Highlighted
Super Contributor.
Super Contributor.
762 views

How to create a Cross Reference for an object in eDirectory

How to create a Cross Reference for an object in eDirectory

Labels (1)
13 Replies
Highlighted
Knowledge Partner
Knowledge Partner

You create or use a dn attribute.

Look at the member attribute on the group and group membership attribute on the user and do the same.

If that is what you mean with cross reference.

Highlighted
Super Contributor.
Super Contributor.

The Syntax of the attribute will be distinguishedName. 

When i create an attribute for any object in ou=deletion,ou=users,o=data,  I want this object to be cross referenced  to anther object under ou=users,o=data.

May be am confusing 😞

 

 

 

 

Highlighted
Knowledge Partner
Knowledge Partner

So on you object in deletion.users.data, add attribute with DN syntax, and specify a value that points at the object in users.data.

 

Highlighted
Super Contributor.
Super Contributor.

Perfect this will work for me. 

Is it possible for to do vice -versa as well ?

 

Highlighted
Knowledge Partner
Knowledge Partner

Yes, just do the same the other way.
Highlighted
Knowledge Partner
Knowledge Partner

Look at a Group. And a User.

User has the attribute Group Membership that points at the group.

Group has an attribute Member that points at the user.

There is also the pairing of Security Equals, Equivalent to me as well.

 

Highlighted
Super Contributor.
Super Contributor.

Thats right..

 

If i add a member in a group, the group object will be updated using member attribute and parrelely the user object will be updated with group membership attribute.

So there is a reference in both user n group object.

So my question is - how can we do the same for two custom attributes in two different objects (like usr and group)

Highlighted
Knowledge Partner
Knowledge Partner

Ok,

So you decide what object to tigger from. If it is the on in deletion, maybe a move or create there.
Then you add the dn attribute to that object. You obviously know the dn value you add.
So you can add the source dn (of the object Currently being processed) to another object (the one under user) as a value in the reference attribute you have cteated for that purpose.

Its the same token, add (or set) source attribute if you use a null driver.
But when you choose what object to write to you use "current object" in the first scenario and dn with the other object dn in the other.
Highlighted
Super Contributor.
Super Contributor.

Thanks for all your support. 

I got your point. 

you are asking me to update both the objcts togther - Am I right ?

My ask is different. Like if a user is added to a group, member attribute is updatd and in the user object group membership is also updated. 

So we are not updating the user object manaually. 

 

Looks like there is some link at the back end. 

 

Like wise is it possible for me to do in my scenario.  To be more clear,

if that object under deletion.user.data is deleted - the refrence should alos be deleted as how if we remove a member from a group works.

 

Highlighted
Knowledge Partner
Knowledge Partner

Ok, so you want to manage reciprical attributes automatically.

This is in an IDM group, so if you ware in the Pub channel, and you modify one of a reciprical pair then the engine will try to add the reciprical attribute.

You define this in a Recipricol Attrbute map. Make sure you add in the defaults, since with no map specified you get Group/User stuff, and a couple of others but if you specify just a single value, you ONLY get the values you specify.

 

Highlighted
Knowledge Partner
Knowledge Partner

I think reciprocal attributes as defined in driver properties apply to all write operations to IDV, not just publisher commands. But would have to verify that to be sure...
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.