moularbi Absent Member.
Absent Member.
827 views

How to use LDAP operational attributes in entities


Hi,
I want to add the operational attribute 'createTimestamp' to the user
entity I have created in Designer but this attribute doesn't appear in
the list of available attributes in the "Add attribute" dialog in
Designer.
Is there a way to do that?
In addition, I am wondering if the 'pwdLastSet' attribute exists in
eDirectory. If not, is there an equivalent?


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: http://forums.novell.com/member.php?userid=110833
View this thread: http://forums.novell.com/showthread.php?t=448297

Labels (1)
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: How to use LDAP operational attributes in entities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As it is a a property on the object are you wanting to read it or write
to it? You cannot write to it but you may be able to read it via LDAP,
which is not how most driver configs pull data from IDM but it is
something you could query other ways.

pwdLastSet is a proprietary microosft thingy. eDirectory stores
expiration data in attributes like passwordExpirationTime or (more
appropriately) on the password policy applied to the object. A good
question would be, for both of these, "Why?". A business case for what
you need and why will help us help you better.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOw+fdAAoJEF+XTK08PnB5WGIQANSTGXVKhw+vX8F+jzb9hufF
fFOzfHvoILFmsN4Usz1z0ThJiqFaWwshcgDSBbGcR2c5e8ZN5W77aHFYTJgE8mrb
vZQP27VUsI+li4HooYmux+Cv/rtycQjue2K7b92HvVvlaxukSZ2U93HEVrDs9BDF
4kfkrWqfC3JyiL2BtLJcg4bIwF6rWwfd45J9MObRaJHMCDR/GvtdDFcO674vHfBO
49pfCL3B8GmLKb6Sf5xphgrCbbvNKRW537Wh0U3pw8aAliDbc7VxxeIovhyVx5b4
/jI4PAIadgkya4v1yehye0wDDRDqgPVNXh2H1VsfKbfJkWki4B7LuqwMC/9cTVjB
pBt3iJs4WS9/LO9WkG+2k9/nvbs6PqMm+ZTYBRkLjMyxjf5ybrBFqSk9yLIe8JyU
AiqiiId+1U04Z+ouHA9AC2GJIXrYANQFGnKkEm9E8znCpfIQnu/FkZtiAO8HlQp8
MgE8caozXkTXN1ZHV1mKKm/CDFpaYAV9zKgDDDGdMHwFkXYSyv7M6p1yEc6U3aGI
mtYo98wJwcYDIV+j+fo870fK7j2vl85URhGqIz10O5kZ4Z7RlZ6vORbPUvQmcL1d
csd8JBPLvYY1TTZ75wgYp9vLzlDFf4+bI9Y8z5jsgR9E6XsRCqlxCB1Fo6G+7rOQ
OHz0e57YxVgPj1C4u/pD
=fpdj
-----END PGP SIGNATURE-----
0 Likes
moularbi Absent Member.
Absent Member.

Re: How to use LDAP operational attributes in entities


I want to read these two attributes to use them as display attributes in
a search portlet in the user application. For this, I need to add them
to my User entity.


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: http://forums.novell.com/member.php?userid=110833
View this thread: http://forums.novell.com/showthread.php?t=448297

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to use LDAP operational attributes in entities

On Wed, 16 Nov 2011 15:56:02 +0000, moularbi wrote:

> Hi,
> I want to add the operational attribute 'createTimestamp' to the user
> entity I have created in Designer but this attribute doesn't appear in
> the list of available attributes in the "Add attribute" dialog in
> Designer.
> Is there a way to do that?


This isn't really a question about Designer (the product), so you would
be better off asking it in the idm.engine-drivers forum.

But, that said, there isn't an attribute for creation timestamp, because
that information is the creation time on the object itself, not an
attribute of the object.

You could probably simulate it using a Null driver and watching for <add>
events. Then grab the 'cached time' from the <add> and write it to the
object as createTimestamp. From then on, you would just use this
attribute, and ensure that you never overwrite it.


> In addition, I am wondering if the 'pwdLastSet' attribute exists in
> eDirectory. If not, is there an equivalent?


Assuming Universal Password is in use, look at the pwdChangedTime. It's
not the same as MAD's pwdLastSet, but it may be what you're looking for.


--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to use LDAP operational attributes in entities

> But, that said, there isn't an attribute for creation timestamp, because
> that information is the creation time on the object itself, not an
> attribute of the object.


You could also use Lothar's LDAP ECMA call to request the attribute.
Its available in LDAP queries.
0 Likes
moularbi Absent Member.
Absent Member.

Re: How to use LDAP operational attributes in entities


Thank you for your responses


--
moularbi
------------------------------------------------------------------------
moularbi's Profile: http://forums.novell.com/member.php?userid=110833
View this thread: http://forums.novell.com/showthread.php?t=448297

0 Likes
jwilleke Honored Contributor.
Honored Contributor.

Re: How to use LDAP operational attributes in entities

On 2011-11-16 17:50:30 +0000, Geoffrey Carman said:

> > But, that said, there isn't an attribute for creation timestamp, because
>> that information is the creation time on the object itself, not an
>> attribute of the object.

>
> You could also use Lothar's LDAP ECMA call to request the attribute.
> Its available in LDAP queries.


What?

Of course it is an attribute on the entry!

According to http://www.ietf.org/rfc/rfc4512.txt:
3.4.2. 'createTimestamp'

This attribute appears in entries that were added using the protocol
(e.g., using the Add operation). The value is the time the entry was
added.

( 2.5.18.1 NAME 'createTimestamp'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE NO-USER-MODIFICATION
USAGE directoryOperation )

eDirectory shows it is inherited form TOP and so is an attribute on
EVERY object within the DIT.


--

Thank You for your help!

-jim
Jim Willeke

0 Likes
Knowledge Partner
Knowledge Partner

Re: How to use LDAP operational attributes in entities

On 12/6/2011 11:22 AM, Jim Willeke wrote:
> On 2011-11-16 17:50:30 +0000, Geoffrey Carman said:
>
>> > But, that said, there isn't an attribute for creation timestamp,

>> because
>>> that information is the creation time on the object itself, not an
>>> attribute of the object.

>>
>> You could also use Lothar's LDAP ECMA call to request the attribute.
>> Its available in LDAP queries.

>
> What?


There are some operational attributes I thought we could not get via an
IDM query. modifiersName, modificationTime might be the ones I was
thinking of. I know you can get them via LDAP, but did not think the
IDM query would work.


> Of course it is an attribute on the entry!
>
> According to http://www.ietf.org/rfc/rfc4512.txt:
> 3.4.2. 'createTimestamp'
>
> This attribute appears in entries that were added using the protocol
> (e.g., using the Add operation). The value is the time the entry was
> added.
>
> ( 2.5.18.1 NAME 'createTimestamp'
> EQUALITY generalizedTimeMatch
> ORDERING generalizedTimeOrderingMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
> SINGLE-VALUE NO-USER-MODIFICATION
> USAGE directoryOperation )
>
> eDirectory shows it is inherited form TOP and so is an attribute on
> EVERY object within the DIT.
>
>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: How to use LDAP operational attributes in entities

Hello,

You can edit the entity definition manually from a LDAP browser instead of using Designer.

Browse to <driver set>/<userr application driver>/AppConfig/DirectoryModel/EntityDefs/

The definition is stored within the attribute XmlData. Edit the content in a xml editor and add <attribute> elements for the
attributes you want to add.
Remember to import the changes into designer or it will get lost on next deploy!

Best regards,
Tobias

On 2011-11-16 16:56, moularbi wrote:
>
> Hi,
> I want to add the operational attribute 'createTimestamp' to the user
> entity I have created in Designer but this attribute doesn't appear in
> the list of available attributes in the "Add attribute" dialog in
> Designer.
> Is there a way to do that?
> In addition, I am wondering if the 'pwdLastSet' attribute exists in
> eDirectory. If not, is there an equivalent?
>
>


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.