AnsweredAssumed Answered

PolicyXpress before CreateUserEvent

Question asked by Razvan_Dumitriu on Sep 11, 2012
Latest reply on Sep 26, 2012 by Chris_Hackett
Hi All,

I am encountering some issues while trying to implement some policies for user creation and would like to ask for your advice/comments in this matter.

Because users can be created by different means (UI, TEWS, Bulk Loader etc) I decided to set up "before CreateUserEvent" policies to cover all scenarios (as in the end that event is the one doing the job in all cases). Unfortunately I am ecountering some problems such as UID and User Organization attributes are being requested before a task can be submitted or policy actions fail to run.

I have created 2 policies as below:
1st. Policy type = Event, priority 0 - it reads the first name, last name, and employee number, and uses these data elements to set a variable having the format {FirstLetterFirstName}{FirstLetterLastName}{extendedEmployeeNumber}, for later use by another policy, and also sets the value of some user attributes (disabled state, creation date etc.).

2nd. Policy type = Event, priority 10 - it translates the variable set by the first policy (by using string replace, as the letters may be special characters) and then sets the uid attribute to that value.

It works as long as the Create User tasks that are used contain the User ID field and it is filled in (manually or with default value).

I want to remove this field (not even have it hidden with a default value, because in View Submitted tasks it appears with that initial submitted value, even if the policy sets the correct value in the end). If the screens are left without the User ID field (not even hidden) it doesn't validate:
"This method requires the presence of an attribute which was not provided. The attribute is named uid. "
of "Error: [Profile:User ID] Attribute User ID is required. " (if using a hidden field with no default value)
The same goes for User Organization.

As a test, I have tried replacing the first policy with a Task Submitted type copy of it (no longer Event type) but it fails with the following error:

POLICYXPRESS Task started:CreateHRUser - Failed to execute action 'CreatedTime (dd/MM/yyyy HH:mm:ss)'.
Error category 'System Failure' with response 'Fail Event'.
POLICYXPRESS ERROR MESSAGE: Error building action event
Failed performing action type
2012-08-27 17:36:57.097

(this action sets the value for CreatedTime user attribute - string)

I have been requesting assistance from CA Support (and also provided the export for the policies) and the answer was:
"I reviewed the issue and the problem you are facing. I could not see anything wrong with the policies in particular.
I tend to say that regarding these two attributes UID and Organization These two attributes are mandatory for a creation of an LDAP user object.
One is setting the object name and the other is required for building the object DN. I don't think that the "before" create user event state set by the policy express is executing early enough for this to work.
You might need to consider the using LAH logical attribute handler to achieve this"

The fact is that I switched from LAH to PolicyXpress just not to have other code that the client needs to manage / review, and have all this logic within IM.

Maybe you have encountered these too at some point within your projects - all comments are welcomed.
Thank you for your time and assistance.

Best regards,