6.19 Placement - Subscriber By Dept - LDAP Format

This rule places objects from one container in the Identity Vault into multiple containers in the data store on the OU attribute. Implement the rule on the Placement policy in the driver. You can implement the rule only on the Subscriber channel.

There are two steps involved in using the predefined rules: creating a policy in the Placement policy set, and importing the predefined rule. If you already have a Placement policy that you want to add this rule to, skip to Importing the Predefined Rule.

6.19.1 Creating a Policy

  1. Open the Identity Manager Driver Overview for the driver you want to manage.

    For instructions on how to access the Identity Manager Driver Overview page, see Accessing the Identity Manager Driver Overview Page.

  2. Click the Placement Policies set object on the Subscriber channel.

  3. Click Insert.

  4. Name the policy, make sure to implement the policy with the Policy Builder, then click OK.

    The Policy Builder is launched.

  5. Continue with Section 6.19.2, Importing the Predefined Rule.

6.19.2 Importing the Predefined Rule

  1. In the Policy Builder, click Insert.

  2. Select Placement - Subscriber By Dept - LDAP format.

  3. Expand the predefined rule.

    Placement - subscriber by dept - LDAP format

  4. To edit the rule, click Placement - Subscriber By Dept - LDAP format in the Policy Builder.

    The Rule Builder is launched.

  5. In the Enter string field, click the Edit the arguments icon.

    The Argument Builder is launched.

  6. In the Editor, add the parent container in the data store. The parent container must be specified in LDAP format. Make sure all of the department containers are child containers of this DN, then click OK.

  7. Click OK.

6.19.3 How the Rule Works

This rule places User objects in the correct department containers depending upon what value is stored in the OU attribute. If a User object needs to be placed and has the OU attribute available, then the User object is place in the uid=unique name,ou=value of OU attribute,dest-base.

The dest-base is a local variable. The DN must be the relative root path of the department containers. It can be an organization or an organizational unit. The value stored in the OU attribute must be the name of a child container of the dest-base local variable.

The value of the OU attribute must be the name of the child container. If the OU attribute is not present, then this rule is not executed.

The uid attribute of the User object is the first two letters of the Given Name attribute plus the Surname attribute as lowercase. The rule uses LDAP format.