Data Sources

Adding a Data Source

Adding an RDBMS Data Source

Creating an LDAP Request

Configuring an LDAP Data Source

Configuring an LDAP Sub Data Source

Configuring an RDBMS Data Source

Configuring a DSML Data Source

Deleting a Data Source

Exporting Data to generate a DSML file

Importing DSML Data into a Directory

LDAP/DSML Directory Browser

RDBMS Database Browser

Improvements in Data Sources feature in COGNITUM 7.8.00

A data source in COGNITUM can be

Representation of an LDAP-enabled directory or
Aggregate of several representations of LDAP-enabled directories or
RDBMS database or
DSML file

A COGNITUM application can handle data stored on different supports. This multi-data source concept makes it possible for COGNITUM applications to be assigned several data source types.

Configuring a data source allows to manage finely:

identifications
authentications
confidentiality, and
the connection strategy to the information storage supports

Authentication data source

Users connecting a COGNITUM application must be referenced in an application data source known as the authentication data source. When this data source is an LDAP directory or a DSML file, each user is represented as an entry. When this data source is a relational database, COGNITUM searches for the user into a specific table or in the database declared accounts.

When connecting a COGNITUM application, a user provides his/her credentials. A COGNITUM login includes the following steps on the authentication data source:

Identification: search for the DN corresponding to the identifier entered by the user
Authentication (that is verification of the password)
Roles computing
Computing of the DN used by the login to bind to the directory on behalf of the user
Creation of COGNITUM session

Identification

This step uses the identification request defined in the COGNITUM Console. The request is processed on the authentication data source under the service account. COGNITUM expects to be returned only one result containing the user’s DN.

Authentication

This step is optional when the authentication was previously performed by a third party system (SSO, SSL). COGNITUM authenticates the user by binding onto the authentication data source. The user’s bind DN and password are used.

Roles computing

This step aims at drawing up the list of all the roles the user belongs to. Once the roles are identified, COGNITUM deduces the user’s application¬relative permissions.

Computing of the DN used by the session to bind to the directory

Later during the session, the user interacts with the authentication data source through COGNITUM. These actions may be performed:

under the user’s proper name (with the DN retrieved from the identification),
by using the proxy account defined in the data source, or
by using the proxy account defined in the user’s role.

The last two options are only accessible when the bind strategy is set as Use a proxy account. In this case, the proxy account is always used unless the user has a role to which a specific account is associated.

Secondary data sources

Logging onto a secondary data source can be run:

automatically, when accessing, for the first time, an information stored on this data source, or
on request, from the COGNITUM API.
A COGNITUM login with a secondary data source includes the following steps:
Identification (optional): Search for the DN corresponding to the identifier entered by the user
Authentication (optional)
Computing of the DN used by the login to bind to the directory

Identification

This step is meaningful only when COGNITUM must log into the secondary data source as the logged-in user. In this case, COGNITUM must find in the data source, the DN corresponding to the user. COGNITUM processes the identification request defined in the COGNITUM Console by using the service account. COGNITUM expects to be returned only one result containing the user’s DN.

Authentication

This step is only meaningful when COGNITUM must bind as the logged-in user. COGNITUM authenticates the user by binding onto the authentication data source. The user’s bind DN and password are used.

Computing of the DN used by the session to bind to the directory

Later during the session, the user interacts with the data source through COGNITUM. These actions may be performed:

under the user’s proper name (with the DN retrieved from the identification),
by using the proxy account defined in the data source,
by using the proxy account defined in the user’s role.

Adding a Data Source

Data sources are strongly application-dependent. Creating a new data source is only possible by linking it to an existing application (see “Applications”). You can create a data source only when at least one application is already set.

After selecting the Data Sources tree item, a click on the New Data Source button in the toolbar displays the New Data Source wizard.

Following supports are available for a data source;

LDAP directory server
relational database
DSML file
JDBC Driver Manager

The access parameters vary according to the data source type.

Adding an LDAP directory data source

Adding an LDAP directory data source consists in:

Identifying the LDAP server where the directory is located.
Configuring the connection to the LDAP directory server. An LDAP data source can be connected to several directory server instances provided that each instance manages exactly the same directory data. The benefits of connecting a data source to several directory server instances are the following:
Setting backup directories for reduced fail-over effects
Ensuring load balancing on directories

Adding a data source to an application is performed through the New Data Source wizard. The first Data Source Definition screen is displayed.

Figure: New data source wizard (LDAP directory data source definition)

Application: The Application list box identifies the application to be associated with the data source. Another application can be selected when there are several applications available in the tree.

Name: Each data source must have a name. Names shall be intuitive enough for COGNITUM Console users to cope with several data sources. Non-alphanumerical characters and blank spaces are prohibited.

Support: The LDAP option makes it possible to identify, in the lower part of the dialog box, the LDAP directory the data source as target. The LDAP Server Parameters area is activated when the LDAP option box is selected.

Hostname: This is the name of the machine where the LDAP directory server runs.

Port: It is the port number to the LDAP directory server.

Suffix: It is the suffix of the data source. When the DN is unknown, the torch button may be clicked to retrieve the directory suffix, or to display the suffixes list when there are several suffixes in the directory.

Secure Connection (SSL): Selecting the check box activates the SSL protocol to ensure communication privacy over COGNITUM server and the directory server. For more information, see the COGNITUM Installation Guide.

Test: The button makes sure the parameters to locate the LDAP directory are accurate and consistent.

A click on the Next button displays the second Data Source Connection Parameters screen.

Figure: New data source wizard (LDAP directory data source connection parameters)

Base: It is the start node of the query. The context can be entered manually. When the node DN is unknown, the torch button can be clicked to get the list of all available directory suffixes.

Filter: It is the LDAP filter on the request. The syntax can be entered manually. However, a click on the torch button launches the LDAP Request Builder.

You can create your LDAP request to be applied to the Filter box with the LDAP Request Builder. The LDAP Request Builder is meant to help you create an LDAP request. For more information about the LDAP Request Builder, see “Creating an LDAP request”.

Scope: The scope specifies the depth of the search for the connection request starting from the Base DN.

NOTE
For a Microsoft Active Directory or Microsoft Active Directory Application Mode (ADAM) server, the Filter and Scope can be configured after the Data source is created.

A click on the Finish button validates the definition parameters of the new data source.

COGNITUM manages several login variables that can be used in different parts of the product.

Table: Login variables

Variable	Description
$login	Login string provided by the user.
$userdn	Distinguished name of the directory entry representing the user on the authentication data source.
$userdn.attribute	Value of the attribute attribute in the directory entry representing the user on the authentication data source.
$userrdn	Relative distinguished name of the directory entry representing the user on the authentication data source.
$userrdnvalue	Right part of the relative distinguished name of the directory entry representing the user on the authentication data source.
$datasourcename::userdn	Distinguished name of the directory entry representing the user on the datasourcename data source.

Example

The application A works with two data sources DS1 and DS2. DS1 is the authentication data source.

DS1 configuration:

login strategy: Bind with the user's dn.
Identification request:
Base dn: o=itconcepts.net
depth: sub
filter: (&(objectclass=person)(uid=$login))

DS2 configuration:

login strategy: Bind with the user's dn
Identification request:
Base dn: ou=user, dc=itconcepts.net
depth: sub
filter: (&(objectclass=person)(cn=$DS1::userdn.cn))

To add an LDAP directory data source to an application

In the COGNITUM Console, select the Data Sources tree item and click the New Data Source toolbar button.
The New Data Source wizard is displayed. In the Data Source Definition screen, complete the first area:
When necessary, choose the application to associate to the data source by selecting it in the Application list box.
Select the LDAP option box.
In the Name box, enter the name of the new data source.
In the LDAP Server Parameters area, define the parameters of the LDAP server:
In the Hostname box, enter the name of the directory server machine.
In the Port box, enter the port number to this server.
In the Suffix box, type in a particular suffix of the data source, or click the torch button to select one of the available suffixes.
Select the Secure Connection (SSL) check box if you want to activate the SSL protocol.
Choose the Test button to check the LDAP server parameters you have just entered are correct.
Click the Next button.
In the Identification Request area, set the connection request for the new data source:
In the Base DN box, enter the DN corresponding to the root node for the request, or click the torch button to choose it from those available.
In the Filter box, enter the corresponding request, or click the torch button to launch the LDAP Request Builder. (To make a request with the LDAP Request Builder, see “Creating an LDAP request”).
Choose the depth of the search by selecting one of the three Scope option boxes.
Click the Finish button.

Adding an LDAP sub data source

NOTE
For more information about dynamic data sources, see the COGNITUM Data Abstraction Layer Javadoc.

Adding sub data sources to a main data source makes it possible to create LDAP referrals, also called dynamic data sources. A referral is a virtual link, from a directory to another one.

WARNING
All sub data sources must have the same directory structure as the main data source.

Sub data sources are defined in the Add Sub Data Source dialog box accessible with the Add Sub Data Source command from the context menu of the main data source selected in the COGNITUM Console tree.

Figure: Adding an LDAP sub data source

Name: Each sub data source must have a name. Non-alphanumerical characters and blank spaces are prohibited.

Hostname: This is the name of the machine where the LDAP directory server runs.

Port: It is the port number to the LDAP directory server.

Suffix: It is the suffix of the sub data source. When the DN is unknown, the torch button may be clicked to retrieve the directory suffix, or to display the suffixes list when there are several suffixes in the directory.

NOTE
The variable $datasource::suffix is evaluated according to the profile of the user connected to the main data source or one of the sub data sources. A dynamic data source with the variable $datasource::suffix makes it possible to use a generic resource on the main data source and on its sub data sources. For more information, see “Pre-defined variables”.

A click on OK validates the new sub data source. The sub data source is displayed in the tree under the main data source item. As sub data sources depend on their main data source, they are displayed under the main data source node only in the COGNITUM Console. They cannot be configured specifically (role, resource, and so on) in the COGNITUM Console.

Implementing a dynamic data source, composed of sub data sources, must include some user login customization, as documented in the COGNITUM Data Abstraction Layer Javadoc.

To add a sub data source to an LDAP directory data source

In the COGNITUM Console, right-click the LDAP data source which you want to associate a sub data source to, and choose Add Sub Data Source.
In the Add Sub Data Source dialog box, enter the name of the new sub data source in the Name box.
In the Hostname box, enter the name of the directory server machine.
In the Port box, enter the port number to this server.
In the Suffix box, type in a particular suffix of the data source, or click the torch button to select one of the available suffixes.
Click the OK button.

Adding an RDBMS Data Source

The information managed by a COGNITUM application can be stored on a relational database. Similarly, application data can be distributed on different storage support for example an LDAP data source and an RDBMS one.

Adding an RDBMS data source consists in defining:

database type,
parameters,
connection mechanism for accessing the database.

Adding an RDBMS data source to an application is performed through the New Data Source wizard accessible with a click on the New Data Source toolbar button.

Figure: New data source wizard (RDBMS data source definition)

Application: The Application list box identifies the application to be associated with the data source

NOTE
By default, the application from which the data source is created appears in this list box.

Name: Each data source must have a name. Names shall be intuitive enough for users to cope with several data sources. Non-alphanumerical characters and blank spaces are prohibited.

Support: Selecting the Relational Database option displays, in the lower part of the screen, the database parameters boxes.

Database Type: COGNITUM manages the features specific to the databases mentioned below. For more information about how to configure each database, see “Database configuration”.

COGNITUM helps you pre-configure the access parameters with a number of database types:

Access
DB2 (IBM)
Excel
Generic
Oracle 8i Oci
Oracle 8i Thin
Oracle 9i Oci
SQL-Server (Microsoft)

The Generic database type is available and must be selected when the database used is not among the five mentioned previously. Selecting this database type makes it possible to configure the database access parameters manually. Selecting the Access, Excel or Generic type displays the Key/Value array. It is meant to be entered with the key/value couples standing for the database access parameters.

Example

Below is a possible configuration for the Microsoft Access database

Table: Microsoft Access database configuration example

Key	Value
driverClassName	sun.jdbc.odbc.JdbcOdbcDriver
databaseURL	jdbc.odbc:odbcdatasourcename

For Access databases, the generic plug-in is provided. The plug-in automatically sets the database connection properties. In the example above, the driverClassName is the JDBC driver to use for connecting the database. It is the JDBC/ODBC bridge provided by Sun Microsystems Inc. The databaseURL property is the JDBC driver URL used to connect the database.

Driver Class Name: This is the name of the class that implements the connection pool for the selected database. The class must implement the javax.sql.ConnectionPoolDataSource interface. By default, the box is filled in with the driver class name provided by the database producer

WARNING
The driver .jar files provided by the database manufacturer must be available in the COGNITUM classpath.

TIP
To add .jar files quickly, they can be saved directly in the COGNITUM-root/Server/devloader/lib folder. The application must be restarted.

NOTE
COGNITUM only manages JDBC 1.0 and 2.1 drivers.

Server Name: This is the host name where the database is located.

Server Port: It is the port number to the database server.

NOTE
When connecting a DB2 database, the Server Name box may be left empty.

Database Name: This is the name of the database located on the server previously mentioned

NOTE
For Oracle databases, the Database Name box corresponds to the SID. For SQL-Server databases, the Database Name box has no matching.

A click on the Test button makes it possible to check that the database access parameters are correct. It opens up the Identification dialog box.

Figure: Checking the RDBMS data source connection

To test the database connection parameters, a login/password sample is used. The test account must be granted access rights on the database. The access right is identified by a login/password couple.

Back in the wizard, a click on the Next button displays the second Data Source Connection Parameters screen.

Figure: New data source wizard (RDBMS data source connection parameters)

The Service Account area defines the administration account for the data source. The service account is used by COGNITUM to access the database for internal operations. This account is used by COGNITUM to retrieve information specific to the database. It must have read access rights on user and group entries of the database. For some specific database type such as the SQL-Server one, when the account is invalid, the anonymous account is used instead.

Login: This is the account identifier to be used to connect the database.

Password: The box must be populated with the password associated to the login previously entered.

A click on the Test the Acco unt button makes it possible to check that the login/password couple is valid.

The Authentication Mechanism area makes it possible to select the authentication process on the database. COGNITUM allows to authenticate users on the database in two different ways that are:

User account authentication, and
SQL request authentication.

Check vs Database User Account: This option makes it possible to identify the user on the database through his/her user account. When the user login/password couple matches an existing account in the database, the authentication succeeds. When the user logs onto the application, he/she enters his/her login and password. COGNITUM then checks that the login/password matches an account in the database. If so, the user is authenticated.

Use Custom Query: This option makes it possible to authenticate the user on the database through an SQL request. This authentication mechanism relies on the association between the generic account and an authentication request. The service account is used to connect the database. Once connected, an authentication request can be sent to the database. The request result makes it possible to know whether the user is identified on the database or not. When the request returns one result, the user is authenticated.

The FROM and WHERE boxes help you create the authentication request.

FROM: The box must be filled in with the name of the table(s) or view(s) standing for the FROM clause of the SQL request. A click on the torch button opens up the Table Selection dialog box.

Figure: Table selection box

In the Table Selection dialog box, a click on the Schema list box displays the database schema available for a given user. The schema contains the tables list available for the authentication request. The Table Selection box makes it possible to search for a table of the previously selected schema. Once located, a click on the required table selects it. A click on OK validates the selection and closes the dialog box back to the wizard screen.

WHERE: This is the WHERE clause of the request. The box must be populated with the restriction constraints to be applied onto the table(s) selected. The request entered must allow to check that the user exists in the database. The information about the logged-in user are represented by the variables $login and $password. Below is an example of a chunk of the authentication request.

FROM [Login Table] WHERE [Login Column]= “$login” AND [Password Column]= “$Password”

A click on the torch button opens up the SQL Query Builder dialog box. The SQL Query Builder helps you create an accurate and consistent SQL request easily.

Figure: Table selection box

The SQL Query Builder is very similar to the LDAP Request Builder described in “Creating an LDAP request”.

Back in the wizard, a click on the Test button makes it possible to check that the request syntax is valid.

A click on OK creates the data source.

To add an RDBMS data source to an application

In the COGNITUM Console, select the Data Sources tree item and click the New Data Source toolbar button.
The Data Source Definition wizard screen is displayed. In the Data Source Definition area:
Choose the application to associate with the data source by selecting it in the Application list box.
In the Name box, enter the name of the new data source.
Select the Relational Database option box.
Select the database type to associate with the data source with a click on the Database Type area.
When necessary, modify the driver class name of the database in the corresponding box.
In the Server Name box, enter the name of the host where the database is located. In the Server Port box, enter the port number to the database server.
In the Database Name box, enter the name of the database located on the server previously mentioned.
Click Next to display the second screen of the wizard.
In the Service Account area, fill in the Login box with the account identifier to be used to connect the database. Populate the Password box with the password associated with the login previously entered.
In the Authentication Mechanism area, select the type of authentication to use:
Select the Check vs Database User Account option when you want the user to be authenticated on the database through his account.
Select the Use Custom Query option to identify the user on the database through an SQL request.
When the Use Custom Query option is selected, fill in:
FROM box with the name of the table(s) or view(s) standing for the FROM clause of the SQL request or click the torch button to open up the Table Selection dialog box and select a table,
WHERE box with the restriction constraints to be applied onto the table(s) selected or click the torch button to open the SQL Query Builder.
Click Finish to validate the creation of the data source.

Adding a JDBC Driver Manager Data Source

A COGNITUM data sorce can be JDBC Driver Configured in JDBC Driver Manager Preferences.

Adding a JDBC Driver Manager data source to an application is performed through the New Data Source wizard accessible with a click on the New Data Source toolbar button.

Figure: Data Source Definition

Application: The Application list box identifies the application to be associated with the data source

NOTE
By default, the application from which the data source is created appears in this list box.

Name: Each data source must have a name. Names helps users to cope with several data sources. Non-alphanumerical characters and blank spaces are prohibited.

Support: Selecting the JDBC Driver Manager option displays the JDBC Driver Manager parameters box.

Available JDBC Driver: All available JDBC Drivers configured in Configured in JDBC Driver Manager Preferences are listed in this dropdown list. Any JDBC Driver from the list can be selected to associate with the data source.

JDBC Url Template: All the JDBC Url templates configured for the available JDBC Driver are listed in this drodown list. The selected url template is then used to build the JDBC Url.

Connection Properties: All connection properties configured for the available JDBC Driver are displayed. The values of the properties can edited and are used to build the JDBC Url.

Resolved JDBC Url: Using selected JDBC Url Template and Connection properties are used to build the JDBC Url.

A click on the Test button makes it possible to check that the database access parameters are correct. It opens up the Identification dialog box.

Figure: Checking the JDBC Driver Manager data source connection

To test the database connection parameters, a login/password sample is used. The test account must be granted access rights on the database. The access right is identified by a login/password couple.

Back in the wizard, a click on the Next button displays the second Data Source Connection Parameters screen and it works similar as seccond step of Adding RDBMS Data Source as discribed in “Data Source Connection Parameters”.

To add a JDBC Driver Manager data source to an application

In the COGNITUM Console, select the Data Sources tree item and click the New Data Source toolbar button.
The Data Source Definition wizard screen is displayed. In the Data Source Definition area:
Choose the application to associate with the data source by selecting it in the Application list box.
In the Name box, enter the name of the new data source.
Select the JDBC Driver Manager option box.
Select the Available JDBC Driver to associate with the data source with a click on the Available JDBC Driver area.
Select the JDBC Url Template with a click on the JDBC Url Template area.
When necessary, modify the value of Connection Properties in the corresponding box.
Click Next to display the second screen of the wizard.
In the Service Account area, fill in the Login box with the account identifier to be used to connect the database. Populate the Password box with the password associated with the login previously entered.
In the Authentication Mechanism area, select the type of authentication to use:
Select the Check vs Database User Account option when you want the user to be authenticated on the database through his account.
Select the Use Custom Query option to identify the user on the database through an SQL request.
When the Use Custom Query option is selected, fill in:
FROM box with the name of the table(s) or view(s) standing for the FROM clause of the SQL request or click the torch button to open up the Table Selection dialog box and select a table,
WHERE box with the restriction constraints to be applied onto the table(s) selected or click the torch button to open the SQL Query Builder.

Click Finish to validate the creation of the data source.

Adding a DSML file data source

A COGNITUM data source can be a DSML file. Adding a DSML file support data source is performed through the New Data Source wizard.

Figure: New Data Source Definition

Application: The Application list box identifies the application to be associated with the data source. Another application can be selected.

Name: Each data source must have a name. Names shall be intuitive enough for users to cope with several data sources. Non-alphanumerical characters and blank spaces are prohibited.

Support: The DSML option makes it possible to identify, in the lower part of the dialog box, the DSML file the data source as target. The DSML File Parameters area is displayed when the DSML option box is selected

File: This box specifies the path to the DSML file. When the path is unknown, a click on the torch button helps select a DSML file

WARNING
Once the path to the DSML file is indicated, COGNITUM actually retrieves the file and relocates it under a specific path: ApplicationServer/webapps/application/WEB_INF/config/dsml.

Suffix: It is the directory root suffix for the data source. When it is unknown, the torch button may be clicked to display all the directory suffixes available.

Test: This button checks the parameters of the DSML file are accurate and consistent

NOTE
When the selected DSML file is loaded for the first time, it is necessary to let COGNITUM perform the load for a few seconds.

A click on the Next button displays the second Data Source Connection Parameters screen where to configure the connection to the DSML file previously defined.

Figure: New Data Source Connection Parameters

Base: It is the start node of the query. The context can be entered manually. When the node DN is unknown, the torch button can be clicked to get the list of all available directory suffixes.

Filter: It is the LDAP filter on the request. The syntax can be entered manually. However, a click on the torch button launches the LDAP Request Builder.

Scope: The scope specifies the depth of the search for the connection request starting from the Base DN. The scope options are:

Object: The search is restricted to a single entry, that is the context.
One Level: All objects at one level below the context can be searched, but the object itself.
Sub Tree: The entire tree below the specified context is searched. The object is included

NOTE
By default, the Base DN, Filter and Scope boxes are filled in with specific values for they represent the most common settings covering most configurations.

A click on the Finish button validates the definition parameters of the new DSML file type data source.

To add a DSML file type data source to an application

In the COGNITUM Console, select the Data Sources tree item and click the New Data Source toolbar button.
The New Data Source wizard is displayed. In the Data Source Definition screen, complete the first area:
When necessary, choose the application to associate to the data source by selecting it in the Application list box.
In the Name box, enter the name of the new data source.
Select the DSML option box to specify the data source is a DSML file.
In the DSML File Parameters area:
Fill in the File box with the path to the DSML file, or click the torch button to display all available directories to the DSML file.
In the Suffix box, enter the directory node DN or click the torch button to display all available suffixes.
Click the Test button to check the DSML parameters compatibility.
Click the Next button to display the second wizard screen.
In the Identification Request area, set the connection request for the new data source:
In the Base box, enter the DN corresponding to the root node for the request, or click the torch button to choose it from those available.
In the Filter box, enter the corresponding request, or click the torch button to launch the LDAP Request Builder. (To make a request with the LDAP Request Builder, see “Creating an LDAP request”).
choose the depth of the search by selecting one of the three Scope option boxes.
Click the Finish button. The data source icon appears in the tree with the label you have given it. It also appears in the property view with its name, type and server name.

Creating an LDAP Request

In the COGNITUM Console, some dialog boxes include a Filter box. A click on the torch button of any Filter box displays the LDAP Request Builder dialog box.

The LDAP Request Builder assists you in creating an accurate and consistent LDAP request

NOTE
The Filter box can be filled in manually with an LDAP request. In that case, the LDAP Request Builder is able to parse the LDAP request entered in the Filter box and fill in properly the cells within the LDAP Request Builder. Once the LDAP request is transferred into the LDAP Request Builder, the request can be modified.

Figure: LDAP Request Builder

Remove: A click on the Remove button deletes the line selected in the Elementary Requests area.
AND / OR: The AND and OR option boxes must be checked to be defined as the logical operators for the request

WARNING
The requests can only be defined with one of the two logical operators available.

The Intermediate Requests group lists second logical level requests. Once a request is created in the Elementary Requests area, it is translated into LDAP syntax in the Expression cell of the Intermediate Requests area.

Expression: Each line of the Expression cell stands for the combination of several elementary requests –provided several elementary requests have been created, otherwise the LDAP syntax of the only request created is displayed in the Expression cell. The Expression cell is automatically updated with the LDAP syntax resulting from the creation of an elementary request in the Elementary Requests area.
AND / OR: The AND and OR option boxes must be checked to be defined as the logical operators for the intermediate request definition.
Insert: A click on the Insert button sets the Elementary Requests array to blank and adds a blank Expression cell in the Intermediate Requests area.
Remove: A click on the Remove button deletes the line selected in the Intermediate Requests area.

The Final Request area is made of the Expression box.

Expression: It displays the LDAP request resulting from the combination of the elementary and intermediate requests created.

A click on OK validates the LDAP request. The request displayed in the Expression box is used as filter in the related Filter box.

To create an LDAP request

In the COGNITUM Console, for any Filter box, click the facing torch button to launch the LDAP Request Builder.
In the Elementary Requests area, fill in the Attribute, Operator and Value cells with the values to be used for the first logical level of the LDAP request.
Check the AND or OR option box to define one of them as the logical operator of the request.
Click the Insert button in the Elementary Requests area to add a new request definition line or:
Click the OK button if the request creation is finished.
Click the Insert button in the Intermediate Requests area, if you want to add a second logical level for the request. If so, proceed as follows.
In the Elementary Requests area, fill in the Attribute, Operator and Value cells so as to create the second logical level request. Choose AND or OR as operator for the request.
Click the Insert button in the Elementary Requests area to add the request in the Expressions cell of the Intermediate Requests area.
Repeat the same operations for each new definition level of the request to be added.
Click OK to validate the creation of the LDAP request.

Configuring an LDAP Data Source

When an LDAP data source is listed as an LDAP icon in the COGNITUM Console tree, COGNITUM automatically creates categories of information for the data source.

A click on the data source label in the tree opens the Data Source configuration property view

TIP
When the Data Sources item is highlighted in the COGNITUM Console tree, the facing view lists the data sources available. A double-click on a data source item in this view displays its properties.

Data Source Definition

In the property view of a selected LDAP data source, the Definition tab displayed by default provides the definition parameters of the data source. This tab gives information about the general settings of the selected data source. It also makes it possible to add an LDAP server to an LDAP-type data source.

Figure: Data source definition properties

The Data Source Definition area recalls the main features of the highlighted data source. COGNITUM makes it possible to change any of these properties specified when creating the data source. For more information, see “Adding a data source”.

Name: The name of the data source can be changed. However, when changing the name of a data source you must check that the connection parameters of the related data sources are still valid. For example, when renaming the authentication data source, as secondary data sources are bound to it, the connection parameters of the secondary data sources must be updated accordingly.

Type: When the selected data source is of LDAP Directory type, the area below is titled LDAP Directory Parameters.

The LDAP Directory Parameters area indicates the LDAP server set for the data source.

Insert: The Insert button enables to add new LDAP servers for the data source standing then for new instances of the data source.

Remove: The Remove button deletes the selected LDAP server

NOTE
The Remove button is only accessible when two LDAP servers at least have been set for the data source.

Hostname: This is the name of the machine where the LDAP directory server runs.

Port: It is the port number to the LDAP directory server.

Read: When selected, this option allows read access on the LDAP server.

Write: When selected, this option allows write access on the LDAP server.

Backup: This option defines the server as a backup directory and is used when the main server collapses.

Common Suffix: It is the directory root suffix for the data source. When it is unknown, the torch button may be clicked to display all the directory suffixes available.

Secure Connection (SSL): Selecting the check box activates the SSL protocol to ensure communication privacy over COGNITUM server and the directory server.

Transparent Referrals: When the java.naming.referral property—in the Properties tab—is set to follow, this check box is available. A referral is a virtual link, from a directory to another directory. Conditionally, the directory must be configured to allow referrals.

A referral is a dn like: ldap://host:port/cn=lucho,o=itc.com
A transparent referral is a dn like: cn=lucho,o=itc.com

When this options is checked, the dn returned by searches on the referred directories take the form of cn=lucho,o=itc.com

Test: This button checks the parameters for the LDAP server are correct.

Load: A click on the button launches the Load Balancing dialog box.

Figure: Load Balancing box

This dialog box allows to set the load balancing on COGNITUM data sources. Load balancing can be set for each data source instance declared in the LDAP Directory Parameters area.

The Weight Factor box defines the load distribution onto the directory instance. The directory instance with the highest number in its Weight Factor box is accessed in a higher proportion. For example, for ten connections shared between three directory instances with the weight factor set as follows,

Directory instance 1: weight factor = 8
Directory instance 2: weight factor = 1
Directory instance 3: weight factor = 1

The directory number 1 is used eight times, the directory instance number 2 is used once so is the directory instance number 3.

The Maximum Load box indicates the maximum number of connections to be created between COGNITUM and the server instance. When this number is exceeded, the connection request is stacked.

The Recommended Load box represents the maximum number of connections authorized for the server. This threshold is only exceeded on load peaks until it reaches the maximum load.

A click on the OK validates the load balancing parameters and closes the Load Balancing dialog box.

Back in the Definition tab, a click on the Apply button validates the parameters.

To add an LDAP server for a data source

In the tree, select the LDAP-type data source you want to modify under the Data Sources item.
Select the Definition tab.
In the LDAP Directory Parameters area, click the Insert button.
Fill in the Hostname and Port columns respectively with the name and the port number of the new server.
Select the Read and/or Write and/or Backup check boxes.
In the Suffix box, enter the same root node for the new server as for other servers of the data source, or click the torch button to display all available suffixes.
Click the Test button when you want COGNITUM to check the parameters you have entered are accurate and consistent.
Click the Load button to set load balancing on data sources instances.
Configure the load balancing with a click on the Load button.
Click Apply to validate the parameters you have entered.

Data source access authentications

In the property view of a selected LDAP data source, the Authentications tab is used to set the credentials for the data source service account.

Figure: Data source access authentications properties

The Service Account area defines the administration account for the data source. The service account is used by COGNITUM to access the LDAP directory for internal operations such as matching the user's login with a DN. It must have read access rights on user and group entries of the directory. If the account is invalid the anonymous account is used instead. As a general rule, specifying a service account is not necessary. However it may be required for administration purpose or by directories that do not support the Anonymous role.

The service account is used to:

launch identification requests,
determine the roles the user belongs to

WARNING
The account specified in the Service Account area must provide read access to the directory entries so that they can be managed for the application.

DN: It is the distinguished name of the account used by COGNITUM to manage the application, for example uid=username, o=organisation. When the DN is unknown, a click on the torch button displays the Search for the DN of a user dialog box that enables to parameter the search for the DN.

Password: It is the password associated with the DN

WARNING
When the Service Account credentials are left empty, the built-in Anonymous role is used as the data source service account. Be aware that this role is likely to have insufficient rights to properly configure the data source. See “

Roles

”. |

The Identification Request area enables to update the connection to the LDAP directory server previously defined.

Base: It is the start node of the query. The context can be entered manually. When the node DN is unknown, the torch button can be clicked to get the list of all available directory suffixes.

Filter: It is the LDAP filter on the request. The syntax can be entered manually. However, a click on the torch button launches the LDAP Request Builder to create an LDAP request as documented in “Creating an LDAP request”.

Scope: The scope specifies the depth of the search for the connection request starting from the Base DN.

In the Bind Strategy area, the security role to access the data displayed by the data source is defined. COGNITUM supports two types of connection to the data directory.

Use the account of the logged-in user: This option box means that users access the directory data through the data source with their personal account credentials.

Use a generic account: It is a specific account with which all the directory queries are issued. It makes it possible for the users to connect automatically under this account. It defines the data span that can be interrogated by default for the data source.

A click on the Apply button validates the parameters.

To configure the access authentication rights for a data source

In the COGNITUM Console tree, select the data source you want to modify. Click the Authentications tab.
In the Service Account area, specify when necessary the account used by the COGNITUM Console to administer the data source. In the DN box, type in the distinguished name for the account: uid=username, o=organisation or more. In the Password box, enter the password associated with the DN.
In the Identification Request area, modify the connection request for the data source:
In the Base box, enter the DN corresponding to the root node for the request, or click the torch button to choose it from those available.
In the Filter box, enter the corresponding request, or click the torch button to launch the LDAP Request Builder. (To make a request with the LDAP Request Builder, see “Creating an LDAP request”).
Choose the depth of the search by selecting one of the three Scope option boxes.
In Bind Strategy, choose the option defining the directory data covered by the data source:
Choose Use the account of the logged-in user when you want the data source to connect the directory that each end-user is allowed to read with his/her account, or
Choose Use a generic account when you want to use a default user account to define the information accessed by the data source on the directory. Enter this account distinguished name and password in the DN and Password boxes.
Click Apply to validate your entries.

Data Source Properties

In the property view of a selected LDAP data source, the Properties tab displays specific features relating to the data source and how to access it.

Figure: Data source properties

Key: This column lists the data source features. A click on a feature highlights it and gives access to the facing value.

Value: It is the facing setting of the highlighted property. A click on a value makes it possible to select another one in the list box.

Table 5 Property keys

Property Key	Description	Default Value
java.naming.batchsize	Specifies the batch size of search results returned by the server.	1
java.naming.factory.initial	Fully qualified class name of the factory class which creates the initial context for the LDAP service provider	com.sun.jndi. ldap.LdapCtxFactory
java.naming.factory.url. pkgs	Package of the URL factory	com.sun.jndi.url
java.naming.ldap.attributes. binary	Specifies attributes which have non-string syntax. It extends the provider's built-in list of non¬string attributes (below).
java.naming.ldap.	String that specifies whether the	True
java.naming.ldap.	String that specifies how aliases are	always
java.naming.referral.limit	String of decimal digits specifying the maximum number of referrals to follow in a chain of referrals. A setting of zero indicates that there is no limit.	10
java.naming.referral	String that specifies how referrals shall be handled by the provider. The following values are defined for this property: follow: Automatically follow any referrals. Throw a ReferralException for each referral. ignore: Ignore referrals if they appear in results.	ignore
java.naming.security.	String that specifies the	simple

To configure an LDAP data source properties

In the COGNITUM Console tree, select the LDAP data source you want to modify under the Data Sources item. Click the Properties tab.
Click an item in the Key column to modify the key and/or click an item in the Value column to enter another value.
Click Apply to validate your entries.

Configuring an LDAP Sub Data Source

A sub data source is a standard LDAP data source that is dependent on a main LDAP data source. For more information about the configuration of a sub data source, see “Configuring an LDAP data source”.

Figure: Data source definition properties

NOTE
For more information about sub data sources, see “Adding an LDAP sub data source” and the COGNITUM Data Abstraction Layer Javadoc.

Configuring an RDBMS Data Source

An RDBMS data source is listed as a DB icon in the COGNITUM Console tree under the Data Sources item. When it is selected, the database connection and access parameters can be modified and configured in the facing property views.

Database Definition

In the property view of a selected RDBMS database, the Definition tab displayed by default provides the definition and parameters of the database. Access parameters are also listed. They can be modified when necessary.

Figure: Database definition properties

Name: This is the data source name. A click in the box makes it possible to change it. Non-alphanumerical characters and blank spaces are prohibited.

Type: When the selected data source is of Relational Database type, the Relational Database box in the Data Source Definition area is selected and the area below is titled Relational Database Parameters.

Database Type: A click in the list box displays the database types available. According to the database type selected, the other boxes in the Relational Database Parameters area are updated as described in “Database configuration” below.

A click on the Test button makes it possible to check that the new parameters are valid.

A click on the Apply button validates the modification(s).

To modify the definition parameters of an RDBMS data source

In the tree, select the RDBMS data source you want to modify under the Data Sources item.
Select the Definition tab.
In the Name box, you can change the name of the data source.
Click the Database Type list box to select another type of database for the data source.
Click the Driver Class Name box when you want to enter a different driver class name for the database.
In the Server Name box, change the name of the host where the database is located. Click the Server Port box to modify the port number to the database server.
In the Database Name box, enter:
for DB2 databases, the name of the database located on the server previously mentioned, or
SID for Oracle databases.
Click Test to check that the modifications are valid. Click OK to validate the modification(s).

Database Configuration

In the Definition tab of a selected RDBMS data source, it is necessary to set the Relational Database Parameters area according to the database type.

Oracle

Figure: Oracle database configuration parameters

Database Type: The selected type is Oracle. The Relational Database Parameters area is updated accordingly.

Driver Class Name: This is the name of the class that implements the connection pool for the selected database. The class must implement the javax.sql.ConnectionPoolDataSource interface. A click in the box makes it possible to enter a new driver class name.

NOTE
With Oracle 8i and 9i, the driver version depends of the VM version. For more information, see http://industry.java.sun.com/products/jdbc/drivers.

Server Name: This is the computer name where the database can be found.

Server Port: This is the listening port of the database listener (usually 1521).

Database Name: This is the database SID

NOTE
On Oracle 8i and 9i with the OCI driver, only the server name must be specified. The Server Name entry is the Net8 alias defined in the Oracle Listener. The Server Port and Database Name box are not used.

SQL Server

Figure: SQL Server

Driver Class Name: This is the name of the class that implements the connection pool for the selected database. The default entry is com.microsoft.jdbcx.sqlserver.SQLServerDataSource. A click in the box makes it possible to enter a new driver class name. Server Name: This is the computer name where the database can be found.

Server Port: This is the listening port of the database listener (usually 1433).

Access

Figure: Access database configuration parameters

Driver Class Name: This is the name of the class that implements the connection pool for the selected database. The default entry is com.calendra.jdbc.GenericConnectionPoolDataSource. A click in the box makes it possible to enter a new driver class name. Key/Value: The table lists the keys describing the database. Below is a possible configuration for the Microsoft Access database.

Table: Microsoft Access configuration example

Key	Value
driverClassName	sun.jdbc.odbc.JdbcOdbcDriver
databaseURL	jdbc.odbc:odbcdatasourcename

Generic

Figure: Generic database configuration parameters

Driver Class Name: This is the Java class to use as connection pool. This class is provided by any driver of JDBC 2.0 type. By default, the generic pool developed by ITConcepts is displayed. This generic pool allows to transform any JDBC 1.0 driver into a JDBC 2.0.

Key/Value: The table lists the keys describing the database. The databaseURL and driverClassName properties are to be set on the connection pool specified:

databaseURL: This corresponds to a JDBC driver URL and must be configured so.
driverClassName: This is a Java class name implementing a JDBC driver.

The following configuration makes it possible to define an Oracle data source using the generic driver:

driverClassName: oracle.jdbc.driver.OracleDriver
databaseURL: jdbc:oracle:thin:@zorro:1521:orcl The following configuration uses the Oracle JDBC 2.0 connection pool:
driverClassName: oracle.jdbc.pool.OracleConnectionPoolDataSource
databaseURL: jdbc:oracle:thin:@zorro:1521:orcl

NOTE
When connecting to DB2, Sybase, MySql database you can use Generic database type.

Excel

Figure: Excel database configuration parameters

Driver Class Name: This is the name of the class that implements the connection pool for the selected database. The default entry is com.calendra.jdbc.GenericConnectionPoolDataSource. A click in the box makes it possible to enter a new driver class name.

Key/Value: The table lists the keys describing the database. Below is a possible configuration for the Microsoft Excel database.

Table: Excel configuration example

Key	Value
driverClassName	sun.jdbc.odbc.JdbcOdbcDriver
databaseURL	jdbc.odbc:exceldatasourcename

Database Access Authentications

In the property view of a selected RDBMS database, the Authentications tab displays the database authentication parameters. The parameters entered at creation time can be modified.

Figure: Database access authentications properties

Service Account: This area makes it possible to change the account used by COGNITUM to connect the database:

Login: This is the login of the account on the database.
Password: This is the corresponding password for the account login. For more information about the service account, see “Adding an RDBMS data source”.
Test the Account: A click on this button allows to test the new account.
Authentication Mechanism: The area makes it possible to change the database user authentication process defined when creating the data source:
Check vs Database User Account: When this option is selected, the authentication mechanism checks that the user account matches an existing account in the database.
Use Custom Query: When this option is selected, the authentication process is performed through an SQL request. For more information about the authentication mechanism, see “Adding an RDBMS data source”.

Bind Strategy: This area makes it possible to define how the users access the database information. COGNITUM supports two types of connection to the database:

Use the account of the logged-in user: This option box means that users access the database information through the data source with their personal account credentials.
Use a generic account: It is a specific account with which all the SQL requests are issued. It makes it possible for the users to connect automatically under this account. It defines the data span that can be interrogated by default for the data source. When selecting this option, the Login/Password couple standing for the account to use must be entered in the corresponding boxes. A click on the Test the Account button makes it possible to check the account credentials are valid.

A click on the Apply button validates the parameters.

To configure the access authentications for an RDBMS data source

In the COGNITUM Console tree, select the data source you want to modify. Click the Authentications tab.
In the Service Account area, specify when necessary the account used by the COGNITUM Console to administer the data source. In the Login box, type in the login for the account. In the Password box, enter the password associated with the login.
In the Authentication Mechanism area, change the user authentication process on the database:
Click the Check vs Database User Account option when you want to identify the user on the database through his user account.
Click the Use Custom Query option when you want to identify the user on the database through an SQL request. Fill in the FROM and WHERE boxes to easily create the authentication request. Click the Test button to check that the request is valid.
In the Bind Strategy area, change the users access mode onto the database information:
Select the Use the account of the logged-in user option when you want the users to access the database information through the data source with their personal account credentials.
Select the Use a generic account option when you want the users to connect the database automatically with the generic account. Fill in the Login and Password boxes respectively with the account identifier and its associated password for the generic account to use. Click the Test the Account button to check that the couple is valid.
Click Apply to validate the changes.

Database Identification

In the property view of a selected RDBMS database, the Identification tab displays the identification query on the database.

Figure: Database identification properties

SQL Query: The box must be populated with an SQL query. The query must return a user DN which allows to connect the database. A click on the Test button makes it possible to check that the query is valid. A click on ctrl+space makes it possible to get automatically the tables and boxes invoked by the query

WARNING
In the query, the names of the columns must be entered in full, for example select PKID from CDM_DEMO.USERS

A click on the Apply button validates the parameters.

To configure the identification on an RDBMS data source

In the COGNITUM Console tree, select the RDBMS data source you want to modify. Click the Identification tab.
In SQL Query, type in the query representing a user DN to access the database. Click ctrl+space to get automatically the tables and boxes invoked by the query.
Click Test to check that the query is valid.
Click Apply to validate the changes.

Configuring a JDBC Driver Manager Data Source

The JDBC Driver Manager data source is listed as a DB icon in the COGNITUM Console tree under the Data Sources item. When it is selected, the database connection and access parameters can be modified and configured in the facing property views.

Database Definition

Figure: Database definition properties

Name: This is the data source name. A click in the box makes it possible to change it. Non-alphanumerical characters and blank spaces are prohibited.

Type: When the selected data source is of JDBC Driver Manager type, the JDBC Driver Manager box in the Data Source Definition area is selected and the area below is titled JDBC Driver Manager Parameters.

JDBC Url Template: All the JDBC Url templates configured for the available JDBC Driver are listed in this drodown list. The selected url template is then used to build the JDBC Url.

Connection Properties: All connection properties configured for the available JDBC Driver are displayed. The values of the properties can edited and are used to build the JDBC Url.

Resolved JDBC Url: Using selected JDBC Url Template and Connection properties are used to build the JDBC Url.

A click on the Test button makes it possible to check that the new parameters are valid.

A click on the Apply button validates the modification(s).

To modify the definition parameters of a JDBC Driver Manager data source

In the tree, select the JDBC Driver Manager data source you want to modify under the Data Sources item.
Select the Definition tab.
In the Name box, you can change the name of the data source.
Select the Available JDBC Driver to associate with the data source with a click on the Available JDBC Driver area.
Select the JDBC Url Template with a click on the JDBC Url Template area.
When necessary, modify the value of Connection Properties in the corresponding box.
Click Test to check that the modifications are valid.
Click Apply to validate the changes.

Data source access authentications

configuring the access authentications for JDBC Driver Manger data source is similer as RDBMS Datasource see “RDBMS Data Source Access Authentication”.

Database Identification

configuring the database identification for JDBC Driver Manger data source is similer as RDBMS Datasource see “RDBMS Data Source Database Identification”.

Configuring a DSML Data Source

A DSML data source is listed as an LDAP icon in the COGNITUM Console tree under the Data Sources item. When it is selected, the database connection and access parameters can be modified and configured in the facing property views.

Data Source Definition

In the property view of a selected DSML data source, the Definition tab displayed by default provides the definition parameters of the data source. This tab gives information about the general settings of the selected data source. It also makes it possible to change the DSML file.

Figure: DSML data source definition properties

Type: When the selected data source is of DSML type, the DSML File option box in the Data Source Definition area is selected and the area below is titled DSML File Parameters.

The DSML File Parameters area indicates the DSML file used as the data source.

File: This box specifies the path to the DSML file. To choose another DSML file, a click on the torch button displays a file selection box.

Suffix: It is the directory root suffix for the data source. When it is unknown, the torch button may be clicked to display all the directory suffixes available.

Test: This button checks that the parameters of the DSML file are accurate and consistent.

Clear Cache: When the selected DSML is modified and when another DSML file is chosen, a click on this button makes it possible to empty the temporary memory used to load the DSML file.

A click on the Apply button validates the parameters.

To modify the definition parameters of a DSML data source

In the tree, select the RDMS-type data source you want to modify under the Data Sources item.
Select the Definition tab.
In the Name box, you can change the label of the DSML data source.
In the DSML File Parameters area, click the browser button facing the File box to select another DSML file.
In the Suffix box, enter the directory node DN or click the torch button to display all available suffixes.
Click the Test button to check the DSML parameters compatibility.
When the DSML file has been modified or when another one is selected, click Clear Cache.
Click Apply to validate the parameters you have entered.

Data Source Access Authentications

In the property view of a selected DSML data source, the Authentications tab is used to set the credentials for the data source service account.

Figure: DSML data source access authentications properties

The Service Account area defines the administration account for the data source. The service account is used by COGNITUM to read the DSML file for internal operations such as matching the user's login with a DN. It must have read access rights on user and group entries of the directory. If the account is invalid the anonymous account is used instead. As a general rule, specifying a service account is not necessary.

The service account is used to:

launch identification requests,
determine the roles the user belongs to

WARNING
The account specified in the Service Account area must provide read access to the directory entries so that they can be managed for the application.

Password: It is the password associated with the DN.

WARNING
When the Service Account credentials are left empty, the built-in Anonymous role is used as the data source service account. See “

Roles

”. |

The Identification Request area enables to update the access to the DSML file previously defined.

Base: It is the start node of the query. The context can be entered manually. When the node DN is unknown, the torch button can be clicked to get the list of all available suffixes.

Scope: The scope specifies the depth of the search for the connection request starting from the Base DN.

In the Bind Strategy area, the security role to access the data displayed by the data source is defined. COGNITUM supports two types of connection to the DSML file.

Use the account of the logged-in user: This option box means that users access the DSML file data through the data source with their personal account credentials.

A click on the Apply button validates the parameters.

To configure the access authentication rights for a data source

In the COGNITUM Console tree, select the data source you want to modify. Click the Authentications tab.
In the Service Account area, specify when necessary the account used by the COGNITUM Console to administer the data source. In the DN box, type in the distinguished name for the account: uid=username, o=organisation or more. In the Password box, enter the password associated with the DN.
In the Identification Request area, modify the connection request for the data source:
In the Base box, enter the DN corresponding to the root node for the request, or click the torch button to choose it from those available.
In the Filter box, enter the corresponding request, or click the torch button to launch the LDAP Request Builder. (To make a request with the LDAP Request Builder, see “Creating an LDAP request”).
Choose the depth of the search by selecting one of the three Scope option boxes.
In Bind Strategy, choose the option defining the directory data covered by the data source:
Choose Use the account of the logged-in user when you want the data source to access the DSML file that each end-user is allowed to read with his/her account, or
Choose Use a generic account when you want to use a default user account to define the information accessed by the data source on the DSML file. Enter this account distinguished name and password in the DN and Password boxes.
Click Apply to validate your entries.

Data Source Properties

In the property view of a selected DSML data source, the Properties tab displays specific features relating to the data source and how to access it.

Figure: DSML data source properties

Key: This column lists the data source features. A click on a feature highlights it and gives access to the facing value.

Value: It is the facing setting of the highlighted property. A click on a value makes it possible to select another one in the list box.

Table 8 Data source properties

Property Key	Description	Default Value
com.sun.jndi.dsml.ignoreContentType	When set to true, the DSML provider ignores the content type of the document. Otherwise, the content type of the document must be text/xml or application/xml.	true
java.naming.factory.initial	Fully-qualified class name of the factory class which creates the initial context for the LDAP service provider	com.sun.jndi. ldap.LdapCtxFactory
java.naming.factory.url. pkgs	Package of the URL factory	com.sun.jndi.url

To configure a DSML data source properties

In the COGNITUM Console tree, select the LDAP data source you want to modify under the Data Sources item. Click the Properties tab.
Click an item in the Key column to modify the key and/or click an item in the Value column to enter another value.
Click Apply to validate your entries.

Deleting a Data Source

COGNITUM makes it possible to delete a data source easily and safely. The Delete command is accessible in the context menu of the selected data source in the COGNITUM Console tree.

WARNING
A data source can not be deleted when set as an authentication data source or when still defined in the properties of a resource used as a role.

The Delete Data Source message box pops up to warn the COGNITUM Console user about the consequences the deletion would bring.

To delete a data source

In the COGNITUM Console, choose the Delete command with a right-click on the data source.
Validate the deletion in the warning box.

Exporting Data to generate a DSML file

Exporting directory data is useful when that data must be processed by other software tools, or when it must be re-imported it into a different directory. Data is exported in DSML format.

The Export data from the directory command is available with a right-click on a selected data source.

The Export data dialog box opens up

Figure: Export data box

Export file: It is the name of the DSML export file. The name can be modified.

NOTE
Once created, the export file is stored in the COGNITUM-root/Server/archives/ folder.

Branch root: It is the node at which data export is to start. The torch button displays a structural view of the directory and makes it possible to select a directory node at a lower level. By default, the directory suffix is displayed.

Export options: The area offers the following additional export components.

Include branch root: The branch root of the directory itself is included in the export. Deselecting the option excludes the branch root from the export.
Export all tree: The entire directory tree below the specified node is exported.
Export partial tree: Only the specified number of levels below the node are exported.

Credentials: The area is used to select the account with which exporting a data source directory data is allowed.

Use the management account to perform export: It is the service account specified in the Authentications tab of the Data Source property window. When there is a specific service account, the option can be deactivated to grant the export rights to someone. When there is no specific service account, the option is deactivated and disabled.
Use a specific account: It defines the export function to one COGNITUM Console user. This specific account must provide read access to the data source to be able to perform the export operation. Even though it is not advised, the specific account can be left empty when the export function and the directory support the Anonymous role.
DN: It is the distinguished name of the account holder. The torch button displays the list of the available users in the directory. With the base DN and filter entered in the Search for the dn of user area, the Search button displays the list of the available accounts and DNs. The selected CN/DN fills in the DN box in the Export data box.
Password: It is the password associated with the DN.

WARNING
Whoever is granted the right to export data from a directory, the export account requires read access on the directory.

A click on OK launches the data export. Once completed, the exported file is created in the COGNITUM-root/Server/archives/ folder on the COGNITUM Application Server machine. Exported directories are stored in .xml file format.

To export data to generate a DSML file

In the COGNITUM Console tree, right-click a data source and choose the Export data from the directory command.
The Export data dialog box is displayed. In the Export file box, specify the name of the DSML file to produce.
In the Branch root box, leave the default start node or select another one from the list displayed by a click on the torch button.
Choose the Include branch root option to add the branch root directory itself in the export file.
Choose the Export all tree option to add the entire directory tree below the specified node or choose Export partial tree to specify the number of levels below the node.
When the Use the management account to perform export option is available, you can:
leave it to allow data export under the data source service account, or
deactivate it when you want to specify a user account.
When the Use the management account to perform export option is unavailable, you can:
specify a user account, or
leave the Use a specific account option empty as well. You allow the Anonymous role to export data—not recommended.
When you want to grant the export rights to a specific user account, you must fill in the DN and Password boxes. Click the torch button to display the list of the available accounts and DNs.
Click OK. Your export file is available in the COGNITUM-root/Server/archives/ folder on the COGNITUM Application Server machine.

Importing DSML Data into a Directory

COGNITUM makes it possible to import the content of a DSML directory file into other directories. The schema of a DSML file is excluded from the import process.

WARNING
Compatibility between the destination directory schema and the imported directory one is mandatory. The target directory must recognize all the object classes and attributes used in the DSML file.

The Import data from the directory command is available from a right-clicked data source.

The Import data dialog box is displayed.

Figure: Import data box

File: The .xml file to be imported from the COGNITUM-root/Server/archives/ folder must replace the default filename.

Branch root: It is the node at which data import is to start. The suffix displayed by default must be replaced to match the imported directory data. The torch button displays a structural view of the directory and makes it possible to select a directory node at a lower level.

Credentials: The area is used to select the account allowing data imports into the directory:

Use the management account to perform import: It is the service account specified in the Authentications tab of the Data Source property window. When there is a specific service account, the option can be deactivated to grant the export rights to someone. When there is no specific service account, the option is deactivated and disabled.
Use a specific account: It restricts the import function to one COGNITUM Console user. This specific account must provide write access to the application to be able to perform the import operation. Even though it is not advised, the specific account can be left empty when the import function and the directory support the Anonymous role.
DN: It is the distinguished name of the account. The torch button displays the list of the available users in the directory. With the suffix and filter entered in the Search for the DN of a user box, the Search button displays the list of the available accounts and DNs. The selected CN/DN fills in the DN box in the Import data box.
Password: It is the password associated with the DN

WARNING
Whoever is granted the right to import data into a directory, the import account requires write access onto the build-up directory.

A click on OK launches the import. Once completed, the imported file data is written in the accessed directory.

To import DSML data to build up a directory

In the COGNITUM Console tree, right-click a Data Source item and choose the Import data into the directory command. The Import data dialog box is displayed.
In the File box, type in the name of the .xmlfile to import from the COGNITUM-root/ApplicationServer/archives/ folder on the COGNITUM Server machine.
In the Branch root box, replace the default start node or select one from the list displayed by a click on the torch button.
When the Use the management account to perform import option is available, you can:
leave it to allow data import under the service account, or
deactivate it when you want to specify a user account.
When the Use the management account to perform import option is unavailable, you can:
specify a user account, or
leave the Use a specific account option empty as well. You allow the Anonymous role to import data—not recommended.
When you want to grant the import rights to a specific user account, you must fill in the DN and Password boxes. Click the torch button to display the list of the available accounts and DNs.
Click OK to launch the import process.

LDAP/DSML Directory Browser

When a data source is of LDAP type—that is LDAP directory or DSML file—the Directory Browser facility in COGNITUM makes it possible to view the directory schema. The entries and attributes in the directory can be modified too

WARNING
The Directory Browser performs LDAP operations with the service account defined for the data source.

The Directory Browser is accessible:

with a right-click on an LDAP/DSML data source object in the tree and by selecting the Open Browser command, or
with a click on the last button in the product toolbar and by selecting an LDAP/ DSML data source in the Configure Data Source Browser dialog box.

Figure: LDAP/DSML directory browser

The Directory Browser allows you to:

browse and search directory entries with the Directory Information Tree tab, and
view and make out the directory object classes structure with the Directory Schema tab.

The Directory Browser gives valuable information which can help build resources, create and modify attributes or entries:

the directory entries,
the attribute values,
the directory structure,
the objectclass organization.

Directory Information Tree Manager

The basic information unit in the directory is the entry, a collection of information about an object. Directory entries are organized in a tree-like structure known as the DIT (Directory Information Tree).

The Directory Information Tree Manager makes it possible to browse and manage the selected directory entries. Moreover, it allows to search for directory entries with LDAP requests.

Once the Directory Browser is launched, the Directory Information Tree tab is displayed. By default, the connected directory tree is displayed under the Tree subtab.

Figure: Directory information tree manager

At the top of the directory tree is the root node. Beneath are listed all the subjacent nodes of the root node. A click on any plus sign of a directory node unfolds it to display its related entries. Conversely, once opened, a click on any minus sign of a node folds it.

TIP
To display the entries located below a node the node can be also double-clicked. Conversely, when the node is unfolded, a double-click on the node closes it.

Similarly, a click on any node or entry displays in the facing table the attributes and corresponding values associated to the entry. At the top of the table, on the right part of the screen, the DN of the entry clicked in the directory tree is displayed.

A right-click on any entry in the directory tree displays the Copy DN command. This command makes it possible to copy the right-clicked DN to paste it anywhere for example in a .txt file or in a Console box to be populated with a DN. The DN can simly be pasted after being selected and copied right from the directory.

NOTE
When the directory is modified through another application, a click on the Refresh Node command updates the directory. The command is accessible with a right-click on any directory entry.

Adding an entry

The Directory Information Tree Manager makes it possible to add entries in the selected directory in three ways:

An entry can be added into the directory using a resource as template. The selected resource attributes are retrieved and applied to the new entry.
Another directory entry can be used as a template; the attributes and values of the template entry are copied into the new entry.
A directory entry can be added from scratch i.e manually entering the object classes, attributes and other related parameters for the new entry.

Adding an entry with a resource as template

With the Directory Browser, an entry can be added into the connected directory with a resource used as a template. It consists in selecting a resource declared in the COGNITUM Console and using it as a template, that is with all its associated attributes. In addition, the entry addition mechanism within the DIT Manager automatically retrieves:

the mandatory attributes for the objectclass(es) of the selected resource,
the optional attributes of the resource,
the RDN attribute of the resource.

A right-click on the required node in the Tree tab gives access to the with a resource as template command from the Add Entry menu. The Create entry with template resource dialog box is displayed.

Figure: Adding an entry with a resource as template

Resource: This list box gives access to all the resources created in the COGNITUM Console. One resource must be selected to be used as a template for the entry creation.

RDN Attribute: This informative line shows the attribute used to build the RDN of the resource. The box must be filled in with the value to assign to the RDN attribute. The type of value to enter depends on the RDN attribute syntax.

Attribute/Value: The two-column table below lists the attributes associated to the template resource and its matching values. Each Value box must be filled in accordingly unless a blank value is accepted for the facing attribute. The value entered must match the syntax of the facing attribute.

A click on OK validates the creation of the entry into the directory.

To add an entry with a resource as template

In the COGNITUM Console tree, right-click the data source into which you want to add an entry. Choose the Open Directory Browser command.
In the Directory Browser screen, click the Directory Information Tree tab and Tree sub-tab.
Browse the directory tree until you located the node under which the entry must be added. Right-click it and choose the Add Entry with a resource as template command.
Once in the Create entry with template resource dialog box, select the resource to be used as template in the Resource list box.
In the RDN Attribute box, enter the value to assign to the RDN attribute.
In the Attribute/Value table, fill in the Value boxes according to the syntax of each facing attribute. You can leave a box empty when a blank value is accepted for the attribute.
Click OK to validate the creation of the entry.

Adding an entry with an entry as template

COGNITUM makes it possible to create an entry from an existing directory one. The method consists in selecting an entry of the directory to be used as the pattern for the new entry. The attributes and values of the selected entry are automatically copied into the new one. The RDN attribute of the new entry must be entered for the new entry.

In the Directory Browser, a right-click on the node under which the entry must be added displays the with an entry as template command from the Add Entry menu. The New Entry dialog box is displayed.

Figure: Adding an entry with an entry as template

Entry Template: This identifies the entry defined as template for the creation of the new entry. A click on the torch button opens up the DN Chooser dialog box.

Figure: DN Chooser tree tab

In the DN Chooser dialog box, the Tree tab displays the directory tree. The directory can be browsed to locate the node below which the entry must be added.

The Search tab makes it possible to look for an entry in the directory. The search is performed by means of an LDAP request on the directory. The syntax of the request must be defined in this dialog box.

Figure: DN Chooser search tab

Base: This is the root node of the request. By default it is the connected directory root node. Another node can be entered manually or by clicking the torch button and selecting a node in the directory tree displayed.

Filter: This is the LDAP request on the directory. A DN or the segment of a DN must be entered manually or by clicking the torch button to launch the LDAP Request Builder. For more information, see “Creating an LDAP request”.

Scope This specifies the depth of the search starting from the selected base DN:

Object: The search is restricted to a single entry, that is the context.
One Level: All objects at one level below the context can be searched, but the object itself.
Sub Tree: The entire tree below the specified context is searched. The object is included.

A click on the Search button launches the search. The results are displayed in the dn table below. The required DN can be selected.

A click on OK validates the selection and closes the DN Chooser dialog box.

Back in the New Entry dialog box, the RDN of the previously selected entry is displayed in the RDN Attribute area.

Figure: Adding an entry with an entry as template

Value: This is the value to be assigned to the RDN attribute of the entry to create.

A click on OK validates the creation. The entry is created and is added to the directory tree below the selected node. For each attribute of the created entry, the facing values can be modified. For more information, see “Modifying an attribute value of an entry”.

To add an entry with an entry as template

In the COGNITUM Console tree, right-click the data source into which you want to add an entry. Choose the Open Directory Browser command.
In the Directory Browser screen, click the Directory Information Tree tab and Tree sub-tab.
Browse the directory tree until you located the node under which the entry must be added. Right-click it and choose the Add Entry => with an entry as template command.
In the New Entry dialog box, fill in the Entry Template box with the DN of the entry to be used as template or click the torch button to select one in the directory tree. Click the torch button then the Search tab to search for an entry in the directory with an LDAP request. Click OK.
In the RDN Attribute area, fill in the Value box with the value to assign to the entry RDN attribute mentioned in the line above.
Click OK to validate the entry creation.

Adding an entry without template

After browsing the directory and locating the required node through the Directory Information Tree Manager, an entry can be added into the directory. The Directory Information Tree Manager makes it possible to add an entry in the directory from scratch. Adding an entry without a template consists in:

defining the entry object classes,
selecting the object classes attributes,
naming and assigning a value to the RDN of the entry.

A right-click on the node under which the entry must be added displays the without template command from the Add Entry menu.

The entry creation process is performed through a three-step creation wizard. The first screen of the wizard helps choose the objectclasses of the entry.

Figure: Adding an entry without template first step

ObjectClasses: A click on the Insert button opens up the Objectclass Selection dialog box. This dialog box is actually the Directory Schema Viewer documented in “Directory schema viewer”. This dialog box allows to select the objectclass(es) of the entry providing relevant and useful information about their organization. Conversely, a click on the Remove button removes the objectclass(es) selected within the Objectclasses box.

A click on the Next button displays the second screen of the wizard. This step is dedicated to the selection of the attributes of the previously selected objectclasses.

Figure: Objectclasses box

Attributes of the entry: The Available Attributes box lists all the optional attributes that can be assigned to the entry. The Attributes Kept box lists the attributes defined for the entry. Bold attributes are mandatory. To associate an optional attribute to the entry, it must be selected and the right arrow-like button clicked.

TIP
For a multiple selection in the Available Attributes box, keep the ctrl button pressed while clicking the items to select.

RDN: This list box displays all the attributes that can be defined as the RDN attribute of the entry.

Value: This is the value to be assigned to the RDN attribute of the entry. A click on the Next button displays the third screen of the wizard.

Figure: Adding an entry without template second step

Attributes of the entry: This area lists all the attributes and matching values of the created entry. A click on any Value box allows to enter or modify the value of an attribute except objectclass and RDN attributes that cannot be modified.

A click on Finish validates the creation of the entry. The entry is created and is added to the directory tree below the selected node. For each attribute of the created entry, the facing values can be modified. For more information, see “Modifying an attribute value of an entry”.

NOTE
When the created entry is not automatically added in the directory tree, right-click the node under which it should appear and choose the Refresh Node command.

To add an entry without template

In the COGNITUM Console tree, right-click the data source into which you want to add an entry. Choose the Open Directory Browser command.
In the Directory Browser screen, click the Directory Information Tree tab and Tree sub-tab.
Browse the directory tree until you located the node under which the entry must be added. Right-click it and choose the Add Entry without template command.
In the first screen of the wizard, click the Insert button to open the Objectclass Selection dialog box. Select the objectclass to be assigned to the entry and click OK. Click Next to display the second screen of the wizard.
In the Available Attributes box, select the attribute(s) to be applied to the entry and click the right arrow-like button to shift it into the Attributes Kept box.
Select the RDN attribute for the entry in the RDN list box. In the Value box, enter a value for the selected RDN attribute. Click Next to display the third screen of the wizard.
In the Attributes of the entry table, click a Value box to add or modify a value to an attribute. Click Finish to validate the entry creation.

Adding an attribute to a directory entry

In the COGNITUM Console, the Directory Information Tree Manager makes it possible to browse the connected directory and gives information about the attributes of each entry. For each entry, standard attributes can be added with the DIT Manager directly into the physical directory. For more information about attributes, see “Attributes”.

In the Directory Information Tree Manager, a right-click on a directory node displays the Add attribute command. Selecting it displays the Add Attribute dialog box

Figure: Adding an attribute to a directory entry

Attribute: The list box identifies all the attributes of the objectclasses related to the entry.

Values: This table lists all the values of the selected attribute. Several values can be assigned to one attribute. A click on the ENTER key adds a blank line in the table for a new value to be entered.

A click on OK validates the operation.

The attribute is added to the entry and listed in the Attribute/Value table facing the selected entry. At any moment, the value of the attribute can be modified as documented in “Modifying an attribute value of an entry”.

To add an attribute to a directory entry

In the COGNITUM Console tree, right-click the data source into which you want to add an attribute. Choose the Open Directory Browser command.
In the Directory Browser screen, click the Directory Information Tree tab and Tree sub-tab.
Browse the directory tree until you located the entry for which the attribute must be added. Right-click it and choose the Add Attribute command.
In the Add Attribute dialog box, select the attribute to add with a click on the Attribute list box.
In the Values table enter the value(s) to assign to the selected attribute. Click enter to add another value and so on.
Click OK to validate the operation.

Modifying an attribute value of an entry

The attributes value of an entry can be updated in the Directory Browser. When a node or entry is selected in the Tree tab, in the facing table are listed all the attributes and matching values of the entry. The DIT Manager makes it possible to modify the existing value or add a new one.

A right-click on an Attribute or Value box in the table displays the Edit command. Clicking the Edit command opens up the Modify Attribute dialog box.

Figure: Modifying an attribute value of an entry

Value: The table lists all the values assigned to the attribute. At the bottom of the table the blank line can be populated with a new value for the attribute. Similarly, any value of the list can be modified by clicking the box and entering a new value.

A click on OK validates the modification.

To modify an attribute value of an entry

In the Directory Browser, select the Directory Information Tree tab and the Tree subtab. Select an entry in the directory tree. In the facing table right-click the attribute or value to modify and choose the Edit command.
In the Modify Attribute dialog box, enter a new value for the attribute or click an existing value box to modify it.
Click OK to validate the change.

Deleting a directory entry

The Directory Information Tree Manager makes it possible to delete a directory entry easily.

A right-click on a entry in the directory tree displays the Delete command.

The Delete message box pops up to warn you that the entry is to be deleted and its related children as well.

WARNING
This operation completely deletes the selected data from the directory.

Choosing Yes validates the deletion of the entry and its children.

To delete a directory entry

In the COGNITUM Console tree, right-click the data source into which you want to delete an entry. Choose the Open Directory Browser command.
In the Directory Browser screen, click the Directory Information Tree tab and Tree sub-tab.
Browse the directory tree until you located the entry to delete. right-click it and choose the Delete command.
Confirm the deletion in the message box.

Searching for a directory entry

The Directory Information Tree Manager makes it possible to search for an entry of the selected directory. Searching for an entry consists in typing in the LDAP request matching the required entry.

The Search sub-tab in the Directory Information Tree tab must be selected.

Figure: Searching for a directory entry

Filter: This is the LDAP request on the directory. An LDAP request or the segment of a request must be entered manually or by clicking the torch button to launch the LDAP Request Builder. For more information, see “Creating an LDAP request”.

Scope: This specifies the depth of the search starting from the selected base DN:

Object: The search is restricted to a single entry, that is the context.
One Level: All objects at one level below the context can be searched, but the object itself.
Sub Tree: The entire tree below the specified context is searched. The object is included.

A click on the Search button launches the search. The results are displayed in the dn table below. When the required DN is selected (highlighted in blue) its related attributes and values are displayed in the facing table.

For each DN, a right-click displays the Add Entry, Add Attribute, Copy DN and Delete commands. For more information about these commands, see “Directory information tree manager”.

In the table, a right-click on any Value or Attribute box displays the Edit command that allows to modify the value of an attribute. For more information, see “Modifying an attribute value of an entry”.

Copying an entry

The Directory Information Tree Manager makes it possible to copy a directory entry easily. Each entry of the directory, represented in the Tree or Search tab (in the DN table) can be copied. The entry can be pasted in another directory. It is then located below the destination entry and, subsequently becomes a new child of it.

WARNING
An entry is not copied when the process goes against the directory schema. An entry containing attributes with unique identifier cannot be copied and pasted into another directory entry.

The Copy command is accessible with a right-click on the entry to copy in the Tree or Search tab. Once the destination entry is located, right-clicking it displays the Paste command. Selecting the Paste command displays the Copy Entry dialog box.

Figure: Copying an entry

Copy Entry: This informative line identifies the DN copied.

Under DN: This is the destination entry the copied entry is pasted on.

RDN Value: The value of RDN attribute, mentioned in the line above of the copied

entry can be modified in this box.

WARNING
The uid RDN attribute value must be modified since the value of the RDN attribute must be unique.

With Children Selecting the check box makes it possible to copy the children located below the copied entry. When the entry to be copied has children, when the check box is selected, the whole branch is copied.

A click on OK validates the operation.

TIP
Copy/Paste operations can be performed with the drag-and-drop facility by selecting the entry to copy and dragging it toward the destination entry. The Copy Entry dialog box automatically pops up.

To copy a directory entry

In the Directory Browser, select the Directory Information Tree tab, click the Tree or Search tab and right-click the entry to copy.
Right-click the entry to paste the copied entry under and choose the Paste command.
In the Copy Entry dialog box, populate the RDN Value box with the value to assign to the RDN attribute of the new copied entry. Select the With Children check box when you want the children of the copied entry to be copied as well.
Click OK to validate the operation and copy the entry.

Duplicating an entry

The Directory Information Tree Manager makes it possible to duplicate an entry easily. Duplicating an entry consists in reproducing an entry in the directory n times. This operation is especially useful to quickly create a large directory. Once the directory has many entries, load performances can be tested extensively.

A right-click on an entry in the DIT Manager displays the Duplicate N times command. Selecting the command displays the Duplicate Entry dialog box.

Figure: Duplicating an entry

Duplicate Entry: This line recalls the entry which is duplicated.

Under DN: This line recalls where the entry duplicate is located.

Number of Duplicates: The box must be entered with the number of copies to apply to

the entry. The maximum number of duplicates is 5000.

A click on OK validates the duplication.

To duplicate an entry

In the Directory Browser, select the Directory Information Tree Manager tab and the Tree sub-tab. Right-click the entry you want to duplicate. Choose the Duplicate N times command.
In the Duplicate Entry dialog box, enter the number of duplicates to create in the Number of Duplicates box.
Click OK to duplicate the entry.

Directory Schema Viewer

In the COGNITUM Console, the Directory Schema Viewer makes it possible to browse the directory object classes. Information about object classes organization and their related attributes is accessible for helpful directory data management.

The COGNITUM Console-embedded Directory Schema Viewer is a schema browser designed for:

browsing the directory objectclasses,
identifying the inheritance relationship between objectclasses,
listing the attributes associated with each objectclass.

The Directory Schema Viewer facility is available for each data source of an application. A right-click on the required data source in the COGNITUM Console tree displays the Open Directory Browser command. Selecting it opens up the Directory Browser screen. The Directory Browser is also accessible with a click on the last button in the product toolbar. The data source to browse and its related application must be identified as a prior operation.

In the Directory Browser, the Directory Schema Viewer is accessible with a click on the Directory Schema tab.

Figure: Directory schema viewer

Enter an object class name: This area makes it possible to enter the first letters of the searched object class. While entering letters, the list below displays the objectclass possibly matching the search.

Select an object class: This scroll list makes it possible to select an object class among the complete list of the connected directory object classes.

Ancestors: This table identifies the ancestors of the selected objectclass. Each line of the table stands for a hierarchical level. The hierarchy level is defined by the line position in the table; the top line represents the highest ancestor of the object class (top) while the last line stands for the object class direct parent. A click on an object class from the list highlights in yellow its mandatory and optional attributes in the corresponding facing tables. A double-click on an object class of that list shifts it as the selected one. As a consequence, the ancestors and children of the clicked object class are displayed in the corresponding tables.

Children: This table identifies the children of the selected objectclass. A double-click on an object class of that list shifts it as the selected one. As a consequence, the ancestors and children of the clicked object class are displayed in the corresponding tables.

Mandatory Attributes: It is the list of the mandatory attributes for the selected object class. When an object class from the Ancestors table is clicked, the attributes highlighted in yellow are those directly associated to the selected ancestor. Those in bold are the attributes directly associated with the selected object class. In concrete terms, the coloring feature is meant to clearly distinguish the attributes the selected object class has inherited from its ancestor(s). Valuable information about the attribute properties are available from this table. The information is displayed in a table that identifies:

name of the attribute,
its type (Description),
its syntax,
if it is monovalued or not.

Figure: Attribute Information

The table can be displayed with a double-click on the required attribute, with a right¬click on the required attribute and by selecting the Details command, or by letting the mouse cursor on the required attribute a few seconds

Optional Attributes: It is the list of the optional attributes for the selected object class. When an object class from the Ancestors table is clicked, the attributes highlighted in yellow are those directly associated to the selected ancestor. Those in bold are the attributes directly associated with the selected object class. In concrete terms, the coloring feature is meant to clearly distinguish the attributes the selected object class has inherited from its ancestor(s). Valuable information about the attribute properties are available from this table. The table can be displayed with a double-click on the required attribute, with a right-click on the required attribute and by selecting the Details command, or by letting the mouse cursor on the required attribute a few seconds

RDBMS Database Browser

The database browser is accessible from every RDBMS data source of an application. This tool makes it possible to browse the selected database schema. The database browser is an informative tool designed to give information about the database structure and content.

The database objects are shown in a tree. You can drill down through the complete hierarchical path of any object. The database browser makes it possible to retrieve information from a table, a view or a sequence of the database with an SQL query.

The database browser is accessible with a click on the Open Data Source Browser toolbar button and by selecting an RDBMS data source in the Configure Data Source Browser dialog box.

Database schema viewer

Once the Database Browser is launched, the Database Schema tab is displayed by default. It shows the physical structure of the selected RDBMS data source. According to its type, the database schema is structured in catalog, schema and tables, views and sequences (Oracle).

Figure: Database schema viewer

A click on any plus sign unfolds the facing item to display its subjacent items. Conversely, a click on any minus sign of a node folds it. Double-clicks on the tree items also fold/unfold them.

A right-click on a table or view item displays the Query command. Selecting this command generates the query corresponding to the selected table or view. The SQL Query tab is automatically displayed with the corresponding query in the SQL Query box. For more information, see “SQL query”.

Figure: SQL Query box

NOTE
Completion in entry boxes for SQL queries is available with ctrl+space. A pop-up window is displayed with the schemas, tables, or boxes for the current context.

Table And View Description

In the Database Schema tab of the Database Browser, a table or a view item can be selected. The right part of the screen displays information about the table or view data properties and features.

The default Content Data tab identifies the columns of the selected table or view. The values assigned to each column are recalled in this tab. They are displayed by scrollable aggregates of 300 values.

Figure: Content Data tab in the Database Browser

The Columns Description tab gives a detailed description of the columns of the selected table or view. This tab identifies the basic properties of the columns for the selected table or view. A click on the column title makes it possible to sort values.

TIP
A right-click on a value gives access to the Copy command. The value can then be pasted in an SQL query with ctrl+c.

Figure: Columns Description tab in the Database Browser

Name: This is the name of the column. It cannot be modified.

Type: This is the format the values of the column must match.

Size: The number indicates the maximum size for the values of the column. The size cannot be modified.

Nullable: The check box indicates for each column whether the values can be null or not. When the check box is selected, the value(s) of the column can be null and vice versa. This property cannot be modified.

For each table or view the Integrity Constraints tab identifies, if any, the integrity constraints assigned.

Figure: Integrity Constraints tab in the Database Browser

Column Name: This column lists the column(s) on which an integrity constraint is applied.

Constraint Name: This column identifies the constraint for the facing column name.

Constraint Type: This is the type of constraint applied to the column.

Foreign Column: When the constraint type is foreign key, the column is filled in with the fully qualified name of the column referenced by the foreign key. A click on the value displays the corresponding column properties.

Sequence Description

In the Database Schema tab of the Database Browser, a sequence item can be selected, provided the database supports sequences. A click on a sequence displays the Sequence Description tab in the right part of the screen.

Figure: Sequence Description tab in the Database Browser

Sequence Name: This is the name of the sequence.

Minimum Value: The number stands for the lowest value the sequence can be assigned in a cycle sequence.

Maximum Value: This is the highest value the sequence can generate in a cycle sequence. The maximum value must be greater than the minimum value.

Last Value: This is the value lately generated by the sequence. This value can no longer be generated.

Increment: This number specifies the interval between sequence numbers. This is the incrementation value of the sequence. It can be any positive or negative integer, but cannot be 0. When negative, then the sequence descends. When positive, the sequence ascends. For example, when the value set is 5 the second cycle reference returns 6, the third 11 and so on.

Cycle Sequence: When the value is set to Yes, the sequence is defined as a cyclic sequence.

SQL Query

The SQL Query tab of the Database Browser is designed to retrieve any information from the connected database with an SQL query.

Figure: SQL Query tab in the Database Browser

SQL Query: The SQL Query box is filled in with the request. A click on the exclamation mark icon or the ctrl+enter shortcut executes the request. A click on the orange arrows makes it possible to browse the queries entered.

NOTE
Completion in entry boxes for SQL queries is available with ctrl+space. A pop-up window is displayed with the schemas, tables, or boxes for the current context.

TIP
When browsing the database schema, a right-click on a value gives access to the Copy command. The value can then be pasted in the SQL query with ctrl+c.

Results: The result of the query is displayed in this area. The area contains all the database objects returned by the query.

Logs: For each query generated, the Logs box lists the events occurred during execution. The box can be referred to for additional information about the query status. A click on the eraser icon clears the logs.

Improvements in Data Sources feature in COGNITUM 7.8.00

COGNITUM 7.8.00 brings an improvement over previous Calendra, CDM and COGNITUM versions in Data Sources Features,

External JNDI Data Source is explained in the document Application with new Features and Improvements in COGNITUM 7.8.

Configuring a Mac OS X Open LDAPis explained in the document Application with new Features and Improvements in COGNITUM 7.8.

Data Sources

Data Sources

results matching ""

No results matching ""