Stripping Data from Attributes, AD to eDirectory


By: coolguys_netiq

March 28, 2007 2:33 am





A Forum reader recently asked:

“We are trying to sync an attribute called “whenCreated” from MAD to eDirectory. We need to strip off some information from the attribute on the way from MAD to eDirectory. It has an extra .0Z at the end of the time data. What is the best way to strip off the extra info, and where should we create the policy?”

And here’s the response from Father Ramon …


You can use an input transformation like this:

  <description>Reformat whenCreated
   <do-reformat-op-attr name="whenCreated">
    <arg-value type="string">
     <token-replace-first regex="(^.*)\..*Z" replace-with="$1">
      <token-local-variable name="current-value"/>

You might also want to convert it to eDirectory time format. The input transformation that comes in the default AD configuration has rules that do this for other attributes (accountExpires, lockoutTime). Copy one of the rules for these and change the rule and attribute name.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading ... Loading ...

Tags: ,
Categories: eDirectory, Identity Manager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.