What is the standard or best method of returning the manager attribute value as a DN (directory string type) to a MV attribute?

We have an SQL table which supplies authoritative HR data to FIM including the employee's manager HR id. Using the FIM and reference attributes we can stuff the manager on AD correctly.

BUT, this table is used by other systems and one column (varchar 128) is named AdManager and is supposed to hold the DN of the Manager e.g. cn=A Manager,ou=User Accounts...

The only way I can think of to get around this is to push the DN of each connected AD account into a indexed string MV attribute called adDN  flowing ad attribute dn -> mv attribute adDN. This is pushed onto the Portal into attribute adDN so the idea is that every Portal user (including managers of employees) that has an AD account has his dn stored in adDN as a STRING.

When I want the managers dn... will this work on the Outbound sync rule attribute flow definition????

source [//Target/Manager/AdDN]

target AdManager

It seems so artificial there just has to be a better way.

March 20th, 2015 8:21am

Hello Harold,

sounds good, thats "nearly" excatly the way I would do this.
But you can not do this directly in an OSR.

You have to do this with an workflow with the function evaluator and stor that Attribute on the user every time the Manager is changed.

After that you can have simple direct flows from MV to your HR Attribute.

-Peter

Free Windows Admin Tool Kit Click here and download it now
March 20th, 2015 10:46am

Are there any restrictions to what attributes can be used as source?

In my case adDN is an Extended Attribute.

I have a workflow function that uses

destination [//Target/managerDN]

source [//Target/Manager/DisplayName]    works!

source [//Target/Manager/adDN] fails (destination is empty yet source is not-null no errors seen)

April 2nd, 2015 4:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics