Configure Naming Contexts
For this procedure, in Management Agent Designer, on the Configure Naming Context page, you can select naming contexts (suffixes) and object containers (or sub-suffixes) you want to synchronize. Also, you specify credentials the management agent uses to read from or write to those naming contexts. To complete this procedure, you must be logged on as a member of the FIMSyncAdmins security group.
To specify naming context configuration
On the Naming Context Configuration page, select the naming context that you want to include.
Click Containers, and then do any of the following:
To select containers from the naming context root, in Select Containers, clear the check boxes to the left of the containers that you do not want to include. You must select at least one container. By default, all containers for the naming context are selected and all objects within those containers can be selected for synchronization on the Select Object Types page. If you are going to select only a small number of objects for synchronization, select only those containers that contain those objects.
To filter and select specific containers where permissions or schema configuration do not allow you to select higher-level containers, or to exclude specific containers, click Containers, click Advanced, and then, in Advanced Container, do any of the following:
To add a container, in Specify additional container to add, type the container name, click Include, and then click Add.
To exclude a specific container when its parent container is selected, in Specify additional container to add, type the container name, click Exclude container, and then click Add.
To remove a container, in Containers to synchronize, select the check box next to a container, ant then click Remove.
In Server Information, in Server type, verify that the correct directory server version is detected, and then, if you are configuring this management agent for use with a delta import run profile, verify that Change log enabled is set to Yes.
To define search ranges within selected naming context containers with a large number of objects
In Server Information, select Define Search Ranges, and then click Configure.
In Configure Search Ranges, click Select, and then, in Select Attributes, in Available attributes, click an attribute, and then click Add. To remove an attribute from the Attribute list, select an attribute, and then click Remove.
To further configure by-value search ranges for an attribute, in Attribute click an attribute, click Add, and then type a search range point value.
To export (save) a search range, click Export, type a file name, and then click Save.
To import (open) a search range, click Import, click the advanced search range file that you want to import, and then click Open.
Note
Search filter clauses are combined with an AND operator in the order that you add them to the list, however, two or more search ranges can return the same result if a search range overlaps the same value as another search range. For example: Order 1 Value B, and Order 2 Value A, and Order 3, Value C return attributes with values beginning with B twice.
Important
By default, this management agent uses a wildcard query =* (that is, equal to anything) to find all objects in a selected container. Due to Lightweight Directory Access Protocol (LDAP) administrative limits, an error can be generated if too many queries are performed on a single directory container namespace. This can occur for directories with a large number of objects. To circumvent this limit, you can use the Define Search Ranges option to configure smaller, more manageable container namespace searches. This option implements anti-trawling filters to define targeted beginning and end points for a search range. For example, to define a search range that applies search range for attribute values that are less than A, including all values A and less than B, including all values B and less than C, and including all values C and nothing more than C, you need to configure the Order and Value for search range listed in the following table.
| Order (user defined) | Value (user defined) | Filter |
|---|---|---|
1 |
A |
(&(cn <=A)) |
2 |
B |
(&(!(cn >=A))(cn <=B)) |
3 |
C |
(&(!(cn >=B))(cn <=C)) |
4 |
C |
(&(!(cn >=C))(cn <=C)) |
Important
If objects within a naming context (suffix) and parent container are not discovered, it may be because the parent container does not also contain an object with the numsubordinates attribute, or the numsubordinates attribute contains an invalid value. This can occur when a parent container only contains sub-suffix child containers. Sub-suffix containers are manually created and exist on a separate database from the parent container. To work around this, only select the most specific container that contains the sub-suffix root objects. This will bypass those parent containers with objects with invalid or missing numsubordinates values. You can also create an object at the same level as a sub-suffix container (not a sub-suffix root object) within the parent container. This forces the management agent to detect child containers because the parent container will have an object with a valid numsubordinates value.
Note
You can only select one naming context per management agent.
Note
If the directory server does not have change log enabled, you cannot create a delta import run profile.
Note
When you select containers, a blue check mark in a white box next to a container indicates that the parent container and all of the child containers are selected. A white check mark in a gray box indicates that the parent container is selected and that one or more child containers are not selected. No check mark in a grey box indicates at least one child container is selected, but the parent container is not selected. When you create a new management agent, all of the check boxes next to the container objects for the selected naming contexts are selected by default.
See Also
Concepts
Using the Management Agent for IBM Directory Server
Using the Management Agent for Sun and Netscape Directory Servers