Quantcast
Channel: Forum Microsoft Identity Manager
Viewing all articles
Browse latest Browse all 1783

[SOLVED - Kind of] Can the OpenLDAP MA delete/empty an attribute from an existing user in the LDAP?

June 12, 2019, 12:11 pm
$
0
0

Hi,

We are using the OpenLDAP MA to connect to an Oracle OUD instance and we have a scenario where we want to/need to either delete or empty a specific attribute for a user in the LDAP (OUD) during/via the export operation, but we do not appear to be able to make that happen.  We have tried flowing an empty string (""), but cannot make the attribute empty in the OUD.

Is there any way to accomplish this using the OpenLDAP MA?

Thanks,

Jim

EDIT 1:  I should provide some more information about the configuration we have.  It is fairly straightforward, and I think that we are missing in the way that we have the MAs or flows configured or something.

Basically, we have a flat file (tab-delimited) that has information for each user, and the information from that flat file is used to control the provisioning and updating of users in the Oracle OUD.

The provisioning of new users in the OUD seems to be working ok, but the information from one of the attributes from the flat file (say, "inVar") is used to populate/update an attribute in the OUD.

We are having problems with the following scenario:  We have to check the value of one of the attribute coming in from the flat file, and:

  1. If it is present, we use that value to construct another value and then update an attribute (say, "outVar") in the OUD, but
  2. if the value of the "inVar" attribute is NOT present, we want to delete the "outVar" attribute in the OUD.

We have VB code in a rules extension for the OUD MA like (pseudo code) the following.

In the attribute flow for the flat file input, we populate an attribute in the metaverse named "middleName".

Then, in the OUD MA attribute flow, we flow the metaverse "middleName" attribute to an attribute in the OUD connector space named "initials", and in the rules extension in the OUD MA, we have:

.
.
.

case "middleNameTest"
  if mventry("middleName").IsPresent then
     csentry("initials").value = mventry("middleName").Value + "foo"
  Else
     csentry("initials").Delete()
  End If

The problem we are having is in the case that the "middleName" attribute is not present in the metaverse, the attribute in the OUD is not being deleted, but I am not sure why.

It has been a very, very long time since I've worked with FIM/ILM, and so I know I have forgotten alot about FIM/ILM, and I have a feeling that we are missing something in the way was have the connectors configured, like maybe we are missing an attribute flow or something but I can't figure out what that is.

If anyone might have a suggestion as to why that .Delete() is not working, or maybe what I might be missing, please post?

Thanks,

Jim


Search
Viewing all articles
Browse latest Browse all 1783
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>