Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Web & Directory Servers >> Directory Servers

Correlation rule to match accountID of IDM with EmployeeID of AD

Hi,

I have created a Correlation rule to match accountID of IDM with EmployeeID of AD as follows:

<cond>

<ref>account.accountId</ref>

<list>

<s>employeeID</s>

<s>equals</s>

<ref>account.accountId</ref>

</new>

</list>

</cond>

The AD resource is not getting assigned, would appreciate for any kind of help.

Thanks

[535 byte] By [rsdthfstha] at [2007-11-26 13:40:00]

«« Sun Cabinet FrameManager service LED
»» Problem while scrolling JTable

# 1

Did you block trace the rule? That should show you what is going wrong. I suspect that you may need to try something like this:

<new class='com.waveset.object.AttributeCondition'>

<s>equals</s>

<ref>employeeID</ref>

</new>

Bev.

BevRichardsona at 2007-7-7 22:35:34 >

top of Java-index,Web & Directory Servers,Directory Servers...

# 2

Hi Bev,

Thanks for the response.

As mentioned by you <ref>EmployeeID</ref> gives me null.

In my case, accountID of the IDM is mapped to sAMAccountName of AD attribute and Employee ID is mapped to employeeID of AD attribute.

Can you now help me to proceed further.

Thanks,

rsdthfstha at 2007-7-7 22:35:34 >

# 3

Try this:

<new class='com.waveset.object.AttributeCondition'>

<s>equals</s>

<ref>account.EmployeeID</ref>

</new>

Where name

will be the IdM AccountId and <ref>account.EmployeeID<ref>

will the EmployeeID schema attribute defined on the resource that you're reconciliing, i.e. AD.

HTH,

Paul

PaulWalker999a at 2007-7-7 22:35:34 >

# 4

Hi Paul,

Thanks a ton for the response.

By saying account.EmployeeID, do you mean that EmployeeID is the one which is on the left hand side of the mapped attribute in IDM? since according to the deployment doc it says we should always have account.<LHS> attribute.

Below is the complete code, I am still trying out..

<cond>

<ref>account.accountId</ref>

<list>

<s>equals</s>

<ref>account.EmployeeID</ref>

</new>

</list>

</cond>

</block>

Thanks

rsdthfstha at 2007-7-7 22:35:34 >

# 5

One more query:How will IDM interpret string 'name' to be accountID attribute?Thanks

rsdthfstha at 2007-7-7 22:35:34 >

# 6

Hi paul,It is working fine. Thanks alot.Was getting an error saying the account is locked by configurator, soon after I deleted the task which was updating the user, it started working fine.Thanks once again

rsdthfstha at 2007-7-7 22:35:34 >

# 7

Hi there,

Yes it's the left hand side (LHS) of the schema map that is referred to, regarding your other question the 'name' is the name of the Identity Manager account, i.e. the accountId, I was confused a tad the first time I saw this as well, thinking that name was the surname or givenname for the account but in fact it's the accountId.

Glad to see you got it working.

Cheers,

Paul Walker, Sun.

PaulWalker999a at 2007-7-7 22:35:34 >

Web & Directory Servers

Directory Servers

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Correlation rule to match accountID of IDM with EmployeeID of AD

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified