Discussion:
Insert new erRole into existing users erRoles
(too old to reply)
t***@gmail.com
2019-04-17 20:26:18 UTC
Permalink
Good afternoon!

I was hoping for a bit of guidance on how to successfully insert an erRole into a user with existing erRoles in ISIM via SDI.

I found this (http://www.pathmaker-group.com/category/ibm-tivoli-directory-integrator/) Which explains how to use For-Each Attribute to lookup users with multi value attributes for erRoles and store as a local variable. I followed the steps to the T and believe this is setup correctly.

I am finding trouble trying to successfully pass this local variable with multi valued erRoles back to the ISIM LDAP. It seems it wants to overwrite my values and insert the new erRole.

Any advice, or if any of you know an easier way to accomplish this would be so much appreciated! This is driving me literally insane! >0

Thank you!
Scott
Eddie Hartman
2019-04-19 15:37:44 UTC
Permalink
Post by t***@gmail.com
Good afternoon!
I was hoping for a bit of guidance on how to successfully insert an erRole into a user with existing erRoles in ISIM via SDI.
I found this (http://www.pathmaker-group.com/category/ibm-tivoli-directory-integrator/) Which explains how to use For-Each Attribute to lookup users with multi value attributes for erRoles and store as a local variable. I followed the steps to the T and believe this is setup correctly.
I am finding trouble trying to successfully pass this local variable with multi valued erRoles back to the ISIM LDAP. It seems it wants to overwrite my values and insert the new erRole.
Any advice, or if any of you know an easier way to accomplish this would be so much appreciated! This is driving me literally insane! >0
Thank you!
Scott
Forgive me, Scott, as my Adapter experience is limited. However, from what I've understood, you need to pass back the full value of entries (including all values to multi-valued attributes). Is that what you are doing with your For-Each loop?

/Eddie
Enio Padilla
2019-04-22 14:48:54 UTC
Permalink
Hi Scott,

You can use an LDAP connector in Update mode, to do the initial lookup of the user you want to modify, then you get the list of existing roles in the erroles attribute, then you can use the addAttributeValue method to add the dn of the new role you want to add for that user and then update the new erroles attribute value.
John Dell'Oso
2019-04-23 04:37:52 UTC
Permalink
Post by t***@gmail.com
Good afternoon!
I was hoping for a bit of guidance on how to successfully insert an erRole into a user with existing erRoles in ISIM via SDI.
I found this (http://www.pathmaker-group.com/category/ibm-tivoli-directory-integrator/) Which explains how to use For-Each Attribute to lookup users with multi value attributes for erRoles and store as a local variable. I followed the steps to the T and believe this is setup correctly.
I am finding trouble trying to successfully pass this local variable with multi valued erRoles back to the ISIM LDAP. It seems it wants to overwrite my values and insert the new erRole.
Any advice, or if any of you know an easier way to accomplish this would be so much appreciated! This is driving me literally insane! >0
Thank you!
Scott
Hi Scott,

That Pathfinder link is looking up existing roles and then writing to a report file as it iterates (using the for-each loop) through each role. That example is not storing each role through the iteration.

You need to store the existing roles in a new work attribute within the for-each loop - like so (I normally do this in a separate SDI script node):

work.addAttributeValue("roles", work.erRoleName[0]);

After that you add the new role(s) using the code above - using the name of the new role you want to add.

In your output connector to ISIM you simply map the work attribute "roles" to "erroles".

I assume that you are using the correct SDI connector when you want to send the work entry through to ISIM - using the JNDI connector refereincing the ISIM event handler. You need to do this to ensure that the provisioning policies/workflows are executed based on the role changes when you send an update to ISIM.

I hope this helps.

Cheers,
JD
Franzw
2019-04-24 09:05:39 UTC
Permalink
Post by Enio Padilla
Post by t***@gmail.com
Good afternoon!
I was hoping for a bit of guidance on how to successfully insert an erRole into a user with existing erRoles in ISIM via SDI.
I found this (http://www.pathmaker-group.com/category/ibm-tivoli-directory-integrator/) Which explains how to use For-Each Attribute to lookup users with multi value attributes for erRoles and store as a local variable. I followed the steps to the T and believe this is setup correctly.
I am finding trouble trying to successfully pass this local variable with multi valued erRoles back to the ISIM LDAP. It seems it wants to overwrite my values and insert the new erRole.
Any advice, or if any of you know an easier way to accomplish this would be so much appreciated! This is driving me literally insane! >0
Thank you!
Scott
Hi Scott,
That Pathfinder link is looking up existing roles and then writing to a report file as it iterates (using the for-each loop) through each role. That example is not storing each role through the iteration.
work.addAttributeValue("roles", work.erRoleName[0]);
After that you add the new role(s) using the code above - using the name of the new role you want to add.
In your output connector to ISIM you simply map the work attribute "roles" to "erroles".
I assume that you are using the correct SDI connector when you want to send the work entry through to ISIM - using the JNDI connector refereincing the ISIM event handler. You need to do this to ensure that the provisioning policies/workflows are executed based on the role changes when you send an update to ISIM.
I hope this helps.
Cheers,
JD
ISIM is getting more and more depending on RDBMS caching - so working directly with the ldap should be avoided as much as possible.

I would recommend starting to look at the REST API for these cases - if you are goos at Java over iiop (RMI) then the Java APPS API is really worth the investment.

A third way is to use the ISIM DSMLV2 connector (normally used for sourcing Identities aka "hrfeed") which also ensures that (if workflow is enabled on the ISIM service side) that eventual account operations are evaluated (and fulfilled if the service is set to correct compliance).

HTH
Regards
Franz Wolfhagen

Loading...