Highlighted
Super Contributor.
Super Contributor.
391 views

Determine driver schema mapping policy with LDAP

How can I determine the dn of a driver schema mapping policy without any available information other than the driver dn? At a quick glance it seems that the information is stored in the policy itself and the driver object.

In the policy itself it is recognizable from XMLdata and DirXML-pkgInitialState attributes but they are of type stream and not suited for ldap substring query. I would have to go through all policies and look for the mapping table from each policy XMLdata.

In a driver object attribute DirXML-Policies the schema mapping policy is incuded as one value:
cn=NOVLDTXTBASE-smp,cn=drivercn,cn=driverset,o=system#0#0

This seems to be a structured attribute with some added information. Is there something here to tell me it is a schema mapping policy? Any ideas? iManager seems to know which one is a mapping policy and I presume it does something smarter than read them all through.
Labels (1)
0 Likes
8 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: Determine driver schema mapping policy with LDAP

kuronen wrote:

> Is there something here to tell me it is a schema mapping policy?


Just look at the two digits after the policy DN: the one is the policy set it
is linked to and the other the position/order in that set. I do not know the
key number for schema mapping by heart, but can find out by checking with any
existing driver yourself. Geoffrey has written an article about this, too: -->
https://www.netiq.com/communities/cool-solutions/talking-about-dirxml-policies-attributes/

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: Determine driver schema mapping policy with LDAP

#0 seems to mark schema mapping policy. Checked it out against several drivers.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Determine driver schema mapping policy with LDAP

On 2/18/2019 2:18 AM, Lothar Haeger wrote:
> kuronen wrote:
>
>> Is there something here to tell me it is a schema mapping policy?

>
> Just look at the two digits after the policy DN: the one is the policy set it
> is linked to and the other the position/order in that set. I do not know the
> key number for schema mapping by heart, but can find out by checking with any
> existing driver yourself. Geoffrey has written an article about this, too: -->
> https://www.netiq.com/communities/cool-solutions/talking-about-dirxml-policies-attributes/


Side note: try google and see if you can find an IDM topic where on of
my articles does NOT come up. (Do let me know, and I will write
something to break that loophole).


0 Likes
Highlighted
Super Contributor.
Super Contributor.

Re: Determine driver schema mapping policy with LDAP

geoffc;2495523 wrote:
On 2/18/2019 2:18 AM, Lothar Haeger wrote:
> kuronen wrote:
>
>> Is there something here to tell me it is a schema mapping policy?

>
> Just look at the two digits after the policy DN: the one is the policy set it
> is linked to and the other the position/order in that set. I do not know the
> key number for schema mapping by heart, but can find out by checking with any
> existing driver yourself. Geoffrey has written an article about this, too: -->
> https://www.netiq.com/communities/cool-solutions/talking-about-dirxml-policies-attributes/


Side note: try google and see if you can find an IDM topic where on of
my articles does NOT come up. (Do let me know, and I will write
something to break that loophole).


You've got lots of loopholes to patch. The problem with this kinda searches is asking the right question. I tried something like "netiq idm policy identifier" "netiq idm ldap policy names" and got nothing even resembling the subject.

Google with it's A.I. is still no match match for sir Geoff in mapping foolish questions to actual queries of data.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Determine driver schema mapping policy with LDAP

kuronen wrote:

> asking the right question.


you surely want to include "geoffc" as a keyword. He's written all about
everything IDM, so not worth bothering with the rest.. 😉

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Determine driver schema mapping policy with LDAP

On 2/19/2019 5:22 AM, Lothar Haeger wrote:
> kuronen wrote:
>
>> asking the right question.

>
> you surely want to include "geoffc" as a keyword. He's written all about
> everything IDM, so not worth bothering with the rest.. 😉


I think that will save you time, but is cheating in the suggested game.


0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Determine driver schema mapping policy with LDAP

On 2/19/2019 4:44 AM, kuronen wrote:
>
> geoffc;2495523 Wrote:
>> On 2/18/2019 2:18 AM, Lothar Haeger wrote:
>>> kuronen wrote:
>>>
>>>> Is there something here to tell me it is a schema mapping policy?
>>>
>>> Just look at the two digits after the policy DN: the one is the policy

>> set it
>>> is linked to and the other the position/order in that set. I do not

>> know the
>>> key number for schema mapping by heart, but can find out by checking

>> with any
>>> existing driver yourself. Geoffrey has written an article about this,

>> too: -->
>>>

>> https://www.netiq.com/communities/cool-solutions/talking-about-dirxml-policies-attributes/
>>
>> Side note: try google and see if you can find an IDM topic where on of
>> my articles does NOT come up. (Do let me know, and I will write
>> something to break that loophole).

>
> You've got lots of loopholes to patch. The problem with this kinda
> searches is asking the right question. I tried something like "netiq idm
> policy identifier" "netiq idm ldap policy names" and got nothing even
> resembling the subject.


So I have an article about the attributes IDM uses. Let me work on that
one for you. 🙂

> Google with it's A.I. is still no match match for sir Geoff in mapping
> foolish questions to actual queries of data.
>
>


0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Determine driver schema mapping policy with LDAP

On 2/18/2019 1:04 AM, kuronen wrote:
>
> How could I determine the dn of a driver schema mapping policy? At a
> quick glance it seems that the information is stored in the policy
> itself and the driver object.
>
> In the policy itself it is recognizable from XMLdata and
> DirXML-pkgInitialState attributes but they are of type stream and not
> suited for ldap substring query.
>
> In a driver object attribute DirXML-Policies the schema mapping policy
> is incuded as one value:
> cn=NOVLDTXTBASE-smp,cn=drivercn,cn=driverset,o=system#0#0
>
> This seems to be a structured attribute with some added information. Is
> there something here to tell me it is a schema mapping policy? Any
> ideas?


Conveniently, I wrote about this a few years ago. (Yeesh, 2011!)

https://www.netiq.com/communities/cool-solutions/talking-about-dirxml-policies-attributes/

That attribute syntax has a DN, then two integers. First (in LDAP) is
the position in the list, 0->N. Second represents WHAT the linkage is
for. See my article. Short answer snipped out:

0 Schema Map
1 Input Transform
2 Output Transform
3 ECMA Script Object
4 Sub Event Transform
5 Pub Event Transform
6 Sub Match
7 Pub Match
8 Sub Create
9 Pub Create
10 Sub Command Transform
11 Pub Command Transform
12 Sub Placement
13 Pub Placement
14 GCV Objects
15 Startup (New in IDM 4.0.2.3)
16 Shutdown (New in IDM 4.0.2.3)

So yep, 0 is Schema Map. Note: You should check contents as Schema Map
policy set can contain Policies of Schema maps.

I forget, is the Schema map a different object class? Not connected to a
live system this second to check.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.