The ID-Provider provides a quick and powerful way to generate unique ID’s. Here, we will discuss how to set it up so that a User App Workflow can call the ID Provider and get a sequential unique value for object creation.

After installing IDM 4.0.1 with all the necessary components, we need to do the following:

Copy the idprovider.jar from the [path]/eDirectory/lib/dirxml/classes/ to the [jboss]/common/lib/ location.

Using Designer 4.0.1, deploy the ID Provider Package. Because we’re only interested in Remote calls for the ID Provider, we make the following changes to the ID Provider Driver’s Driver Parameters:

  • Clear out the default value for ID Generation Map
  • Enable the RMI Interface
  • Specify the listening IP and Port

We also need to clear out the Driver’s Filter.

Create your ID Policies as required. In this example, my ID Policy is called “Employer” and prepends it with “E” and pads with 0 up to the maximum 2147483647.

For ease of migration and a central point of configuration, add the following to the Driver Set Global Configuration:

<header display-name="ID Provider Settings"/>
<definition display-name="Show ID Provider Settings" name="idv.dit.idprovider.display" type="enum">
<enum-choice display-name="show">show</enum-choice>
<enum-choice display-name="hide">hide</enum-choice>
<subordinates active-value="show">
<definition display-name="ID Provider RMI IP Address" name="idv.idprovider.ip" type="string">
<description>IP Address of the ID Provider RMI interface.</description>
<definition display-name="ID Provider RMI Port" name="idv.idprovider.port" type="string">
<description>Port of the ID Provider RMI interface.

Default Value: 1199</description>

Now, in the Workflow, create a Mapping Activity. In this example, the Target Expression is with a Source Expression of:


function BuildDN() {
    var idpip = GCV.get('idv.idprovider.ip');    // Read the DS GCV for the IP
    trace(idpip);                                          // Trace to jboss.log
    var idpp = GCV.get('idv.idprovider.port'); // Read the DS GCV for the Port
    trace(idpp);                                          // Trace to jboss.log
    var pf = GCV.get('');         // Read the DS GCV for my other param
    var ue =,idpp,'Employer','UserApp','3'); // (ip, port, policy, client-id, trace)
    trace(ue);                                            // Trace to jboss.log
    var udn = 'ou=';
    udn = udn + ue + ',' + pf;                    //build DN
    return udn;                                        //return DN

function trace(msg) {
java.lang.System.out.println('flowdata\.map\/unique_dn: ' + msg);

The Entity Activity can now reference the value.

The jboss.log trace should show something similar to:

 15:15:58,789 INFO  [STDOUT]
15:15:58,818 INFO  [STDOUT] 1099
15:15:59,158 INFO  [STDOUT] 15:15:59 IDClient: Getting ID from "//"...
15:15:59,558 INFO  [STDOUT] 15:15:59 IDClient: OK.
15:15:59,558 INFO  [STDOUT] 15:15:59 IDClient: ID: E0000000005
15:15:59,558 INFO  [STDOUT] E0000000005

More articles on my Website.

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply


May 31, 2011
1:50 pm
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow