Contact Us

Data Validation

Related Products
Symlabs Virtual Directory Server and LDAP Proxy can provide an extra level of security to your data by enforcing data validation rules to protect data integrity within any of these directories.
Challenge
Nothing can destroy your identity infrastructure with more subtlety and with such wide-reaching consequences as lack of control over how data is entered or captured into your directory. While a schema can provide basic controls over the types and format of data that are entered for any attribute, the schema is completely unable to specify limits or controls over what that data actually is.

An example of a common problem in any data capturing system is that of how country names should be entered into the system. Commonly people will enter any of the following as values for the 'country' attribute: US, USA, America, North America, United States, United States of America etc. And, of course, similar problems appear for every other country in the world.

As more and more data is entered into your identity system, without any form of validation, it becomes increasingly unlikely that you will be able to accurately search for particular attribute values with any confidence that you have obtained all relevant entries.

You may spend an inordinate amount of time on the herculean effort of standardizing data across your directory, but unless you instate some form of data validation, your efforts will be wasted and the data will soon return to its unworkable state.

Solution
Symlabs LDAP Proxy and Virtual Directory Server include two data validation plugins that can help control what data is actually entered into your directory, protecting the directory from a lack of data integrity.

The Max-Min Limits plugin can control the maximum and minimum values that can be entered for a numerical attribute. For instance, this can be used to control an 'age' value, so that entries with this attribute set are forced into sane limits. A minimum and maximum (integer) value can be specified, and this scriptlet will force any value outside of the specified range into the range. This plugin works for both single-valued and multivalued attributes, and also works for writing and reading values.

The Enumeration plugin allows you to control which values are allowed for a particular attribute. When you use this plugin, every ADD or MODIFY operation that attempts to write a value in the enumerated attribute that is not in the list of valid values list is rejected. This plugin is useful to validate data entered into your backend repositories to ensure that it conforms to your requirements. This plugin also works for both single-valued and multivalued attributes. The default behavior of the Enumeration plugin, will function in a case-insensitive way (i.e. it doesn't matter whether you are using capital or small letters, or a mix of the two). However, you can explicitly set whether you want to use case-sensitivity for attribute values (attribute names are case-insensitive in LDAP, but attribute values are case-sensitive).

If the only way to modify attribute values is provided through these plugins, and the initial content of your repository was validated, you can safely assert that no entry will contain invalid values for this attribute in the future. This will help you to strengthen the integrity of the data repository at the point of data-entry, regardless of the quality of the code of third-party client applications.

Symlabs is now part of Quest Software. A leader in simplifying and reducing the cost of IT management, Quest’s innovative solutions make solving the toughest IT management problems easier, enabling more than 100,000 customers worldwide to save time and money across physical, virtual and cloud environments. The addition of Symlabs virtual directory and federation technology will enhance the overall architecture of the Quest® One Identity Solution and Quest migration products. Learn more at www.quest.com/symlabs.