Related Tips & Info

Syncing an Attribute from Notes to eDirectory after Create

MigrationDeletedUser
0 Likes

Problem



A Forum reader recently asked:



"I'm using IDM 2.01 and the Lotus Notes driver. I want to sync the user's "mailfile" attribute value back from the Lotus Notes name and address book (person document) to eDirectory as the "Postal Office Box" attribute value. This is so I can see what the user's mail file name is, from
edirectory. I have the filter set to "synchronize" from Notes to eDirectory", and "reset" if a change is made in eDirectory. AND, it does work under one circumstance (if I purposely set a value in eDirectory, it gets reset by the correct value).



However, what I want to achieve, is when I create a user in eDirectory, it creates the Notes user, but then sends back the "mailfile" attribute value back to eDirectory. I have found that in the current configuration, the only way I can get the value to sync back to eDirectory is to give the "postal office box" a bogus value (say "1"). Then IDM resets the value to what is obtained from Notes.



How can I get this attribute value back from notes after the initial user creation without manual intervention?"



And here's the response from Perry Nuffer ...



Solution



The reason the mailfile field is not published back to the identity vault (eDir) probably has to do with loop-back detection. The driver probably has loopback detection enabled, and therefore changes to objects in names.nsf made by the driver (like a new mailfile field value) are not published into the identity vault. The Notes person document change has to come from some
other Notes user for the change to be published into the identity vault.



There is more that one way to create a policy that will solve this issue. Below is a sample policy that can be inserted into the Input Transformation Policy set to get the desired results.



<?xml version="1.0" encoding="UTF-8"?>
<policy>
  <rule>
    <!-- only works for User add-associations -->
    <!-- add-association commands for other types of objects (i.e. groups)
will generate errors -->
    <description>Detect add-association and push Lotus Notes mailfile field
value to eDir 'Postal Office Box' attribute</description>
    <conditions>
      <and>
        <if-operation op="equal">add-association</if-operation>
      </and>
    </conditions>
    <actions>
      <do-set-dest-attr-value class-name="User" name="Postal Office Box">
        <arg-dn>
          <token-dest-dn/>
        </arg-dn>
        <arg-value type="string">
          <token-src-attr class-name="User" name="mailfile">
            <arg-association>
              <token-xpath expression="text()"/>
            </arg-association>
          </token-src-attr>
        </arg-value>
      </do-set-dest-attr-value>
    </actions>
  </rule>
</policy>

Labels:

How To-Best Practice
Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.