Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

multiple accounts for active directory

hello guys,

i tried to set multiple accounts (ad) for one idm-user. i created a identity rule similar to the documentation:

<Rule subtype='IdentityRule' id='#ID#F7664C512237E38E:54851055:11203DE16DD:-7EAD' name='Administrator Identity' lock='Configurator#1177076836355' creator='Configurator' createDate='1176996139515' lastModifier='Configurator' lastModDate='1177074739949' lastMod='69042'>

<concat>

<s>CN=</s>

<ref>fullname</ref>

<s>_br</s>

<s>,OU=Administration,OU=IT</s>

<s>,OU=Employees,OU=User</s>

<s>,DC=company,dc=local</s>

</concat>

<MemberObjectGroups>

<ObjectRef type='ObjectGroup' id='#ID#Top' name='Top'/>

</MemberObjectGroups>

</Rule>

then i activated multiple accounts for resource: active directory and select the defined identity rule to create a new attribute type (someAT).

so my identity template is:

CN=$fullname$,OU=$UserDepartmentOU$,OU=$UserSecondOu$,OU=User,DC=company,dc=local

every time i try to assign the second attribute type (AD 1|someAT) to a user i get this error:

com.waveset.util.WavesetException: Missing attribute UserDepartmentOU required by the identity templatefor resource AD 1

has anyone a idea why this error comes?

best regards

[1795 byte] By [Murat_Firata] at [2007-11-27 1:46:15]
«« can`t set a JScrollBar position correctly
»» suggestions to improve without break & continue? thanks
# 1
Check the attribute mapping part of the adapter. The UserDepartmentOU attribute must have been marked as a required field.Ankush
ankushkapoora at 2007-7-12 1:07:35 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2

thanks for your response ankush, it works now, but i have another error:

Unable to set user info: 'SetInfo(): 0X80071392: , 00000524: UpdErr: DSID-031A0F4B, problem 6005 (ENTRY_EXISTS), data 0

problem results from the fact that I have two equal values for attribut fullname each resources (AD1 and AD1|BR).

when i set user.accounts[AD 1|BR].accountId to something value in my taskdefinition, idm overwrite it later to the value of user.accounts[AD 1].accountId so i get the error message.

has someone idea to how can i solve this problem?

thanks

Murat_Firata at 2007-7-12 1:07:35 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3
Hi,You need to change the identity system attribute in the schema map atleast for one resource.you can try thismake the identity system attribute in the schema map 'accountId' for any of the resource to some another name say 'testaccountId'.Thanks
NSVa at 2007-7-12 1:07:35 > top of Java-index,Web & Directory Servers,Directory Servers...
# 4
that is not necessary, because i have only one resource (AD).the second account have to create as resourceAssingment. other ideas?thanx
Murat_Firata at 2007-7-12 1:07:35 > top of Java-index,Web & Directory Servers,Directory Servers...
# 5

Hi,

you will get an "Entry Exists" error from AD when you try to create an object with a samAccountName that already exists. samAccountName is the backwards compatibility (Windows NT) identifier which is supposed to be unique in the domain. There may be more causes for the error but i guess this is the reason for your problem.

Regards,

Patrick

Patrick.Wehingera at 2007-7-12 1:07:35 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified