none
Customising MIMWAL library RRS feed

  • Question

  • Currently migrating 2 instances of FIM (One has portal and other does not) onto a single MIM instance and have encountered an issue that requires me to customise mimwal slightly. the problem is that the company i work for is international and has different different systems creating email addresses and proxyaddresses in a couple of countries But this single mim instance will manage all authorisations for all users across the domain. My metaverse  contains users from all OUs but I want to prevent users from 2 specific OU's to be added to a group within the portal (so that workflows wont be triggered for these users). This needs to be resolved in MIM because of the external complexities.  So my question is how can I read the attributes of the user object in the MIMWAL c# extensions to prevent insertvalues (I am planning on reusing insertvalues but with the extra check - under a new name) or does anyone know another way around it?

    Thanks

    Saturday, September 23, 2017 12:04 PM

Answers

All replies

  • You should be using for Verify Request this to deny the request. You should plan to meet the requirement via policy/configuration than (hard-)coding.
    • Marked as answer by Paddydrum Monday, September 25, 2017 12:04 PM
    • Unmarked as answer by Paddydrum Monday, September 25, 2017 12:04 PM
    Saturday, September 23, 2017 2:05 PM
    Owner
  • ok that's great and if i were to apply this verify request and then run the workflow would it block the removals of the users currently in the Group that don't meet the conditions(ie are from said OU's)? because both insertvalues and removevalues are in the same workflow. Any links to how syntax is to be constructed? I need to check the the DN does not contain OU=0103 or OU=0609

    trying to use it like IIF(Not(contains('[//Target/distinguishedName]'],'OU=0103')))  in activity execution condition but i get the error that '[//Target/distinguishedName]' is not a valid expression

    • Edited by Paddydrum Sunday, September 24, 2017 2:29 PM
    Saturday, September 23, 2017 4:43 PM
  • I can't comment on your workflow as I don't know why you are using InsertValues and RemoveValues, but Contains is multi-valued inspection function, for string find check, you need to use RegexMatch function.
    Monday, September 25, 2017 9:15 AM
    Owner
  • ok i got it half working but in the Verify request [//target/CN] is the group DN so how can i target the user object?
    Monday, September 25, 2017 11:58 AM
  • Check Iteration feature wiki and examples.
    • Marked as answer by Paddydrum Saturday, October 7, 2017 1:11 PM
    Monday, September 25, 2017 5:01 PM
    Owner
  • thanks for this! really helped a lot in the end had to use iteration and separate the workflows between adds and removals but the iteration worked a treat!
    Saturday, October 7, 2017 1:12 PM
  • thanks for this! really helped a lot in the end had to use iteration and separate the workflows between adds and removals but the iteration worked a treat!
    Saturday, October 7, 2017 1:12 PM