Symantec IGA

  • Private Community

  • 1.  Organization

    Posted Sep 08, 2017 04:34 PM

    we are currently using Identity Suite 14.0, OVA. Is it possible to add more fields to the Organization ?. (currently the organization only has name, description and parent organization). Would it be possible to add more custom fields to organization like organization type, organization address..etc ?



  • 2.  Re: Organization
    Best Answer

    Broadcom Employee
    Posted Sep 13, 2017 09:53 AM

    Hi Sesha.

     

    I believe what you need to do is export the dir xml , then update it and add your attributes under the <Organization> section, make sure these attributes' physical names are part of the object class that the dir xml has for the <Organization>, then restart the server to make this take effect.

     

    If this didn't help then my advise is that you open a support case so that we can look more closely into this.

     

    Thanks,

    Sagi



  • 3.  Re: Organization

    Posted Sep 13, 2017 09:55 AM

    Hello Sesha,

     

    It's possible to add more fields into organaization. Navigate to Home -> UserStore -> Organization and export the file. It should generate a Userstore.xml. 

     

    You would need to modify the file and add the requested attributes in this section:

    <ImsManagedObject name="Organization" description="My Organizations" objectclass="top,organizationalUnit" pagesize="0" maxrows="0" objecttype="ORG">

     

    Below the section should already have attributes that exist like ou and decription as the physical name. If you decide to add these attributes in your organization, be sure that this is already included in your directory schema.

     

    Thank you,

    Andrew Nguyen



  • 4.  Re: Organization

    Posted Sep 13, 2017 11:12 AM

    Hello Sesha,

    before modifying the Userstore.xml file, you need to make sure that the CA Directory shipped with the vApp contains the additional fields for the Organization class.

    To do this, check the following content:

    Q: Does the vApp supports custom user schema?

    The vApp comes with 2 schema files (under ~dsa/config/schema/):

    1. IDM main Schema file - im_user.dxc

    This file contains all required basic IDM attributes as well as 150 custom attributes which you are free to

    use:

    Standard attributes: imString00 - imString149

    Case-sensitive attributes: imStringCaseExact00 - imStringCaseExact09

    2. Custom schema file - im_user_aux.dxc

    This is an empty schema file which you may use for any custom attributes for which the 150 attributes

    defined in im_user.dxc are insufficient or inappropriate.

     

    The following im_user_aux.dxc looks contains the custom attribute PSCodiceHost and the definition of the PSOrganization class:

    schema set attribute im-UUA-attr:16 = {
            name = PSCodiceHost
            ldap-names = PSCodiceHost
                    equality = caseIgnoreMatch
                    syntax = directoryString
            single-valued
    };
    #
    # Object Classes PSOrganization
    #

    schema set object-class im-UUA-oc:1 = {
            name = PSOrganization
            ldap-names = PSOrganization
            subclass-of organizationalUnit
            kind = auxiliary
            may-contain
                    PSAbi,
                    PSCab,
                    PSTipoDipLdap,
                    PSEmailFiliale,
                    PSDescrizioneFirma,
                    PSOrigineDato,
                    PSFaxServer,
                    PSCodicePadre,
                    PSDescrizionePadre,
                    PSResponsabile,
                    PSDipendenzaContabile,
                    PSadoudn,
                    PSStrutturaGerarchica,
                    PSDescrizione,
                    PSStrutturaFigli,
                    PSCodiceHost
    };

     

    In your Userstore.xml file, you need to add the PSOrganization object class in the "Organization" section:

    <ImsManagedObject name="Organization" description="My Organizations" objectclass="top,organizationalUnit,PSOrganization" pagesize="0" maxrows="0" objecttype="ORG">
      <ImsManagedObjectAttr physicalname="ou" description="Organization Name" displayname="Organization Name" valuetype="String" required="true" wellknown="%ORG_NAME%" maxlength="0" permission="WRITEONCE"/>
      <ImsManagedObjectAttr physicalname="%ORG_MEMBERSHIP%" description="Parent Organization DN" displayname="Parent Organization" valuetype="String" required="true" wellknown="%ORG_MEMBERSHIP%" maxlength="0"/>
      <ImsManagedObjectAttr physicalname="PSCodiceHost" description="Codice Host" displayname="Codice Host" valuetype="String" maxlength="0"/>

     

    and then define the custom attributes, like the PSCodiceHost.

     

    Hope this helps,

    Alessandro



  • 5.  Re: Organization

    Broadcom Employee
    Posted Sep 13, 2017 02:28 PM

    Hi Alessandro,

     

    I have a similar requirement where I need to extend USER object schema.

     

    I followed the same procedure which you have mentioned for 14.1 vApp:

    1. Updated im_user_aux.dxc file - added custom attrs and objectClass. OC type is auxiliary and subclass of inetOrgPerson. Restarted DSA. Able to create user directly from JXplorer with new custom attr
    2. In UserStore dir.xml, added custom attribute & mentioned the OC name. Restarted IME. Added the new custom attr on Admin Task Screen

     

    However, with this updated Admin Task to create user, if task is submitted, [LDAP Error Code 17 - Undefined Attribute Type] is shown on screen. Can you please advise if I am missing any step? Thanks in advance.

     

    Regards,

    Sumeet

     



  • 6.  Re: Organization

    Posted Sep 14, 2017 03:43 AM

    Hi Sumeet,

    new user's attributes should be mapped to the provisioning server as well (if your IDM installation has a provisioning server).

    Although I'm not sure whether your error is related to the provisioning server, please map the new user's attribute by logging on to the management console and select:

    EnvironmentsidentityEnvAdvanced Settings Provisioning

    You will find the "Attributes Mapping" section there.

     

    Let me know if you succeed.

    Alessandro



  • 7.  Re: Organization

    Broadcom Employee
    Posted Sep 23, 2017 05:45 AM

    The error which I am getting is not related to Provisioning. I mean, I am not passing attribute value from User Store to Provisioning layer.

     

    The new custom attribute is added at dxc and included in objectclass. User Store is ready as I am able to create user directly from JXplorer. Now this attribute is added at User Store dir.xml and Admin Task's Profile Screen so that I can use it. After adding when I submit the Admin Task, I get error - Invalid Attribute Syntax - error code 17.

     

    I have raised a CA Support Case for this. If I get something, I will definitely update.

     

    Regards,

    Sumeet

     



  • 8.  Re: Organization

    Posted Dec 27, 2017 09:24 PM

    Sumeet, Were you able to resolve the error ?. I am having the same error after adding new attributes to User Store 

     

    Failed to execute ModifyOrganizationEvent. ERROR MESSAGE: SmApiWrappedException:[LDAP: error code 17 - OrgCode]