As part of your planning, you need to make sure that certain Novell eDirectory objects are replicated on servers where you want to run DirXML drivers.
You can use filtered replicas, as long as all of the objects and attributes that the driver needs are included in the filtered replica.
Keep in mind that you must give the DirXML Driver object sufficient eDirectory rights to any objects it is to synchronize with connected systems, either by explicitly granting rights to the Driver object, or by making it security equivalent to an object that has the desired rights.
An eDirectory server that is running a DirXML driver (or that the driver refers to, if you are using Remote Loader) must hold a master or read/write replica of the following:
You should have one Driver Set object for each server that is running DirXML. Unless you have specific needs, don't associate more than one server with the same Driver Set object.
NOTE: When creating a Driver Set object, the default setting is to create a separate partition, but this is not required.
The Server object is necessary because it allows the driver to generate key pairs for objects. It also is important for Remote Loader authentication.
A DirXML driver can't synchronize objects unless a replica of those objects is on the same eDirectory server as the Driver object. In fact, a driver will synchronize the objects in all the containers that are replicated on the server unless you create rules to specify otherwise (rules for scope filtering).
If you want a driver to synchronize all user objects, for example, the simplest way is to use one instance of the driver on a server that holds a master or read/write replica of all your users.
However, many environments don't have a single server that contains a replica of all the users. Instead, the complete set of users is spread across multiple servers. In this case, you have two choices:
Aggregate users onto a single server. You can create a single server that holds all users by adding replicas to an existing server. Filtered replicas can be used to reduce the size of the eDirectory database if desired, as long as the necessary user objects and attributes are part of the filtered replica.
Use multiple instances of the driver on multiple servers, with scope filtering. If you don't want to aggregate users onto a single server, you will need to determine which set of servers holds all the users, and set up one instance of the DirXML driver on each of those servers.
To prevent separate instances of a driver from trying to synchronize the same users, you need to use scope filtering to define which users each instance of the driver should synchronize. Scope filtering means that you add rules to each driver to limit the scope of the driver's management to specific containers. For more information, see Managing Users on Different Servers Using Scope Filtering.
To move an object, DirXML must have both the source container and the destination container replicated on the same server.
For example, if you have created a container named Inactive Users to hold user accounts that have been disabled, you must have a master or read/write replica of that container on the server where the driver is running.
NOTE: If you are using read/write replicas instead of master replicas, we recommend you set up the Move Proxy driver to facilitate moves from one container to another. This driver and instructions are available from Novell Support.
DirXML drivers do not require you to specify eDirectory Template objects for creating users. But if you specify that a driver should use a template when creating users in eDirectory, the Template object must be replicated on the server where the driver is running.