Related Tips & Info

Open Call - IDM Association Values for eDirectory Objects

Geoffrey Carman
0 Likes

Identity Manager stores an association value on each eDirectory object for each connected system.



The association value is meant to be connected in a system-specific way, and uniquely within it. Each driver handles this slightly differently.



I think it would be nice to have the complete list. Here are the ones I know about so far. If you know any more, please email me to add to the list! Or respond in the comments, or send me a personal message via Cool Solutions. All will work




DriverAssociation Value

eDirectoryeDirectory GUID value

Active DirectoryActive Directory GUID

Lotus Notes UNID (Notes Universal ID) (32 char string), see Lothars comments down below for how to find the UNID value within Lotus Notes.

GroupWiseNGW: GroupWise ID, this is a string with three parts, DOM.PO.UserName{xxx}GUIDValue I do not know what the {xxx} means, nor whose GUID but everybody in a GW system seems to have the same values.

Delimited Textemail address, but you almost always change that

JDBCPrimary Key value

PeopleSoftEMPLID (eDirs workforceID)

SAP HRPERNUM (eDir workForceID) for users, or one letter for object type followed by the OBJID (and leading zeroes are not removed, so an Position's value might be S00001234)

Older SAP UM"USd" followed by the SAP username

Newer SAP UMWith the CMP release, the SAP UM driver has a couple more modes. It still supports the old format, but now uses a new format of \SytemName\USdSAPUSERNAME which is the old value preceeded by the System name. Docs are here

Bidirectional AS400USRPRF in the AS400 (basically the username)

Bidirectional Linux/UnixusernameUser (Username value followed by literal string "User" no spaces. Same for groups, just the string is "Group"

Bidirectional RACF (Mainframe)"USER\userid" or "GROUP\groupid"

Bidirectional TopSecreteDir CN

FanoutGUID of the user or group and then maintains its own "association", a multi-valued field, one per platform, which is just the "CN"

Loopback/NullBy default nothing, but you can add whatever you like

eXtend Composer shimsWhatever you set it to be, no default

User ApplicationEverybody gets the same value, "AnAssociation"

ScriptingNo real default, whatever you set it to be

LDAPLDAP DN of the user, like cn=bob,o=acme

JMSDriver GUID & Message ID

Avaya PBX/DRIVERNAME/workorderCN Time like /Avaya PBX/avaya.test07 01/19/2009 09:24:49:0756

Work OrderWorkorder driver name, the workorder CN creation date/timestamp, e.g "\MyWorkorderDriver\MyWorkorder 1/14/2009 15:23

RemedySchema name and request ID of the entry





Third Party Drivers

Third Party DriverAssociation Value

Google Apps by Concensus ConsultingOlder versions used Google Username. (now supports renames! Yay!)

Google Apps in IDM 4.01 by Concensus ConsultingNew versions use: https://apps-apis.google.com/a/feeds/consensus.com/user/2.0/mweaver


SIF v4 from Concensus ConsultingSIF GUID, which is owned/generated by the Student Information System through its SIF agent.

Banner HR driver by Concensus ConsultingBanners psID which is part of each SOAP message

Pulsen Snapshot Driver V3 by PulsenLDAP: Any attribute value available in the application (including dn).
ODBC: Any column value available in the result set or a concatenated value from two or more columns (since the association is taken from one column in a result set and not a table it could be anything that a SQL statement can generate).

HL7 Driver from EST GroupA derived value to insure uniqueness

Google Apps Driver from EST GroupFull domain address of the destination domain

Tivoli Access Manager Driver from EST GroupSource DN of the object, since there is nothing unique that TAM provides

SOAPWhen you remap the SOAP to XDS, you need to build the association value, so its whatever you choose, hopefully some kind of unique database ID.




Here are the known drivers we are missing values for:




DriverAssociation Value

SIF v3Not sure, but driver deprecated




Did I miss any drivers? I know there are custom ones out there, so if you know of any let me know! But also lets focus on Novell provided ones


Shout out via the comments if you know one that we are missing! Feel free to email me, or send me a message via Cool Solutions if you would like.


Labels:

How To-Best Practice
Comment List
Parents Comment Children
  • in reply to MigrationDeletedUser

    If you are using PowerShell, then here is a simple one-liner to get from the regular AD objectGUID/GUID to the association value.

    Note that it is not purely byte-flipped representation.

    [System.BitConverter]::ToString([System.GUID]::Parse('{6B29FC40-CA47-1067-B31D-00DD010662DA}').ToByteArray()).toLower() -replace '-'

    Just replace the value within the curly brackets with your own GUID.

    However if you want to do this manually (or in another programming language), the following is the plain English formula.

    1. Remove curly braces and hyphens.
    2. Reverse first 8 characters i.e. '6B29FC40' becomes '40fc296b'
    3. Reverse next 4 characters i.e. 'CA47' becomes '47ca'
    4. Reverse next 4 characters i.e. '1067' becomes '6710'
    5. Copy, unchanged the next 4 characters i.e. 'B31D' stays as 'B31D'
    6. Copy, unchanged the next 12 characters i.e. '00DD010662DA' stays as '00dd010662da'



    This example GUID {6B29FC40-CA47-1067-B31D-00DD010662DA} converts to: 40fc296b47ca6710b31d00dd010662da

  • in reply to MigrationDeletedUser
    [System.BitConverter]::ToString([System.GUID]::Parse(@(Get-ADUser -LDAPFilter '(&(objectclass=person)(cn=user123))' -Properties objectGUID | select -Property objectGUID).objectguid.guid).ToByteArray()).toLower() -replace '-'
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.