Symantec IGA

  • Private Community

  • 1.  Syncing attributes from ldap corp store to AD

    Posted Feb 15, 2016 11:14 AM

    Hi All

     

    Our corp directory has some custom attributes such as physical delivery office. We want to sync these ldap attributes in AD using existing attributes such as Post-Office-Box. Such that during  user creation/modification tasks, these attributes are created/updated in both ldap and AD. Assuming that proper provisioning role and account template are in place. Please let me know where and how this mapping needs to done.

     

    Thanks

    Abraham Gopali



  • 2.  Re: Syncing attributes from ldap corp store to AD

    Posted Feb 16, 2016 01:20 AM

    Hi Abraham,

    It will be better, if you can elaborate more on what is ur idap in this context.

     

    Eg, Ur Corp Directory is stored in AD or MSSQL or ?

    AD is ur target system ?

     

    Are you referring, synchronizing Corp Directory's attribute(physical delivery office) to AD's attribute(Post-Office-Box) ?

     

    regards,

    William



  • 3.  Re: Syncing attributes from ldap corp store to AD

    Posted Feb 16, 2016 04:22 PM

    Hi William

    Oracle ldap is our corp store and AD is one of the endpoints. In corp attributes called physicalDeliveryOfficeName and roomnumber that store org specific data. I am trying to push these attribute values into AD at the user creation/modification tasks. Such that when a new user is  created in IDM with AD provisioning role these ldap attribute values get pushed in AD too. I open to using the unused AD attributes to hold these values



  • 4.  Re: Syncing attributes from ldap corp store to AD

    Posted Feb 16, 2016 09:19 PM

    First, goto CA Management Console > Home > Environment > (Ur Env) > Advance Settings > Provisioning

     

    Under Attribute Mappings section

    ** This is to define the mapping between ur Corp Userstore with Provisioning Store

     

    Map user attribute "physicalDeliveryOfficeName" and "roomnumber" to eTCustomField01 & eTCustomField02

    ** In Provisioning store, there are 99 available custom feild.

     

    Next, open AD Account Template select the field that you want these value to be sync during creation.

     

    Example:- ** Assuming Title & Company is unused field **

    On Title field use rule string %UCU01% for storing "physicalDeliveryOfficeName"

    On Company field use rule string %UCU02% for storing "roomnumber"

     

    Hope this help.



  • 5.  Re: Syncing attributes from ldap corp store to AD

    Posted Feb 17, 2016 09:40 AM

    Thanks William. That certainly helps.I have one followup question though - If I wish to use existing provisioning attribute such as "eTOffice" to map "physicalDeliveryOfficeName", what do I need to enter in the AD account template in say "Company" field?



  • 6.  Re: Syncing attributes from ldap corp store to AD
    Best Answer

    Posted Feb 17, 2016 09:22 PM

    use %UO%

     

    %UO% refer to eTOffice which is Global User's Office name

    The rule string information, can be found in Help file or wiki...



  • 7.  Re: Syncing attributes from ldap corp store to AD

    Posted Feb 18, 2016 05:48 PM

    Thanks William. That helped