Partitioning Aggregation

The Novell eDirectory Connector supports the Partitioning Aggregation feature to enable faster retrieval of LDAP Directory data.

In LDAP, objects can be retrieved by means of a searchDN, searchFilter, and searchScope.

Typically, for a container-based partitioning of data, define the searchDNs or partition list as follows:

Copy 
<value>
    <List>
      <Map>
        <entry key="searchDN" value="ou=test1,DC=test,DC=sailpoint,DC=com"/>
       <entry key="iterateSearchFilter" value="(&(objectclass=user) )"/>
       <entry key="searchScope" value="SUBTREE"/>
      </Map>
      <Map>
        <entry key="searchDN" value="ou=test2,DC=test,DC=sailpoint,DC=com"/>
       <entry key="iterateSearchFilter" value="(&(objectclass=user) )"/>    
       <entry key="searchScope" value="SUBTREE"/>
      </Map>
    </List>
</entry>

And for filter-based partitioning, define the searchDNs list or partition list as follows:

Copy 
<entry key="searchDNs">
  <value>
    <List>
      <Map>
       <entry key="searchDN" value="DC=test,DC=sailpoint,DC=com"/>
       <entry key="iterateSearchFilter" value="(&(objectclass=user)(sn=a*))"/>
       <entry key="searchScope" value="SUBTREE"/>
      </Map>
      <Map>
       <entry key="searchDN" value="DC=test,DC=sailpoint,DC=com"/>
       <entry key="iterateSearchFilter" value="(&(objectclass=user) (sn=b*))"/>    
       <entry key="searchScope" value="SUBTREE"/>
      </Map>
    </List>
 </entry>

As seen above, in the first example, the OUs on which the search is performed are different although the searchFilter is the same. Whereas, in the second partitions entry, the OUs are the same, but the iterateSearchFilter values are different. Since the required key values are similar, you could have both the above examples coupled together into the application configuration of a single connector application. The The connector combines the searchDN value and the iterateSearchFilter value and considers it as the partition context, avoiding any additional required configurations.

Note

Each of the partitions specified must be unique by way of the searchDN value or the iterateSearchFilter value. If they are not different, the first partition would be aggregated, skipping the subsequent duplicate ones.

When there is no partitions list defined, the aggregation executes over the baseDN and the iteraterSearchFilter only, even though the task definition has partitioning, enabled. Similarly, with partition list defined and partitioning is not enabled on the task definition, IdentityIQ would retrieve data from each searchDN entry in a sequential manner.