Symantec IGA

I am trying to add four different attributes within Identity Manager in Organization. When I export the userstore from Identity Manager Management Console I am able to add those attributes within a admin task like Modify Organization. But when I try to fill those fields with something I get a Fatal on Submission: Failed to execute ModifyOrganizationEvent. ERROR MESSAGE: SmApiWrappedException:[LDAP: error code 65 - Struictural object class has changed]

I get this error message when I try to fill one of the String-fields

Example:

Question:

Is it possible to add attributes to the Organization within Identity Manager in Identity Suite vApp version 14.2?

If so, how?

Which file did you add the organization attributes to? You need to add them into the directory.xml first and then you can reference and use them properly in the IM UI.

Can you post the modifications you made to the organization object in the directory.xml

Dear William,

That part of the XML looks like this:

  <ImsManagedObject name="Organization" description="My Organizations" objectclass="top,organizationalUnit" pagesize="0" maxrows="0" objecttype="ORG">
  <ImsManagedObjectAttr physicalname="ou" description="Organization Name" displayname="Organization Name" valuetype="String" required="true" wellknown="%ORG_NAME%" maxlength="0" permission="WRITEONCE"/>
  <ImsManagedObjectAttr physicalname="%ORG_MEMBERSHIP%" description="Parent Organization DN" displayname="Parent Organization" valuetype="String" required="true" wellknown="%ORG_MEMBERSHIP%" maxlength="0" permission="WRITEONCE"/>
  <ImsManagedObjectAttr physicalname="imString09" objectclass="imUser" description="Custom String 009" displayname="String 009" valuetype="String" wellknown="%STRING_09%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString08" objectclass="imUser" description="Custom String 008" displayname="String 008" valuetype="String" wellknown="%STRING_08%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString07" objectclass="imUser" description="Custom String 007" displayname="String 007" valuetype="String" wellknown="%STRING_07%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString06" objectclass="imUser" description="Custom String 006" displayname="String 006" valuetype="String" wellknown="%STRING_06%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString05" objectclass="imUser" description="Custom String 005" displayname="String 005" valuetype="String" wellknown="%STRING_05%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString04" objectclass="imUser" description="Custom String 004" displayname="String 004" valuetype="String" wellknown="%STRING_04%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString03" objectclass="imUser" description="Custom String 003" displayname="String 003" valuetype="String" wellknown="%STRING_03%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString02" objectclass="imUser" description="Custom String 002" displayname="String 002" valuetype="String" wellknown="%STRING_02%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString01" objectclass="imUser" description="Custom String 001" displayname="String 001" valuetype="String" wellknown="%STRING_01%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString00" objectclass="imUser" description="Custom String 000" displayname="String 000" valuetype="String" wellknown="%STRING_00%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="%ORG_MEMBERSHIP_NAME%" description="Parent Organization name" displayname="Parent Organization Name" valuetype="String" wellknown="%ORG_MEMBERSHIP_NAME%" maxlength="0" permission="READONLY" hidden="true"/>
  <ImsManagedObjectAttr physicalname="description" description="Organization description" displayname="Organization description" valuetype="String" wellknown="%ORG_DESCR%" maxlength="0"/>
 </ImsManagedObject>

I have tried to change the objectclass of the imString-numbers to "top,organizationalUnit" and to "organizationalUnit" without effect. And I have tried:

 <ImsManagedObject name="Organization" description="My Organizations" objectclass="top,organizationalUnit" pagesize="0" maxrows="0" objecttype="ORG">
  <ImsManagedObjectAttr physicalname="ou" description="Organization Name" displayname="Organization Name" valuetype="String" required="true" wellknown="%ORG_NAME%" maxlength="0" permission="WRITEONCE"/>
  <ImsManagedObjectAttr physicalname="%ORG_MEMBERSHIP%" description="Parent Organization DN" displayname="Parent Organization" valuetype="String" required="true" wellknown="%ORG_MEMBERSHIP%" maxlength="0" permission="WRITEONCE"/>
  <ImsManagedObjectAttr physicalname="imString09" objectclass="imUser" description="Custom String 009" displayname="String 009" valuetype="String" wellknown="%STRING_09%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString08" objectclass="imUser" description="Custom String 008" displayname="String 008" valuetype="String" wellknown="%STRING_08%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString07" objectclass="imUser" description="Custom String 007" displayname="String 007" valuetype="String" wellknown="%STRING_07%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString06" objectclass="imUser" description="Custom String 006" displayname="String 006" valuetype="String" wellknown="%STRING_06%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString05" objectclass="imUser" description="Custom String 005" displayname="String 005" valuetype="String" wellknown="%STRING_05%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="imString04" objectclass="imUser" description="Custom String 004" displayname="String 004" valuetype="String" wellknown="%STRING_04%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="%ORG_MEMBERSHIP_NAME%" description="Parent Organization name" displayname="Parent Organization Name" valuetype="String" wellknown="%ORG_MEMBERSHIP_NAME%" maxlength="0" permission="READONLY" hidden="true"/>
  <ImsManagedObjectAttr physicalname="description" description="Organization description" displayname="Organization description" valuetype="String" wellknown="%ORG_DESCR%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="marktrol" description="Organization marktrol" displayname="Organization marktrol" valuetype="String" wellknown="%STRING_00%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="Juridische Entiteit" description="Organization Juridische" displayname="Organization Juridische" valuetype="String" wellknown="%STRING_01%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="EAN 13 Code" description="Organization EAN 13 code" displayname="Organization EAN 13 code" valuetype="String" wellknown="%STRING_02%" maxlength="0"/>
  <ImsManagedObjectAttr physicalname="KvK Nummer" description="Organization KvK Nummer" displayname="Organization KvK Nummer" valuetype="String" wellknown="%STRING_03%" maxlength="0"/>
 </ImsManagedObject> 

But this doesn't work. So obviously I am doing something wrong, but I do not know what.

Grateful for any tips and help.  

imUser is a sub-class of inetOrgPerson. So I wouldn't expect CA Directory to allow imStringXX in an organization object.

If you were to try to update an organization object the directory using an LDAP client, you would probably get the same error.

You would probably need to define a new object class (e.g. imOrg as a subclass of organization) and add some required attributes there (e.g. imOrgStringXX). I.e. extending directory schema. Not sure whether this would be supported if using the vApp.

Pearse