A Forum reader recently asked:

“I’m using a modify operation on the subscriber channel of my AD-Driver. My current operations object is associated. What I need to know is the distinguished name in my destination object (the object in the AD). When I have a look at the object with LDAP, it looks somewhat like “cn=users name, ou=something, ou=something other, dc= …” This is what I built up in placement rule when the object was created. Now I want to read this thing from AD via the assoc in my operation. I tried it several ways but didn’t find a way.”

And here’s the response from Identity Manager expert Father Ramon …


The query to the application produces an eDirectory DN. That’s because IDM automatically marshalls referential attributes between the application and eDirectory namespaces, as that is what is needed for the synchronization of the same.

Here’s an example of a rule in an input transformation that would allow you to use the destination attribute token and not have the attribute automatically mapped to corresponding eDir object before you get it:

   <do-reformat-op-attr name="distinguishedName">
    <arg-value type="string">
     <token-local-variable name="current-value"/>

For an example of querying from XPath to get the DN, see:

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: coolguys
Jan 10, 2007
4:26 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow