If your Delimited Text Driver is processing piecemeal snapshots of identity data, you might encounter the problem where any information not included in an CSV file gets stripped out of the vault. Your precious identity data is going to byte-heaven where-from there is no escape, the Preserve Vault Attribute Values policy is a byte-heaven-fire-exit.

This policy will allow you to selectively preserve attribute data in the vault, but still clear values if necessary by setting the value to ##CLEAR## emphasis not necessary.


When the delimited text driver is not building an association, it must perform a match and then a merge on all data that is sent through it. If your CSV file is not authoritative for all information, you may have data in eDirectory that will be overwritten by “blank” values – removed – when the merge is completed. Sadly Merge Authority can’t figure out which should win, because CSV data is always new data.


Merge Authority will automatically add a bunch of these:

	<modify-attr attr-name="Internet EMail Address">
          <value timestamp="1330490932#41" type="string">Your_Precious_Data@Your.Precious.Domain.com</value>

to your events. This code just strips them out when you don’t want them.

Show me the code

You will need to add a list GCV to contain the attributes to be preserved, list the attributes exactly as they will appear after schema mapping

<?xml version="1.0"?>
		<definition display-name="Preserve eDirectory Attributes" item-separator=";" name="GCV-attrs-to-preserve" type="list">
			<description>List attributes that should be preserved in eDirectory if they are not included in the text driver. Use an attribute value of ##CLEAR## to erase all values.</description>
			<value><item>Given Name</item><item>Full Name</item><item>Surname</item><item>OU</item><item>manager</item></value></definition>

Then you need to add this policy to the Publisher Channel Command Transform Policies

<?xml version="1.0" encoding="UTF-8"?><policy>
		<description>For each attribute in the GCV ensure the eDirectory value is preserved.</description>
		<comment xml:space="preserve">The logic used by this rule is as follows

FOR EACH $Attribute$ IN GCV-attrs-to-Preserve
   $LV-THIS-ATTRIBUTE-VALUE = OperationAttribute($Attribute$)
            STRIPXPATH remove-value parts for $Attribute$
                STRIPXPATH add-value parts for $Attribute$
            END IF
       END IF

In this way, the following is accomplished:
New values will replace existing values, blank values will not clear the value, only ##CLEAR## will clear the value.

		<comment name="author" xml:space="preserve">Neossian</comment>
		<comment name="version" xml:space="preserve">0.1</comment>

					<token-global-variable name="GCV-attrs-to-preserve"/>
					<do-set-local-variable name="lv-thisAttributeValue">
							<token-op-attr name="$current-node$"/>
								<if-local-variable mode="regex" name="lv-thisAttributeValue" op="not-equal">.+</if-local-variable>
							<do-strip-xpath expression="modify-attr[@attr-name=$current-node]/remove-value"/>
										<if-local-variable mode="nocase" name="lv-thisAttributeValue" op="equal">##CLEAR##</if-local-variable>
									<do-strip-xpath expression="modify-attr[@attr-name=$current-node]/add-value"/>
					<do-set-local-variable name="lv-thisAttributeValue">
							<token-text xml:space="preserve"/>

Good luck kids.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: Neossian
Mar 9, 2012
11:41 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow