This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
sagar_mokal
sagar_mokal Absent Member.
Absent Member.
‎2018-11-14 04:22
503 views

unable to move users from ad mutliple ou to edirectory ou's

Hi,

i have configured publisher placement policies for multiple ou's of active directory to edirectory ou's but users are not provisioning to edirectory appropriate ou's and getting following error.

Please suggest me on this below and correct me on this below policy.

Message: Code(-9064) No DN generated by object placement policy.<application>DirXML</application>.


<rule>
<description>placement for user from xxx OU</description>
<comment xml:space="preserve">Construct a destination DN for all object types assuming simple object name mapping.</comment>
<conditions>
<and>
<if-class-name op="equal">User</if-class-name>
<if-src-dn op="in-container">OU=xxx,DC=xxxxxx</if-src-dn>
<if-class-name disabled="true" notrace="true" op="equal">*</if-class-name>
</and>
</conditions>
<actions>
<do-set-op-dest-dn>
<arg-dn>
<token-text xml:space="preserve">data\users\xxxxxx</token-text>
<token-text xml:space="preserve">\</token-text>
</arg-dn>
</do-set-op-dest-dn>
<do-if>
<arg-conditions>
<and>
<if-global-variable mode="nocase" name="drv.pubPlacementType" op="equal">flat</if-global-variable>
</and>
</arg-conditions>
<arg-actions>
<do-set-op-dest-dn>
<arg-dn>
<token-global-variable name="idv.dit.data.users"/>
<token-text xml:space="preserve">\</token-text>
<token-src-name/>
</arg-dn>
</do-set-op-dest-dn>
</arg-actions>
<arg-actions>
<do-set-op-dest-dn>
<arg-dn>
<token-global-variable name="idv.dit.data.users"/>
<token-text xml:space="preserve">\</token-text>
<token-op-property name="unmatched-src-dn"/>
</arg-dn>
</do-set-op-dest-dn>
</arg-actions>
</do-if>
<do-set-op-dest-dn disabled="true">
<arg-dn>
<token-text xml:space="preserve">"data\users\xxx" + "\"</token-text>
</arg-dn>
</do-set-op-dest-dn>
</actions>
</rule>
</policy>


Thanks,
Sagar
Labels (1)
0 Likes
Reply
Report Inappropriate Content
4 Replies
al_b
Knowledge Partner
Knowledge Partner
‎2018-11-14 06:15

Re: unable to move users from ad mutliple ou to edirectory o

Hi Sagar,

<do-set-op-dest-dn disabled="true">
<arg-dn>
<token-text xml:space="preserve">"data\users\xxx" + "\"</token-text>
</arg-dn>
</do-set-op-dest-dn>


You have to specify user destination DN.
Currently, you specified Container DN, but engine needs "full" object DN.
0 Likes
Reply
Report Inappropriate Content
sagar_mokal
sagar_mokal Absent Member.
Absent Member.
‎2018-11-14 10:03

Re: unable to move users from ad mutliple ou to edirectory o

Hi al_b,

Thank you for update.

ou=xxx,ou=users,o=data is my user destination dn. If i am wrong , please give some example to help us.


Thanks,
Sagar
0 Likes
Reply
Report Inappropriate Content
sagar_mokal
sagar_mokal Absent Member.
Absent Member.
‎2018-11-14 10:07

Re: unable to move users from ad mutliple ou to edirectory o

Hi Al_b,

Thank you for reply.

we have multiple ou's in ad and created as same ou names in the edirectory and want to provision multiple ou's ad user data to edirectory multiple ou's. Please help us on this.

If you provide xml , it will be helpful to us.

Thanks,
Sagar.
0 Likes
Reply
Report Inappropriate Content
geoffc
Knowledge Partner
Knowledge Partner
‎2018-11-14 11:36

Re: unable to move users from ad mutliple ou to edirectory ou's

On 11/14/2018 5:14 AM, sagar mokal wrote:
>
> Hi Al_b,
>
> Thank you for reply.
>
> we have multiple ou's in ad and created as same ou names in the
> edirectory and want to provision multiple ou's ad user data to
> edirectory multiple ou's. Please help us on this.

What Alex said was, the Dest-dn needs to be a full DN.

I.e. o\ou\ou\UserName

You are just providing the parent container, which is o\ou\ou\ without
the RDN, the leafmost node of the path.

For a move, you are correct, you specify the container. For an
op-dest-dn token you include the username at the end of it.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.