none
BHOLD- users not provisioning into their OU RRS feed

  • Question

  • Hi,

    AM using BHOLD access management connectors to flow my users into org units.criteria for OU movement is set as department -> organization. but my users are not flowing into their respective organization units.

    Regards'

    SHAKti


    shakti

    Friday, September 27, 2013 10:41 AM

All replies

  • Shakti,

    If you are using the test lab guide for the Access Management connector for BHOLD in order to populate users in BHOLD, the code in the guide doesn't properly translate the department string attribute to proper reference format as it should. I was able to work around this issue using the function FindMVEntry in a rules extension. If you are not familiar with this, I will try to find my code and share it.

    • Proposed as answer by Andrew Masse Tuesday, December 3, 2013 3:44 PM
    Saturday, September 28, 2013 6:51 AM
  • Please could you share the code as its an important stuff to complete.

    shakti

    Tuesday, November 26, 2013 11:27 AM
  • Urgh, I've been meaning for months to write this up but not looked at BHOLD in ages and don't have my old lab to hand. If I recall correctly (and please don't take this as gospel) you need to do the following:

    1. Org Units must be provisioned to the BHOLD MA (ACS) connector space as actual objects and then exported to BHOLd to get your Org Structure in place
    2. Users then need to have a reference attribute for their BHOLD organization attribute - not a simple string

    As Glenn says, you could do this with a FindMVEntries call in your MA extension, or you could use a "Reflector MA" (basically a management agent that reads a view on the metaverse and then projects new objects into the metaverse based on what it finds) to project new org Unit objects based on the Department or OU string on the user and then also flow the Org Unit reference value to the person at the same time. You need an import attribute flow from the reflector to the person that sets a reference attribute with the cn of the org unit. You also (as said before) need the Org Units provisioned to the BHOLD MA CS.

    Appreciate you might not get all of that. I did mean to do a full post with pictures but have been deep into other things for many months and never got around to it. Maybe one day...


    Dave Nesbitt

    Wednesday, November 27, 2013 5:24 PM
  • hi,

    I am trying to do this using FINDMVUTILS but not able to do so.Can you suggest the methodology to achieve it using findMvutils.

    Regards
    Shakti

    shakti

    Monday, December 2, 2013 9:15 AM
  • I have resolved the issue using FINDMVUTILS.

    Thanks for all the help


    shakti

    Thursday, December 5, 2013 8:58 AM
  • Anyone can share the code with the FindMVEntry to fix this?

    Thank you!
    (@Glenn: and maybe nice to fix it in the Lab pages)?

    Friday, September 12, 2014 1:40 PM
  • Hi David,

    Please find the below code segment.

    Reminder:-This is as per my organizational requirement.Please edit it as per your requirement.

    • First create the BHOLD OU management agent as per the instructions in document.
    • In addition to it add import flows from BHOLD to Meteverse Object OrgUnit.Craete attributes for this object type named "oudesc" and objectidentifier(both string type).
    • Then edit the parent(bhold)<-company(orgunit) from diect to  rules extension .and add the below code segment.

    case "cd.OrganizationalUnit:Parent<-mv.OrgUnit:company":
                        if (mventry["company"].IsPresent)
                        {


                            MVEntry[] objectID;
                            objectID = Utils.FindMVEntries("description", mventry["company"].Value);

                            if (objectID.Length == 1)
                            {
                                if (objectID[0]["objectidentifier"].IsPresent)
                                {
                                    csentry["Parent"].Value = objectID[0]["objectidentifier"].Value;
                                }

                            }
                        }
                        break;


    shakti

    Friday, September 12, 2014 1:55 PM
  • Hi shakti,

    thanks for the feedback.
    I did this for the BHOLD OU MA, this works :)
    I've been implementing this for the BHOLD MA (only flowing users), but I've got the phenomenon that the "cd.User:OrganizationalUnit<-mv.person:company" flowrule is not firing. 

    To be sure of my code logic, I've added another flow rule to manage the domain properly (BHOLD has netBIOS DOMAIN format) which is processed and I'm seeing events in the eventlog (I've added logging to the eventviewer for each step). Did you ran in to this in the past? 

    Code:

    Public Sub MapAttributesForExport(ByVal FlowRuleName As String, ByVal mventry As MVEntry, ByVal csentry As CSEntry) Implements IMASynchronization.MapAttributesForExport
    
            WriteEvent("Launching mapattribute and searching for [" + FlowRuleName + "]")
    
            Select Case FlowRuleName
                Case "cd.User:bholdDomain<-mv.person:domain"
    
                    'change "domain.something.ext to netbiosname domain
    
                    If mventry("domain").IsPresent Then
    
                        Dim Domainstring As String = mventry("domain").Value
                        If InStr(Domainstring, ".") <> 0 Then
                            csentry("bholdDomain").Value = Left(Domainstring, (InStr(Domainstring, ".") - 1))
                        Else
                            csentry("bholdDomain").Value = Domainstring
                        End If
    
    
                    End If
    
                Case "cd.User:OrganizationalUnit<-mv.person:company"
    
                    'if there is no department, place the user in the company orgunit. If no Company, place in noOU Orgunit
    
                    Dim objectID() As MVEntry
                    objectID = Utils.FindMVEntries("description", mventry("department").Value)
    
    
                    If objectID.Length <> 0 Then
    
                        WriteEvent("Searching description field value of department " + mventry("department").Value + " and found: " + objectID(0).ObjectID.ToString)
    
                        If mventry("department").IsPresent And mventry("department").Value <> "" Then
                            csentry("OrganizationalUnit").Value = objectID(0)("objectidentifier").Value
    
                        Else
                            objectID = Utils.FindMVEntries("description", mventry("company").Value)
                            WriteEvent("Searching description field value of company " + mventry("company").Value + " and found: " + objectID(0).ObjectID.ToString)
    
                            If (mventry("company").IsPresent And mventry("company").Value <> "" And objectID.Length <> 0) Then
                                csentry("OrganizationalUnit").Value = objectID(0)("objectidentifier").Value
                            Else
                                objectID = Utils.FindMVEntries("description", "noOU")
                                csentry("OrganizationalUnit").Value = objectID(0)("objectidentifier").Value
                            End If
                        End If
    
                    Else
                        objectID = Utils.FindMVEntries("description", "noOU")
                        WriteEvent("Searching description field value noOU and found: " + objectID(0).ObjectID.ToString)
                        csentry("OrganizationalUnit").Value = objectID(0)("objectidentifier").Value
    
                    End If
    
                Case Else
                
                    Throw New EntryPointNotImplementedException()
    
            End Select
    End Sub
    
      Function WriteEvent(ByVal Data As String) As Boolean
    
            If Not EventLog.SourceExists("FIMExtention") Then
                EventLog.CreateEventSource("FIMExtention", "ColruytFIMExtention")
            End If
    
            EventLog.WriteEntry("FIMExtention", Data, _
    System.Diagnostics.EventLogEntryType.Information, 1, 1)
            Return True
    
        End Function


    Monday, September 15, 2014 8:49 AM
  • Even when I corrupt the MV rule description in the attribute flow, I'm not getting the "extension-entry-point-not-implemented" error as I've foreseen in the code.

    This looks like a corruption of the BHOLD MA.

    Monday, September 15, 2014 9:33 AM
  • Hi,

    Please could you specify the error that you are getting in the export flows.

    Did u try debugging the code in visual studio.Check what is the issue and let me know.


    shakti


    • Edited by shprna Tuesday, September 16, 2014 7:48 AM
    Tuesday, September 16, 2014 7:47 AM
  • Hi Shakti,

    the funny thing is that there was no error :S

    As mentioned in the code, I've created two advanced attribute flows with extensions in the BHOLD_USER MA, one for domain fixing "cd.User:bholdDomain<-mv.person:domain" and one for orgunit "cd.User:OrganizationalUnit<-mv.person:company".

    My logging (or debugging) only occured for the first extension, never the second one was fired via the MapAttributesForExport routine. I even checked the "allow nulls" for that in the attribute flow.

    I've restarted the Sync Service every time and even rebooted my FIM server multiple times to be sure there's no leak and/or the DLL got reloaded.

    - Is there code in the BHOLD MA that conditions the usage of OrganizationalUnit?

    Thanks shakti for assisting me.

    Kind regards,
    David



    Tuesday, September 16, 2014 8:15 AM
  • cd.User:OrganizationalUnit<-mv.person:company wrong

    you need to use 

    cd.User:OrganizationalUnit<-mv.person:Department

    Thursday, August 25, 2016 3:38 AM
  • Finally I can Provision user to thier associated OU

    first you need to import all ou objectidentifier to MV, then change attribute flow of User.OrignizatinalUnit < Department to advanced.

    then add this code

    Case "cd.User:OrganizationalUnit<-mv.person:department"

                    If (mventry("department").IsPresent) Then

                        Dim objectID() As MVEntry
                        objectID = Utils.FindMVEntries("description", mventry("department").Value)

                        If (objectID.Length = 1) Then

                            If (objectID(0)("objectidentifier").IsPresent) Then

                                csentry("OrganizationalUnit").Value = objectID(0)("objectidentifier").Value
                            End If

                        End If
                    End If

    Thursday, August 25, 2016 7:32 AM