Active Roles 7.3.3 - SPML Provider Administration Guide

Sample configuration file

Sample configuration file

The following is an example of the configuration file for SPML Provider configured to operate in proxy mode. If SPML Provider and the Active Roles Administration service are installed on the same computer, the default configuration settings look as follows:

<?xml version="1.0"?>

<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="urn:quest:names:SPMLProvider">

  <service>localhost</service>

 <adsiProvider>EDMS</adsiProvider>

 <schemaFile>SPMLSchema.Config</schemaFile>

 <capabilities>

  <search>

   <defaultMaxSelect>1000</defaultMaxSelect>

   <pageSize>25</pageSize>

  </search>

  <password>

   <appliesTo>

    <class>user</class>

   </appliesTo>

  </password>

  <suspend>

   <appliesTo>

        <class>user</class>

      </appliesTo>

      <suspendAction>disable</suspendAction>

  </suspend>

 </capabilities>

 <checkOutput>false</checkOutput>

</configuration>

Extending the SPML Provider schema

Extending the SPML Provider schema

The SPML Provider schema defines the XML structure of the objects and attributes that SPML Provider manages. You can modify the schema to manage new types of objects or object properties. Thus, you can add the class and attribute definitions to the schema in order to meet the needs of your organization.

NOTE: In proxy mode, you can add only those object classes and attributes that are valid according to the Active Roles schema.

The SPML Provider schema is stored in the SPMLSchema.Config file. The SPMLSchema.Config file is located in the Web sub-folder of the SPML Provider installation folder.

The schema format corresponds to the DSML Version 2 profile (DSMLv2). For detailed information on the DSML v2 profile, refer to the OASIS SPML v2 - DSML v2 Profile specification. The specification describes the use of the DSML protocol as a data model for SPML- based provisioning and can be accessed from the OASIS Web site at http://www.oasis-open.org/specs/index.php#spmlv2.0.

Using Active Roles SPML Provider

Using Active Roles SPML Provider

To access SPML Provider, use the following URL:

http://<HostName>/ARServerSPML/SPMLProvider.asmx

where the <HostName> stands for the name of the computer where SPML Provider is installed.

NOTE: The SPML Provider Web service is described by a Web Services Description Language (WSDL) file. To obtain a WSDL description of SPML Provider, navigate to http://<HostName>/ARServerSPML/SPMLProvider.asmx?WSDL.

Operation mode

Operation mode

SPML Provider can be configured to operate in:

  • Proxy mode  In this mode, SPML Provider accesses Active Directory, Azure AD, or AD LDS using the Active Roles proxy service. In proxy mode, SPML Provider extends Active Roles. Because SPML Provider uses open standards such as HTTP, XML, and SOAP, a greater level of interoperability with Active Roles is possible than is available with the Active Roles ADSI Provider.
  • Direct access mode  In this mode, SPML Provider directly accesses Active Directory, Azure AD, or AD LDS.

In proxy mode, SPML Provider can manage objects in Active Directory domains and AD LDS instances that are registered with Active Roles as managed domains and managed AD LDS instances, respectively. In direct access mode, SPML Provider can manage only objects in the domain or AD LDS instance to which SPML Provider is connected using the configuration setting such as the domain controller or AD LDS server.

TIP: To take advantages of the powerful functionality of Active Roles, we recommend that you use proxy mode whenever possible

Related Documents