Find Matching Object

Finds a match for the current object in the destination data store.

Fields

Scope

Select the scope of the search. The scope might be an entry, a subordinate, or a subtree.

DN

Specify the DN that is the base of the search.

Match Attributes

Specify the attribute values to search for.

IMPORTANT:To improve performance when using the find matching object verb, create an index for the attributes that you are going to use when querying the Identity Vault. For more information about indexes, see the Novell eDirectory 8.8 Administration Guide.

Remarks

Find Matching Object is only valid when the current operation is an add.

The DN argument is required when the scope is “entry,” and is optional otherwise. At least one match attribute is required when the scope is “subtree” or “subordinates.”The results are undefined if the scope is “entry” and there are match attributes specified. If the destination data store is the connected application, then an association is added to the current operation for each successful match that is returned. No query is performed if the current operation already has a non-empty association, thus allowing multiple find matching object actions to be strung together in the same rule.

If the destination data store is the Identity Vault, then the destination DN attribute for the current operation is set. No query is performed if the current operation already has a non-empty destination DN attribute, thus allowing multiple find matching object actions to be strung together in the same rule. If only a single result is returned and it is not already associated, then the destination DN of the current operation is set to the source DN of the matching object. If only a single result is returned and it is already associated, then the destination DN of the current operation is set to the single character . If multiple results are returned, then the destination DN of the current operation is set to the single character �.

Example

The example matches on User objects with the attributes CN and L. The location where the rule is searching starts at the Users container and adds the information stored in the OU attribute to the DN. The rule is from the predefined rules that come with Identity Manager. For more information, see Section 8.13, Matching - By Attribute Value. To see the policy in XML, see predef_match_by_attribute.xml.

Matching by attribute value
Find matching object

When you click the Argument Builder icon, the Match Attribute Builder comes up. You specify the attribute you want to match on in the builder. This example uses the CN and L attributes.

Match attribute builder

The left fields store the attributes to match. The right fields allow you to specify to use the value from the current object to match or to use another value. If you select Other Value, there are multiple value types to specify:

  • counter

  • dn

  • int

  • interval

  • octet

  • state

  • string

  • structured

  • teleNumber

  • time

To use another value:

  1. Launch the Match Attribute Builder by selecting Edit the match attributes, then select Other Value.

    Match Attribute Builder Other Value

  2. Select the desired value type.

  3. Specify the value, then click Finish.