug, is reserved and should not be enabled unless requested by the TIBCO Product Support Group. This option writes a lot of information to the log file and significantly reduces the speed of the adapter.



Startup Tab

Show Startup Banner

Select this option to show the startup banner. The startup banner displays the run-time adapter version, the infrastructure version on which the adapter is built, and copyright information in the console window when the adapter is started.

Metadata Search URL

This field is predefined and cannot be changed. The field specifies the location where the adapter searches for base schemas. The adapter searches for any schema that has been defined and saved at this location, and that should be loaded at startup.

Monitoring TabMany of the following fields make use of global variables. Click the Global Variables tab in the project panel to enter a value for a global variable.

Enable Standard Microagent

Allows you to turn on or off the standard TIBCO Hawk Microagent. The way to turn it on or off is also configurable. By clicking the globe icon, a standard check box or text value (true or false) can be used to turn the standard microagent on or off.

Standard Microagent Name

This is the name for the standard microagent that will be registered with the TIBCO Hawk system. In most cases the default value is used. The InstanceId variable need not be set because it is automatically set at run time by the run-time adapter.

Enable Class Microagent

Allows you to turn on or off the instance or class specific standard TIBCO Hawk Microagent. The way to turn it on or off is also configurable. By clicking the globe icon, a standard check box or text value (true or false) can be used to turn the class microagent on or off.



Class Microagent Name

This is the name for the class microagent that will be registered with the TIBCO Hawk system. In most cases the default value is used.

Class Microagent Timeout

Specifies the amount of time the Hawk Agent should wait for HMA method invocations to complete before timing them out. The default is 10000 milliseconds. Normally there is no need to change this value, however, on machines under extreme stress where method invocations are timing out, this new option allows the timeout value to be increased.

Standard Microagent Timeout

See above, Class Microagent Timeout, on page 102.

Default Microagent Session

This field is predefined and cannot be changed. It specifies the name of the TIBCO Rendezvous session that will be used by the standard, class, and custom microagents.

The session name and the corresponding session is automatically generated by TIBCO Designer. Do not change the session name or the session. However, you can modify the session parameters if required. Navigate to the Sessions folder under the Advanced folder to modify the session parameters.

Make sure you have set the correct parameter value for the global variables that correspond to the TIBCO Hawk configuration. If the session parameters are not set properly, the microagents will not display in the TIBCO Hawk Display.


Adapter Services | 103

Adapter Services

After configuring an adapter instance, select one or multiple adapter services for the instance. The following sections describe the services and fields that are available to the adapter.

• Publication Service Fields on page 104

• Subscription Service Fields on page 113

• Request-Response Service Fields on page 122



Publication Service Fields

The following tabs are available:


• Transport Tab on page 105

• Schema View Tab on page 109

• Schema Tab on page 112

The Publication Service supports the following LDAP operations:

INSERT, UPDATE, DELETE and MODIFY DN. Changes made through the INSERT, UPDATE, DELETE and MODIFY DN operations on the LDAP server are picked up by the adapter and published.

Configuration Tab

Name

You can use the default name or replace it with a name of your choice.

• A service name must use alphanumeric characters. An underscore (_) character can be used. The entire instance name must be less than 80 characters. The space character cannot be used in an instance name.

• A service name cannot use global variables.

Description

Provide information about the service that you want stored in the project. The field is optional.

Transport Type

Select the transport to be used by the run-time adapter, JMS or TIBCO Rendezvous. After selecting the transport, the transport-specific configuration fields display.

The transport can be configured to use a trusted store and identity resource for SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions and JMS topics have an SSL configuration field that provides a dialog for SSL configuration.


Publication Service Fields | 105

To enable and configure SSL, in the Project panel, expand the Advanced folder, then expand the Sessions folder. Select the TIBCO Rendezvous session or JMS topic and select the Use SSL check box. The SSL configuration options are explained in the online help associated with the session dialog. Click the question mark to display the online help.

Transport Tab

Message Subject

This field displays only if TIBCO Rendezvous is selected in the Transport Type field (under the Configuration tab).

By default, a service uses a message subject that is generated using the Domain and Deployment global variables, the adapter acronym, the adapter instance name and the service name. If you use this default subject, make sure the values for Domain and Deployment are not empty. You can type a TIBCO Rendezvous subject name different from the default in this field. See TIBCO Rendezvous Concepts for information about specifying subject names.

Destination

This field displays only if JMS is selected in the Transport Type field (under the Configuration tab).

By default a service uses a dynamic destination that is generated using the Domain and Deployment global variables, the adapter acronym, the adapter instance name, and the service name. If you use this default dynamic destination, make sure the values for Domain and Deployment are not empty. You can override the default dynamic destination by specifying the static destination in this field. The static destination must be defined on the JMS server before it can be used by the run-time adapter. See the TIBCO Enterprise Message Service User’s Guide for information about destinations.

Reply Message Subject

This field is not applicable to TIBCO Adapter for LDAP.

Reply Destination

This field is not applicable to TIBCO Adapter for LDAP.

Quality of Service

If TIBCO Rendezvous is selected as the transport type, select:



• Certified

Guarantees that every certified message reaches its intended recipient in the order sent. The message can be sent across network boundaries, and if a network fails, delivery attempts continue until delivery succeeds or until the message's time limit expires. This is often called certified message delivery.

If certified message delivery is used, data is stored in a ledger file. The size of the ledger depends on several factors, the most important of which is the retention rate of stored data. That is, the ledger grows fastest in response to the cumulative length of undeliverable messages. You must ensure that sufficient disk space is available for the expected size of the ledger.

• Reliable

Ensures that each multicast or broadcast message is received as long as the physical network and packet recipients are working, and that the loss of a message is detected. This choice can compensate for brief network failures because it can retransmit a message on request if the first attempt failed. This choice is appropriate when message delivery is expected but some loss can be tolerated.

Wire Format

Services must use the same wire format to exchange data.

• ActiveEnterprise Message (TIBCO Rendezvous only)

Control information for validation is sent in the message. If no control information is included, an exception is returned to the subscriber. ActiveEnterprise standard wire format provides class information and packing rules for the TIBCO Adapter SDK set of data types. This format allows ActiveEnterprise components to perform extra validation on messages sent or received.

See the TIBCO Adapter SDK Programmer’s Guide for details about the control information generated and sent with ActiveEnterprise messages.

• XML Message (TIBCO Rendezvous and JMS)

The XML Message wire format conforms to specifically constructed and fully compliant XML Schema (XSD) based on the existing definition of the ActiveEnterprise schema.



Connection Factory Type

• Topic (JMS only)

A message published to a topic is broadcast to one or more subscribers. All messages published to the topic are received by all services that have subscribed to the topic. This messaging model is known as publish-subscribe.

• Queue (JMS only)

A message sent to a queue is consumed by one and only one receiver. Each message has only one receiver though multiple receivers may connect to the queue. The first receiver to access the queue gets the message. The other receivers do not. This messaging model is known as point-to-point.

Delivery Mode

• Persistent (JMS only)

In general, a message marked persistent will be available to a JMS client even if the JMS server goes down.

• Non-Persistent (JMS only)

A message marked non-persistent will not be available to a JMS client if the JMS server goes down.

Messages sent with the persistent delivery mode are always written to persistent storage, except when they are published to a topic that has no durable subscribers. When a topic has no durable subscribers, there are no subscribers that need messages resent in the event of a server failure. Therefore, messages do not need to be saved, and performance is improved because disk I/O is not required.



The semantics for these fields are more complex than the explanation given here. See the TIBCO Enterprise Message Service User’s Guide for more information.

Session Reference

Every adapter can have one or more sessions configured for it. Sessions encapsulate stateful connections to TIBCO Rendezvous and other messaging sources. The session object shown in this field is initially supplied by the adapter, depending on the Quality of Service selected. You can change the session by browsing for it in the project panel.

Endpoint Reference

You can drag a different endpoint, browse for another endpoint resource, go to the referenced endpoint to edit its properties or delete the endpoint. Endpoint reference objects are explained in the TIBCO Designer Palette Reference.

Typically, a publication service will publish INSERT, UPDATE, DELETE, and MODIFY DN operations. For the publication service on the Active Directory server, a MODIFY DN operation on any monitored entry is published as UPDATE and not as MODIFY DN.

The adapter supports persistent publisher services. Therefore, the adapter will be able to publish changes that occurred on the LDAP server even when the adapter was not running. However, if the adapter is not running when the changes take place on the LDAP server, only INSERT and UPDATE operations will be published. MODIFY DN operations will be published as UPDATE while DELETE operations (for Sun ONE Directory Server and eDirectory) will not be published at all. This is because the deleted entries no longer exist on the LDAP server and information on deleted entries is also no longer available.

For Active Directory, the DELETE operation will be published (whether or not the adapter is running when the delete happens on the server), but Active Directory moves the deleted entry to a Deleted Objects subtree, retaining only its RDN (Relative Distinguished Name), if there is no conflict with other deleted items. The DN of the entry itself is lost. The object GUID (a unique GUID) for the object is retained and may be used to retrieve the object from a parallel store, if it exists.

When the adapter publishes a deleted object, it uses the new DN, not the original DN of the entry. So, for example, the DN may look like:

DN = CN=Aparna DEL:aec6dadb-244d-4fd0-a058-4c6e7ef18a09,CN=Deleted Objects,DC=adsldap

Since the information on the original DN and attribute values are not available on the Active Directory server, the adapter cannot publish those details; only the DN as used in the deleted objects container is available.



Schema View Tab

Base DN

Displays the selected Base DN (Distinguished Name) of a specified node.

To display the Base DN, you can browse the Directory Information Tree by clicking the Browse DIT button and then selecting the required node from the DIT.

When the length of an object class name that is fetched from the Base DN field exceeds 128 characters, the ActiveEnterprise schema created with this name affects the run-time functionality. When you click Apply, a dialog box is displayed that prompts you to enter a shorter name that can be stored in the schema. The name you enter must be unique and less than 128 characters.

Select Object Classes From

There are two methods you can use to select an object class:

If the service has been configured with a long schema name, the dialog box will not display if a service has already been configured for the same object class.



• Sample Entry — You can specify a sample entry so that the object class for that entry is populated in the Objectclasses field.

• LDAP Schema — You can specify an object class by selecting it from the ldap schema on the ldap server.

Sample Entry

This field is available only if you select the Sample Entry option for the Select Object Classes From field.

In your LDAP server, you can specify an entry from the schema you will use for this service. The service will only handle entries with identical object classes.

To specify a sample entry for the schema, you can browse the Directory Information Tree by clicking the Browse DIT button and then selecting the required node from the DIT. This generates the class reference needed for the service, in the Objectclasses field.

For details on specifying object class names, see page 109.

LDAP Schema Classes

This field is available only if you select the LDAP Schema option for the Select Object Classes From field.

To select the LDAP schema classes for the service, you can browse the LDAP schema by clicking the Browse Schema button and selecting the object classes from the Available Objectclasses list.

This generates the class reference needed for the service, in the Objectclasses field.



Maximum Number Of Entries

Click Browse DIT for the Base DN or Sample Entry for Schema fields to access the Maximum Number of Entries field. This field is available in the Select Base DN and Select Sample Entry for Schema dialog boxes. Specify the maximum number of entries that you want to restrict the service to. The DIT expands only if the number of entries is equal to, or less than the value you specify.

Objectclasses

Displays the object class of the entry specified in the Base DN, or Sample Entry fields, if these have been specified. Otherwise, the value from the LDAP Schema Classes field is displayed. You cannot edit this field.

Handle Any Subset of Configured Object Classes

This field is available if a composite object class is displayed in the Objectclass field. Although the adapter is configured for a composite object class, all combinations of the object class are supported. Therefore, if you select the check box, changes made to any attribute of an entry belonging to any subset of the configured object class will be published by the service.

You cannot specify a value greater than 10000 as the maximum number of entries. If you need to select a node within a subtree that has more than 10000 entries, you must specify the DN, in the DN (Base DN/Sample Entry) box.

You may come across the following exceptions The size of the result exceeds server specific limit and The Number of Descendants for this Node are more than the requested number. Additionally, if you are using the Sun ONE Directory Server, you may come across the exception The adminstrative limit on the maximum number of entries to return was

exceeded.



For further details, see the documentation shipped with the server you are using.



By default, this check box is not selected in 4.x adapter instances.

Filter

You can specify a filter option in this field. The adapter supports LDAP V3 filters. Only entries that conform to the specified filter will be published. The conditions used to specify a filter should be syntactically accurate. If the filter specified has an incorrect syntax, the following message is displayed:Syntax of the filter is not valid. Please ensure that you enter a valid LDAP filter.

If the filter syntax is correct but no entries match the filter specifications, the following warning is displayed:No results are found on the LDAP server with the given filter. Please ensure that filter is semantically correct.

This may mean that at the time of configuration, no entries may match the filter, but the entries may be present at run-time.

Schema Tab

Class Reference

Displays the reference to the ActiveEnterprise schema that corresponds to the object class that was configured under the Schema View tab.

This field is not visible when the adapter instance is configured for the Microsoft Active Directory server.


Subscription Service Fields | 113

Subscription Service Fields






Configuration Tab

Name




Description

Provide information about the service that you want stored in the project. The field is optional.

Transport Type


The transport can be configured to use a trusted store and identity resource for use in SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions and JMS topics have an SSL configuration field that uses a dialog to perform SSL configuration.

To enable and configure SSL, in the Project panel, expand the Advanced folder, then expand the Sessions folder. Select the TIBCO Rendezvous session or JMS topic and click Use SSL?. The SSL configuration options are explained in the online help associated with the session dialog. Click the question mark to display the online help.



LDAP Operations

Specify the operations that this service supports. At least one operation must be selected. Select:

• Insert — To add an entry.

• Update — To update an existing entry.

• Delete — To remove an entry.

• Upsert — To update an entry if it already exists. If the entry does not exist, running this operation will insert it.

• Validate Object — To validate the object class of a requested entry against the configured object class for LDAP_DELETE and LDAP_MODIFY operations.

• Modify DN — To move an entry from one location to another by changing the RDN (Relative Distinguished Name). If you select this option, all variations of the UPDATE operation are used. If you do not select this option, none of the UPDATE operation variations are used.

Update Only if Different

The adapter has additional support for synchronization of entries between two LDAP servers through a configuration option in the subscription service. This option prevents infinite loops for server synchronization scenarios. To determine the scenarios in which this option should be selected, refer to LDAP Server Synchronization on page 157.

Chase Referrals

Select this check box to specify that if a referral is encountered during an operation, the referral should be followed.

When you browse the DIT tree, the adapter palette will not follow a referral and only entries on the configured server will be displayed.

The referring server returns an LDAP URL in the following format: ({ldap|ldaps}://<host>[:<port>]/<DN>).

Depending on the URL used, the following referral chasing scenarios are possible:

• If the URL is ldaps://, then referral chasing uses SSL.

• If the URL is ldap://, then referral chasing does not use SSL.



• If the bind to the original server is SSL-EXTERNAL and the referral URL is ldap://, then the bind to referred server will be anonymous.

Referral Hop Count

This field specifies the number of servers that must be followed if a referral is encountered. If there are more referral servers than the number specified in this field, these servers will not be in the purview of the specified operation. This field is available only if you select the Chase Referrals check box.

Transport Tab

Message Subject


By default a service uses a message subject that is generated using the Domain and Deployment global variables, the adapter acronym, the adapter instance name and the service name. If you use this default subject, make sure the values for Domain and Deployment are not empty. You can type a TIBCO Rendezvous subject name different from the default in this field. See TIBCO Rendezvous Concepts for information about specifying subject names.

Destination


By default a service uses a dynamic destination that is generated using the Domain and Deployment global variables, the adapter acronym, the adapter instance name and the service name. If you use this default dynamic destination, make sure the values for Domain and Deployment are not empty. You can override the default dynamic destination by specifying the static destination in this field. The static destination must be defined on the JMS server before it can be used by the run-time adapter. See the TIBCO Enterprise Message Service User’s Guide for information about destinations.

Referrals are not supported for the Publication service.

Chasing referrals for a selected operation will work only if the authentication information used for connecting to the servers is identical for all servers.



Quality of Service


• Certified



• Distributed Queue

Distributed queue includes a group of cooperating transport objects, each in a separate process. Each transport object is called a member. To balance the transmission load among servers, the adapter can use distributed queues for one-of-n delivery of messages to a group of servers. Each member of a distributed queue listens for the same subject using the TIBCO Rendezvous Distributed Queue listener objects. Even though many members listen for each inbound message (or task), only one member processes the message. For details on distributed queues, see TIBCO Rendezvous Concepts.

Load balancing for the processing of TIBCO Rendezvous certified messages is supported by using distributed queuing. The messages from TIBCO Rendezvous are distributed equally among all instances that belong to the same group. This distributes the message load over several adapter instances. However, the order in which messages are sent to the application is not guaranteed.

• Reliable


Wire Format







• XML Message (TIBCO Rendezvous and JMS)



This field is available only if JMS transport is selected.





Delivery Mode

For a subscription service, a message is marked as durable or non durable. This field is available only if JMS transport is selected.

• Durable

If a subscription service is marked durable, it indicates that messages need to be resent on the configured topic or queue, if the JMS server goes down.

• Non-Durable

If a subscription service is marked non-durable, it indicates that messages will not be resent on the configured topic or queue, if the JMS server goes down.

The semantics for these fields are somewhat more complex than the explanation given here. See the TIBCO Enterprise Message Service User’s Guide for more information.



Session Reference


Endpoint Reference


Schema View Tab

Base DN


To display the DN, you can browse the Directory Information Tree by clicking the Browse DIT button and then selecting the required node from the DIT.






If the service is configured with a long schema name, the dialog box will not display if the service has already been configured for the same object class and has a shorter name.



Sample Entry





LDAP Schema Classes







Click Browse DIT for the Base DN or Sample Entry for Schema fields to access the Maximum Number of Entries field. This field is available in the Select Base DN and Select Sample Entry for Schema dialog boxes. Specify the maximum number of entries that you want to restrict the service to. The DIT expands only if the number of entries is equal to, or less than the value you specify.

Objectclasses



This field is available if the object class displayed in the Objectclass field is a composite object class. If you select the check box, changes made to any element of the composite object class will be used by the subscription service.



exceeded.






Schema Tab

Class Reference




Request-Response Service Fields






Configuration Tab

Name




Description

Provide information about the service that you want stored in the project. This field is optional.

Transport Type


The transport can be configured to use a trusted store and identity resource for use in SSL (Secure Sockets Layer) configurations. TIBCO Rendezvous sessions and JMS topics have an SSL configuration field which uses a dialog to perform SSL configuration.

To enable and configure SSL, in the Project panel, expand the Advanced folder, then expand the Sessions folder. Select the TIBCO Rendezvous session or JMS topic and click Use SSL?. The SSL configuration options are explained in the online help associated with the session dialog. Click the question mark to display the online help.


Request-Response Service Fields | 123

LDAP Operations

Specify the operations that this service supports. At least one operation must be selected. Select:

• Insert — To add an entry.

• Update — To update an existing entry.

• Delete — To remove an entry.

• Upsert — To update an entry if it already exists. If it does not exist, this operation inserts it.

• Modify DN — To move an entry from one location to another by changing the RDN.

• Lookup — To find an entry.

• Validate Object — To validate the object class of a requested entry against the configured object class for LDAP_DELETE and LDAP_MODIFY operations.

• Authenticate — To validate or bind a user DN.

• Search — To find entries that match a search criteria.

The search filter defines criteria that an entry must match to be returned from a search. The basic component of a search filter is an attribute value assertion of the form: attribute operator value

For example: (|(sn=Smith)(sn=Miller)) matches entries with the surname Smith or the surname Miller.

TIBCO Adapter for LDAP supports standard LDAP search. Therefore, if your search filter is LDAP compatible, the adapter will be able to successfully execute the action.

For more details on search filters and their syntax, see the following RFC at http://www.ietf.org/rfc/rfc1558.txt

If you select this field, the Limit Search Results field is displayed.

• Limit Search Results — If you select this check box, the Enter the Number of Entries field is displayed.

• Enter the Number of Entries — Specify the number of entries that the adapter should search. The default is 1000.

• Extended Search — If you select this check box, the adapter returns all the entries found in the search without checking for the configured objectclasses that the entry belongs to.



Chase Referrals

Select this check box to specify that if a referral is encountered during an operation, the referral should be followed.

When you browse the DIT tree, the adapter palette will not follow a referral and only entries on the configured server will be displayed.

The referring server returns an LDAP URL in the following format: ({ldap|ldaps}://<host>[:<port>]/<DN>).

Depending on the URL used, the following referral chasing scenarios are possible:

• If the URL is ldaps://, then referral chasing uses SSL.

• If the URL is ldap://, then referral chasing does not use SSL.

• If the bind to the original server is SSL-EXTERNAL and the referral URL is ldap://, then the bind to referred server will be anonymous.

Referral Hop Count

This field specifies the number of servers that must be followed if a referral is encountered. If there are more referral servers than the number specified in this field, these servers will not be in the purview of the specified operation. This field is available only if you select the Chase Referrals check box.

Transport Tab

Message Subject


By default a service uses a message subject that is generated using the Domain and Deployment global variables, the adapter acronym, the adapter instance name and the service name. If you use this default subject, make sure the values for Domain and Deployment are not empty. You can type a TIBCO Rendezvous subject name different from the default in this field. See TIBCO Rendezvous Concepts for information about specifying subject names.

Referrals are not supported for the Publication service.

Chasing referrals for a selected operation will work only if the authentication information used for connecting to the servers is identical for all servers.



Destination


By default a service uses a dynamic destination that is generated using the Domain and Deployment global variables, the adapter acronym, the adapter instance name and the service name. If you use this default dynamic destination, make sure the values for Domain and Deployment are not empty. You can override the default dynamic destination by specifying the static destination in this field. The static destination must be defined on the JMS server before it can be used by the run-time adapter. See the TIBCO Enterprise Message Service User’s Guide for information about destinations.

Quality of Service


• Certified



• Distributed Queue

Distributed queue includes a group of cooperating transport objects, each in a separate process. Each transport object is called a member. To balance the transmission load among servers, the adapter can use distributed queues for one-of-n delivery of messages to a group of servers. Each member of a distributed queue listens for the same subject using the TIBCO Rendezvous Distributed Queue listener objects. Even though many members listen for each inbound message (or task), only one member processes the message. For details on distributed queues, see TIBCO Rendezvous Concepts.

Load balancing for the processing of TIBCO Rendezvous certified messages is supported by using distributed queuing. The messages from TIBCO Rendezvous are distributed equally among all instances that belong to the same group. This distributes the message load over several adapter instances. However, the order in which messages are sent to the application is not guaranteed.



• Reliable


Wire Format





• XML Message (JMS only)









Delivery Mode

For a subscription service, a message is marked as durable or non durable. This field is available only if JMS transport is selected.

• Durable

If a request-response service is marked durable, it indicates that messages need to be resent on the configured topic or queue, if the JMS server goes down.

• Non-Durable

If a request-response service is marked non-durable, it indicates that messages will not be resent on the configured topic or queue, if the JMS server goes down.

The semantics for these fields are more complex than the explanation given here. See the TIBCO Enterprise Message Service User’s Guide for more information.

Session Reference


Endpoint Reference


Schema View Tab

Base DN


To display the Base DN, you can browse the Directory Information Tree by clicking the Browse DIT button and then selecting the required node from the DIT.








Sample Entry





LDAP Schema Classes




If the service has been configured with a long schema name, the dialog box will not display if a service has already been configured for the same object class.




Click Browse DIT beside the Base DN or Sample Entry fields to access the Maximum Number of Entries field. This field is available in the Select Base DN and Select Sample Entry for Schema dialog boxes. Specify the maximum number of entries that you want to restrict the service to. The DIT expands only if the number of entries is equal to, or less than the value you specify.

Objectclasses



This field is available if the object class displayed in the Objectclass field is a composite object class. If you select the check box, changes made to any element of the composite object class will be used by the request-response service.



exceeded.






Schema Tab

Class Reference



Supported LDAP Operations and Message Structure | 131

Supported LDAP Operations and Message Structure

TIBCO Adapter for LDAP supports the following:

• INSERT Operation

• DELETE Operation

• UPDATE Operation

• MODIFY DN Operation

• UPSERT Operation

• LOOKUP Operation

• SEARCH Operation

• AUTHENTICATE Operation

These operations are done in the context of the wire schema and the native schema.

Native schema contains the attribute names (field names) of any object class that is configured for the service. Each attribute is a multi-value sequence of strings.

For example, if the object class is inetOrgPerson the native schema is:

inetOrgPerson{

sncntelephoneNumber

{

}...

}

Wire schema contains the native schema as well as the Opcode, DN, NewDN, Objectclass, SearchCondition, and Attributes.

For example:

inetOrgPerson{

OpcodeDNNewDNObjectClassSearchconditionAttributes



{sncntelephoneNumber...

}}

Details about an LDAP operation is specified using a wire schema.

You can specify the Opcode acronym for the operation to work. For example, if you specify AT for the INSERT operation, the adapter will use only the first character of the acronym. The same concept is applicable for all Opcodes. For Opcodes that have a two-letter acronym, the adapter will use the first two characters and ignore all subsequent characters. However, if the first letter of an acronym is not valid, the adapter will display an error.

INSERT Operation

The INSERT operation uses the LDAP_ADD or A operation codes and will add an entry to the LDAP server.

For an INSERT operation using the LDAP_ADD operation code, the inbound message will be in the following format:

inetorgperson{

Opcode = "LDAP_ADD"DN = "uid=xyz,ou=People,o=abc.com"inetOrgPerson

{sn = "abc"cn = "def"telephoneNumber = "123233"objectClass="inetOrgPerson"

}}

The details specified in the native schema will be added for the entry specified in the DN field.

For each operation:

• The specified entry must be within the subtree for the adapter service that you specify during configuration.

• The object class must match the object class of the adapter service.

If either of these two conditions are not met, the operation will fail.



DELETE Operation

The DELETE operation uses the LDAP_DELETE or D operation codes, and will delete an entry from the LDAP server.

For a DELETE operation using the LDAP_DELETE Opcode, the inbound message will be in the following format:

inetorgperson{

Opcode = "LDAP_DELETE"DN = "uid=xyz,ou=People,o=abc.com"

}

UPDATE Operation

The UPDATE operation uses the LDAP_MODIFY or M operation codes, and will modify the entry on the LDAP server by overwriting the existing attribute values in the entry.

The UPDATE operation can be specified as:Opcode = LDAP_MODIFY

Opcode = LDAP_MOD_REPLACE or MR

Opcode = LDAP_MOD_ADD or MA

Opcode = LDAP_MOD_DELETE or MD

• LDAP_MOD_REPLACE or MR will overwrite the existing attribute values with the new attribute values specified.

• LDAP_MOD_ADD or MA will add the new attribute values to the old entry only if the original entry does not contain the attribute values being added.

• LDAP_MOD_DELETE or MD will delete the specified attribute values from an entry.

For the UPDATE operation using the LDAP_MODIFY Opcode, the inbound message will be in the following format:inetorgperson{

Opcode = "LDAP_MODIFY"DN = "uid=xyz,ou=People,o=abc.com"inetOrgPerson

{sn = "abc1"cn = "def1"telephoneNumber = "1232331"

For a DELETE operation, the native schema is not required.



}}

MODIFY DN Operation

The MODIFY DN operation replaces the RDN (Relative Distinguished Name) of an entry specified in the DN field with the RDN specified in the NewDN field. This operation uses the LDAP_MODIFYKEY or MK operation codes.

For example, for the MODIFY DN operation using the LDAP_MODIFYKEY Opcode, the inbound message appears in the following format:

inetorgperson{

Opcode = "LDAP_MODIFYKEY"DN = "uid=xyz,ou=People,o=abc.com"NewDN="uid=ijk"

}

UPSERT Operation

The UPSERT operation is an INSERT or an UPDATE operation. If the entry does not exist, it will be added. If the entry exists, it will be modified. This operation uses the LDAP_UPSERT or U operation codes.

For the UPSERT operation using the LDAP_UPSERT Opcode, the inbound message will be in the following format:

inetorgperson{

Opcode = "LDAP_UPSERT"DN = "uid=xyz,ou=People,o=abc.com"inetOrgPerson

{sn = "abc"cn = "def"telephoneNumber = "123233"objectClass="inetOrgPerson"

}}

LOOKUP Operation

This operation is available with the request-response service. The LOOKUP operation uses the LDAP_LOOKUP or L operation codes.

For the LOOKUP operation using the LDAP_LOOKUP operation code, the inbound message will be in the following format:inetorgperson{

Opcode = "LDAP_LOOKUP"DN = "uid=xyz,ou=People,o=abc.com"



}

SEARCH Operation

This operation is available with the request-response service. The SEARCH operation can be specified as:

Opcode = LDAP_SEARCH or SSOpcode = LDAP_SEARCH_BASE or SBOpcode = LDAP_SEARCH_ONELEVEL or SOOpcode = LDAP_SEARCH_SUBTREE

LDAP_SEARCH_BASE helps you to search for an entry using a search condition, LDAP_SEARCH_ONELEVEL helps you to search one level below the base using a search condition, not including the base, and LDAP_SEARCH_SUBTREE lets you search the entire subtree.

For details on search filters and their syntax, see the following RFC at http://www.ietf.org/rfc/rfc1558.txt

For the SEARCH operation, the inbound message will be in the following format:

inetorgperson{

Opcode = "LDAP_SEARCH"DN = "ou=People,o=abc.com"SearchCondition = "[email protected]"

}

OR

inetorgperson{

Opcode = "LDAP_SEARCH"DN = "ou=People,o=abc.com"SearchCondition = "[email protected]"Attributes =

{telephoneNumberMobileNumber

}}

In the first search condition, all entries that match the search criteria are returned with all the details of each entry, including the DN.

For the LOOKUP operation, native schema is not required as you are merely checking if the entry exists or not.

LDAP_SEARCH and LDAP_SEARCH_SUBTREE are the same.



In the second search condition, only the details specified as the Attributes (telephoneNumber and MobileNumber) are returned along with the DN.

The outbound message will be in the following format:

inetorgperson{

{DN = "uid=abc,ou=People,o=abc.com"inetorgperson{

}}

inetorgperson{DN = "uid=xyz,ou=People,o=abc.com"inetorgperson{

}}

.

.

.

}

When you perform a search, a number of entries may be retrieved. Therefore, the outbound message will be a sequence of wireschema that has details about each entry specified in the native schema. Each entry is identified by its DN, mentioned in the wireschema.

However, you can also set an attribute filter. The adapter search operation can fetch attributes that are a subset of the attributes of the configured object class and this can be specified in the Attributes attribute of the Request-Response Server service schema.

AUTHENTICATE Operation

This operation is available only for the request-response service. The AUTHENTICATE operation uses the LDAP_VALIDATE_USR or V operation codes.

For the AUTHENTICATE operation using the LDAP_VALIDATE_USR operation code, the inbound message will be in the following format:

The filter should be specified as a sequence.



inetorgperson {

Opcode = "LDAP_VALIDATE_USR" DN = "uid=xyz,ou=People,o=abc.com" Password = "secret"

}

For the AUTHENTICATE operation, there is no native schema as you are merely checking if the entry can be authenticated or not.



Specifying an Attribute Filter as a Sequence

To specify an attribute filter as a sequence using TIBCO IntegrationManager:

1. In TIBCO IntegrationManager, under the Design tab, select the process diagram that contains the object class to be mapped.

2. Double-click a mapper class in the process diagram. The Mapper Task Edit Dialog displays. Select the required output schema by clicking the Add Schema button.

3. Right-click the Attributes node in the output and select Add Multiple.

4. Type the name of the new attribute in the Name of multiple policy node field, and click OK.

5. Double-click the node you created. Enter the names of the attributes you want to retrieve, in the Formula field.

6. Click OK in the Mapper Task Edit Dialog.

7. Repeat step 3 to step 6 to create multiple Attributes.

The Mapper task allows independent repetitions of the original output schema; also, you can have as many repetitions as needed. To delete the multiple copies, right-click the copy and select Delete.

The name of the Attributes node that you create must be unique.


Handling Entries Belonging to Multiple Object Classes | 139

Handling Entries Belonging to Multiple Object Classes

If an entry in the LDAP server belongs to a composite object class, for example, a.b.c, you must use TIBCO IntegrationManager to map the entry to each object class.

TIBCO IntegrationManager supports multiple policy mapping which is an extension of repetition mapping. This means that you can have repetitions in the output created by multiple sources in the input. For details, see Repetition Mapping in the TIBCO IntegrationManager Process Design Guide.

To map entries to multiple object classes:

1. In TIBCO IntegrationManager, under the Design tab, select the process diagram that contains the object class to be mapped.

2. Double-click a mapper class in the process diagram. The Mapper Task Edit Dialog displays.

3. Right-click objectClass in the output and select Add Multiple.

4. Type the name of the new object class node in the Name of multiple policy node field.

5. Double-click the node you created. Enter the names of the object classes you want to map to this node, in the Formula field.

6. Click OK in the Mapper Task Edit dialog box.

7. Repeat step 3 to step 6 to create multiple objectClass nodes. You can map each node to one or more object classes. Also, you can map two or more nodes to the same object class.

The Mapper task allows you to have independent repetitions of the original output schema and you can have as many repetitions as needed. Additionally, you can remove all the multiple mappings you have created in the output, with the exception of the original repeating node where you derived the copies from. To delete the multiple copies, right-click the copy and select Delete.

Add Multiple does not overwrite the datatype substitutions when using multiple policy mapping.

The names of the objectClass nodes that you create must be unique.


| 141

Chapter 6 Deploying and Starting the Adapter Using TIBCO Administrator

Topics

• Create an EAR File in TIBCO Designer, page 142

• Create an EAR File in TIBCO Designer, page 142

• Deploy the Project, page 143

• Start or Stop the Adapter, page 144

• Monitor the Adapter, page 145

This chapter provides an overview about deploying, starting, stopping, and monitoring adapter services using the TIBCO Administrator web interface.


142 | Chapter 6 Deploying and Starting the Adapter Using TIBCO Administrator

Create an EAR File in TIBCO Designer

Generate an Enterprise Archive file (EAR) that contains information about the adapter services to deploy.

The EAR file contains information on what you wish to deploy. This could be one or more adapter services, one or more TIBCO BusinessWorks process engines, or both.

In TIBCO Designer, follow these steps to create an EAR:

1. Configure the adapter services.

2. Drag and drop the Enterprise Archive resource from the palette panel to the design panel.

3. Select the Enterprise Archive. Drag and drop the Process Archive resource from the Process palette panel to the design panel. If there are any processes in your project, configure them using the Browse Resources button.

4. If there are any configured adapter services in your project, an Adapter Archive resource becomes available in the Adapter Resources palette panel. Drag the Adapter Archive into the design panel and specify information in the Configuration tab, then click Apply.

5. Go to the Enterprise Archive and click Build Archive to create the EAR file.

See Also

See the TIBCO Designer User’s Guide for more information about this procedure. The guide is available from the TIBCO Designer Help menu.

Building an archive creates the EAR file, which you can then deploy from TIBCO Administrator. If you make changes to the business processes or adapter services included in the archive, you need to rebuild the archive. Saving the project does not affect the archive.


Deploy the Project | 143

Deploy the Project

Before deploying a project, the machine on which the adapter is installed must be part of a TIBCO administration domain. After you have installed the TIBCO Administration Server, any machine on which you install TIBCO Runtime Agent (required by an adapter) is automatically added to the administration domain. The TIBCO software installed on the machine is then visible and accessible via the TIBCO Administrator GUI.

When you deploy a project, startup scripts and other information about the different components are sent to the machines to which the components were assigned. The project data store and TIBCO Administration Server are updated with the deployed components.

To deploy a project:

1. Start TIBCO Administrator and import the EAR file into TIBCO Administrator Enterprise Edition.

2. Assign adapter archives to adapters installed in the administration domain and likewise assign process archives to process engines.

3. Specify startup options for each adapter service.

Password Handling

At design time, the adapter uses a password to connect to the backend application and fetch metadata. At run-time, the adapter uses a password to connect to the back-end application and interoperate with it. If you create a 4.x configuration using TIBCO Designer 5.1, and use the configuration against a 4.x adapter version, some special considerations are required for security.

When deploying the adapter, check that the password has been specified in the adldap.adldapPassword property.

See Also

See the TIBCO Administrator User’s Guide for an introduction to the TIBCO administration domain and detailed information about the above steps.



Start or Stop the Adapter

The TIBCO Administrator Application Management module allows you to start, and stop deployed applications.

To start an adapter service from the module:

1. In the Administrator GUI left pane, expand Application Management > Application-Name > Service Instances.

2. In the Service Instances panel, select the check box next to the adapter service.

3. Click the Start Selected button.

The status changes from Stopped to Starting up to Started.

4. To stop the adapter service, select it, and then click the Stop Selected button.

See Also

See the TIBCO Administrator User’s Guide for more information.


Monitor the Adapter | 145

Monitor the Adapter

TIBCO Administrator offers a number of monitoring options. • Specify alerts and TIBCO Hawk rulebases for each machine in the domain.

• Specify alerts and Hawk rulebases for each adapter service.

• View the log for each adapter service.

See Also

See the TIBCO Administrator User’s Guide for information about configuring the above monitoring options.


| 147

Chapter 7 Advanced Topics

This chapter explains advanced topics.

The advanced features help you to use the adapter with a revision control system, define a TIBCO Hawk session to monitor the adapter, use variable substitution to override global variables that are predefined in the project, set encoding options before running the adapter so that it can handle files that use different encodings, synchronize LDAP servers, configure the repository for binary attribute support, acknowledge and publish messages, and add a user with a password to Active Directory.

Topics

• Using the Adapter with a Revision Control System, page 148

• Defining a TIBCO Hawk Session, page 150

• Using Global Variables, page 152

• Setting Encoding Options, page 156

• LDAP Server Synchronization, page 157

• Configuring the Repository for Binary Attribute Support, page 159

• Message Acknowledgement, page 160

• Publishing Messages, page 162

• Updating Entries in the LDAP Server, page 165

• Adding a User Account with a Password into Microsoft Active Directory Server, page 166

• Changing the LDAP Server Connection Parameters, page 167


148 | Chapter 7 Advanced Topics

Using the Adapter with a Revision Control System

TIBCO Designer supports revision control systems such as MicroSoft Visual SourceSafe and Perforce. If you are using a revision control system, you must manually add some configured resources to the revision control system and check in the resources when completing the instance configuration.

As part of service configuration, the adapter creates schema files in root/AESchemas/ae. For example, if you configure a service in an adapter configuration Instance1, the following files are created:

Project_root/AESchemas/ae/Instance1.aeschema

The AESchemas/ae folder initially contains baseDocument.aeschema, which is a TIBCO-defined schema. The following figure shows the schema files that are created when you save the configuration.


Using the Adapter with a Revision Control System | 149

When the project is saved and a revision control system has been specified, the adapter displays a warning that additional files were created and should be added to the revision control system. This warning appears only when the files are created for the first time. The warning displays a Go To Resource button that helps in navigating to the resource. Use the Multi-User > Add Resources to RCS menu command to add these files to the revision control system. The following figure shows a warning that may be displayed:

For information about how to use the Multi-User feature in TIBCO Designer, refer to the TIBCO Designer User’s Guide.



Defining a TIBCO Hawk Session

To use TIBCO Hawk to monitor the adapter you must first define a TIBCO Rendezvous session on which TIBCO Hawk messages will be sent and received. Use the following steps to create the session.

1. In the project tree panel, click the LDAP Adapter Configuration icon defined for your adapter instance.

2. Select the Show Advanced Settings check box, then click the Monitoring tab.

3. The Default MicroAgent Session contains the name of the Hawk session: DefaultHawkSession. Use default settings for the other fields.

The next diagram shows the definition for a Monitoring tab.

4. Open the Advanced folder for the adapter instance. Double-click the Sessions folder.


Defining a TIBCO Hawk Session | 151

5. Double-click the DefaultHawkSession icon.

6. In Service, type 7474 (the default used by TIBCO Hawk) or modify the global variable by clicking the Global Variables tab.

7. In Daemon, type tcp:7474 (the default used by TIBCO Hawk) or modify the global variable by clicking the Global Variables tab.

8. If you choose to change the defaults, click Apply and save the project.

The next diagram shows the HawkSession defined.



Using Global Variables

The variable substitution mechanism can override global variables predefined in the project in a restricted manner. Predefined variables can be viewed and set in TIBCO Designer. Variables are specified as %%VARNAME%% and cannot contain any white space.

Variable substitution allows you to accomplish the following:

• Substitute string variables specified in the project at startup time.

• Locally define the value for a variable for a specific project. The local value takes precedence over any global value.

• Specify the value for a variable in a properties file. This overrides the project repository and values set in code, but not variables set on the command line.

• Enforce the pre-defined variables listed in Predefined Global Variables on page 154.

Variables can be used anywhere in the configuration and will be replaced by the locally-defined adapter instance.

Specifying Variables Using TIBCO Designer

Global variables provide an easy way to set defaults for use throughout your project. There are several ways in which they can be used:

• Define a variable using TIBCO Designer, then override the value for individual applications at deployment time using TIBCO Administrator. You can also override values for predefined variables, unless the GUI does not allow you to make them settable later.

• Predefine a variable using TIBCO Designer, then override the value for individual services (for example, publication service or TIBCO BusinessWorks process) at deployment time using TIBCO Administrator. The values you specify are then used at runtime. You can also override values for predefined variables, unless the GUI does not allow you to make them settable later.

For example, you could assign the value 7474 to the predefined global variable RvDaemon. You can then use the variable in different sessions in your adapter. If you wish to change the TIBCO Rendezvous daemon for your adapter, you can globally set it to a different value or override it from the command line.

To use global variables in your project, follow these steps:

1. In the project panel, select the Global Variables tab.


Using Global Variables | 153

The project panel is updated to display all currently defined global variables. You now have these choices:

— To assign or change a variable value, select that region and triple-click the variable. The variable expands so you can change either the variable name or the variable value. Press Enter when you’re done.

— To add a new global variable group, click the leftmost icon at the bottom of the dialog box. Specify the name of the group, then press Enter. With the group icon selected, you can click the abc icon to add variables to the group.

— To add a global variable, click the abc icon. A new global variable item is added to the bottom of the list. Supply the variable name and, optionally, the value. Press Enter when you’re done.

The global variable is now displayed in the global variables list.

2. When you want to use the global variable in the fields of a resource, enter the variable name surrounded by %% on both sides.

When the project is deployed and the configured components are run, all occurrences of the global variable name are replaced with the global variable value (unless it was overridden in a way that had higher precedence).

A number of global variables are predefined. See Predefined Global Variables on page 154 for information. You may add definitions of any variables you need, to the predefined variables.

Changing Global Variable Values at RuntimeYou can change the value of a global variable when you deploy your project in TIBCO Administrator. See the section on modifying runtime variables in the TIBCO Administrator User’s Guide for more information on using TIBCO Administrator.

You can also specify values for global variables when starting a process engine on the command line. To do this, specify the following as a command line argument when starting the process engine:

-tibco.clientVar.<variablePathAndName> <value>

where variablePathAndName is the name of the variable you wish to set, including the path to the variable if it is contained in a folder. value is the value you wish to set the variable to. For example, if you have a global variable named item1 contained in a folder named myGroup and you wish to set its value to 500, add the following argument to the command line when starting the process engine:

-tibco.clientVar.myGroup/item1 500



Predefined Global VariablesThe next table lists and explains the predefined global variables. Some global variables are automatically used within the system when an adapter instance is configured.

Table 5 Predefined Global Variables

Variable Description

Deployment Defaults to the TIBCO Designer project name. This value can be any string value. This global variable is used by the system to partially define the subject name defined for a service.

DirLedger Specifies the path name of the TIBCO Rendezvous certified messaging ledger file. The default is the root installation directory.

DirTrace Specifies the path name for logging the file used by the adapter. The default is the root installation directory.

Domain The default value for file-based local projects is MyDomain. The value for server-based projects is the domain to which the project was saved.

HawkEnabled Indicates whether TIBCO Hawk is used to monitor the adapter. True indicates that a Hawk microagent is defined for the adapter. False indicates the microagent is not to be used.

JmsProviderUrl Specifies where the JMS server is located. Setting this value mostly makes sense in the early stages of a project, when only one JMS server is used.

JmsSslProviderUrl

Specifies where the JMS server, running in the SSL mode, is located. Setting this value mostly makes sense in the early stages of a project, when only one JMS server is used.

RemoteRvDaemon TIBCO Rendezvous routing daemon (rvrd) to be used. See TIBCO Administrator Server Configuration Guide for details about setting up a domain using rvrd.

RvDaemon TIBCO Rendezvous daemon. Sessions use this daemon to establish communication. The default value is 7500.


Using Global Variables | 155

RvNetwork TIBCO Rendezvous network. This variable need only be set on computers with more than one network interface. If specified, the TIBCO Rendezvous daemon uses that network for all outbound messages.

In most cases, you can leave the default.

RvService TIBCO Rendezvous service. The TIBCO Rendezvous daemon divides the network into logical partitions. Each transport communicates on a single service. A transport can communicate only on the same service with other transports.

Unless you are using a non-default TIBCO Rendezvous configuration, you should leave the default (7500).

RvaHost Computer on which the TIBCO Rendezvous agent runs. This variable is only relevant if you are using the TIBCO Rendezvous Agent (rva) instead of the TIBCO Rendezvous daemon, and if you have configured a non-default setup. See TIBCO Rendezvous Administration for details about specifying the rva parameters.

RvaPort TCP port where the TIBCO Rendezvous agent (rva) listens for client connection requests. See TIBCO Rendezvous Administration for details about specifying the rva parameters. Defaults to 7501.

TIBHawkDaemon TIBCO Rendezvous daemon used in the TIBCO Hawk session. See the TIBCO Hawk Installation and Configuration manual for details about this parameter.

TIBHawkNetwork TIBCO Rendezvous network used by the TIBCO Hawk session. See the TIBCO Hawk Installation and Configuration manual for details about this parameter.

TIBHawkService TIBCO Rendezvous service used by the TIBCO Hawk session. See the TIBCO Hawk Installation and Configuration manual for details about this parameter.

Table 5 Predefined Global Variables

Variable Description



Setting Encoding Options

See the TIBCO Adapter Concepts book for an introduction to Internationalization topics such as Unicode and how adapters handle it.

Complete the following steps prior to running the adapter so it can handle files in different encodings.

1. Configure inter-communication encoding.

The wire format encoding used for communication between adapters and TIBCO applications is determined by the encoding property set in the project. The adapter configuration can be saved in a project:

— At design time or running as a legacy project using a local repository.

— Deployed to a TIBCO Administrator Domain.

If the adapter configuration is saved to a project in an Administration server domain, TIBCO messaging encoding is determined by the repo.encoding property in the server's tibcoadmin.tra file. Each adapter or TIBCO-enabled application that uses the Administration server for storing and retrieving configuration data from a project uses this encoding setting when communicating. This assures that all components (including adapters and other TIBCO-enabled applications) that use the same repository also use the same encoding value to communicate. The repo.encoding property value can be ISO8859-1 (the default) or UTF8. If English or other Latin-1 language data is transmitted between adapters, ISO8859-1 should be used. Otherwise, use UTF8.

If an adapter instance is saved in a local project, the TIBCO messaging encoding is determined by the encoding property of the local project file. To communicate with other adapters using the same encoding, all adapters and applications must have their local project file encoding property set to be identical. The encoding value is set on the root project folder, in the Save Project dialog box, TIBCO Messaging Encoding field. The default value is ISO8859-1.

The encoding property set in the project file is superseded by the server's encoding property.

The encoding property discussed above is the encoding used by the communication between adapters and applications, not the encoding used for the persistent storage of the project files. Project files are always saved using UTF8.


LDAP Server Synchronization | 157

LDAP Server Synchronization

To synchronize two LDAP servers, you need to set up two adapter instances: one instance for each server. Each adapter instance should contain a publication and a subscription service. The publication and subscription services must be configured to the same destination or subject to enable them to exchange data between the two servers. The following two situations are possible:

• The two LDAP servers that you are trying to synchronize have changes happening on separate directory information trees. This situation does not require special configuration. You can configure an adapter instance for use with both synchronized and non-synchronized LDAP servers using identical methods.

• The two LDAP servers have changes occurring on the same or overlapping directory information trees. If the adapter services in the adapter instances use two different object classes, no special configuration is required.

However, if the adapter services use the same object class, you must select the Update Only if Different check box on the Configuration tab of the Subscription service. Selecting this check box enables the adapter subscription service to look up the server and decide whether an update is required. For more information on configuring synchronized LDAP servers, see Configuration Tab on page 113.

Configuring two LDAP servers that have changes occurring on the same or overlapping directory information trees affects the adapter performance because every update through the subscription service involves an additional lookup, which is unnecessary for a non-synchronized configuration.

If the adapter instance is configured for the Microsoft Active Directory Server, the publication service publishes the data with the read-only fields such as uSNCreated, uSNChanged, whenCreated, whenChanged and objectGUID. When the subscription service fails to update these read-only fields, it displays the following error:

Error [Adapter] AE_LDAP-00027 Subscription error. Subscription service 'LDAPSubscriptionService' listening on subject '' failed due to target application invocation error 'Invalid syntax'.

To prevent this error, you need to use TIBCO IntegrationManager to remove the read-only fields from the publishing data.



Password Synchronization between Sun ONE Directory Server and Microsoft Active Directory Server

The LDAP servers use the one-way hash function when storing passwords. Therefore, you cannot use the adapter to synchronize passwords and the system cannot retrieve the original passwords.

Since the Sun ONE Directory Server and Microsoft Active Directory Server use different algorithms to store the passwords, copying the password as opaque data is not available as an option. If you store the passwords in clear text on both the Sun ONE and Active Directory servers, you can copy the password from one server to another. However, this is not a real-world use scenario.


Configuring the Repository for Binary Attribute Support | 159

Configuring the Repository for Binary Attribute Support

The adapter provides support for binary attributes to enable you to work with images, audio files, and so on using the adapter.

At design time, do the following before starting the adapter:

1. After you have configured the adapter services, navigate to the <Project_Root_ folder>/AESchemas/ae/scalar/ae/Sequences folder.

2. Drag and drop a Generic Sequence icon into the Sequences folder and enter the name as sequence[binary].

3. Select Binary as the element type and click Apply.

4. Navigate to the <Project_Root_folder>/AESchemas/ae/adapter/ldap/<LDAP server type>/<LDAP server machine>/native/Classes/<required schema> directory to set the type as binary for the required attributes. This contains the schema that was created. The required schema is the schema that must be modified and can be an object class name such as inetorgperson, user, organization, and so on.

5. Expand the schema and identify the attributes that need to be modified for the binary type. For each attribute, click Browse in the Sequence field and select the sequence[binary] that was created in step 2.

6. Click Apply.

7. Save the project.

The <LDAP server type> and <LDAP server machine> values are the values that you specified in the Server Type and Server Name fields under the Design-Time Connection tab while configuring the adapter instance.



Message Acknowledgement

The following adapter services acknowledge messages:

• Request-Response Service

• Subscription Service

Message Acknowledgement by the Request-Response ServiceThe following scenarios are applicable for message acknowledgement by the request-response service:

• LDAP Server is Not Running

• LDAP Server does Not Respond in Time

• LDAP Server Returns an LDAP Error Code

• LDAP Server Returns a Success Code with Data

LDAP Server is Not Running

If the LDAP server is not running, the adapter verifies that the message was received by the LDAP server and informs you that the server is unavailable. The adapter then tries to reconnect to the LDAP server.

You can configure the number of retries that must be attempted and the interval between each retry in the adapter’s properties file. If the adapter is not able to reconnect to the LDAP server, it will stop attempting to reconnect after the maximum number of retries has been reached.

LDAP Server does Not Respond in Time

In this scenario, a connection timeout results. The adapter returns a timeout message. The adapter then tries to reestablish a connection with the server.

LDAP Server Returns an LDAP Error Code

If the LDAP server returns an LDAP error code because an error has occurred, the adapter returns a message that contains this code.


Message Acknowledgement | 161

LDAP Server Returns a Success Code with Data

If the operation is completed successfully, the LDAP server returns a success code with the processed data. The adapter then sends a response message that contains the success code and the data received from the LDAP server.

Message Acknowledgement by the Subscription ServiceThe following scenarios are applicable for message acknowledgement by the subscription service:

• LDAP Server is Not Running

• LDAP Server is Running, but the API Fails

• LDAP Server is Running and the API Succeeds

LDAP Server is Not Running

In this scenario, the adapter attempts to reconnect to the server immediately. The adapter does not confirm that the messages were received, nor does the adapter inform you that the LDAP server is not running.

You can configure the number of retries that must be attempted and the interval between each retry in the adapter’s properties file. If the adapter is not able to reconnect to the LDAP server, it will stop attempting to reconnect after the maximum number of retries has been reached.

LDAP Server is Running, but the API Fails

In this scenario, an error message is returned by the API. This message can be viewed on the console as well as in the log file.

LDAP Server is Running and the API Succeeds

In this scenario, if you have configured the logging roles, the success code can be viewed in the log messages.



Publishing Messages

This section explains the following:

• Configuring Timers for Publication Services

• Publishing Messages in Sequence

• Persistent Publishing of Messages

• Publishing Duplicate Events

• Publishing Deleted Entries in the Microsoft Active Directory Server

Configuring Timers for Publication ServicesYou can configure the polling interval for the publication service. To do so, in TIBCO Designer, navigate to the <AdapterInstanceName> > Advanced > Timers folder, and select the timer that was created when you added a publication service. On the Configuration tab, specify the polling interval in the Interval (milliseconds) text box. This will determine the interval at which the service will poll the LDAP server. For more details on configuring timers, see the TIBCO Designer Palette Reference.

Publishing Messages in SequenceYou can use the adapter’s publication service to publish messages in sequence.

The publication service of the adapter can behave in one of the following ways:

• If the adapter is running, all changes that are being made will be published in sequence.

• If the adapter is not running and if n number of changes have been made on a particular entry, when the adapter is started, the publication service will publish only the most recent change.

Persistent Publishing of MessagesThere are no special APIs available that you can use for persistent publishing of messages. However, the adapter maintains the timestamp for the last modification that was made when the adapter was running in a .ts file. When the adapter restarts, it identifies the latest changes from the modifytime > timestamp field in the .ts file. The adapter then publishes these updated messages.


Publishing Messages | 163

Publishing Duplicate EventsDuring publishing of messages, the server first returns the entries that match the search criteria of the adapter. However, unlike in an ordinary search, the server keeps the search active until you disconnect from the server. If an entry is changed and the changed data matches the search criteria, the server will publish the modified entry. Therefore, if an entry is changed twice, and both changes match the search criteria when the adapter is running, the LDAP server will publish both changes.

For entries that are changed when the adapter is not running, the adapter does not fetch all the changes that were made. It only retrieves messages that match the search criteria that were modified after the adapter stopped, that is, after the timestamp of the last modification that was received by the adapter when it was running.

Therefore, the adapter cannot publish duplicate changes, if the changes were made when the adapter was not running.

Publishing Deleted Entries in the Microsoft Active Directory Server Entries deleted from a Microsoft Active Directory Server are published with a different DN and without applying the configured filter, if any.

When you delete entries on the Microsoft Active Directory Server, it moves the entries to a Deleted Objects subtree, retaining only its DN and object class, if there is no conflict with other deleted items. When the adapter publishes a deleted object, it uses the new DN, not the original DN of the entry. For example:

DN = CN=Aparna DEL:aec6dadb-244d-4fd0-a058-4c6e7ef18a09,CN=Deleted Objects,DC=adsldap

Since the information about the original DN and attribute values are not available on the Microsoft Active Directory Server, the adapter cannot publish those details; only the DN used in the deleted objects container is available. Therefore, the adapter will publish all deleted entries belonging to the object class irrespective of whether it is a part of the Base DN you selected during configuration.

Additionally, if you configure a publication service with a filter (for example, attribute1 = abc), the adapter cannot search for attribute1 as it no longer exists. Therefore, the adapter will ignore the filter for publishing deleted entries, for Microsoft Active Directory Server.



TIBCO recommends that you do not process DELETE operations published by a publication service configured for the Microsoft Active Directory Server.

Further technical details are available at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/retrieving_deleted_objects.asp


Updating Entries in the LDAP Server | 165

Updating Entries in the LDAP Server

For Subscription and Request-Response services, executing the DELETE, MODIFY, and MODIFYKEY operations on a node results in the adapter trying to validate the object class of the node. To do this, the adapter performs a SEARCH operation to retrieve the details of that node. This affects the performance of the adapter.



Adding a User Account with a Password into Microsoft Active

Directory Server

To add a user account with a password into Microsoft Active Directory Server, you must make the following configuration changes:

1. Configure the adapter instance to use an SSL connection at run time. To do this, configure the SSL parameters in the Run-time Connection tab of the adapter instance. For details on configuring SSL, see Configuring the SSL Environment on page 85.

2. Set the unicodePwd attribute type in the user schema to binary. For details on setting binary attributes, see Configuring the Repository for Binary Attribute Support on page 159.

In the request data that is to be sent to the adapter, the actual password must be enclosed in double quotes. Supply the binary encoded value of the password, including the double quotes, to the unicodePwd attribute.


Changing the LDAP Server Connection Parameters | 167

Changing the LDAP Server Connection Parameters

In the 4.x version of the adapter, the connection parameters for the LDAP server at design-time and run-time were the same. Also, the schema generated for an adapter configuration during design time was stored under folders that derived their names from the specified LDAP server type and the LDAP server name. Therefore, changing the LDAP server after configuring the connection parameters broke the schema references between associated TIBCO BusinessWorks and TIBCO IntegrationManager processes, and the adapter stopped working. The adapter only worked if the schemas of the previous and the current LDAP servers were identical.

In the 5.x version of the adapter, the Run-time Connection tab was introduced. Consequently, although you can continue to use the same connection parameters for the LDAP server at design-time and run-time, you also have the option to specify different design-time and run-time connection parameters. This ensures that you can migrate from one LDAP server to another by specifying different server details in the Design-time Connection and the Run-time Connection tabs. Since the schemas are generated at design time using the server details specified in the Design-time Connection tab, the references are not broken if you change the server details in the Run-time Connection tab. However, for the adapter to work, the schemas on both the servers must be identical.

Additionally, you can specify the global variables for the server details in the Run-time Connection tab, and provide the values at run-time, using the adapter’s properties file. This allows you to migrate the project from one LDAP server to another without modifying the project file. You only need to modify the adapter’s properties file (.tra).

To specify global variables for run-time connection parameters:

1. Open the project file in TIBCO Designer and select the adapter configuration you want to modify.

2. Click the Design-time Connection tab and clear the Use Design-time Connection For Run-time check box.

3. Click the Run-time Connection tab and specify global variables for the server details. You can provide the values for these global variables at run-time, using the adapter’s properties file.

For details on how to configure an LDAP server and specify global variables, see the TIBCO Adapter for LDAP Examples Guide.

This ensures that schema references are not broken when the run-time connection parameters of the LDAP server are changed.


| 169

Chapter 8 Monitoring the Adapter Using TIBCO Hawk

This chapter explains how to use TIBCO Hawk microagents to monitor and manage the adapter.

Topics


• Starting TIBCO Hawk Software, page 171

• The Auto-Discovery Process, page 172

• Invoking Microagent Methods, page 173

• Available Microagents, page 176


170 | Chapter 8 Monitoring the Adapter Using TIBCO Hawk

Overview

TIBCO Hawk is a sophisticated tool for enterprise-wide monitoring and managing of all distributed applications and systems. System administrators can use it to monitor adapters in a wide area network of any size. TIBCO Hawk can be configured to monitor system and adapter parameters and to take actions when predefined conditions occur. These actions include: sending alarms that are graphically displayed in the TIBCO Hawk display, sending email, paging, running executables, or modifying the behavior of a managed adapter.

Unlike other monitoring applications, TIBCO Hawk relies on a purely distributed intelligent agent architecture using publish or subscribe to distribute alerts. TIBCO Hawk uses TIBCO Rendezvous for all messaging and thus gains the benefits and scalability from the TIBCO Rendezvous features of publish/subscribe, subject name addressing, interest-based routing, and reliable multicast.

TIBCO Hawk is a purely event-based system that uses alerts. The agents are configured with rules that instruct them on everything from what and how to monitor to what actions to take when problems are discovered. Thus the workload is fully distributed throughout the enterprise. Every agent is autonomous in that it does not depend on other components to perform its functions.

The TIBCO Hawk Enterprise Monitor consists of these components:

• Display—GUI front end that displays alarms and provides editors to create rule bases, create tests, view messages, and invoke microagents to request information or initiate an action.

• Agents—Intelligent processes that perform monitoring and take actions as defined in rules.

• Rulebases—Rules that are loaded by agents to determine agent behavior.

• Application Management Interface (AMI)—Manages network applications via TIBCO Rendezvous and supports communication between a network application and monitoring TIBCO Hawk agents, including the ability to examine application variables, invoke methods, and monitor system performance.

• Microagents—Feed information back to TIBCO Hawk and expose action methods to rulebases.

For more information, see the TIBCO Hawk documentation.


Starting TIBCO Hawk Software | 171

Starting TIBCO Hawk Software

The TIBCO Hawk agent can be configured to start automatically during the system boot cycle. See the TIBCO Hawk Installation and Configuration guide for information about starting TIBCO Hawk.

The TIBCO Hawk Administrator’s Guide explains how to start the TIBCO Hawk Display.

The guides are included in your TIBCO Hawk software installation area.



The Auto-Discovery Process

After you start an instance of TIBCO Hawk Display, it continually discovers machines running TIBCO Hawk Agents on your network. Container icons are created for each agent, and arranged hierarchically in clusters. By default, agent icons are clustered according to subnets.

At first, the Agents container is empty. Its counter displays a value of zero and, on the right, the Discovered counter is also at zero. Both icons are initially green in color to show that no alerts, or warning messages, are in effect. As agents are discovered, the counters increment to reflect the current number of discovered agents:

Monitored network nodes are arranged in a hierarchical tree of containers. Clicking a container in the left panel displays nested items on the right.

Icon colors change to reflect the highest level of alert found on discovered agents. For explanations of icon elements and characteristics, see your TIBCO Hawk Administrator’s Guide.


Invoking Microagent Methods | 173

Invoking Microagent Methods

A set of default microagents is loaded when a TIBCO Hawk Agent is started. When you install and start the adapter, its microagents are dynamically added to the local agent.

To invoke a microagent method:

1. Start TIBCO Hawk Display, then right-click on the agent icon and select Get Microagents.

If TIBCO Hawk security is implemented on your system and you do not have access to microagents on this agent, an error dialog displays. Select another agent, or contact your system administrator to obtain access.

The Microagents, Methods and Arguments dialog displays. The panel on the upper left lists microagents you can access on the current agent.

This dialog has two modes, Invoke and Subscribe. Invoking a method immediately returns a single set of current results. Subscribing provides updates of current results at regular intervals. Radio buttons at the bottom of the dialog control these modes.

2. Click a microagent name, such as Self, to display a list of associated methods and text descriptions in the panels below.



3. Click the name of the method to invoke, such as getComponentInfo.

If the method accepts arguments, fields for each argument display in the upper right panel. Detailed help text displays in the lower panel.

4. Specify any arguments for the method invocation.

5. Verify that the Invoke radio button is selected.

6. Click the Invoke button to invoke the selected method.

The Invocation Results dialog displays the results returned by the method.

7. Click Done to close the dialog.


Invoking Microagent Methods | 175

These steps describe how to interactively invoke a microagent method and receive a single set of results in TIBCO Hawk Display. You can also use a microagent method as the data source of a TIBCO Hawk rule. Rules automatically receive method results, apply tests to evaluate them, then take action if necessary. For more information on building TIBCO Hawk rules and rule bases, see your TIBCO Hawk Administrator’s Guide.



Available Microagents

Each adapter has three microagents, a standard TIBCO Hawk microagent named COM.TIBCO.ADAPTER.xyz where xyz is the adapter configuration name, a custom microagent, and a class microagent (for PAM compliance). The microagents provide:

• Business level statistics—statistics that report the progress of the adapter as it interacts with the vendor application. For example, in a database adapter such statistics might indicate whether objects were successfully or unsuccessfully inserted, updated, or deleted in the database.

• Queries that return information about the state of the adapter. This can be an important tool for seeing the internals of an adapter and debugging it if something appears wrong. For example, methods can return information about threads, internal queues, or connections to the target system. Using these methods, one might be able to identify certain bottlenecks or gauge how successfully an adapter is scaling with respect to the current environment.

• Updates of the adapter run-time parameters. This includes retrieving the current run-time parameters and setting new run-time parameters without restarting the adapter. An example of this is getting and setting the polling interval. Updating a run-time parameter through the Hawk microagent only affects the setting of the instance that is running. It does not make a permanent change of the setting in either the repository or the .tra file.

By default, all three microagents are available at run time. You can disallow adding custom methods to the standard microagent when deploying the adapter by changing the addCustomHawkMethodsToClassMAgent property value in the adapter’s property file.

The following table lists each method available for the adapter and page on which the method is explained.

Table 6 Microagent Methods

Method Description Page

Standard Methods

activateTraceRole() Activates a mapping of a role to a sink at run time.

180

deactivateTraceRole() Deactivates a mapping of a roles to sinks at run time.

181


Available Microagents | 177

getAdapterServiceInformation()

Returns information about the services implemented by this adapter.

182

getComponents() Returns information about the publisher, subscriber and IODescriptor.

183

getConfig() Returns basic configuration information. More specific information is accessed by the more specific methods.

184

getConfigProperties() Returns all attributes and elements for the given repository object.

185

getHostInformation() Returns standard and extended application information.

186

getRvConfig() Returns information about all TIBCO Rendezvous sessions defined.

187

getStatus() Returns general status information, such as the number of TIBCO Rendezvous messages received and published, the number of errors since the last call, the PID of the application, and more.

188

getTraceSinks() Returns information about sinks to which traces currently go.

189

getVersion() Returns the configuration ID, application name, version, and date for this adapter instance.

190

_onUnsolictedMsg() Displays alert messages sent to the current adapter.

191

preRegisterListener() Preregisters an anticipated listener. 192

reviewLedger() Returns information retrieved from the ledger file of a certified messaging session for a publisher adapter.

193

setTraceSinks() Adds a role or changes the file limit of a previously specified sink.

195

Table 6 Microagent Methods (Cont’d)

Method (Cont’d) Description (Cont’d) Page



stopApplicationInstance()

Stops the running adapter instance. 196

unRegisterListener() Unregisters a currently preregistered listener.

197

Custom Methods

getActivityStatistics()

Returns the total number of objects processed for all the schemas.

198

getActivityStatisticsByOperation()

Returns the total number of objects processed for all the schemas by each service that is associated with a specified operation.

199

getActivityStatisticsBySchema()

Returns the total number of objects processed for the given schema by each service that uses the schema.

200

getActivityStatisticsByService


201

getConnectionStatistics()

Returns the state and statistics for all the current connections used by the adapter.

202

getPollingInterval() Returns the current polling interval setting.

203

getQueueStatistics() Returns the current count of elements in any internal queue used by the adapter.

204

getThreadStatistics() Returns the operation counts of the current threads

205

resetActivityStatistics()

Resets all the counts for the activity statistics.

206

resetConnectionStatistics()

Resets all the counts for the connection statistics.

207

resetThreadStatistics()

Resets all the counts for the thread statistics.

208




Available Microagents | 179

setPollingInterval() Sets the polling interval for the publication service.

209





activateTraceRole()

Activates a mapping of a role to a sink at run time. This replaces the now-deprecated setTraceSink() TIBCO Hawk method.

Input Parameters Type Description

Role Name string Name of the role to activate.

Sink Name string Name of the sink for which to activate the role.


deactivateTraceRole() | 181

deactivateTraceRole()

Deactivates a mapping of a roles to sinks at run time.


Role Name string Name of the role to activate.

Sink Name string Name of the sink for which to activate the role.



getAdapterServiceInformation()


Input Parameter Type Description

Service Name string Name of the service from which to get information. Default is ALL.

Returns Type Description

Line integer Sequential row number.

Service Name string Name of the service as defined at design time.

Endpoint Name string Name of the endpoint used for this service.

Type string Type of the endpoint, for example, publisher or subscriber.

Quality of Service

string Quality of service for the endpoint. For example RVCM or JMS Persistent.

Subject string Subject defined for this endpoint.

Class string Class associated with the endpoint.

Number of Messages

integer Number of messages processed for this endpoint.


getComponents() | 183

getComponents()

Returns information about the currently active TIBCO Hawk components such as publishers, subscribers, or timers.


Component Name string Name of the component. If no value is enter, all components display.

Component Type string Any of Publisher, Subscriber, Timer, or IODescriptor. The default value is All.


Instance ID string Name of this adapter instance as defined at design time.

Adapter Name string Name of the adapter.

Component Name string Name of the component.

Component Type string The name of the TIBCO Adapter SDK class for this component, such as Publisher, Subscriber, or IODescriptorSource. For more information about the class, see your TIBCO Adapter SDK documentation.

Session Name string Name of the session.

Description string Information about this component, for example, time interval, signal type, and validating the publisher or subscriber.



getConfig()

Retrieves generic configuration information. More specific configuration information is accessed through separate methods.


Instance ID string Configuration ID of this adapter.


Repository Connection

string URL of the repository used for adapter instance.

Configuration URL

string Location of the adapter project; either a file name or configuration URL.

Command string Command line arguments used to start the adapter.


getConfigProperties() | 185

getConfigProperties()

Returns all attributes and elements for the given repository object.


Property string Name of the property for which elements (tags) and attributes are desired. For example, agentone/startup.

If no value is given, all properties are returned.


Element Name string Repository directory for the property.

Attribute Name string Name of the repository object attribute.

Attribute Value string Value of the repository object attribute.

Line integer Line number in which this property is defined in the project file.



getHostInformation()

Return standard and extended application information set. It returns the following information.


Name string Name of the property.

Value string Value of the property.


getRvConfig() | 187

getRvConfig()

Returns information about the TIBCO Rendezvous session defined by this adapter. Information about all currently defined sessions is returned if no sessionName is provided.


Session Name string Name of the TIBCO Rendezvous session for which configuration is required. If not given, information about all sessions is returned. The default is all.


Instance ID string Configuration ID of this adapter.


Session Name string Name of the session.

Service string Service parameter for this session.

Daemon string Daemon parameter for this session.

Network string Network parameter for this session.

Synchronous? boolean Returns 1 if this is a synchronous session, 0 otherwise.

Session Type string Type of session; one of M_RV, M_RVCM, or M_RVCMQ.

Certified Name string Name of this certified session.

Ledger File string Ledger file for this certified messaging session. Returns the empty string for sessions that are not certified messaging sessions.

CM Timeout string Timeout for this certified messaging session. Returns the empty string for sessions that are not certified messaging sessions.



getStatus()

Retrieves basic status information about the adapter.

This information is fairly limited; for more detail, additional methods are provided (getConfig() on page 75 and getRvConfig() on page 77.


Instance ID string Configuration ID for this adapter instance.


Uptime integer Number of seconds since startup.

Messages Received integer Number of TIBCO Rendezvous messages received.

Messages Sent integer Number of TIBCO Rendezvous messages published.

New Errors integer Number of errors since the last call to this method.

Total Errors integer Total number of errors since startup.

Process ID integer Process ID of the application.

Host string Name of host machine on which this adapter is running.


getTraceSinks() | 189

getTraceSinks()

Returns information about sinks to which traces currently go.


Sink Name string Name of the sink for which you need information. If no name is specified, information about all sinks is returned. Default is all.

Role Name string Name of the role for which you need information for the specified sink or sinks. Default is all.


Instance ID string Name of this adapter instance as a string.

Adapter Name string Name of the application for this sink.

Sink Name string Name of the sink

Sink Type string Type of this sink. One of fileSink, rvSink, hawkSink, stderrSink.

Roles string Roles this sink supports, as a string. For example warning, error, debug.



getVersion()

Retrieves version information for the current application. Two lines may be returned, one for the TIBCO Adapter SDK, one for the adapter.

Returns Description

Instance ID Configuration ID as a string, for example SDK.

Adapter Name Name of the adapter as a string, for example agentone.

Version Version number as a string, for example 5.1.


_onUnsolictedMsg() | 191

_onUnsolictedMsg()

Displays all alert messages sent from the adapter or an error if not successful.



preRegisterListener()

Preregister an anticipated subscription service. Some sending applications can anticipate requests for certified delivery even before the listening applications start running. In such situations, the publication service can preregister subscription services, so TIBCO Rendezvous software begins storing outbound messages in the publication service ledger. If the listening correspondent requires old messages, it receives the backlogged messages when it requests certified deliver.

Returns OK if the subscription service was preregistered successfully, false otherwise.


Session Name string Name of the session that anticipates the listener.

Publisher Name string Name of the component for which the listener should be preregistered.

Listener Session Name

string Name of the subscription service to preregister.


reviewLedger() | 193

reviewLedger()

Returns information retrieved from the ledger file of a TIBCO Rendezvous certified messaging session.

Before invoking this method, ensure that the certified messaging publisher adapter has established a certified delivery agreement with its subscriber agents.


Session Name string Name of the TIBCO Rendezvous session for which ledger information is desired (default is all).

Subject string Name of the subject for which ledger information is desired.


Session Name string Name of the TIBCO Rendezvous CM session to which this information applies.

Subject string Subject name for this session.

Last Sent Message integer Sequence number of the most recently sent message with this subject name.

Total Messages string Total number of pending messages with this subject name.

Total Size integer Total storage (in bytes) occupied by all pending messages with this subject name.

If the ledger contains ten messages with this subject name, then this field sums the storage space over all of them.


string Within each listener submessage, the Listener Session Name field contains the name of the delivery-tracking listener session.



Last Confirmed string Within each listener submessage, the Last Confirmed field contains the sequence number of the last message for which this listener session confirmed delivery.

Line integer Row number in ledger file.

UnacknowledgedMessages

integer Number of RVCM messages pending for this listener. The value is computed by subtracting the last sent sequence number from the last acknowledged sequence number.

Returns (Cont’d) Type Description


setTraceSinks() | 195

setTraceSinks()

Adds a role or changes the file limit of a previously specified sink.

Returns OK if successful or an error if not successful.


Sink Name string Name of the sink for which you want to add a role or change the file limit.

Role Name string Name of the role you want to add to this sink (warning, error, debug, or user defined). Default is all.

File Size integer Maximum file size for this sink.

This parameter is ignored if the sink specified by sinkName is not a file sink.



stopApplicationInstance()

Stops the specified adapter by calling the internal stop() method. This method returns OK if successful or an error if not successful.


unRegisterListener() | 197

unRegisterListener()

Unregister a currently preregistered subscription service.

This method returns true if the subscription service was unregistered successfully, false otherwise.


Session Name string Name of the session that anticipates the subscription service.

Publisher Name string Name of the publication service to which the subscription service is preregistered.


string Name of the subscription service to unregister.



getActivityStatistics()

Returns the total number of objects processed for all the schemas, based on the request type. Also, returns the number of success and error objects.


GetSubTotalBy string Indicates how to group the subtotals, by Service or Operation.


Name string Service name or All Services which represents the final tally of all the services

Total integer Total number of objects processed including both success and failures.

Success integer Total number of objects successfully processed.

Failure integer Total number of objects that caused an error during processing.

MeasurementInterval

integer Displays the time (in seconds) since last time the adapter was reset, or if never reset, since the adapter started.


getActivityStatisticsByOperation() | 199

getActivityStatisticsByOperation()

Returns statistics about one operation.


Operation string Name of the operation.


Operation string Name of the operation.

Service Name string Name of the service.

Total integer Total number of objects processed, both success and failures.



MeasurementInterval


LineIndex string Concatenated string of Service Name and Operation separated by a comma.



getActivityStatisticsBySchema()

Returns the total number of objects processed for the given schema by each service that uses the schema. Also, returns the number of success and error objects.


Schema Name string Name of the schema.


Service Name string Name of the service that is associated with the specified schema.

Total string Total number of objects processed for this schema for a publication service.

Total number of objects received for this schema for a subscription service.

Success string Number of objects that were successfully identified for this schema, which will be published or written to a file.

Failure string Number of objects that were identified for this schema but were not published because the header of the schema failed validation for a publication service, or was written to a file because the schema was not associated with a subscriber for a subscription service.


getActivityStatisticsByService | 201

getActivityStatisticsByService

Returns statistics about the data handled by a given adapter service or all adapter services since the time the adapter was started.

Input parameter Type Description

Service Name string Name of service to get the statistics for. If no service name is given, performance statistics for all services is returned.


Service Name string Service name

Schema Name string Name of top level schema processed by this service.

Operation string Type of operation this service provides.

Total integer Total number of objects processed, both success and failures.



MeasurementInterval


LineIndex string Concatenated string of Service Name and Operation separated by a comma.



getConnectionStatistics()

Returns the state and statistics for all the current connections used by the adapter.


Connection ID string Unique identification of a particular connection.

Connection Type string Type or key that will match this connection to a thread or queue.

State string Current state: CONNECTED or DISCONNECTED.

NumRetries integer Total number of times this connection had to be reestablished.

TotalNumOperations

integer Total number of operations processed by this connection since the adapter started.

CurrentNumOperations

integer Total number of operations processed by this connection since the last reconnection.

NumLostConnections

integer Total amount of time that this connection has been lost.

MeasurementInterval



getPollingInterval() | 203

getPollingInterval()

Returns the current polling interval setting.


PollingInterval integer Polling interval in milliseconds.



getQueueStatistics()

Return the current count of elements in any internal queue used by the adapter. This includes the TIBCO Rendezvous event queues automatically spawned by TIBCO Rendezvous for each adapter.


QueueID string Unique identification of a particular queue.

QueueType string Type or key that will match this queue to a thread or connection.

QueueCount integer Current number of elements in the queue.

MaxQueueSize integer Maximum number of elements in the queue.

MeasurementInterval



getThreadStatistics() | 205

getThreadStatistics()

Return the operation counts of the current threads.


ThreadID string Unique identification of a particular thread.

ThreadType string Type that tells what part of the adapter this thread belongs. Valid types include "Publisher", "Subscriber", "RPC", or "Connection".

TaskType string One-word description of the tasks this thread processes.

TaskCount integer Number of tasks processed by this thread.

MeasurementInterval




resetActivityStatistics()

Resets all the counts for the activity statistics.


resetConnectionStatistics() | 207

resetConnectionStatistics()

Resets all the counts for the connection statistics.



resetThreadStatistics()

Resets all the counts for the thread statistics.


setPollingInterval() | 209

setPollingInterval()

Set the polling interval for the publication service.


PollingInterval integer Polling interval in milliseconds.

ServiceName string Name of service where the polling interval is set.


| 211

Appendix A Trace Messages

This appendix explains the trace messages that are logged to a location specified at configuration time.

Topics


• Trace Message Fields, page 214

• Status Messages, page 216


212 | Appendix A Trace Messages

Overview

Trace messages provide information about adapter activities. The messages are logged to the console where the run-time adapter was started and to a log file. Trace messages can also be redirected to the TIBCO Hawk Display application, or sent to other applications using the TIBCO Rendezvous transport.

Each trace message can include the following fields:

<Timestamp> <Adapter Identifier> <Role> <Category> <Status Code> <Tracking Identifier>

The above fields are explained in Trace Message Fields on page 214. The following diagram shows an example trace message and calls out the fields.

Example Trace Messages

The following trace messages were written during a session where TIBCO Adapter for LDAP published a message that used the UPDATE operation, and then processed the message.

The first message indicates that TIBCO Adapter for LDAP has started. The timestamp indicates when the adapter started, and the role indicates that the trace message is informational, which means the activity is normal for the adapter. The category is identified, and the corresponding status code is displayed. The status code indicates that the adapter started successfully.

2003 Jul 09 10:58:54:984 GMT +5 ldap.LDAPAdapterConfiguration Info [Adapter] Adapter ldap started successfully

The next set of trace messages indicates the publication service of the adapter publishing a message that uses the UPDATE operation. The #Kj2--7--Dkic3UxU-/gPzzw6E-zzw# tracking identifier included in the trace message uniquely identifies the message. The adapter provided the identifier.

2003 Jul 09 10:58:54:984 GMT +5 ldap.LDAPAdapterConfiguration Info [Adapter]

2003 Jul 09 10:58:54:984 GMT +5

ldap.LDAPAdapterConfiguration Info [Adapter]

tracking=#Kj2--7--Dkic3UxU-/gPzzw6E-zzw#

Timestamp

Adapter Identifier Role Category

Status Code

Tracking Identifier

AELDAP-00004 Publisher LDAPPublicationService publishing


Overview | 213

AELDAP-00004 Publisher LDAPPublicationService publishingtracking=#Kj2--7--Dkic3UxU-/gPzzw6E-zzw#2003 Jul 09 10:58:55:015 GMT +5 ldap.LDAPAdapterConfiguration Info [Adapter]AELDAP-00008 Adapter publishing : Publisher : LDAPPublicationServicepublishing. Opcode = LDAP_MODIFY DN =uid=pop,ou=unit5,o=BenchMark,dc=us.tibco.com

The final trace message indicates the subscription service has received the message, and acknowledges that the UPDATE operation is complete with the following message.

2003 Jul 09 10:58:55:031 GMT +5 ldap.LDAPAdapterConfiguration Info [Adapter]AELDAP-00003 Service LDAPSubscriptionService invokedtracking=#0vA--9--Dkic3k-w-/gQzzw6E-zzw#2003 Jul 09 10:58:55:031 GMT +5 ldap.LDAPAdapterConfiguration Info [Adapter]AELDAP-00013 Service: LDAPSubscriptionService Operation: LDAP_MODIFY DN:uid=pop,ou=unit5,o=BenchMark,dc=us.tibco.com



Trace Message Fields

Each trace message includes the following fields:

Table 7 Tracing Fields

Field Name Description

Timestamp Timestamp of occurrence. For example, 2003 Jul 09 10:58:54:984 GMT +5.

Adapter Identifier

Name of the adapter that wrote the trace message. This is a combination of the adapter acronym and adapter configuration name. For example, the application identifier, LDAP.publisher1 identifies a TIBCO Adapter for LDAP service named publisher1.

Role A role can be:

• Info. Indicates normal adapter operation. No action is necessary. A tracing message tagged with Info indicates that a significant processing step was reached and has been logged for tracking or auditing purposes. Only info messages preceding a tracking identifier are considered significant steps.

• Warn. An abnormal condition was found. Processing will continue, but special attention from an administrator is recommended.

• Error. An unrecoverable error occurred. Depending on the error severity, the adapter may continue with the next operation or may stop altogether.

• Debug. A developer-defined tracing message. In normal operating conditions, debug messages should not display.

When configuring the adapter you define what roles should or should not be logged. For example, you may decide not to log Info roles to increase performance.


Trace Message Fields | 215

Category One of the following:

• Adapter. The adapter is processing an event.

• Application. The adapter is interacting with the LDAP server.

• Configuration. The adapter is reading configuration information.

• Database. The adapter is interacting with a database.

• Metadata. The adapter is retrieving metadata from the LDAP server.

• Palette. The adapter is interacting with the palette.

• Publisher Service. The publication service is reporting this trace message.

• Request-Response Server. The request-response service is reporting this trace message.

• Shutdown. The adapter is shutting down.

• Startup. The adapter is starting.

• Subscription Service. The subscription service is reporting this trace message.

• System. This category is not linked to a specific event process. The trace message may be related to a Microsoft Windows service related messages, memory allocation, file system error, and so on.

• TibRvComm. The adapter is communicating with TIBCO Rendezvous.

• XML. The adapter is parsing XML documents.

Status Code Unique code for the message and description. Status codes are identified by a unique number and description. If a trace message includes an error or warn role, the status code documentation includes a resolution. See Status Messages on page 216 for details.

Tracking Identifier

A unique identifier that is "stamped" on each message by the originating adapter. The tracking identifier remains in effect from a message’s beginning to its completion as it is exchanged by TIBCO applications. If the adapter is the termination point of the message, the tracking identifier is not displayed in the trace message.

You cannot modify the tracking identifier format or configure what information is displayed.

Table 7 Tracing Fields

Field Name Description



Status Messages

.

Message Role Category Resolution

AELDAP-00001 Cannot connect to the LDAP server.

errorRole Adapter Verify connection parameters in the Connection Tab for the adapter instance configuration.

AELDAP-00002 Unable to open the audit log file for reading.

errorRole Adapter Ensure that the path for the audit log file is correct as displayed in the Connection Tab during adapter instance configuration.

AELDAP-00003 Service <service name> invoked.

infoRole Adapter Indicates normal adapter operation. No action necessary.

AELDAP-00004 Publisher <service name> publishing.


AELDAP-00005 Unable to initialize the timer.

errorRole Adapter Internal error occurred. The repository created through the adapter palette is possibly corrupted. Please reconfigure the adapter.

AELDAP-00006 Unable to fetch the schema for the LDAP server <server name>.

errorRole Adapter The adapter was unable to do a schema query against the LDAP server. Verify that the LDAP server is up and that connection parameters specified in the Connection Tab during configuration are correct.


Status Messages | 217

AELDAP-00007 An internal error occurred on the LDAP Server: <server name>.

errorRole Adapter This may be due to a error in configuring the adapter in TIBCO Designer. Please verify your adapter and service configuration.

AELDAP-00008 Adapter publishing: <message>.


AELDAP-00009 Error occurred while creating persistent search control: <error description>.

errorRole Adapter This may be due to a error while configuring the adapter in TIBCO Designer. Please verify your adapter and service configuration.

AELDAP-00010 Operation <operation name> is not supported for the service: <service name>.

errorRole Adapter The LDAP operation is not supported by the service. Please check your adapter service configuration in TIBCO Designer.

AELDAP-00011 <DN> is not a valid DN for the service: <service name>.

errorRole Adapter The DN of the specified entry is not within the scope of the DIT selected for this service.

AELDAP-00012 RPC Service: <service name> sending the reply back.


AELDAP-00013 Service: <service name> Operation: <operation name> DN: <DN> <DN>.


AELDAP-00014 Trying to reestablish connection with the LDAP server.

warnRole Adapter The connection with the LDAP server was lost, possibly due to the server going down. The adapter will attempt to reconnect to the server.




AELDAP-00015 Unable to reestablish connection with LDAP server in service <service name> while executing operation <operation name> with DN as <DN>.

errorRole Adapter The adapter attempted to reconnect to the LDAP server after a connection went down; however this reconnect attempt was unsuccessful. The adapter will now stop. Please check your LDAP server.

AELDAP-00016 Service <service name> attempted operation <operation name> on DN <DN> resulted in error: <error description>.

errorRole Adapter The error string in the message describes the cause of the problem. This is an error returned from the LDAP server.

AELDAP-00017 Cannot run the service <service name> on non windows platform against Active Directory server.

errorRole Adapter An adapter instance working against Active Directory must be run only on Microsoft Windows. An attempt was made to start the adapter on a non-Microsoft Windows platform. Please run the adapter on Microsoft Windows.

AELDAP-00018 Unable to reestablish connection with LDAP server in service <service name>.

errorRole Adapter The adapter attempted to reconnect to the LDAP server after a connection went down; however this reconnect attempt was unsuccessful. The adapter will now stop. Please check your LDAP server.

AELDAP-00019 The logfile <logfile name> could not be opened. The adapter will not publish any changes which occurred before the adapter was started. This is normal if you are starting the adapter for the first time.

warnRole Adapter If you are not starting the adapter for the first time, check if the file exists. If it does not, check on file space and on write permissions for the adapter to create the file.




AELDAP-00020 The logfile <logfile name> could not be read. The adapter will not publish any changes which occurred before the adapter was started.

errorRole Adapter Files cannot be created and/or read. Contact your system administrator.

AELDAP-00021 The logfile <logfile name> could not be written to.

errorRole Adapter Files cannot be created and/or read. Contact your system administrator.

AELDAP-00022 This version of TIBCO Adapter for LDAP is not compatible with the specified repository. Please install and use a newer version of the adapter.

errorRole Configuration Install the latest version of the adapter.

AELDAP-00023 Warning: Opening a repository corresponding to an older LDAP Adapter version. It is recommended (but not necessary) that you open the repository in the current TIBCO Adapter for LDAP palette, update all services and save the repository.

warnRole Configuration Use the current palette to open the repository, update all services and save the repository.

AELDAP-000024 Startup Error. Unable to create a connection with the target application using connection parameters [Host = <host name>, Port = <port>, User DN = <user DN>, Password = ******]. Target application error is <error description>.

errorRole Adapter Check connection parameters provided at configuration time. Also check if the LDAP server is running.

AELDAP-000025 Startup Error. Received target application error with the target application LDAP. The connection <user DN>, Password = ***** and the Connection pool size is <connection pool size>.

errorRole Adapter Check connection parameters provided at configuration time. Also check if the LDAP server is running.




AELDAP-890001 Reconnect attempt <attempt number>.

infoRole Adapter Indicates normal adapter operation. No action necessary. Connections to the LDAP server have been broken and a reconnect is being attempted.

AELDAP-890002 Reconnect succeeded on attempt <attempt number at which reconnection was successful>.

infoRole Adapter Indicates normal adapter operation. No action necessary. Reconnects were attempted and succeeded in current attempt.

AELDAP-890003 Reconnect failed on attempt <attempt number> - will retry in <time> milliseconds

warnRole Adapter The reconnect failed, but the adapter will try again after the specified time interval.

AELDAP-890004 Connection reestablished for publisher - message may be a duplicate of a previously published message.

warnRole Adapter The connection was reestablished. However, the message may be a duplicate of a previously published message.

AELDAP-890005 The request received could not be processed due to connection errors. Error reply sent back.

errorRole Adapter Due to connection errors, the request could not be processed. If configured, reconnection attempts have been started to the target LDAP server.

AELDAP-890006 Adapter stopping due to persistent connection errors. Please check LDAP Server and restart adapter.

infoRole Adapter Connection could not be established after the configured number of reconnects. The adapter will stop execution.




AELDAP-890007 Subscription services suspended due to reconnect failure.

infoRole Adapter Connection could not be re-established; as configured, subscriber services are now suspended and will be automatically revived once the connection is back up.

AELDAP-890008 Connection reestablished; suspended subscriber services if any, reactivated.


AELDAP-890009 Operation did not succeed due to connection error in service <service name>. The operation will be reattempted.

infoRole Adapter An operation such as Add, Delete, Modify could not be performed by a subscriber service due to connection errors. Will be reattempted once the connection is back up.

AELDAP-920015 Subscription error. Subscription service <service name> listening on subject <subject name> failed due to target application invocation error <error description>. Target application is LDAP. The target application specific commands and parameters are <parameters>.The bad message is = <error message> and is logged for future reference.

errorRole Adapter The target application invocation error is from the LDAP server. Please contact your LDAP server administrator for information on the cause of the error.




AELDAP-940009 Request-Response error. Request-Response service <service name> listening on subject <subject name> failed due to target application invocation error <error description>. Target application is 'LDAP' and the inbound event is <inbound event>. The target application specific commands and parameters are <target application commands and parameters>.

errorRole Adapter This error occurs when the request-response service sends a request from TIBCO IntegrationManager that has inaccurate or incomplete data. The LDAP Server cannot complete the specified operation using this data. Make sure that you send accurate and complete data to the LDAP server so that the operation can be successfully completed.

AELDAP-000029 No object class specified for the service: <service name>.

errorRole Configuration Specify an object class in the adapter configuration.

AELDAP-000030 Service <service name> attempted operation <operation name> on DN <DN> resulted in error: Invalid object class.

errorRole Adapter Check if the LDAP server entry that is being acted on belongs to the object class configured for the adapter service.

AELDAP-000031 Service <service name> attempted operation <operation name> on DN <DN> resulted in error: Unable to find the specified entry.

errorRole Adapter Check if the entry exists on the LDAP server.

AELDAP-000032 Service <service name> attempted operation <operation name> on DN <DN> resulted in error: Modify not performed since the server has identical data.

warnRole Adapter For server synchronization through the Update Only If Different option, a modify request was ignored since incoming data is the same as data on the LDAP server.




AELDAP-000033 Startup Error. Unable to create an SSL connection with the target application using connection parameters [Host = <host name>, Port = <port>]. ldapssl_init() failed.

errorRole Adapter Check your LDAP server connection parameters provided at configuration time.

AELDAP-000034 Startup Error. Unable to set automatic reconnectionoption on the SSL connection. Non-fatal error. Continuing. Connection parameters [Host = <host name>, Port = <port>, User DN = <user DN>].

warnRole Adapter Setting reconnect option through ldap_set_option() has failed. Contact your LDAP administrator.

AELDAP-000035 Startup Error. Unable to enable client EXTERNAL authentication using parameters [Client certificate and key nickname =<certificate and key nickname>, Key password = ******]. Target application error is: <error description>.

warnRole Adapter Make sure that the right client certificate is imported into the converted certificates and keys directory and the client key password is correct.

AELDAP-000036 Startup Error. Unable to initialize client library for SSL using parameters [Client certificate and key directory = <client certificate and key directory>, Server authentication = <authentication>]. Target application error is: <error description>.

errorRole Adapter Check certificates and key directory as well as connection parameters.

AELDAP-000037 Startup Error. Unable to bind to target LDAP server on SSL channel using parameters [Host = <host name>, Port = <port>, Client authentication mechanism = <authentication mechanism>, User DN = <user DN>]. Target application error is: <error description>.

errorRole Adapter Check your LDAP server connection parameters.




AELDAP-000038 Failed to connect to the server.

errorRole Adapter Check your connection parameters and contact your Active Directory administrator.

AELDAP-000039 Failed to get the DnsHostName.


AELDAP-000040 Failed to open the Root DSE on an Active Directory Server using parameters [ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL used>]. Target application error code is: <error code>.


AELDAP-000041 Failed to open the DC Service on an Active Directory Server using parameters [ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL used>]. Target application error code is: <error code>.


AELDAP-000042 Failed to open the IDirectorySearch on an Active Directory Server using parameters [ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL used>]. Target application error code is: <error code>.


AELDAP-000043 Failed to open the IDirectorySearch with fast bind option on an Active Directory Server using parameters [ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL used>]. Target application error code is: <error code>.


AELDAP-000044 Failed to open an object on an Active Directory Server using parameters [ADsPath = <path>, User DN = <user DN>, Use SSL = <SSL used>]. Target application error code is: <error code>.





AELDAP-000045 Publisher <service name> on subject <subject name> did not find any entries to publish.


AELDAP-910012 Startup Error. Unable to create a Custom Hawk Micro Agent Named <microagent name> used for %2.

errorRole Adapter This occurs only if there is a problem with the adapter configuration. Please verify your configuration through the LDAP palette, save and restart the adapter.

AELDAP-910006 Startup Error. SDK Exception <error description> occurred while creating a shutdown listener with parameters <parameters>, <parameters>. The Repository URL is <repository URL> and the Configuration URL is <configuration URL>.

errorRole Adapter This occurs only if there is a problem with the adapter configuration. Please verify your configuration through the LDAP palette, save and restart the adapter.

AELDAP-910003 Startup Error. The command line parameters <parameters> have not been specified properly

errorRole Adapter Check the specified command line parameter used while starting the adapter. Also, verify that information in the .tra file is correct.

AELDAP-000100 Configuration Error. <error description>.

errorRole Configuration Check the error message for details on the configuration error and fix those.

AELDAP-000208 Task raised exception. <error description>.

errorRole Adapter The adapter configuration does not seem to have been saved correctly. Please review, edit and save the configuration correctly from the palette.




AELDAP-000216 Unable get connection object. <description>


AELDAP-000218 Unable to release connection object. <description>.


AELDAP-920001 Subscription error. Subscription service <service name> listening on <subject name> received an unexpected event of type = <event type received>, Expects event <event type expected>. The Repository URL is <repository URL> and the Configuration URL is <configuration URL>.

errorRole Adapter Check the configuration of the application that is publishing the event and make sure that it matches the inbound event definition for the above subscription service. Please refer to Subscription Service Fields on page 113 for details on the configuration of subscription service.

AELDAP-920002 Subscription error. Subscription service <service name> failed to deserialize the event received on subject <subject name> and SDK exception thrown is <error description>. The Repository URL is <repository URL> and the Configuration URL is <configuration URL>.





AELDAP-920003 Subscription error. Subscription service <service name> listening on subject <subject name> received inbound event with null data. The Repository URL is <repository URL> and the Configuration URL is <configuration URL>.


AELDAP-920005 Subscription error. Subscription service <service name> listening on subject <subject name>, could not could not find the tracking data. The Repository URL is <repository URL> and the Configuration URL is <configuration URL>.


AELDAP-920006 Subscription error. Subscription service <service name> listening on subject <subject name> received error <error description> in SDK message level UserExit <user exit parameter>.

errorRole Adapter Make sure the UserExit parameters are valid and the user exit is invokable from SDK.




AELDAP-930001 Publication error. Publication service <service name> publishing on subject <subject name> encountered error <error description> while trying to connect to target application <application name>. Connection parameters are <connection parameters>, the connection timeout is <connection timeout> milliseconds, and the number of retry efforts is <number of retry attempts>. Polling timeout is <polling timeout> milliseconds.

errorRole Adapter Check the target application and make sure it is up and running. Check the connection parameters for right syntax and values. Please refer to Setting LDAP Connection Parameters on page 45 for details on how to specify connection parameters

AELDAP-930014 Publication error. Publication service <service name> with publication subject <subject name> received error while sending event over the wire. The Publish endpoint details are <endpoint details>.

errorRole Adapter Please check your configuration file to verify that the publisher service is configured correctly.

AELDAP-930012 Publication error. Publication service <service name> with publication subject <subject name> received error <error description> in the SDK message level UserExit. The User exit names are <user exit name> and the User exit parameters are <user exit parameters>.


AELDAP-930002 Publication error. Publication service <service name> with publication subject <subject name> encountered error <error description> while trying to create publish event with schema <schema>. The Target application details are <application details>.


AELDAP-000401 Advisory warning message for %1

warnRole Adapter The adapter configuration does not seem to have been saved correctly. Please review, edit and save the configuration correctly from the palette.




AELDAP-000402 Error occurred while trying to publish. The exception is: <error description>.


AELDAP-940011 Request-Response error. Request-Response service <service name> listening on subject <subject name> received a time out error. Time out period in configuration file is <time> milli seconds.

errorRole Adapter Increase the timeout value for the request-response service.

AELDAP-000204 AppManager already initialized. setMAppProperties() ignored.


AELDAP-000108 Invalid service type. Service <service name> contains invalid value for the attribute 'type'.

errorRole Configuration The adapter configuration does not seem to have been saved correctly. Please review, edit and save the configuration correctly from the palette.

AELDAP-000103 Failed to find component <component name> in repository.


AELDAP-000110 Service contains incorrect endpoint type. <service name>





AELDAP-000102 Agent's publisher service not found. <agent name>


AELDAP-000107 Agent contains incorrect publisher service type. <agent name>


AELDAP-000205 Class inheritance error. <class name>


AELDAP-000206 Feature not implemented. <feature name>


AELDAP-000224 Connection Manager initialization failed. <name>


AELDAP-000223 Agent termination failed. <agent name>





AELDAP-000001 <information message>


AELDAP-000203 Application Manager initialization error.


AELDAP-000200 <error description>

errorRole Adapter The connection with the LDAP Server cannot be established. Make sure that the LDAP server is running.

AELDAP-000104 Operation contains invalid parameter type. <operation name>


AELDAP-000305 Transaction failed: <error description>


AELDAP-000211 Reply operation failed for server service <service name>


AELDAP-000115 Unable to create Hawk service: <service name>





AELDAP-000111 Operation contains incorrect number of parameters. <operation name>


AELDAP-000303 Remote operation invocation failed for service <service name>.

errorRole TibRvComm The adapter configuration does not seem to have been saved correctly. Please review, edit and save the configuration correctly from the palette.

AELDAP-000113 Invalid operation name. Service <service name> contains a operation name that is not supported in the associated class.


AELDAP-000114 No operation match. Operation name specified for Service <service name> does not match any of the operations in the associated class.


AELDAP-000213 Unable to deserialize reply message for publisher reply service: <service name>.


AELDAP-000302 Invalid event received by publisherReplyService <service name>.





AELDAP-000212 Unable to deserialize incoming message for subscriber service: <service name>.


AELDAP-000214 Unable to get the MPublisher associated with the data event for subscriber reply service <service name>.


AELDAP-000304 Publisher reply service unable to send reply. <service name>.


AELDAP-000215 Unable to execute task <task name>.


AELDAP-000220 Task returned incorrect MInstance. <task name>


AELDAP-000209 Task execution error. <task name>





AELDAP-000221 Startup Warning. Connection pool size <current connection pool size> is smaller than desired pool size <required connection pool size>. The connection parameters are [Host = <host name>, Port = <port>, User DN = <user DN>, Password = ******, SSL = <SSL>.

warnRole Adapter

AELDAP-970001 This field is mandatory

errorRole Palette Error message for the null field. This field is mandatory.

AELDAP-970002 The port number must be greater than or equal to 0, and less than or equal to 65535.

errorRole Palette Error message if the port number is beyond the standard range.

AELDAP-970003 This is not a valid value.

errorRole Palette Error message if the value entered in No. Of Threads field is invalid.

AELDAP-970006 Invalid subject.

errorRole Palette Error message if an invalid subject is entered in the Termination Subject or Topic field.

AELDAP-970010 You must select at least one LDAP action.

errorRole Palette Error message for the LDAP actions.

AELDAP-970015 The specified LDAP server type does not match with the actual LDAP server type you are trying to connect to. Please select the correct server type.

errorRole Palette Error message while connecting to the LDAP server, if it is different from the specified server in the Server Type field.

AELDAP-970030 Connection could not be established with the LDAP server, so currently the Schema View tab will not be available.Please ensure that valid parameters have been specified in the Design-time Connection tab.

warnRole Palette Warning message when the Schema View tab of a service could not be shown.




AELDAP-970031 No X509TrustManager implementation available. Please check your SSL connection information and certificate keystore.

errorRole Palette While establishing the SSL connection, an error occurs if the selected file for the Trusted Certificate Authorities field is not a valid keystore. Check that the CA certificate is present in the trusted store and that the keystore exists.

AELDAP-970032 Couldn't find trusted certificate. Please check your SSL connection information and certificate keystore.

errorRole Palette While establishing the SSL connection, an error occurs if the CA certificate is not present in the selected trusted store or if the entered keystore doesn't exist. Check that the CA certificate is present in the trusted store and that the keystore exists.

AELDAP-970033 Please wait...

infoRole Palette Indicates normal adapter operation. No action necessary.

AELDAP-970034 Invalid number.

errorRole Palette Make sure that the number field does not contain a hyphen (-) character.

AELDAP-970035 This DN does not exist.

errorRole Palette Check that the DN specified exists on the LDAP server.

AELDAP-970036 Connecting to the LDAP server...

infoRole Palette Indicates normal adapter operation. No action necessary.

AELDAP-970037 At least one service already exists with the previous server data.Make sure that no service exists before attempting to configure the new server.

errorRole Palette Delete any services already configured if these correspond to a different server.




AELDAP-970038 You have already configured adapter instances and services for a particular LDAP server. The change that you are attempting will be valid only if the new server has identical directory information tree and schemas. Please confirm this and that you do wish to proceed with this change.

warnRole Palette Warning message for server name change.

AELDAP-970039 The selected resource cannot be moved.

warnRole Palette Warning message while moving the service or instance.

AELDAP-970040 Fetching schema...

infoRole Palette Message while fetching the schema.

AELDAP-970041 Fetching descendants...

infoRole Palette Message while fetching the descendants.

AELDAP-970042 This field supports only integer values.

errorRole Palette Error message if non-integer values are entered in the Maximum Number Of Entries field of the Schema View tab.

AELDAP-970043 The maximum value for this field should not exceed 10000.

errorRole Palette Error message if the number of maximum entries is specified as greater than 10,000 in the Schema tab.

AELDAP-970044 The specified DN and sample schema entry values together do not form a valid DN. Please enter correct values.

errorRole Palette Error message if the number of maximum number of entries is specified as greater than 10,000 in the Schema tab.

AELDAP-970045 The number of search entries must be greater than or equal to 1 and less than or equal to 1000.

errorRole Palette Error message if the specified number of search entries is less than 1 or greater than 1000.




AELDAP-970046 The maximum number of retries cannot have a zero value.

errorRole Palette Make sure that you have not entered zero in the Maximum Number of Reconnect Attempts field. You can enter -1 or a positive integer that is greater than zero in the Maximum Number of Reconnect Attempts field.

AELDAP-970047 The maximum number of retries must be greater than or equal to -1, and less than or equal to 65535, excluding zero.

errorRole Palette Make sure that the value entered in the Maximum Number of Reconnect Attempts field, is not out of range.

AELDAP-970048 The maximum number of retries should be greater than or equal to number of retries before suspend.

errorRole Palette Make sure that the value entered in the Maximum Number of Reconnect Attempts field is not less than the value entered in the Number of Reconnect Attempts Before

Suspending Impacted Service(s) field.

AELDAP-970049 The number of retries before suspend must be greater than or equal to 1, and less than or equal to 65535.

errorRole Palette Make sure that the value entered in the Number of Reconnect Attempts Before

Suspending Impacted Service(s) field is not out of range.

AELDAP-970050 The sleep between retries must be greater than or equal to 100, and less than or equal to 2147483647.

errorRole Palette Make sure that the value entered in the Interval Between Reconnect Attempts

(milliseconds) field is not out of range.




AELDAP-970051 Could not fetch schema due to insufficient access privilege. Please change the authentication details in the Design-time Connection tab as necessary.

errorRole Palette Make sure that the schema in the Class Reference field of the Schema View tab, for a given DN and Sample Entry for Schema, is populated.

AELDAP-970052 Adapter Service names must only have alphanumeric characters. Please type in a valid name.

errorRole Palette Make sure that the name of the service does not consist of non-alphanumeric characters.



Additional LDAP Directory Server Settings | 239

Appendix B Additional LDAP Directory Server Settings

This appendix explains each of the additional LDAP directory server settings you can make during design-time.

Topics

• Setting Default Naming Context in ADAM, page 240

• Configuring Global Catalog Server, page 241


240 | Appendix B Additional LDAP Directory Server Settings

Setting Default Naming Context in ADAM

The naming context container of ADAM provides you information about objects deleted from LDAP server. You can specify a default naming context. The following information provides information on how to set default naming context in ADAM.

By default, an ADAM instance does not provide a default naming context. You can, however, configure ADAM to provide a default naming context as follows:

1. In ADAM EDSI Edit, expand the My Connection tree as follows:

a. Select CN=Configuration > CN=Sites.

b. Expand the CN=Sites node upto CN=NTDS Settings.

2. Righ-click on the CN=NTDS Settings node.

The CN=NTDS Settings Properties dialog appears.

3. Select the attribute msDS-DefaultNamingContextBL.

4. Click the Edit button.

5. In the Multi-Valued String Editor dialog, enter the DN to be used as the naming context.

6. Click the Add button and then the OK button.

The value is added to the Values panel of the Multi-Valued String Editor dialog.


Configuring Global Catalog Server | 241

Configuring Global Catalog Server

To enable the adapter to work with the global catalog server make the following settings:

• Make the InvocationID attribute visible to the global catalog server.

• For retrieval of schemas and expected publisher and search operation, make the following attributes of object class classSchema visible:

— subClassof

— systemAuxiliaryClass

With the adapter, the global catalog server allows only LDAP_SEARCH operation.

The default global catalog server TCP port is 3268.


242 | Appendix B Additional LDAP Directory Server Settings


TIBCO Software Inc. End User License Agreement | 243

TIBCO Software Inc. End User License AgreementREAD THIS END USER LICENSE AGREEMENT CAREFULLY. BY DOWNLOADING OR INSTALLING THE SOFTWARE, YOU AGREE TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT DOWNLOAD OR INSTALL THE SOFTWARE AND RETURN IT TO THE VENDOR FROM WHICH IT WAS PURCHASED.

Upon your acceptance as indicated above, the following shall govern your use of the Software except to the extent all or any portion of the Software (a) is subject to a separate written agreement, or (b) is provided by a third party under the terms set forth in an Addenda at the end of this Agreement, in which case the terms of such addenda shall control over inconsistent terms with regard to such portion(s).

License Grant. The Software is the property of TIBCO or its licensors and is protected by copyright and other laws. While TIBCO continues to own the Software, TIBCO hereby grants to Customer a limited, non-transferable, non-exclusive, license to use the number of Permitted Instances set forth in the Ordering Document, in machine-readable, object code form and solely for Customer's internal business use.

Restrictions. Customer agrees not to (a) make more copies than the number of Permitted Instances plus a reasonable number of backups; (b) provide access to the Software to anyone other than employees, contractors, or consultants of Customer; (c) sublicense, transfer, assign, distribute to any third party, pledge, lease, rent, or commercially share the Software or any of Customer's rights under this Agreement (for the purposes of the foregoing a change in control of Licensee is deemed to be an assignment); (d) use the Software for purposes of providing a service bureau, including, without limitation, providing third-party hosting, or third-party application integration or application service provider-type services, or any similar services; (e) use the Software in connection with ultrahazardous activities, or any activity for which failure of the Software might result in death or serious bodily injury to Customer or a third party; or (f) directly or indirectly, in whole or in part, modify, translate, reverse engineer, decrypt, decompile, disassemble, make error corrections to, create derivative works based on, or otherwise attempt to discover the source code or underlying ideas or algorithms of the Software.

Beta and Evaluation Licenses. Notwithstanding the foregoing, if the Software is being provided for demonstration, beta testing, or evaluation purposes, then Customer agrees (a) to use the Software solely for such purposes, (b) that the Software will not be used or deployed in a production environment, and (c) that such use shall automatically terminate upon the earlier of thirty days from the date Customer receives the right to install the Software, or Customer's receipt of notice of termination from TIBCO.

Technical Support. Provided Customer has paid applicable support fees (not included with Software fees unless separately listed), TIBCO shall provide support for generally available TIBCO Software on an annual basis commencing on the Purchase Date, as follows ("Support"): Customer shall designate at TIBCO's support website https://support.tibco.com/eSupport/newuser.html, the number of technical support contacts permitted under the level of Support purchased (contacts are changeable upon 48-hours prior written notice to TIBCO). Each contact may contact TIBCO for problem resolution during TIBCO's published support hours corresponding to the level of Support fees paid.

Upon notice from a contact of a Software problem which can be reproduced at a TIBCO support facility or via remote access to

Customer's facility, TIBCO shall use reasonable efforts to correct or circumvent the problem according to its published support objectives. TIBCO reserves the right to make changes only to the most currently available version. TIBCO will use reasonable efforts to support the previously released version of the Software for a maximum of six months.

TIBCO shall have no obligation to support the Software (i) for use on any computer system running other than the operating system software for which the Software is approved (as set forth in the Software documentation) and licensed hereunder, or (ii) if Customer has modified or authorized a third party to modify the Software. TIBCO shall have no obligation to modify any version of the Software to run with any new versions of any operating system, or any other third party software or hardware. If Customer purchases Support for any Software, Customer must purchase the same level of Support for all copies of the Software for which it is licensed.

Support may be extended for one-year periods on the anniversary of each Purchase Date at the standard amounts set forth in its price list, for as long as TIBCO offers Support. Customer may reinstate lapsed support for any then currently supported Software by paying all Support fees in arrears and any applicable reinstatement fee. Upgrades, patches, enhancements, bug fixes, new versions and/or new releases of the Software provided from time to time under Support shall be used only as replacements to existing Permitted Instances, and shall not be deemed to increase that number, and use thereof shall be governed by the terms of this Agreement, except for the first paragraph of the Limited Warranty and any right of return or refund.

Consulting Services. Customer may request additional services ("Services") either in an Ordering Document, or by a separate mutually executed work order, statement of work or other work-request document incorporating this Agreement (each, a "Work Order"). Unless otherwise expressly agreed to in a Work Order, all Services and any work product therefrom shall be (a) performed on a time and materials basis, plus meals, lodging, travel, and other expenses reasonably incurred in connection therewith, (b) deemed accepted upon delivery, and (c) exclusively owned by TIBCO (except for confidential information of Customer identified to TIBCO in the Ordering Document), including all right, title and intellectual property or other right or interest therein. Each Work Order is intended to constitute an independent and distinct agreement of the parties, notwithstanding that each shall be construed to incorporate all applicable provisions of this Agreement. Specific to TIBCO training services, additional information regarding courses, registration, restrictions or limitation can be found at TIBCO's website at http://www.tibco.com/services/educational under Education Programs. Fees for Services shall be due and payable in United States dollars net 30 from the date of TIBCO's invoice.

Limited Warranty. If Customer obtained the Software directly from TIBCO, then TIBCO warrants that for a period of thirty (30) days from the Purchase Date: (i) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (ii) the Software will substantially conform to its published specifications. This limited warranty extends only to the original Customer hereunder. Customer's sole and exclusive remedy and the entire liability of TIBCO and its licensors under this limited warranty will be, at TIBCO's option, repair, replacement, or refund of the Software and applicable Support fees, in which event this Agreement shall terminate upon payment thereof.


244 | TIBCO Software Inc. End User License Agreement

This warranty does not apply to any Software which (a) is licensed for beta, evaluation, testing or demonstration purposes for which TIBCO does not receive a license fee, (b) has been altered or modified, except by TIBCO, (c) has not been installed, operated, repaired, or maintained in accordance with instructions supplied by TIBCO, (d) has been subjected to abnormal physical or electrical stress, misuse, negligence, or accident, or (e) is used in violation of any other term of this Agreement. Customer agrees to pay TIBCO for any Support or Services provided by TIBCO related to a breach of the foregoing on a time, materials, travel, lodging and other reasonable expenses basis. If Customer obtained the Software from a TIBCO reseller or distributor, the terms of any warranty shall be as provided by such reseller or distributor, and TIBCO provides Customer no warranty with respect to such Software.

EXCEPT AS SPECIFIED IN THIS LIMITED WARRANTY, THE SOFTWARE, SUPPORT AND SERVICES ARE PROVIDED "AS IS", ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, SATISFACTORY QUALITY OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. NO WARRANTY IS MADE REGARDING THE RESULTS OF ANY SOFTWARE, SUPPORT OR SERVICES OR THAT THE SOFTWARE WILL OPERATE WITHOUT ERRORS, PROBLEMS OR INTERRUPTIONS, OR THAT ERRORS OR BUGS IN THE SOFTWARE WILL BE CORRECTED, OR THAT THE SOFTWARE'S FUNCTIONALITY OR SERVICES WILL MEET CUSTOMER'S REQUIREMENTS. NO TIBCO DEALER, DISTRIBUTOR, AGENT OR EMPLOYEE IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS OR ADDITIONS TO THIS WARRANTY.

Indemnity. If Customer obtained the Software from TIBCO directly, then TIBCO shall indemnify Licensee from and against any final judgment by a court of competent jurisdiction, including reasonable attorneys' fees, that the unmodified TIBCO Software infringes any patent issued by the United States, Canada, Australia, Japan, or any member of the European Union, or any copyright, or any trade secret of a third party; provided that TIBCO is promptly notified in writing of such claim, TIBCO has the exclusive right to control such defense and/or settlement, and Licensee shall provide reasonable assistance (at TIBCO's expense) in the defense thereof. In no event shall Licensee settle any claim, action or proceeding without TIBCO's prior written approval. In the event of any such claim, litigation or threat thereof, TIBCO, at its sole option and expense, shall (a) procure for Licensee the right to continue to use the TIBCO Software or (b) replace or modify the TIBCO Software with functionally equivalent software. If such settlement or modification is not commercially reasonable (in the reasonable opinion of TIBCO), TIBCO may cancel this Agreement upon sixty days prior written notice to Licensee, and refund to Licensee the unamortized portion of the license fees paid to TIBCO by Licensee based on a five-year straight-line depreciation. This Section states the entire liability of TIBCO with respect to the infringement of any Intellectual Property rights, and Licensee hereby expressly waives any other liabilities or obligations of TIBCO with respect thereto. The foregoing indemnity shall not apply to the extent any infringement could have been avoided by use of the then-current release.

Limitation of Liability. EXCEPT AS PROVIDED UNDER INDEMNITY OR RESULTING FROM A BREACH OF CONFIDENTIALITY (THE "EXCLUDED MATTERS"), IN NO EVENT WILL EITHER PARTY OR TIBCO'S LICENSORS BE LIABLE FOR ANY LOST DATA, LOST REVENUE, LOST PROFITS, DAMAGE TO REPUTATION, BUSINESS INTERRUPTION, OR ANY OTHER

INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, PUNITIVE, EXEMPLARY OR ANY SIMILAR TYPE DAMAGES ARISING OUT OF THIS AGREEMENT, THE USE OR THE INABILITY TO USE THE SOFTWARE, OR THE PROVISION OF ANY SUPPORT OR SERVICES, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EXCEPT FOR THE EXCLUDED MATTERS, IN NO EVENT SHALL A PARTY BE LIABLE TO THE OTHER, WHETHER IN CONTRACT, TORT (INCLUDING ACTIVE OR PASSIVE NEGLIGENCE), BREACH OF WARRANTY, CLAIMS BY THIRD PARTIES OR OTHERWISE, EXCEED THE PRICE PAID BY CUSTOMER UNDER THE APPLICABLE ORDERING DOCUMENT.

THE FOREGOING LIMITATIONS SHALL APPLY EVEN IF THE ABOVE-STATED REMEDY OR LIMITED WARRANTY FAILS OF ITS ESSENTIAL PURPOSE. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO CUSTOMER.

Confidentiality. "Confidential Information" means the terms of this Agreement; all information marked by the disclosing party as proprietary or confidential; any provided software, related documentation or related performance test results derived by Licensee; and any methods, concepts or processes utilized in provided software or related documentation. Confidential Information shall remain the sole property of the disclosing party and shall not be disclosed to any non-Authorized User without the prior written consent of the disclosing party. If Confidential Information is communicated orally, such communication shall be confirmed as "Confidential" in writing within thirty days of such disclosure. The parties agree to protect the Confidential Information of the other in the same manner it protects the confidentiality of similar information and data of its own (and at all times exercising at least a reasonable degree of care). Except with respect to the Software, items will not be deemed Confidential Information if (i) available to the public other than by a breach of an agreement with TIBCO, (ii) rightfully received from a third party not in breach of any obligation of confidentiality, (iii) independently developed by one party without use of the Confidential Information of the other; (iv) known to the recipient at the time of disclosure (other than under a separate confidentiality obligation); or (v) produced in compliance with applicable law or court order, provided the other party is given reasonable notice of the same. Both parties agree to indemnify the other for any damages the other may sustain resulting from their unauthorized use and/or disclosure of the other's Confidential Information. Such damages shall include reasonable expenses incurred in seeking both legal and equitable remedies. To the extent required by law, at Customer's request, TIBCO shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of TIBCO's applicable fee. Customer agrees to observe obligations of confidentiality with respect to such information.

Export. Software, including technical data, is subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Customer agrees to comply strictly with all such regulations and agrees to obtain all necessary licenses to export, re-export, or import Software.

Government Use. If the Customer is an agency, department, or other entity of the United States Government ("Government"), the use, duplication, reproduction, release, modification, disclosure or transfer of the Software, or any related documentation of any kind, including technical data or manuals, is restricted in accordance with Federal Acquisition Regulation ("FAR") 12.212 for civilian agencies and


TIBCO Software Inc. End User License Agreement | 245

Defense Federal Acquisition Regulation Supplement ("DFARS") 227.7202 for military agencies. The Software is commercial computer software and commercial computer software documentation. Use of the Software and related documentation by the Government is further restricted in accordance with the terms of this Agreement, and any modification thereto.

Orders. An Ordering Document shall be deemed accepted only by issuance of a TIBCO invoice and solely for purposes of administrative convenience. None of the terms of the Ordering Document (other than the Software product name, number of Permitted Instances, level of Support, description of Services, and fees due in connection therewith) shall apply for any reason or purpose whatsoever, regardless of any statement on any Ordering Document to the contrary, unless countersigned by an officer of TIBCO. This Agreement constitutes the entire agreement between the parties with respect to the use of the Software, Support and Services, and supersedes all proposals, oral or written, and all other representations, statements, negotiations and undertakings relating to the subject matter hereof. All orders of Software, Support or Services by Customer from TIBCO shall be deemed to occur under the terms of this Agreement (with or without reference to this Agreement), unless expressly superseded by a signed written Agreement between the parties. Software shall be delivered electronically, and such delivery shall occur when the TIBCO Software is made available for download by Customer. Physical deliveries (as applicable) of Software and documentation which typically accompanies the Software on delivery shall be on CD-ROM, FOB Palo Alto, and delivery shall occur by depositing the CD-ROM with TIBCO's overnight carrier (at no charge to Customer).

Term and Termination. Support or Services may be terminated: (a) by either party upon a default of the other, such default remaining uncured for fifteen days from written notice from the non-defaulting party; (b) upon the filing for bankruptcy or insolvency of the other party, (c) by either party upon prior written notice at least sixty days prior to the end of any annual Maintenance period; or (d) by Licensee (for Services), upon ten days prior written notice. Termination of Support or Services shall not terminate this Agreement. Customer may terminate this Agreement in its entirety at any time by destroying all copies of the Software. Upon termination of this Agreement in its entirety, for any reason, Customer must cease using and return or destroy all copies of the Software. Customer's obligation to pay accrued charges and any fees due as of the date of termination, as well as the sections entitled "Confidentiality", "Limited Warranty" and "Limitation of Liability" shall survive any such termination.

Authority. You hereby represent and warrant that you have full power and authority to accept the terms of this Agreement on behalf of Customer, and that Customer agrees to be bound by this Agreement.

General. Fees on the Ordering Document (all to be paid on the latter of thirty days from Invoice by TIBCO or the date set forth in the Ordering Document) do not include sales, use, withholding, value-added or similar taxes, and Customer agrees to pay the same, excluding therefrom taxes related to TIBCO's income and corporate franchise tax. Customer agree to pay all reasonable costs incurred (including reasonable attorneys' fees) in collecting past due amounts under this Agreement. Except as set forth in the Section entitled Limited "Warranty" all fees paid under or in connection with this Agreement are non-refundable and no right of set-off exists. All payments of fees due shall be made in U.S. dollars, net 30 from Purchase Date, or, for any other amounts coming due hereafter, net 30 from TIBCO's invoice. A service charge of one and one-half percent per month will be applied to all invoices that are not paid on time. Licensee agrees to pay all sales, use, value-added, withholding, excise and any other similar taxes or government charges, exclusive

of TIBCO's income taxes. No delay in the performance of any obligation by either party, excepting all obligations to make payment, shall constitute a breach of this Agreement to the extent caused by force majeure. Customer hereby grants TIBCO and its independent auditors the right to audit Customer's compliance with this Agreement. If any portion of this Agreement is found to be void or unenforceable, the remaining provisions shall remain in full force and effect. This Agreement shall be governed by and construed in accordance with the laws of the State of California, United States of America, as if performed wholly within the state and without giving effect to the principles of conflict of law. The state and/or federal courts in San Francisco, California, shall have exclusive jurisdiction of any action arising out of or relating to this Agreement. The United Nations Convention on Contracts for the International Sale of Goods is excluded from application hereto. If any portion hereof is found to be void or unenforceable, the remaining provisions of this Agreement shall remain in full force and effect.

Definitions. In connection with this Agreement, the following capitalized terms shall have the following meaning: "Agreement" means this End User License Agreement; "Case Start" means the initiation of a single instance of a defined business process; "Connection" for the following TIBCO Software products shall mean: for TIBCO Enterprise Message Service, a TIBCO Enterprise Message Service client connection to the TIBCO Enterprise Message Service server for the purpose of sending or receiving messages, for TIBCO SmartSockets and TIBCO SmartMQ, any network protocol link established with such TIBCO Software (directly or indirectly) to any other entity, including but not limited to software, firmware or hardware, for TIBCO Enterprise RTView - Standard Monitor System, the number of monitored server instances to TIBCO Rendezvous daemons or TIBCO Hawk agents; for TIBCO Enterprise RTView- EMS Monitor System, a monitored TIBCO Enterprise Message Service Connection (as defined above for that product); for TIBCO General Interface, an electronic data interface to a CPU on a server (which excludes CPUs on devices such as routers, switches, proxies, or HTTP or application servers configured to substantially pass-through information or messages to TIBCO General Interface) that produces information or messages consumed by TIBCO General Interface; "Customer" means the original purchaser or licensee of the Software and any permitted successors and assigns; "Developer" means one user/developer of a TIBCO Software product for use in Development; "Development" means used for software development purposes only; "Enterprise" means an unlimited number of Permitted Instances for a period of one year from the Purchase Date (unless otherwise set forth in the Ordering Document), at which time existing licenses convert to perpetual and Customer may not thereafter deploy additional Permitted Instances, and in any event, shall (during the one-year unlimited deployment period) exclude any entity which acquires, is acquired by, merged into, or otherwise combined with Customer. Customer hereby agrees to provide TIBCO with notice of the number of Permitted Instances deployed at the end of such one-year period within thirty days thereafter; "Fab" means unlimited use for shop-floor manufacturing applications at a Site; "Workstation" shall mean a single end-user computer that is generally intended to be accessed by one person at a time; "Ordering Document" means any purchase order or similar document or agreement requesting Software, Support or Services; "Permitted Instance(s)" means the number of copies of Software running on a Server Instance, Workstation, User, or Development basis, on a designated Platform, as set forth in an Ordering Document, including, without limitation, Enterprise, Site and Fab licensing; "Platform" means the operating system set forth in an Ordering Document; "Purchase Date" means the date of the Ordering Document is accepted by TIBCO; "Server Instance" means a computer with 1 CPU (unless otherwise set forth in the Ordering Document) performing common services for multiple machines; "Site" means an unlimited number of Permitted Instances at a specific


246 | TIBCO Software Inc. End User License Agreement

physical address set forth in the Ordering Document (or, in the absence of any address, at Customer's corporate headquarters); "Software" means the software products listed in an Ordering Document (except as provided in the second paragraph hereof), in whole and in part, along with their associated documentation; "TIBCO" means TIBCO Software Inc.; and "Named User" means the number of named users with access to the Software.

Special Product Provisions. TIBCO BusinessPartner: Customer may sublicense to third parties ("Partners") up to the total Number of Copies of TIBCO BusinessPartner, provided that for every such sublicense, the Number of Copies Customer is licensed to use shall be reduced by the same number, and provided further that prior to delivery of TIBCO BusinessPartner to a Partner, such Partner agrees in writing (a) to be bound by terms and conditions at least as protective of TIBCO as the terms of this Agreement, (b) that TIBCO BusinessPartner be used solely to communicate with Customer's implementation of TIBCO BusinessConnect, and (c) for such Partner to direct all technical support and Maintenance questions directly to Customer. Customer agrees to keep records of the Partners to which it distributes TIBCO BusinessPartner, and to provide TIBCO the names thereof (with an address and contact name) within sixty days of the end of each quarter. Third Party Software: Use of any other third-party software identified by its company and/or product name or otherwise designated in Licensee's Ordering Document (collectively "Third Party Software") is subject solely to the terms and conditions of the click-wrap or shrink-wrap license agreement included with the Third Party Software products, and for which TIBCO shall be an intended third-party beneficiary of same. TIBCO shall have no obligation whatsoever in connection with the Third Party Software (including, without limitation, any obligation to provide maintenance or support) and the provision of Third Party Software is accomplished solely as an accommodation and in lieu of Customer purchasing a license to Third Party Software directly from the third party vendor. Embedded/Bundled Products. Some TIBCO Software embeds or bundles other TIBCO Software (e.g., TIBCO InConcert bundles TIBCO Rendezvous). Use of such embedded or bundled TIBCO Software is solely to enable the functionality of the TIBCO Software licensed on the Cover Page, and may not be used or accessed by any other TIBCO Software, or for any other purpose. Open Source Software: If Licensee uses Open Source software in conjunction with the TIBCO Software, Licensee must ensure that its use does not: (i) create, or purport to create, obligations of use with respect to the TIBCO Software; or (ii) grant, or purport to grant, to any third party any rights to or immunities under TIBCO's intellectual property or proprietary rights in the TIBCO Software. You also may not combine the TIBCO Software with programs licensed under the GNU General Public License ("GPL") in any manner that could cause, or could be interpreted or asserted to cause, the TIBCO Software or any modifications thereto to become subject to the terms of the GPL.

Version 5.2, 3/05

Third-Party Software Notices

Netscape Portable Runtime 4.1.1

This product includes Mozilla NSS Security Tools. The source code for this software may be obtained from ftp://ftp.mozilla.org/pub/s ecurity/nss.

Netscape Security Services 3.2.1

This product includes Mozilla NSS Security Tools. The source code for this software may be obtained from ftp://ftp.mozilla.org/pub/s ecurity/nss.

ADDENDA: Third-Party License Agreements


Third-Party Software License Agreements | 247

Third-Party Software License AgreementsThe following are the software licenses for the Third-Party Software provided in connection with the software.

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit.

See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected].

The OpenSSL License

Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young([email protected]). This product includes software written by Tim Hudson ([email protected]).

Original SSLeasy License

Copyright (C) 1995-1998 Eric Young ([email protected]). All rights reserved.

This package is an SSL implementation written by Eric Young ([email protected]).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA,lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyrightnotice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young ([email protected])" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-).

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson ([email protected])"

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY


248 | Third-Party Software License Agreements

WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]


| 249

Index

A

activateTraceRole()Hawk method 180

adaptercompatible software 23components 23configuration overview 84encoding 98installation on UNIX 30installing on Microsoft Windows 25instance fields 91instance tabs 91integration with LDAP 2overview 2preparing the LDAP server for use 41publication service 10request-response service 11role 2services available 4subscription service 10supported messaging transports 4

adapter components 23adapter instance

configuration tab 91design-time connection tab 92general tab 98logging tab 99monitoring tab 101multithreading tab 98run-time connection tab 95startup tab 101tabs available 91

adapter services 4, 103agents 170alerts 170

C

Class Microagent Name field, adapter 102command line arguments 184compatible software 23configuration

converting certificates to use SSL 85configuration tab 91

publication service 104request-response service 122subscription service 113

configuration tasks 84configuring SSL 85

D

deactivateTraceRole()Hawk method 181

design-time connection tab 92directory store 3

E

enabling SSL on the LDAP server 41encoding 98

setting options 156example

configuring the adapter 49configuring the project with TIBCO


250 | Index

IntegrationManager 59configuring the publication service 52configuring the request-response service 56configuring the subscription service 54converting the project 58creating the project 47deploying the project 80prerequisites 44setting LDAP connection parameters 45starting the adapter 80

G

general tab 98getActivityStatisticeBySchema()

Hawk method 200getActivityStatistics()

Hawk method 198getActivityStatisticsByOperation()

Hawk method 199getActivityStatisticsByService()

Hawk method 201getAdapterServiceInformation()

Hawk method 182getComponents()

Hawk method 183getConfig()

Hawk method 184getConfigProperties()

Hawk method 185getConnectionStatistics()

Hawk method 202getHostInformation()

Hawk method 186getPollingInterval()

Hawk method 203getQueueStatistics()

Hawk method 204getRvConfig()

Hawk method 187getStatus()

Hawk method 188

getThreadStatistics()Hawk method 205

getTraceSinks()Hawk method 189

getVersion()Hawk method 190

global variables 152predefined variables 154specifying using TIBCO Designer 152using 152

H

Hawkauto-discovery process 172available microagents 176defining a session 150invoking microagent methods 173overview 170


Index | 251

Hawk methods_onUnsolictedMsg() 191activateTraceRole() 180deactivateTraceRole() 181getActivityStatistics() 198getActivityStatisticsByOperation() 199getActivityStatisticsBySchema() 200getActivityStatisticsByService() 201getAdapterServiceInformation() 182getComponents() 183getConfig() 184getConfigProperties() 185getConnectionStatistics() 202getHostInformation() 186getPollingInterval() 203getQueueStatistics() 204getRvConfig() 187getStatus() 188getThreadStatistics() 205getTraceSinks() 189getVersion() 190preRegisterListener() 192resetActivityStatistic() 206resetConnectionStatistics() 207resetThreadStatistics() 208reviewLedger() 193setPollingInterval() 209setTraceSinks() 195stopApplicationInstance() 196unRegisterListener() 197

I

installationFAQs 34on Microsoft Windows 25on UNIX 30troubleshooting 34

instance fieldsadapter 91

L

LDAPdirectory store 3server synchronization 157supported operations 131

LDAP integration with adapter 2LDAP server

enabling SSL 41preparation for use with adapter 41setting search size limit 41

ledger filesretrieving information through TIBCO Hawk 193

logging tab 99

M

messaging transports 4microagent methods supported 176Microagent Session field, adapter 102monitoring tab 101multiple object classes

handling entries 139multithreading tab 98

O

overview 2

P

preparing server interfaces 39preRegisterListener()

Hawk method 192publication service 10

configuration tab 104configuring timers


252 | Index

configuring timers 162fields 104schema tab 112schema view tab 109transport tab 105

R

request-response service 11configuration tab 122fields 122schema tab 130schema view tab 127transport tab 124

resetActivityStatistics()Hawk method 206

resetConnectionStatistics()Hawk method 207

resetThreadStatistics()Hawk method 208

reviewLedger()Hawk method 193

reviewLedger, TIBCO Hawk method 193run-time connection tab 95

S

schema for Publication Service 109, 112schema for Request-Response Service 127schema for Subscription Service 118schema support 5schema tab

publication service 112request-response service 130subscription service 121

schema view tabpublication service 109request-response service 127subscription service 118

server interfacespreparing 39

setPollingInterval()Hawk method 209

setting encoding options 156setTraceSinks()

Hawk method 195SSL

configuring 85, 87conveting certificates for use at run-time 87design-time use without external authentication 86use at design-time 85use at design-time with external authentication 86use at run-time 87use at run-time with external authentication 89use at run-time without external authentication 89

startup tab 101status messages 216stopApplicationInstance()

Hawk method 196subscription service 10

configuration tab 113fields 113schema tab 121schema view tab 118transport tab 115

T

TIBCO Hawkbackground information 170enterprise monitor components 170

TIBCO Hawk methodsgetComponents 183getRvConfig 187getStatus 188reviewLedger 193

trace messageexample 212fields 214structure 212

Tracing 212Tracing Levels and Fields 214


Index | 253

transport tabpublication service 105request-response service 124subscription service 115

U

UNIXcombining options 33installing adapter 31post-installation 33supported LDAP servers 30

unregisterListener()Hawk method 197

Use Advanced Logging field, adapter 99using

global variables 152

V

variable substitution 152


254 | Index


tibco adapter for ldap - user's guide

Documents

tibco adapter

trademarks of tibco

use of tibco software

bundled tibco software

licensed tibco software

tibco hawk

tibco integrationmanager

tibco administrator