Optimizing Drivers That Involve Multiple Information Resources
Identity Management , The Premier IDM Blog Add comments
I was given a driver for a client that involved accessing multiple facilities, and seeing if those facilities went to the same database. If they did go to the same database, I had to add them all at the same time to the database, and then be sure not to overwrite users in the same file if another facility with the same database came in. To accomplish this, I would take every value in my access list, and populate a list of everything I needed off of that facility.
In my first step, I issued an XPATH call, and stored all the information returned to me in a local variable. For the sake of this example, our local variable is “lv.FacNode”.
<do-set-local-variable name="lv.FacNode" scope="policy">
<arg-node-set>
<token-xpath expression='query:search($srcQueryProcessor,”subordinate”,””,eDir path to where you want to look for the object, what the object is called, what you want to match on, what you’re matching against, attributes you want to pull down(comma separated list surrounded by quotes)'/>
</arg-node-set>
</do-set-local-variable>
Please note: The attributes to match on and what you’re matching against are for the query to know it’s found the correct object and it can start to pull down the attributes you specified.
Next, I started to populate a local variable with the attributes I pulled down and separated each value by a unique separator, in my case I used a ‘|’.
<do-set-local-variable name="lv.AccessValuesValue" scope="policy">
<arg-string>
<token-local-variable name="lv.AccessValuesValue"/>
<token-xpath expression="$lv.FacNode[1]/attr[@attr-name='Attribute name']/value"/>
<token-text xml:space="preserve">|</token-text>
<token-xpath expression="$lv.FacNode[1]/attr[@attr-name='Attribute Name']/value"/>
<token-text xml:space="preserve">|</token-text>
</arg-string>
</do-set-local-variable>
Now that all my information is in one spot, you’ll see how I greatly decreased the amount of queries and for-loops I have to modify when I go to manually add the user to the database.
Without comprising this list of access values, my code would have looked like this:
For each(Facility X in my Access List)
{
For each(Facility Z in my GCVs)(This is to show which facilities the driver supports
{
Does the Facility X Facility Code match that of Facility Z?
Yes:
{
Query for information on the Facility and the users role
For each(Facility Y in my Access List)
{
Query for information on the facility and the users role
Does the Database IP and Library name in Facility Y match that of Facility X?
Yes: Add to local variable containing all the other matching facilities information
}
}
Execute SQL to add User to the correct Database
}
}
Instead, my code looks like this:
For each(Facility X in my Access List)
{
For each(Facility Z in my GCVs)(This is to show which facilities the driver supports
{
Query for Server IP and library name
Does the Facility X Facility Code match that of Facility Z?
Yes:
{
For each(Facility Y in my Access Values)
{
Match against facility code and library name
Does Facility X Facility Code and Facility Y’s Library name and Server IP?
Yes: Add to local variable containing all the other matching facilities information
}
}
Execute SQL to add user ot the correct Database
}
}
While removing a couple queries from the eDirectory doesn’t appear to be a very big optimization, on an enterprise scale, our couple queries can translate to a massive reduction on a driver that handles thousands of users per hour. Without a doubt, this will expedite these processes a substantial amount. In addition, this code is much easier to read and reproduce in practice.
I hope that you’ve enjoying learning about my experience with optimizing drivers. Do feel free to comment and ask questions below-- I look forward to hearing from you. Action Identity offers solutions such as Passlogix SSO, Novell Secure Login, and Oracle Identity and Access Management. To learn more, visit our website at http://www.actionidentity.com
Interested in learning more about Drivers? Check out these other entries:
http://www.actionidentity.com/blog/post.cfm/unique-delimited-text-driver-solved
http://www.actionidentity.com/blog/post.cfm/messaging-protocols-soap-vs-rest-which-one-s-better
http://www.actionidentity.com/blog/
Recent Comments