Syncing an Attribute from Notes to eDirectory after Create

Syncing an Attribute from Notes to eDirectory after Create

Problem



A Forum reader recently asked:



"I'm using IDM 2.01 and the Lotus Notes driver. I want to sync the user's "mailfile" attribute value back from the Lotus Notes name and address book (person document) to eDirectory as the "Postal Office Box" attribute value. This is so I can see what the user's mail file name is, from
edirectory. I have the filter set to "synchronize" from Notes to eDirectory", and "reset" if a change is made in eDirectory. AND, it does work under one circumstance (if I purposely set a value in eDirectory, it gets reset by the correct value).



However, what I want to achieve, is when I create a user in eDirectory, it creates the Notes user, but then sends back the "mailfile" attribute value back to eDirectory. I have found that in the current configuration, the only way I can get the value to sync back to eDirectory is to give the "postal office box" a bogus value (say "1"). Then IDM resets the value to what is obtained from Notes.



How can I get this attribute value back from notes after the initial user creation without manual intervention?"



And here's the response from Perry Nuffer ...



Solution



The reason the mailfile field is not published back to the identity vault (eDir) probably has to do with loop-back detection. The driver probably has loopback detection enabled, and therefore changes to objects in names.nsf made by the driver (like a new mailfile field value) are not published into the identity vault. The Notes person document change has to come from some
other Notes user for the change to be published into the identity vault.



There is more that one way to create a policy that will solve this issue. Below is a sample policy that can be inserted into the Input Transformation Policy set to get the desired results.



<?xml version="1.0" encoding="UTF-8"?>
<policy>
  <rule>
    <!-- only works for User add-associations -->
    <!-- add-association commands for other types of objects (i.e. groups)
will generate errors -->
    <description>Detect add-association and push Lotus Notes mailfile field
value to eDir 'Postal Office Box' attribute</description>
    <conditions>
      <and>
        <if-operation op="equal">add-association</if-operation>
      </and>
    </conditions>
    <actions>
      <do-set-dest-attr-value class-name="User" name="Postal Office Box">
        <arg-dn>
          <token-dest-dn/>
        </arg-dn>
        <arg-value type="string">
          <token-src-attr class-name="User" name="mailfile">
            <arg-association>
              <token-xpath expression="text()"/>
            </arg-association>
          </token-src-attr>
        </arg-value>
      </do-set-dest-attr-value>
    </actions>
  </rule>
</policy>

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2007-07-25 13:05
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.