Symantec IGA

I have a hieratical corpstore (LDAP) for my IDM system. And it is working .,

Let say I am creating Account template for new endpoint, We want the container of to change depending on the location of the global account in corporate store.

if the global account in corpstore is located in ou=services ,o=org,dc=company,dc=com the account is created in

ou=majorservices ,o=org,dc=company3,dc=com

if the global account in corpstore is located in ou=internal ,o=org,dc=company,dc=com the account is created in

ou=local ,o=org,dc=company3,dc=com

please not that the organization unit (ou=internal ,o=org,dc=company,dc=com) is never provisioned

How can I implement this using filters in the container tab of the account template.

When I try to use the dn (%#dn%)  of the ldap entry I get the following error Invalid Filter .

Hi, 

frankly I don't know if use of rule string is supported in the container tab. Maybe you can try with a different value (like the ou name).

We had in the past a similar use case, but we implemented it using PX to move the account after creation (or modify).

Basically we create AD account in a fixed container and then move them in a different OU based on the userstore global user location.

Fabrizio

You could create different sets of Provisioning Roles/Templates which point to different OU containers on the endpoint and then have a PX rule that will assign the desired Role/Template based on the IM user organization.