6.2 Creating Classes and Attributes

Designer allows you to create Identity Vault classes and attributes to fit the needs of your environment. You can test and use the new schema with the Identity Manager drivers in Designer before implementing it in the production environment.

6.2.1 Creating Identity Vault Classes

Adding a Class

  1. In the Modeler, right-click the Identity Vault, then select Manage Vault Schema.

    The Classes tab lists all classes that are defined in the schema and stored in Designer. For more information about the Classes tab, see Section 6.1.1, The Classes Tab.

  2. Select the Add a Class icon The Create Class icon .

  3. In the Create Class Name dialog box, specify the class name (for example, EmpInfo) and ASN1 ID (if applicable), then click Next.

    For more information about ASN1 IDs, see ASN1.

  4. In the Class Flags dialog box, select the class type, then click Next.

    For information about the class type options, see Table 6-2.

  5. In the Class Inheritance dialog box, select the classes from which the new class inherits, then click Next.

    Select one or more classes in the Available classes list and move them to the Inherited classes list with the right-arrow button. Remove classes from the Inherited classes list using the left-arrow buttons.

  6. In the Mandatory Attributes dialog box, select the mandatory attributes, then click Next.

    The inherited attributes displayed in the Inherited mandatory attributes pane depend upon the classes from which the new class inherits.

  7. In the Optional Attributes dialog box, select optional attributes, then click Next.

    The Inherited optional attributes pane lists default optional inheritances.

  8. In the Naming Attributes dialog box, select the naming attributes, then click Next.

    The Identity Vault schema allows for inheritance from other classes. A class that another class inherits from is called a superclass. A class can inherit attributes from one or more superclasses.

    Every class inherites from the superclass Top. No class exists above Top. For example, Group inherits directly from Top, but User inherits from Organizational Person. Organizational Person inherits from Person. Person inherits from ndsLoginProperties, and ndsLoginProperties inherits from Top.

  9. In the Containment Classes dialog box, select the containment classes for the new class, then click Next.

    This specifies the types of container classes that can contain the new class. For example, if you select the class Group, the Manage Schema tool lists Domain, Organization, and Organizational Unit classes as containment classes for the Group class

  10. In the New Class Summary, review the new class information, then click Finish.

    The new class appears in the Classes pane.

  11. Click OK to save changes and close the Manage Schema tool.

Adding a Note

Designer allows you to add notes about any class you create. The information is stored as desc in the .ldif file and as a note in the .sch file.

  1. Select the class you want to add a note to, then click the Schema Notes icon The Create Class icon .

  2. Type the note in the window, then click OK.

6.2.2 Creating Identity Vault Attributes

To create a new Identity Vault attribute:

  1. In the Modeler, right-click the Identity Vault, then select Manage Vault Schema.

  2. Select the Attributes tab.

    The Attributes list displays all attributes that are defined in the schema and stored in Designer. You can view all attributes at once, or view the attributes associated with a specific class by selecting a class from the drop-down list.

    For more information about the components of the Attributes tab, see Section 6.1.2, The Attributes Tab.

  3. Select the Add an Attribute icon Add Attribute.

  4. In the Create Attribute Name dialog box, specify the attribute name (for example, EmpID) and an ASN1 ID, if applicable, then click Next.

    For more information about the ASN1 ID, see ASN1.

  5. In the Attribute Syntax dialog box, select the proper attribute syntax, then click Next.

    An attribute syntax defines a standard data type that an attribute uses to store its values in the Identity Vault. Each attribute must have a syntax. See Table 6-5.

  6. In the Attribute Flags dialog box, select the flags for the attribute, then click Next.

    Attribute flags constrain the information that is stored in the attribute, and the list of acceptable operations that the Identity Vault, and Identity Vault clients, can perform on the attribute. For more information about attribute flags, see Flags.

  7. In the New Attribute Summary dialog box, review the new attribute information, then click Finish.

    The new attribute appears in the Attributes list.

  8. Click OK to save changes and close the Manage Schema tool.