Modifying Custom Attributes with the IDM Null Driver



By: coolguys

December 10, 2007 10:42 am

Reads: 172

Comments:0

Rating:0

Problem

A Forum reader recently asked:

“I have IDM 3.5 with a Identity Vault and other drivers, such as AD, JDBC, and Notes. Can I modify a custom attribute on users in a OU in my IDV? This operation is captured by a loopback driver that create a user on another OU of my driver, with some attributes populated.”

And here’s the response from Father Ramon …

Solution

Here’s what you need to do:

1. Use the null driver rather than the loopback driver.

2. Add a User to the subscriber filter.

3. Set it to synchronize on the subscriber channel and ignore on the publisher channel.

4. Add the Description attribute to the User class in the filter

5. Set it to notify on the subscriber channel and ignore on the publisher channel.

6. Add a subscriber channel event transformation – something like this:

<policy>
  <rule>
   <description>create portal user</description>
   <conditions>
    <and>
     <if-class-name mode="nocase" op="equal">User</if-class-name>
     <if-src-dn op="in-container">users</if-src-dn>
     <if-op-attr mode="nocase" name="Description" 
op="changing-to">pippo</if-op-attr>
    </and>
   </conditions>
   <actions>
    <do-set-local-variable name="portalDN" scope="policy">
     <arg-string>
      <token-text xml:space="preserve">portal\</token-text>
      <token-src-name/>
     </arg-string>
    </do-set-local-variable>
    <do-add-src-object class-name="User">
     <arg-dn>
      <token-local-variable name="portalDN"/>
     </arg-dn>
    </do-add-src-object>
    <do-add-src-attr-value class-name="User" name="Surname">
     <arg-dn>
      <token-local-variable name="portalDN"/>
     </arg-dn>
     <arg-value>
      <token-src-attr name="Surname"/>
     </arg-value>
    </do-add-src-attr-value>
   </actions>
  </rule>
  <rule>
   <description>Veto further processing</description>
   <conditions/>
   <actions>
    <do-veto/>
   </actions>
  </rule>
</policy>

7. Duplicate the last action in the first rule for each attribute you want to copy from the original object to the new object.

For information on the difference between a loopback driver and a null driver, see:

http://www.novell.com/documentation/idm35/admin/data/b9132yx.html

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: , ,
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment