Synchronizing Single-and Multi-Valued Attributes in AD/eDirectory



By: bstumpp

December 26, 2007 6:10 pm

Reads: 386

Comments:1

Rating:0

Problem

You need to synchronize multiple telephone numbers from eDirectory to Active Directory. Active Directory’s attribute telephoneNumber is a single-valued attribute, and otherTelephone is a multi-valued attribute. eDirectory Telephone Number is a multi-valued attribute. So, how can you add multiple telephone numbers in eDirectory and have them all synchronize to the telephoneNumber and otherTelephone attributes in Active Directory?

Solution

The Policy Builder Rule below should be placed in the Subscriber Output Transformation Policies. It does the following things:

1. It listens for a change in telephoneNumber, then strips the operational attribute from the event.

2. A local variable is set with the Active Directory value of Telephone Number. If the event is an ‘add’, the local variable is set to ‘add’.

3. A local variable is set to ’0′ for counting

4. A ‘for each’ loop is done for every value in the source attribute Telephone Number.

The ‘for each’ loop checks for the counting local variable to equal 0. When it does, the current value is set to a local variable, the destination attribute otherTelephone is cleared, and the counting variable is set to 1. This ensures that ‘telephone’ is set with only one value, and that there are no extra values in otherTelephone.

If the counting variable does not equal 0, the “else” action sets the current telephone number value to the otherTelephone attribute.

5. A comparison is made between the destination telephoneNumber local variable and the local variable for the first number in eDirectory’s telephone number. If they do not match, the Active Directory attribute is updated. This is included so that if the filter is set to a publisher reset, the values for telephoneNumber never get into a loop.

By the way, this rule can be duplicated for mobile/otherMobile, and pager/otherPager, in Active Directory.

facsimileTelelphoneNumber and otherFacsimileTelephoneNumber need some additional work. A ’0′ is added to the end of every fax number from eDirectory that would need to be removed before writing to Active Directory.

Example

<rule>
<description>Telephone Number</description>
<comment xml:space="preserve">Convert Multi-Valued Telephone Number to a single value, setting additional values into otherTelephone</comment>
  <conditions>
    <or>
      <if-operation mode="nocase" op="equal">modify</if-operation>
      <if-operation mode="nocase" op="equal">add</if-operation>
      <if-operation mode="nocase" op="equal">sync</if-operation>
    </or>
    <or>
      <if-class-name op="equal">User</if-class-name>
    </or>
    <or>
      <if-op-attr name="telephoneNumber" op="changing"/>
    </or>
  </conditions>
<actions>
  <do-strip-op-attr name="telephoneNumber"/>
    <do-if>
      <arg-conditions>
        <and>
          <if-operation mode="nocase" op="equal">add</if-operation>
        </and>
      </arg-conditions>
      <arg-actions>
        <do-set-local-variable name="lv-dest-phone" scope="policy">
          <arg-string>
            <token-text xml:space="preserve">add</token-text>
          </arg-string>
        </do-set-local-variable>
      </arg-actions>
      <arg-actions>
        <do-set-local-variable name="lv-dest-phone" scope="policy">
          <arg-string>
            <token-dest-attr name="telephoneNumber"/>
          </arg-string>
        </do-set-local-variable>
      </arg-actions>
        </do-if>
        <do-set-local-variable name="lv-count" scope="policy">
          <arg-string>
            <token-text xml:space="preserve">0</token-text>
          </arg-string>
        </do-set-local-variable>
        <do-for-each>
          <arg-node-set>
            <token-src-attr name="Telephone Number"/>
          </arg-node-set>
      <arg-actions>
        <do-if>
          <arg-conditions>
            <and>
              <if-local-variable mode="nocase" name="lv-count" op="equal">0</if-local-variable>
            </and>
          </arg-conditions>
      <arg-actions>
        <do-set-local-variable name="phone-number" scope="policy">
          <arg-string>
            <token-local-variable name="current-node"/>
          </arg-string>
        </do-set-local-variable>
        <do-clear-dest-attr-value name="otherTelephone" when="before"/>
        <do-set-local-variable name="lv-count" scope="policy">
          <arg-string>
            <token-text xml:space="preserve">1</token-text>
          </arg-string>
        </do-set-local-variable>
      </arg-actions>
      <arg-actions>
        <do-add-dest-attr-value name="otherTelephone">
          <arg-value>
            <token-local-variable name="current-node"/>
          </arg-value>
        </do-add-dest-attr-value>
      </arg-actions>
        </do-if>
    </arg-actions>
  </do-for-each>
  <do-if>
    <arg-conditions>
      <and>
        <if-local-variable mode="nocase" name="lv-dest-phone" op="not-equal">$phone-number$</if-local-variable>
      </and>
    </arg-conditions>
    <arg-actions>
      <do-set-dest-attr-value name="telephoneNumber">
        <arg-value type="string">
          <token-local-variable name="phone-number"/>
        </arg-value>
      </do-set-dest-attr-value>
    </arg-actions>
  <arg-actions/>
  </do-if>
</actions>
</rule>

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

1 Comment

  1. By:Tilman_R

    To add compability for facsimileTelephoneNumber, simply replace the

    <token-local-variable name="current-node"/>
    

    with

    <token-substring length="-2">
    <token-local-variable name="current-node"/>
    </token-substring>
    

    in line 59 and 72, which strips the last character of the string (which is the faxBitCount “0″).

    Thanks for the guide!

Comment