This topic has 4 replies, 2 voices, and was last updated 6 years ago by ssripathy.

  • Author
    Posts
  • #5748

    I have problem in synchronization from managed user to system ldap account.
    Actual requirement,
    • Target needs to be updated with new uid in LDAP (target) since there is a user name change.

    We have sync to managedUser_systemLdapAccount , in this we are having the situation as MISSING and Action for this is UNLINK.
    What would really happen in this case,
    1 . Whether it will create the new record in LDAP ?
    2 . What would be the ACTION to perform in this SITUATION, since the user name (uid in target) is the only change but the other fields remains same.

    Can we use UPDATE in MISSING situation. ?

    #5751
     ssripathy
    Participant

    Hi,
    A few more details would help. Is the DN in LDAP based on this uid? Do you have a correlation query?
    I see 2 situations potentially arising out of this for recon purpose: MISSING as the source does not a have a matching target for that link and UNQUALIFIED as the target does not have a source for the link.

    In any case, based on the bug resolution below UPDATE action should work on that account and change its DN.
    https://bugster.forgerock.org/jira/browse/OPENIDM-2406

    In terms of best practice, its a always a good idea to use an immutable unique ID as part of the LDAP DN and would keep your sync mapping much simpler instead of having to handle these situations.
    Hope that helps!

    #5752
     ssripathy
    Participant

    If you are using a CREST LDAP connector you may not be able to update the DN anyway. See Ludo’s response at
    https://forgerock.org/topic/opendj-rest-end-point-fail-to-update-rdn/

    #5799

    Yes DN is based on this uid and we transform the dn as below with uid (userName)
    “source” : “userName”,
    “target” : “dn”,
    “transform” : {
    “type” : “text/javascript”,
    “source” : “(‘PersonID=’ + source + ‘,ou=people,o=example’)”
    }
    And there is another attribute in the mapping ,
    {
    “source” : “userName”,
    “target” : “uid”
    },
    Below is the correlation query.

    “correlationQuery” : {
    “type” : “text/javascript”,
    “source” : “var map = {‘_queryFilter’: ‘uid eq \”‘ + source.userName + ‘\”‘}; map;”
    },

    In case of MISSING we used the action as UNLINK, this resulted in creating the another record instead of updating the existing record with UID change.
    And we are using LDAPConnector (org.identityconnectors.ldap.LdapConnector).

    We will try with UPDATE for this situation.
    Thanks for your response.

    #5808
     ssripathy
    Participant

    Hi,
    Shouldn’t this be the dn expression in your transform statement above

    “source” : “(‘cn=’ + source.userName + ‘,ou=people,o=example’)”

    instead of what your snipped had below

    “source” : “(‘PersonID=’ + source + ‘,ou=people,o=example’)”

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?