Change the Order of Search Attributes in IDM DNLookup Controls



The DNLookup search control is a frequently used form control in custom forms, but it can also be found in several native IDM dialogs and is used to search and retrieve DNs from the Identity Vault.

The way a DNLookup control shows up depends on the definition of the corresponding entity (e.g., the 'user' entity) and the attributes declared for that entity (e.g., 'Given Name', 'Surname').

The attributes shown in the drop-down list are specified in the directory abstraction layer (DAL): Attributes that are declared with the "Search" and "Required" flags set, will show in the drop-down list for searchable attributes, as well as in the result table of the identified matches.
Now, there have been numerous requests to change the order in which these attributes are displayed when pressing the DNLookup, but the order of the attributes is predefined and cannot be changed. Often it depends on the order in which the selected attributes where added to the entity.

Well, in fact the order is stored in the xmlData attribute of each entity object in eDirectory:
For each entity, you'll find an eDirectory object of the type 'srvprvEntity' which is located in a container underneath the user application driver container (CN=EntityDefs,CN=DirectoryModel,CN=AppConfig,CN=User Application Driver,[your driver set container])

Much of the declaration of the entity is stored in the 'xmlData' attribute of the entity object. You can manually edit the xmlData string, search for the "<attributes>..</attributes>" tag and find each entity attribute declaration in a separate "<attribute>..</attribute>" tag.
Changing the sequence of the "<attribute>..</attribute>" tags will modify the order in which the respective attributes are displayed in the search control.

The hard way

There have been several comments in the Novell forums that explain extensively how you could use iManager or other tools to locate and edit the entity objects and change the xmlData. To find such instructions, Google for "Sequencing of DAL Entity Attributes for a DN Lookup Control"

While the approach suggested there works fine, there are some smaller drawbacks:

  • not everybody feels comfortable editing the objects,
  • the procedure is prone to human error
  • the procedure is time consuming

The easy way

This Cool Solution presents a simple User Application form that provides an quick and easy-to-use GUI to update your entities and change the attribute order of your DNLookups.

How it works:

  • The form presents a GUI showing the entities of your system that can be used in a DNLookup control.

  • You select any of the available entities
  • The form reads and decodes the xmlData and presents you with the searchable attributes in their current order

  • You may re-order the list according to your needs

  • You may view the effects of changing the attribute order on the xmlData contents by selecting the 'Show xmlData' check box.

  • To save your changes, press 'Submit' and the updated xmlData will be stored within a no-approval workflow

  • Before the applied changes get visible in your DNLookup controls, you need to flush the User Application cache ('Administration' tab in User Application)

How to install this Cool Solution on your system

  • To be on the safe side you should import the current DAL entities into IDM Designer before changing any attributes, and backup the entities (e.g., into Subversion or by exporting them to a file)
  • Use IDM Designer to import the entity definition "srvprvEntity.xml" and the query definition "query_srvprvEntity.xml" into your DAL
  • Check the imported entity definition for "srvprvEntity" and modify the "Search Container" location to reflect the location of the "EntityDefs" container on your system under the driver set container.

  • Deploy both, entity and query, to your IDM system
  • Flush the User Application cache
  • Import the workflow PRD into your Provisioning Request Definitions
  • Optionally update the trustees of the form
  • Test the form

  • As usual, when externally modifying DAL objects, make sure to re-import the modified entity into your Designer project


  • If the form shows no entities, make sure that you have updated the search path for the entity definition "srvprvEntity"
  • If the form shows the entities, but no search attributes, make sure that you have sufficient rights to read the entity definition and the xmlData attribute
  • If the changes you've made seem to not be reflected in User Application, make sure you have flushed the UA cache
  • If the problems persist, check the status of your re-order request and check the jboss server log for errors



How To-Best Practice
Comment List
Parents Comment Children