Stripping Data from Attributes, AD to eDirectory



A Forum reader recently asked:

"We are trying to sync an attribute called "whenCreated" from MAD to eDirectory. We need to strip off some information from the attribute on the way from MAD to eDirectory. It has an extra .0Z at the end of the time data. What is the best way to strip off the extra info, and where should we create the policy?"

And here's the response from Father Ramon ...


You can use an input transformation like this:

<description>Reformat whenCreated
<do-reformat-op-attr name="whenCreated">
<arg-value type="string">
<token-replace-first regex="(^.*)\..*Z" replace-with="$1">
<token-local-variable name="current-value"/>

You might also want to convert it to eDirectory time format. The input transformation that comes in the default AD configuration has rules that do this for other attributes (accountExpires, lockoutTime). Copy one of the rules for these and change the rule and attribute name.


How To-Best Practice
Comment List