ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.
This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
DIPESH MISHRA
Lieutenant
Lieutenant
‎2019-11-04 05:24
413 views

Identity manager setting last name as unknown in AD issue

Hi ,

I am facing issues in Identiy manager as when i sych the user from AD to idm , the users whose last name is not set in active directory comes as unknown in IDM. Then same is sych to AD and user last name is also set to unknown in AD.

I don't want to set lastname as unknown in AD by IDM, kindly help me to know what changes i have to done in IDM so that it does not set lastname as unknown in AD.

Any help is highly appreciated .

Thanks

Dipesh

 

Labels (1)
Labels
0 Likes
Report Inappropriate Content
6 Replies
joakim_ganse
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2019-11-04 05:45

Last name is a mandatory attribute so it has to have a value.
If there is no value the driver will set it to unknown as you have seen.

You have to fill in a value for last name.
0 Likes
Report Inappropriate Content
DIPESH MISHRA
Lieutenant
Lieutenant
‎2019-11-04 05:49

No any way that that driver will not set unknown as last name in AD
0 Likes
Report Inappropriate Content
chiraggajjar1
Captain Captain
Captain
‎2019-11-04 05:56

There might no way to set it up.

 

Regards,

Chirag

0 Likes
Report Inappropriate Content
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2019-11-04 11:51

It is mandatory in eDir too, so not sure how you could even get to such a case, unless some policy/filter choice is removing it.

0 Likes
Report Inappropriate Content
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2019-11-04 11:50

Have you looked at the trace?  When the event is kicked off, is the Surname attribute in the XDS document?

 

When it is finally submitted to AD, what does it look like?  If it was there and is missing, work backwards till you find what took it out.

This is why we almost always answer questins like this with "Show me the trace"

0 Likes
Report Inappropriate Content
al_b
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2019-11-04 14:24

Definitely trace is the way to troubleshoot the issue.

Surname is a mandatory attribute for user class and we have no way to bypass it.

As a temporary solution, you can use the next logic in the matching policy:

If Surname not exist, set Surname as "unknown"

<do-if>
	<arg-conditions>
		<and>
			<if-op-attr name="Surname" op="not-available"/>
		</and>
	</arg-conditions>
	<arg-actions>
		<do-add-dest-attr-value name="Surname">
			<arg-value type="string">
				<token-text xml:space="preserve">Unknown</token-text>
			</arg-value>
		</do-add-dest-attr-value>
	</arg-actions>
	<arg-actions/>
</do-if>
0 Likes
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.