Solving Account Disabled Issues with the AS400 Bidirectional Driver

Solving Account Disabled Issues with the AS400 Bidirectional Driver

Problem



For the bidirectional AS400 driver (aka i5osdrv), there is a mapping of
Login Disabled (eDir) to STATUS (AS400). However, the syntax of the values is different.



In eDirectory that value is boolean, so either true and the user is
disabled - or, false (technically, a false eDirectory boolean is just the
absence of the attribute) and the user is enabled.



In the world of AS400, STATUS is either *ENABLED or *DISABLED.



The shipping default configuration has the Subscriver Output Transform convert eDirectory changes to Login Disabled to the format expected by
the AS400. But there does not appear to be an analogous rule on the Input
transform for the Publisher channel.



Solution



Here is a suggested rule to handle this mapping, so a disable action in AS400 can flow to eDirectory.




<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policy PUBLIC
"policy-builder-dtd"
"/data/programs/designer.201/designer/eclipse/plugins/
com.novell.designer.idm.policybuilder_2.0.0.200705161501/DTD/dirxmlscript.dtd"><policy>
<rule>
  <description>Transform STATUS from *DISABLED to True for Login Disabled</description>
  <comment xml:space="preserve">Login disabled and STATUS are linked,
but the format is different.</comment>
  <comment name="lastchanged" xml:space="preserve">Jun 27, 2007</comment>
  <conditions>
    <and>
      <if-op-attr mode="nocase" name="STATUS" op="changing-to">*DISABLED</if-op-attr>
    </and>
  </conditions>
  <actions>
    <do-strip-op-attr name="STATUS"/>
    <do-set-dest-attr-value name="Login Disabled">
      <arg-value type="string">
        <token-text xml:space="preserve">true</token-text>
      </arg-value>
    </do-set-dest-attr-value>
  </actions>
</rule>

<rule>
  <description>Transform STATUS from *ENABLED to Login Disabled equals
false</description>
  <comment xml:space="preserve">Convert an AS400 account enable to an
eDirectory Login Disabled equals false.</comment>
  <comment name="lastchanged" xml:space="preserve">Jun 27, 2007</comment>
    <conditions>
      <or>
        <if-op-attr mode="nocase" name="STATUS" op="changing-to">*ENABLED</if-op-attr>
      </or>
    </conditions>
  <actions>
    <do-strip-op-attr name="STATUS"/>
    <do-set-dest-attr-value name="Login Disabled">
      <arg-value type="string">
        <token-text xml:space="preserve">false</token-text>
      </arg-value>
    </do-set-dest-attr-value>
  </actions>
</rule>
</policy>



Environment



This was done using the IDM 3.01 driver, version 2.0.

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2007-07-11 10:00
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.