This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
Anonymous_User
Absent Member.
Absent Member.
‎2015-03-09 13:23
188 views

Where to change search logic


Hi all: When we first started using IDM, it was simply to add eDir users to a domain in a flat structure. I still do not need a full mirrored sync, I do want to move users into different OUs just to keep them straight. I can manually move newly created users, but I need to change where/how the driver searches for users.



Currently the driver just looks in:

CN=Users,DC=XXX,DC=AD



I would like the driver to look in these three locations:

CN=Users,CN=SITE1,DC=XXX,DC=AD

CN=Users,CN=SITE2,DC=XXX,DC=AD

CN=Users,CN=SITE2,DC=XXX,DC=AD



Which policy controls the searching?
Labels (1)
Labels
0 Likes
Reply
Report Inappropriate Content
2 Replies
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2015-03-09 13:35

On 3/9/2015 9:23 AM, cmosentine wrote:
> Hi all: When we first started using IDM, it was simply to add eDir
> users to a domain in a flat structure. I still do not need a full
> mirrored sync, I do want to move users into different OUs just to keep
> them straight. I can manually move newly created users, but I need to
> change where/how the driver searches for users.
>
> Currently the driver just looks in:
> CN=Users,DC=XXX,DC=AD
>
> I would like the driver to look in these three locations:
> CN=Users,CN=SITE1,DC=XXX,DC=AD
> CN=Users,CN=SITE2,DC=XXX,DC=AD
> CN=Users,CN=SITE2,DC=XXX,DC=AD
>
> Which policy controls the searching?

Searching for users, might be called Matching users?

Thus the sub-mp set of policies.

The shipping policies are not as directly simple as 1 place to look.
They try to interact in a way that allows additional policies.

Thus I would consider adding a policy, linked after the shipping
policies that does a series of Find Matching objects, one for each
subtree you are looking into.

The Find Matching token is smart enough to know, that when a Destination
DN (XPATH @dest-dn) is found to not search again.

So if you had 5 do-find-matching tokens, one after another, as soon as
one of those 5 found a match, it sets the Destintation DN, and the
following tokens see it, and basically silently do nothing.


0 Likes
Reply
Report Inappropriate Content
Anonymous_User
Absent Member.
Absent Member.
‎2015-03-09 14:30

On Mon, 09 Mar 2015 13:23:52 +0000, cmosentine wrote:

> Hi all: When we first started using IDM, it was simply to add eDir
> users to a domain in a flat structure. I still do not need a full
> mirrored sync, I do want to move users into different OUs just to keep
> them straight. I can manually move newly created users, but I need to
> change where/how the driver searches for users.
>
>
>
> Currently the driver just looks in:
>
> CN=Users,DC=XXX,DC=AD
>
>
>
> I would like the driver to look in these three locations:
>
> CN=Users,CN=SITE1,DC=XXX,DC=AD
>
> CN=Users,CN=SITE2,DC=XXX,DC=AD
>
> CN=Users,CN=SITE2,DC=XXX,DC=AD

I don't think you're talking about searching here, I think you're talking
about placement. See the Subscriber channel, Placement policy rules.

For an overview of "what goes where", you might want to read my
CoolSolutions article here:

https://www.netiq.com/communities/cool-solutions/guided-tour-novell-
identity-manager-2/


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.