How to create a Cross Reference for an object in eDirectory

  • You create or use a dn attribute.

    Look at the member attribute on the group and group membership attribute on the user and do the same.

    If that is what you mean with cross reference.

  • The Syntax of the attribute will be distinguishedName. 

    When i create an attribute for any object in ou=deletion,ou=users,o=data,  I want this object to be cross referenced  to anther object under ou=users,o=data.

    May be am confusing





  • So on you object in, add attribute with DN syntax, and specify a value that points at the object in


  • Perfect this will work for me. 

    Is it possible for to do vice -versa as well ?


  • Yes, just do the same the other way.
  • Look at a Group. And a User.

    User has the attribute Group Membership that points at the group.

    Group has an attribute Member that points at the user.

    There is also the pairing of Security Equals, Equivalent to me as well.


  • Thats right..


    If i add a member in a group, the group object will be updated using member attribute and parrelely the user object will be updated with group membership attribute.

    So there is a reference in both user n group object.

    So my question is - how can we do the same for two custom attributes in two different objects (like usr and group)

  • Ok,

    So you decide what object to tigger from. If it is the on in deletion, maybe a move or create there.
    Then you add the dn attribute to that object. You obviously know the dn value you add.
    So you can add the source dn (of the object Currently being processed) to another object (the one under user) as a value in the reference attribute you have cteated for that purpose.

    Its the same token, add (or set) source attribute if you use a null driver.
    But when you choose what object to write to you use "current object" in the first scenario and dn with the other object dn in the other.
  • Thanks for all your support. 

    I got your point. 

    you are asking me to update both the objcts togther - Am I right ?

    My ask is different. Like if a user is added to a group, member attribute is updatd and in the user object group membership is also updated. 

    So we are not updating the user object manaually. 


    Looks like there is some link at the back end. 


    Like wise is it possible for me to do in my scenario.  To be more clear,

    if that object under is deleted - the refrence should alos be deleted as how if we remove a member from a group works.


  • Ok, so you want to manage reciprical attributes automatically.

    This is in an IDM group, so if you ware in the Pub channel, and you modify one of a reciprical pair then the engine will try to add the reciprical attribute.

    You define this in a Recipricol Attrbute map. Make sure you add in the defaults, since with no map specified you get Group/User stuff, and a couple of others but if you specify just a single value, you ONLY get the values you specify.