Shopping Cart

Shopping Cart

Since v2.7.0 Karma offers a new shopping cart feature which allows users to order permissions in form of Roles. In contrast to the traditional role assignment process, role requests are not sent right away but temporarily stored in the users Shopping Cart, which can be modified until the order is submitted.

Karma Shopping Cart

Users are able to see an overview of previous orders ...

Karma Order Overview

... and track the status of their orders.

Karma Order Details

Installation & Configuration

To update Karma to version >= 2.7.0 and benefit from the new Shopping Cart feature, changes to eDirectory schema, structure and indexes must be appplied and the Karma configuration must be adopted accordingly. This section describes the changes in detail.

Extending the schema

Karma stores all information about orders initiated through the Shopping Cart in separate objects in eDirectory which are then procecessed by a special IDM driver provided by NetIQ. The eDirectory schema needs to be extended in order to enable the storage of those objects. To extend the schema, execute the following LDIF code:

version: 1

#NDS attribute:k5Data
#Syntax:SYN_CI_STRING
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.10
  NAME 'k5Data'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5InitiatorDN
#Syntax:SYN_DIST_NAME
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.3
  NAME 'k5InitiatorDN'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5EndDate
#Syntax:SYN_TIME
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.9
  NAME 'k5EndDate'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5RequestDate
#Syntax:SYN_TIME
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.2
  NAME 'k5RequestDate'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5Originator
#Syntax:SYN_CI_STRING
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.4
  NAME 'k5Originator'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5OrderId
#Syntax:SYN_OCTET_STRING
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.11
  NAME 'k5OrderId'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5Description
#Syntax:SYN_CI_STRING
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.5
  NAME 'k5Description'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5TargetDNs
#Syntax:SYN_DIST_NAME
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.7
  NAME 'k5TargetDNs'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5SourceDNs
#Syntax:SYN_DIST_NAME
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.6
  NAME 'k5SourceDNs'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5StartDate
#Syntax:SYN_TIME
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.8
  NAME 'k5StartDate'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS attribute:k5CorrelationId
#Syntax:SYN_CI_STRING
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: (
  1.3.6.1.4.1.29603.5.2.1.1
  NAME 'k5CorrelationId'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  SINGLE-VALUE
  X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1'
  )

#NDS class:k5Karma
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: (
  1.3.6.1.4.1.29603.5.2.2.1
  NAME 'k5Karma'
  SUP Top
  AUXILIARY
  MAY description
  )

#NDS class:k5Config
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: (
  1.3.6.1.4.1.29603.5.2.2.10
  NAME 'k5Config'
  SUP Top
  STRUCTURAL
  MUST cn
  MAY description
  X-NDS_NAMING 'cn'
  )


#NDS class:k5Orders
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: (
  1.3.6.1.4.1.29603.5.2.2.20
  NAME 'k5Orders'
  SUP Top
  STRUCTURAL
  MUST cn
  MAY description
  X-NDS_NAMING 'cn'
  )


#NDS class:k5Order
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: (
  1.3.6.1.4.1.29603.5.2.2.21
  NAME 'k5Order'
  SUP Top
  STRUCTURAL
  MUST ( k5CorrelationId $ k5Data $ k5InitiatorDN $ k5RequestDate $ k5OrderId $ k5SourceDNs $ k5TargetDNs )
  MAY ( k5Description $ k5EndDate $ k5Originator $ k5StartDate )
  X-NDS_NAMING 'k5CorrelationId'
  X-NDS_CONTAINMENT 'k5Orders'
  X-NDS_NOT_CONTAINER '1'
  )

Creating directory structure

The following LDIF code shows an example for creating a directory structure in order to store Shopping Cart objects. This structure can be updated to suit the customers custom requirements.

version: 1

# services container
dn: ou=services,o=data
changetype: add
objectClass: organizationalUnit
objectClass: ndsLoginProperties
objectClass: Top
objectClass: ndsContainerLoginProperties
ou: services
description: Services

# resource container
dn: ou=res,ou=services,o=data
changetype: add
objectClass: organizationalUnit
objectClass: ndsLoginProperties
objectClass: Top
objectClass: ndsContainerLoginProperties
ou: res
description: IDM resources

# karma container
dn: ou=karma,ou=res,ou=services,o=data
changetype: add
objectClass: organizationalUnit
objectClass: ndsLoginProperties
objectClass: Top
objectClass: ndsContainerLoginProperties
objectClass: k5Karma
ou: karma
description: Karma resources

# karma configuration
dn: cn=k5Config,ou=karma,ou=res,ou=services,o=data
changetype: add
objectClass: Top
objectClass: k5Config
cn: k5Config
description: Karma configuration

# karma configuration
dn: cn=k5Orders,ou=karma,ou=res,ou=services,o=data
changetype: add
objectClass: Top
objectClass: k5Orders
cn: k5Orders
description: Karma orders

# nrfConfig
dn: cn=nrfConfig,ou=res,ou=services,o=data
changetype: add
objectClass: Top
objectClass: nrfConfig
cn: nrfConfig
Version: 4.6

# global input requests
dn: cn=GlobalInputRequests,cn=nrfConfig,ou=res,ou=services,o=data
changetype: add
objectClass: Top
objectClass: nrfRequests
cn: GlobalInputRequests

Adding indexes

Karma benefits from the following additional eDirectory indexes for performance reasons:

dn: cn=idm,ou=servers,o=system
changetype: modify
add: indexDefinition
indexDefinition: 0$karma(k5CorrelationId_v)$2$0$0$1$k5CorrelationId
indexDefinition: 0$karma(k5OrderId_v)$2$0$0$1$k5OrderId

Format: <Index Version>$<Index Name>$<Index State>$<Index Rule>$<Index Type>$<Index Value State>$<AttributeName>

  • Index State: should be 2 Specifies the state of the index.
    • 0 – Denotes the ‘suspended’ state. This means that this index is not used in queries and not updated.
    • 1 – Denotes the ‘Bringing Online’ state. This means that the index is in the process of being created. It has two states, Bringing Online (low) and Bringing online (high).
    • Bringing Online (low) indicates that the index creation process on the said attribute is pending.
    • Bringing Online(high) indicates that the index creation is in progress.
    • 2 – Denotes the ‘online’ state, which indicates that the index is up and working.
    • 3 – Denotes the ‘Pending Creation’ state, which indicates that the index has been defined and is waiting for the background process to run.
  • Index Rule
    • 0 – Value Matching, which optimizes queries that involve the entire value or the first part of the value. For example, a query for all entries with a surname equal to Jensen or beginning with Jen.
    • 1 – Presence Matching, which optimizes queries that involve only the presence of an attribute. For example, a query for all entries with a surname attribute.
    • 2 – Substring Matching, which optimizes queries that involve a match of a few characters. For example, a query for all entries with a surname containing .der. This query returns entries with the surnames of Derington, Anderson, and Lauder.
  • Index Type: always 0 Specifies who created the index.
    • 0 – User Defined
    • 1 – Added on Attribute Creation
    • 2 – Required for Operation
    • 3 – System Index
  • Index Value State: always 1 Specifies the source of the index.
    • 0 – Uninitialized
    • 1 – Added from Server
    • 2 – Added from Local DIB
    • 3 – Deleted from Local DIB
    • 4 – Modified from Local DIB

Adjusting the configuration

To tell karma were to store and find order items, add the following items to the configuration file (e.g. local.yaml):

orders:
  base: 'cn=k5Orders,ou=karma,ou=res,ou=services,o=data'

orderItems:
  base: 'cn=GlobalInputRequests,cn=nrfConfig,ou=res,ou=services,o=data'

ui:
  features:
    # ...
    shoppingCart: true

since v2.8.22

A template for the nrfRequest object can be defined in the config file; this allows to change for example objectClass or nrfStatus, or add other attributes

The defaults are:

orders:
  nrfRequestTemplate:
    objectClass: ['Top', 'nrfRequest', 'grpNrfRequest']
    nrfStatus: '10'

Example how to change the nrfStatus:

orders:
  nrfRequestTemplate:
    nrfStatus: '5'
PartitionsEncryption