What is an association?#

Associations are the mechanism used by Identity Manager to establish and maintain a linkage between an object in the Identity Vault and an application object. The shim provides a unique key value for each application object and the Identity Manager Engine manages the storage of those key values in the Identity Vault.

A shim's responsibility with respect to associations is to provide a unique key value for each object and to notify the Identity Manager Engine whenever something happens that affects that unique key. In practice this means:

  • Provide the unique key value for the object whenever communicating any information about the object to the Identity Manager Engine (events and queries).
  • Report to the Identity Manager Engine whenever the unique key value of a relevant object changes using <modify-association>.
  • Report to the Identity Manager Engine the unique key value of an object created as a result of processing and <add> command in the SubscriptionShim using <add-association> in the result document returned from the add processing.


Novell has no KNOWN public publication as to the the details of this attribute or the attribute's syntax.

We show here what we have learned along the way from empirical evidence and from others.


The DirXML-Associations attribute is applied to entries (like users) and indicates the status of the synchronization for any given driver.

The available DirXML-Associations Attribute State values are:

CodeDescriptionLDAP search Filter
4278190086Any Value(DirXML-Associations=cn=MyDriverName,cn=DriverSetName,ou=services,o=baseorg#4278190086#*)
*(Not present) No Association(!(DirXML-Associations=cn=MyDriverName,cn=DriverSetName,ou=services,o=baseorg#4278190086#*))

Tools for modification of Associations#

Determining DirXML Associated Entries#

Working with DirXML-Associations in Policies#

Attribute Details#

The DirXML-Associations attribute uses the path syntax

More Information#

