Anonymous_User Absent Member.
Absent Member.
193 views

Attribute mapping in driver filters


We have a bidirectional metatoncd and ncdtometa drivers. In this
managerID attribute is mapped to manager attribute. Now the requirement
is to add managerID attribute to ncd. I have written a rule and placed
it in output tranformation policy of ncdtometa driver . Rule is getting
executed successfully but attribute is not getting added to ncd. Please
advise.

Rule in ncdtometa driver:

if association associated
And if operation attribute 'ManagerID' available
And if operation attribute 'ManagerID' changing

Actions

set source attribute value ("ManagerID", Operation Attribute
("ManagerID")


--
ushevva
------------------------------------------------------------------------
ushevva's Profile: https://forums.netiq.com/member.php?userid=5891
View this thread: https://forums.netiq.com/showthread.php?t=48696

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Attribute mapping in driver filters

Please post a level three trace of the transaction causing this. Also it
would seem to me that this makes more sense in something like the Command
Transformation policyset since this is not an operation being done for the
application (other tree) which may simplify mapping things.

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Attribute mapping in driver filters

On Tue, 17 Sep 2013 05:24:03 +0000, ushevva wrote:

> set source attribute value ("ManagerID", Operation Attribute
> ("ManagerID")


You might have better luck with "set destination attribute" here. Setting
the source attribute ("ManagerID") to the value of the source attribute
from the current operation is doing nothing useful.

Beyond that, there's even less reason to do this, though. The engine, by
default, is going to use the same attribute name in the destination, and
if the attribute value is changing, then that's all going to be handled
for you automagically.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Attribute mapping in driver filters


dgersic;234069 Wrote:
> On Tue, 17 Sep 2013 05:24:03 +0000, ushevva wrote:
>
> > set source attribute value ("ManagerID", Operation Attribute
> > ("ManagerID")

>
> You might have better luck with "set destination attribute" here.
> Setting
> the source attribute ("ManagerID") to the value of the source attribute
> from the current operation is doing nothing useful.
>
> Beyond that, there's even less reason to do this, though. The engine,
> by
> default, is going to use the same attribute name in the destination,
> and
> if the attribute value is changing, then that's all going to be handled
> for you automagically.
>
>
> --
> --------------------------------------------------------------------------
> David Gersic
> dgersic_@_niu.edu
> Knowledge Partner
> http://forums.netiq.com
>
> Please post questions in the forums. No support provided via email.




Thanks for your inputs. After trying all sorts of permutations and
combinations addition rule is working fine. I have placed the rule in
output transform of metatoncd and inputtransform of ncdtometa driver.
But when i place the deletion rule in the same place its not working.
Any thoughts on this?

Thanks
Usha


--
ushevva
------------------------------------------------------------------------
ushevva's Profile: https://forums.netiq.com/member.php?userid=5891
View this thread: https://forums.netiq.com/showthread.php?t=48696

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Attribute mapping in driver filters

On Thu, 19 Sep 2013 05:14:02 +0000, ushevva wrote:

> Thanks for your inputs. After trying all sorts of permutations and
> combinations addition rule is working fine. I have placed the rule in
> output transform of metatoncd and inputtransform of ncdtometa driver.


I still don't understand what you're trying to do here. This really
doesn't sound like it should be as difficult as it seems you're making it.


> But when i place the deletion rule in the same place its not working.
> Any thoughts on this?


Yes. Get a level 3 trace (http://www.novell.com/communities/node/5681/
capturing-and-reading-novell-identity-manager-traces) of the event. Post
the trace somewhere like www.pastebin.com or www.susepaste.org and put
the URL to it here so we can see what it's doing.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Attribute mapping in driver filters


ushevva;234201 Wrote:
> Thanks for your inputs. After trying all sorts of permutations and
> combinations addition rule is working fine. I have placed the rule in
> output transform of metatoncd and inputtransform of ncdtometa driver.
> But when i place the deletion rule in the same place its not working.
> Any thoughts on this?
>
> Thanks
> Usha



Hello,

The mapping is bit complex. I am explaining it now.

on metatoncddriver managerID attribute is mapped to manager attribute.
on ncdtomanager manager attribute is mapped to manager attribute.
on ncdtometa driver in event transform policy managerID is converted to
manager DN of NCD. its in the XML code.

Current screnario:

Meta:
managerID: To156741

NCD: dn: uid=To156741,ou=people,dc=global,dc=wipro,dc=com

requirement:
Meta:
managerID: To156741

NCD: dn: uid=To156741,ou=people,dc=global,dc=wipro,dc=com
managerID: To156741


Now how can I add managerID attribute also to NCD? for this i placed a
rule like I said above. Addition rule is working fine. But I want to
delete managerID attribute from NCD when this attribute is not present
in META. I cannot map this attribute in driver filter. Kindly suggest a
option to place the rule for deletion.


--
ushevva
------------------------------------------------------------------------
ushevva's Profile: https://forums.netiq.com/member.php?userid=5891
View this thread: https://forums.netiq.com/showthread.php?t=48696

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Attribute mapping in driver filters

Hey ushevva, on 20.09.2013 11:45:25, you wrote:

>
> ushevva;234201 Wrote:
>
> The mapping is bit complex. I am explaining it now.
>
> on metatoncddriver managerID attribute is mapped to manager
> attribute. on ncdtomanager manager attribute is mapped to manager
> attribute. on ncdtometa driver in event transform policy managerID
> is converted to manager DN of NCD. its in the XML code.
>
> Current screnario:
>
> Meta:
> managerID: To156741
>
> NCD: dn: uid=To156741,ou=people,dc=global,dc=wipro,dc=com
>
> requirement:
> Meta:
> managerID: To156741
>
> NCD: dn: uid=To156741,ou=people,dc=global,dc=wipro,dc=com
> managerID: To156741
>
>
> Now how can I add managerID attribute also to NCD? for this i placed a
> rule like I said above. Addition rule is working fine. But I want to
> delete managerID attribute from NCD when this attribute is not present
> in META. I cannot map this attribute in driver filter. Kindly suggest
> a option to place the rule for deletion.


You really need to post a sanitised level 3 trace showing driver
startup and the sync of the relevant attributes (in need the trace for
both directions of the eDir to eDir driver)

You haven't been entirely clear about which system is authoritative (or
are they both authoritative) with regards to these two attributes.

The DN type attributes get converted automatically between the two
systems assuming the object referenced (manager) is already associated.
For that reason, I'd suggest you try changing your logic to do the
following:

1. Sync Manager to Manager
2. ManagerID to managerID.
3. If one system is authoritative for an attribute, define reset in the
driver filter on the other channel.
4. Have a null driver on one IDM instance which is authoritative for
managerID that watches for changes of manager attribute and sets/clears
the managerID attribute based on the value derived from the manager DN.

Basically - work with the inbuilt filter sync logic and associated DN
resolution rather than trying to work around it.

From memory the IDM engine seems to be smart enough to re-order re-sync
events so that the manager user object is sync'd before the engine
tries to sync the user object with a manager DN attribute which
references the manager.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.