What is the standard or best method of returning the manager attribute value as a DN (directory string type) to a MV attribute? RRS feed

  • Question

  • We have an SQL table which supplies authoritative HR data to FIM including the employee's manager HR id. Using the FIM and reference attributes we can stuff the manager on AD correctly.

    BUT, this table is used by other systems and one column (varchar 128) is named AdManager and is supposed to hold the DN of the Manager e.g. cn=A Manager,ou=User Accounts...

    The only way I can think of to get around this is to push the DN of each connected AD account into a indexed string MV attribute called adDN  flowing ad attribute dn -> mv attribute adDN. This is pushed onto the Portal into attribute adDN so the idea is that every Portal user (including managers of employees) that has an AD account has his dn stored in adDN as a STRING.

    When I want the managers dn... will this work on the Outbound sync rule attribute flow definition????

    source [//Target/Manager/AdDN]

    target AdManager

    It seems so artificial there just has to be a better way.

    Friday, March 20, 2015 12:19 PM

All replies

  • Hello Harold,

    sounds good, thats "nearly" excatly the way I would do this.
    But you can not do this directly in an OSR.

    You have to do this with an workflow with the function evaluator and stor that Attribute on the user every time the Manager is changed.

    After that you can have simple direct flows from MV to your HR Attribute.


    Peter Stapf - ExpertCircle GmbH - My blog:

    Friday, March 20, 2015 2:44 PM
  • Are there any restrictions to what attributes can be used as source?

    In my case adDN is an Extended Attribute.

    I have a workflow function that uses

    destination [//Target/managerDN]

    source [//Target/Manager/DisplayName]    works!

    source [//Target/Manager/adDN] fails (destination is empty yet source is not-null no errors seen)

    Thursday, April 2, 2015 8:55 AM