OlafMeuther Absent Member.
Absent Member.
483 views

Disable a Account

To disable a account we use an internal variable called Login Disabled which is transformed into dirxml-uACAccountDisable. After this action a rule has the following <do-if>-statements in which a variable is use that is no longer available, I think, because of the transformation process:

<do-if>
<arg-conditions>
<and>
<if-op-attr mode="nocase" name="Login Disabled" op="changing-to">false</if-op-attr>
</and>
</arg-conditions>
<arg-actions>
<do-append-xml-element expression="operation-data/event-audit" name="activated"/>
<do-append-xml-text expression="operation-data/event-audit/activated">
<arg-string>
<token-text xml:space="preserve">true</token-text>
</arg-string>
</do-append-xml-text>
</arg-actions>
<arg-actions/>
</do-if>
I want to know if I am right and I have to use the variable dirxml-uACAcccountDisable or a statement using the source attribute? Thank you in advance!
Labels (1)
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: Disable a Account

OlafMeuther wrote:

> To disable a account we use an internal variable called Login Disabled


there are no "internal variables" in IDM, you are looking at an operation
attribute in this case. Helps a lot if we all speak the same language... 🙂

> which is transformed into dirxml-uACAccountDisable. After this action a
> rule has the following <do-if>-statements in which a variable is use
> that is no longer available, I think, because of the transformation
> process:


we would need to see a level 3 trace to verify your assumption, you can post it
to susepaste.org or similar services and link it here, if too long to attach
directly.

In general, class and attribute names are mapped from Edir namespace to
application namespace in schema mapping policies (hence the name) and you'll
have to use those names in input/output transforms.

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
Knowledge Partner
Knowledge Partner

Re: Disable a Account

On 1/29/2019 5:16 AM, OlafMeuther wrote:
>
> To disable a account we use an internal variable called Login Disabled
> which is transformed into dirxml-uACAccountDisable. After this action a
> rule has the following <do-if>-statements in which a variable is use
> that is no longer available, I think, because of the transformation
> process:


First off, this is the Designer forum, you will get better results in
the Engine-driver forum.

Second, in general, reference the specific driver you are working with.
I can tell from the uAC part that it is User Account Control, so Active
Directory. but worth clarifying it. Also this is Sub channel as you send
to AD.

As Lothar noted, you work in the eDir namespace (Login Disabled) until
you get to the schema map, where it gets renamed to the application
namespace.

The policy below is for the Account Tracking to send an extra message
when an account is disabled. A message to another system (Account
tracking) not actually disable the user. It is the schema map that does
the change over of attribute names.


>
> <do-if>
> <arg-conditions>
> <and>
> <if-op-attr mode="nocase" name="Login Disabled"
> op="changing-to">false</if-op-attr>
> </and>
> </arg-conditions>
> <arg-actions>
> <do-append-xml-element expression="operation-data/event-audit"
> name="activated"/>
> <do-append-xml-text
> expression="operation-data/event-audit/activated">
> <arg-string>
> <token-text xml:space="preserve">true</token-text>
> </arg-string>
> </do-append-xml-text>
> </arg-actions>
> <arg-actions/>
> </do-if>
> I want to know if I am right and I have to use the variable
> dirxml-uACAcccountDisable or a statement using the source attribute?
> Thank you in advance!
>
>


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.