Determine driver schema mapping policy with LDAP

How can I determine the dn of a driver schema mapping policy without any available information other than the driver dn? At a quick glance it seems that the information is stored in the policy itself and the driver object.

In the policy itself it is recognizable from XMLdata and DirXML-pkgInitialState attributes but they are of type stream and not suited for ldap substring query. I would have to go through all policies and look for the mapping table from each policy XMLdata.

In a driver object attribute DirXML-Policies the schema mapping policy is incuded as one value:
cn=NOVLDTXTBASE-smp,cn=drivercn,cn=driverset,o=system#0#0

This seems to be a structured attribute with some added information. Is there something here to tell me it is a schema mapping policy? Any ideas? iManager seems to know which one is a mapping policy and I presume it does something smarter than read them all through.
Parents Reply
  • geoffc;2495523 wrote:
    On 2/18/2019 2:18 AM, Lothar Haeger wrote:
    > kuronen wrote:
    >
    >> Is there something here to tell me it is a schema mapping policy?

    >
    > Just look at the two digits after the policy DN: the one is the policy set it
    > is linked to and the other the position/order in that set. I do not know the
    > key number for schema mapping by heart, but can find out by checking with any
    > existing driver yourself. Geoffrey has written an article about this, too: -->
    > https://www.netiq.com/communities/cool-solutions/talking-about-dirxml-policies-attributes/


    Side note: try google and see if you can find an IDM topic where on of
    my articles does NOT come up. (Do let me know, and I will write
    something to break that loophole).


    You've got lots of loopholes to patch. The problem with this kinda searches is asking the right question. I tried something like "netiq idm policy identifier" "netiq idm ldap policy names" and got nothing even resembling the subject.

    Google with it's A.I. is still no match match for sir Geoff in mapping foolish questions to actual queries of data.
Children
  • kuronen wrote:

    > asking the right question.


    you surely want to include "geoffc" as a keyword. He's written all about
    everything IDM, so not worth bothering with the rest.. ;-)

    --
    http://www.is4it.de/en/solution/identity-access-management/

    (If you find this post helpful, please click on the star below.)
  • On 2/19/2019 4:44 AM, kuronen wrote:
    >
    > geoffc;2495523 Wrote:
    >> On 2/18/2019 2:18 AM, Lothar Haeger wrote:
    >>> kuronen wrote:
    >>>
    >>>> Is there something here to tell me it is a schema mapping policy?
    >>>
    >>> Just look at the two digits after the policy DN: the one is the policy

    >> set it
    >>> is linked to and the other the position/order in that set. I do not

    >> know the
    >>> key number for schema mapping by heart, but can find out by checking

    >> with any
    >>> existing driver yourself. Geoffrey has written an article about this,

    >> too: -->
    >>>

    >> https://www.netiq.com/communities/cool-solutions/talking-about-dirxml-policies-attributes/
    >>
    >> Side note: try google and see if you can find an IDM topic where on of
    >> my articles does NOT come up. (Do let me know, and I will write
    >> something to break that loophole).

    >
    > You've got lots of loopholes to patch. The problem with this kinda
    > searches is asking the right question. I tried something like "netiq idm
    > policy identifier" "netiq idm ldap policy names" and got nothing even
    > resembling the subject.


    So I have an article about the attributes IDM uses. Let me work on that
    one for you. :)

    > Google with it's A.I. is still no match match for sir Geoff in mapping
    > foolish questions to actual queries of data.
    >
    >


  • On 2/19/2019 5:22 AM, Lothar Haeger wrote:
    > kuronen wrote:
    >
    >> asking the right question.

    >
    > you surely want to include "geoffc" as a keyword. He's written all about
    > everything IDM, so not worth bothering with the rest.. ;-)


    I think that will save you time, but is cheating in the suggested game.