coreyhansen Absent Member.
Absent Member.
728 views

Modify Attribute For All Users

So up until now my use of eDirectory has been pretty vanilla, so while this task may seem easy to some (most (all)) it appears quite daunting to me.

I need to change the "Telephone" attribute for all users. Instead of what it was, which was the building line, it needs to be their direct extension. Now I assume there's a bulk method of performing this change, and I've Googled the subject, but it's a problem with many different solutions it would seem. My best guess at the moment is that I will need to export the directory into LDIF and then merge the LDIF file with a phone directory list somehow, then import. That sounds really painful. Like, just go in and manually add the correct extension to every user painful. At the very least I have no idea how to do it.

What's the best method to make this happen? I'm sure I'm not the first.

Thanks
Labels (1)
0 Likes
9 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Modify Attribute For All Users

There are multiple ways, but the two ways are either to use Identity
Manager (IDM), or else to use LDAP via LDIF-formatted data. I would
recommend the latter, as this is basically a one-shot operation, and IDM
is a bit more work to setup because it will then do operations for you,
ongoing, forever, thus totally worth it for big operations, but a lot of
overkill for a one-time operation.

The good news, is we can probably help you come up with a script that will
do all of the work for you if can do a couple fairly-simple things that
are probably already done. First, tell us about your users in eDirectory,
specifically where they are (all in one container, spread out in many
containers, etc.), about your telephone number data (show us some sample
data, at least a few records, as exactly as possible), and also how you
could match up the data between the two (how you identity users in
eDirectory based on the telephone number data).

I would expect something like this:

eDirectory data in LDAP format:
cn=username0,ou=context,o=goes,dc=here
cn=username1,ou=context,o=goes,dc=here
cn=username2,ou=context,o=goes,dc=here

Telephone data in CSV format, colon-delimited:
username0:12345
username1:23456
username2:34567

Given these sets of data, and assuming that all of the users are in a
single container, it would be easy to come up with a script that updates
the records with the phone number so that telephoneNumber in eDirectory
has 12345, 23456, or 34567, for example this LDIF would do that job:


dn: cn=username0,ou=context,o=goes,dc=here
changetype: modify
replace: telephoneNumber
telephoneNumber: 12345

dn: cn=username1,ou=context,o=goes,dc=here
changetype: modify
replace: telephoneNumber
telephoneNumber: 23456

dn: cn=username2,ou=context,o=goes,dc=here
changetype: modify
replace: telephoneNumber
telephoneNumber: 34567


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
dbgallo1 Absent Member.
Absent Member.

Re: Modify Attribute For All Users

this almost sounds like a job for IDM ?

depending on your licensing you may have access to the basic edition , this is paltry work for it , esp with the Generic Text Driver
coreyhansen Absent Member.
Absent Member.

Re: Modify Attribute For All Users

dbgallo;2469986 wrote:
this almost sounds like a job for IDM ?

depending on your licensing you may have access to the basic edition , this is paltry work for it , esp with the Generic Text Driver


This is actually good news for me. While IDM might be a lot of work, it's something that I want to deploy anyway. I plan to deploy AD and use IDM to sync users across from eDir, keeping eDir as the master directory but still being able to leverage AD and the massive amount of support that exists for it.

I'll switch my focus and begin deploying IDM. Do you have any tips for a successful deployment?

Thanks
0 Likes
Knowledge Partner
Knowledge Partner

Re: Modify Attribute For All Users

coreyhansen wrote:

> Do you have any tips for a
> successful deployment?


Read and understand what
https://www.netiq.com/documentation/idm402/idm_overview/data/front.html has to
say about the engine bevor you start. Ignore the UserApp/Workflow parts for a
start.

Even if you plan to use the current version 4.6, the old docs are more complete
when it comes to the IDM engine (which is all you'll need for now) while still
valid. IDM 4.5/4.6 docs put more focus on the UserApp, Reporting, GRC etc side
but lack some of the important details for the basic stuff.

--
http://www.is4it.de/en/solution/identity-access-management/

(If you find this post helpful, please click on the star below.)
______________________________________________
https://www.is4it.de/identity-access-management
coreyhansen Absent Member.
Absent Member.

Re: Modify Attribute For All Users

lhaeger;2469998 wrote:
coreyhansen wrote:

> Do you have any tips for a
> successful deployment?


Read and understand what
https://www.netiq.com/documentation/idm402/idm_overview/data/front.html has to
say about the engine bevor you start. Ignore the UserApp/Workflow parts for a
start.

Even if you plan to use the current version 4.6, the old docs are more complete
when it comes to the IDM engine (which is all you'll need for now) while still
valid. IDM 4.5/4.6 docs put more focus on the UserApp, Reporting, GRC etc side
but lack some of the important details for the basic stuff.


Thanks for the information. I'll put some time in. I'm also taking ab's advice and getting some training on it.
0 Likes
coreyhansen Absent Member.
Absent Member.

Re: Modify Attribute For All Users

ab;2469934 wrote:
There are multiple ways, but the two ways are either to use Identity
Manager (IDM), or else to use LDAP via LDIF-formatted data. I would
recommend the latter, as this is basically a one-shot operation, and IDM
is a bit more work to setup because it will then do operations for you,
ongoing, forever, thus totally worth it for big operations, but a lot of
overkill for a one-time operation.

The good news, is we can probably help you come up with a script that will
do all of the work for you if can do a couple fairly-simple things that
are probably already done. First, tell us about your users in eDirectory,
specifically where they are (all in one container, spread out in many
containers, etc.), about your telephone number data (show us some sample
data, at least a few records, as exactly as possible), and also how you
could match up the data between the two (how you identity users in
eDirectory based on the telephone number data).

I would expect something like this:

eDirectory data in LDAP format:
cn=username0,ou=context,o=goes,dc=here
cn=username1,ou=context,o=goes,dc=here
cn=username2,ou=context,o=goes,dc=here

Telephone data in CSV format, colon-delimited:
username0:12345
username1:23456
username2:34567

Given these sets of data, and assuming that all of the users are in a
single container, it would be easy to come up with a script that updates
the records with the phone number so that telephoneNumber in eDirectory
has 12345, 23456, or 34567, for example this LDIF would do that job:


dn: cn=username0,ou=context,o=goes,dc=here
changetype: modify
replace: telephoneNumber
telephoneNumber: 12345

dn: cn=username1,ou=context,o=goes,dc=here
changetype: modify
replace: telephoneNumber
telephoneNumber: 23456

dn: cn=username2,ou=context,o=goes,dc=here
changetype: modify
replace: telephoneNumber
telephoneNumber: 34567


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


This is fantastic information, and I appreciate it, but I think I'm going to go with IDM. It's something on my project list anyway, so I might as well knock out two projects at once. Any tips to get me from A to B?

Thanks
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Modify Attribute For All Users

IDM is a wonderful, great, fantastic product, particularly with your
concerns (things around the engine and drivers), but it's a way of
thinking. Once you learn it, life is great, and until then, you may lose
some hair because with great power comes great... complexity. In some
ways, IDM is very simple, but the details form the basis of the IDM
engine/drivers forum which is also very popular. Also, start out with a
good design, since having that from the start means a lot of things can be
simple going forward, but starting out wrong can mean a lot of extra work
in the future.

As a result, I would recommend a training, or maybe working with somebody
who has done it before, in order to do it right the first time as much as
possible. Test environments are important, since doing IDM can wrong can
break not one, not two, but all connected environments (that's its job, of
course, to connect things) at once, and that can be bad.

In return for the upfront investment (in training, reading the forums,
etc.) you will get a lot of power at your fingertips, free time for doing
more-productive things (than hacking telephone numbers, etc.), and
generally you'll love life. Rainbows, unicorns, etc.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
coreyhansen Absent Member.
Absent Member.

Re: Modify Attribute For All Users

ab;2470002 wrote:
As a result, I would recommend a training


I've ran this by my boss and he's agreed to pay for a training subscription for me. Now if I can just get sales to call me back...

ab;2470002 wrote:
Rainbows, unicorns, etc.


That's really all I ask.

Thanks!
0 Likes
dbgallo1 Absent Member.
Absent Member.

Re: Modify Attribute For All Users

the forums are invaluable, I also keep a copy of "IDM Tokens" by Geoffrey Carman next to my desk as a reference. ( I got it at a book signing at the last brainshare, but I believe it is available elsewhere).

CAN NOT STRESS ENOUGH - Build a test environment, make it looks as close to prod as possible , do not play in production, you can cripple your AD with good intentions.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.