cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get MX_Manager as name not number

Go to solution
Former Member

on ‎03-18-2014 8:16 PM

0 Kudos

Dear experts,

We set our flow to create users on Active Directory, but when we assign a Manager to this users, the value that is took to Active Directory is a number and not the name that we have selected before.

Does anyone have any idea how I can get the name " Peter Ferreira" in this example.

Thank you very much.

Miguel

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-18-2014 8:18 PM
0 Kudos

First step

Show replies
Show replies
former_member2987
Active Contributor
‎03-18-2014 9:07 PM
0 Kudos

Hello Miguel,

Could this be the MSKEY of the manager?  IDM stores the MX_MANAGER as the MSKEY of the user designated as Manager.

Just as a side note, AD stores it as a DN when reading back.

Matt

Former Member
‎03-18-2014 9:50 PM
0 Kudos

To export the manager to AD properly, you should export the DN.  As Matt says, its the MSKEY if you export directly.

You will need to write a javascript which looks up the required attribute (although one might exist).  Pass it the MSKEY and the attribute required and return that value for export.

NOTE: This means that the manager can only be added once it already exists in AD.

Peter

Former Member
‎03-19-2014 1:45 PM
0 Kudos

Hi Matt and Peter

Thank you for your answer , yes we are receiving the mskey value .

We would like to know if can we "translate" this value to text (Name) I tried run the script sap_getaccountattribute, but I think that this script cannot do what we need.

$Function.sap_getaccountattribute(%MSKEY%)$$

I am trying find some scripts on IDM that can treat this case, do you know if there some script on IDM that can do this?

Thank you very much for your replies.

Regards.

Former Member
‎03-19-2014 1:49 PM
0 Kudos

Hi Matt and Peter

Thank you for your answer , yes we are receiving the mskey value .

We would like to know if can we "translate" this value to text (Name) I tried run the script sap_getaccountattribute, but I think that this script cannot do what we need.

$Function.sap_getaccountattribute(%MSKEY%)$$

I am trying find some scripts on IDM that can treat this case, do you know if there some script on IDM that can do this?

Thank you very much for your replies.

Regards.

terovirta
Active Contributor
‎03-19-2014 2:01 PM
0 Kudos 


Miguel Santos wrote:






We would like to know if can we "translate" this value to text (Name) I tried run the script sap_getaccountattribute, but I think that this script cannot do what we need.

Like suggested you need to send the manager's DN to AD from IdM, not the name in plain text, not MSKEY, not MSKEYVALUE. Even though the manager's name may be displayed in the admin UI the reference in AD is a unique reference to another record.

What do you store to your ACCOUNT-attribute for AD? Is it DN or samaccountname?

If the DN is stored to the ACCOUNT-attribute you can query it in JavaScript which user (which DN) has the given MSKEY, query is something like:

select searchvalue from idmv_value_basic where mskey = [MSKEY] and attrname = 'ACCOUNT[AD_REPOSITORY_NAME]'

I should have suitable script somewhere if you're not comfortable in writing it.

regards, Tero

Former Member
‎03-19-2014 2:13 PM
0 Kudos

Hi Tero thank you for you answer,

Let me try explain what is the goal here.

I need create new identity from UI for third party users ok? (That there are no on HR systems)

When I create this new identity I need assing the manager who will responsable for this new third party employee.

I will update this information (manager) on AD, I will writting a script to get this name and put on DN necessary to update on ad (because attribute manager on ad just accept DN ok.

In this case . I just want get this value from MSKEY related to manager that I assigned before and get the real value in this case ( Peter Ferreira). I need get this name to put in my other script that will treat a specific DN.

I am trying using the uIS_sGetValue to get this mskey related manager and print the name (Peter Ferreira) in this case.

Do you have idea how can I use this uIS_sGetValue to get mskey value as name?

Thank you very much.

terovirta
Active Contributor
‎03-19-2014 2:30 PM
0 Kudos

You do need to make a look-up query like I suggested.

When writing the entry to the AD all you have is the MSKEY-reference from user to the manager in IdM. You need to translate that to an object-reference that AD understands, as the MSKEY only exists in IdM you need to supply the DN of the manager to AD.

In order to do that you need to run a SQL-statement or call uis_sGetValue..

OutString=uIS_GetValue(Int MSKey, Int IStore, String AttName);

So something like (no warranty - just my brain dump):

function getDNperMSKEY(Par) {

     var theDN = uIS_GetValue(Par, uGetIDStore(), "ACCOUNT[AD_REP_NAME]");

     if (theDN.indexOf("!ERROR:") > -1) return "";

     return theDN;

}

Call to the function would be in your attribute mapping:

$FUNCTION.getDNperMSKEY(%MX_MANAGER%)$$

Former Member
‎03-19-2014 5:39 PM
0 Kudos

Hi Tero, I got what you suggested

Yes I need the DN value from Manager´s Mskey, it will be the better way.

I did what you suggested but the value returned was 'empty", but yes I need get DN.

Steffi_Warnecke
Active Contributor
‎03-19-2014 5:53 PM
0 Kudos

Hello Miguel,

you need to set "MX_MANAGER" in %% in the destination-tab. As you want the value IN the attribute to be used in the script, not the name of the attribute.


So it should be: $function.test(%MX_MANAGER%)$$

You can check, what value is returned, when you put the log-script around the whole thing OR use "uWarning" (see in the IdM help for more) in your new script directly. Then the returned value will be shown in the log of the task and you can see, if the DN of the manager is returned. This way you don't need to check in the AD all the time.

Regards,

Steffi.

Former Member
‎03-19-2014 6:19 PM
0 Kudos

Hi Steffi,

I did it but I got the same result:

Steffi_Warnecke
Active Contributor
‎03-19-2014 6:25 PM
0 Kudos

Okay. You have this in the script:

ACCOUNT[AD_REP_NAME]

[AD_REP_NAME] means, put your AD-repository there. No brackets please. Those are placeholders.

I hope, the DN of the user is stored in that attribute in your case. If not, change it to the atttribute that holds the value of the DN of the user. That is what the script is checking, the value of the attribute ACCOUNT[AD_REP_NAME] for the given mskey.

terovirta
Active Contributor
‎03-19-2014 6:55 PM
0 Kudos

When you have edited the script with real ACCOUNT-attribute name like Steffi said, show the attribute mapping in the destination tab of the step that writes the manager to AD in IdM.

regards, Tero

Answers (9)

Answers (9)

Steffi_Warnecke
Active Contributor
‎03-21-2014 8:57 AM
0 Kudos

I guess, we should stop discussion this here, since you opened a new thread for the issue (as is best IMO, because otherwise it'd get confusiong):

Regards,

Steffi.

Show replies
Show replies
Former Member
‎03-20-2014 8:49 PM
0 Kudos

Show replies
Show replies
Former Member
‎03-21-2014 2:07 AM
0 Kudos

Hi Miguel,

Keep in mind that the java script is case sensitive.

In your script, in the line function get_manaer_mskeyvalue (PaR)) you are passing the value as PaR

in the next like var managermskeyvalye = usIS_Get(2,Par);

It should be same in both the lines, either PaR or Par.

All the best !!

~ Krishna.

Former Member
‎03-20-2014 8:46 PM
0 Kudos

Show replies
Show replies
Former Member
‎03-20-2014 8:46 PM
0 Kudos

Show replies
Show replies
Former Member
‎03-20-2014 8:33 PM
0 Kudos

Hi all sorry form my reply here.

I need ensure that the manager from HR is the manger on IDM.

To bring manger from HR and assing the same in IDM.by user.

I need translate the employee manager to mskey and then mx_manager=mskey(employee manager).

Is this?

Regards

Show replies
Show replies
Former Member
‎03-20-2014 7:48 PM
0 Kudos

Hi Steffi,

Now we are facing other challenge.

We are doing initial load from HR pulling employee data

One field is related manager employee that is placed on HR.

How can I get this value (name) and change to mskey .

I am trying use uis_get (idstore numeber, parameter)

parameter I am using the variable that contains  (manager name)

funcition.nampermskey (%Manager_name%)

uis_get (idstore numeber, parameter)

Do you have any idea how get mskey from name (from HR).

THank you.

Miguel

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎03-20-2014 8:02 PM
0 Kudos

Hello Miguel,

please don't push the topic by posting the same question twice.

Why do you want to get the name from HR? The user, that is the manager should - through the inital load from HR into IDM - already be in IDM. Therefor you don't need to get the name of the manager from HR, but can just take it from IDM itself.

terovirta
Active Contributor
‎03-20-2014 8:14 PM
0 Kudos 


Miguel Santos wrote:






Now we are facing other challenge.


We are doing initial load from HR pulling employee data


One field is related manager employee that is placed on HR.

When you import the employees from HCM the reference between manager and subordinate is established based on the passed "personnel number of manager" on every record.

You need to assign to the MX_MANAGER-attribute the MSKEY of the manager, which you can get by searching which user (which MSKEY) has the given personnel number. Similar lookup as you already have done for the DN.

regards, Tero

Former Member
‎03-19-2014 7:14 PM
0 Kudos

Hi Experts.

I would like say THANK YOU VERY MUCH, was possible update the value as name.

is possible get the whole path from ldap indeed name like

now I get the name " Manager Name" , is possible get something like this :

cn=manager name, ou=test, dc=contoso. dc=com?

Thank you very much.

Miguel

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎03-19-2014 7:26 PM
0 Kudos

Hello Miguel,

great that it's working now.

And yes, of course IF you have an IDM-attribute that holds this value for the user, you can use the same script to get the DN. Just change the attribute in the script to the attribute that holds the distinguished name and there you go.

EDIT: Oh wait... are you asking how to get the DN for AD or are you asking how to add the different parts to create a specific DN in the first place?

Regards,

Steffi.

Former Member
‎03-19-2014 8:57 PM
0 Kudos

Hi Steffi,

Its working very well now I mean get the Dn from AD, was possible, I changed the value that you suggested.

Thank you very much.

Regards.

Steffi_Warnecke
Active Contributor
‎03-19-2014 9:00 PM
0 Kudos

You're welcome!

Former Member
‎03-20-2014 5:56 PM
0 Kudos

Hi Steffi,

Now we are facing other challenge.

We are doing initial load from HR pulling employee data

One field is related manager employee that is placed on HR.

How can I get this value (name) and change to mskey .

I am trying use uis_get (idstore numeber, parameter)

parameter I am using the variable that contains  (manager name)

funcition.nampermskey (%Manager_name%)

uis_get (idstore numeber, parameter)

Do you have any idea how get mskey from name (from HR).

THank you.

Miguel

Former Member
‎03-19-2014 6:42 PM
0 Kudos

Hi Miguel,

Not sure if you use DISPLAYNAME attribute but try this in your script

var

DisplayName = UserFunc.uIS_GetValue(Par, CurrentIDStore, "displayname");

if you using different attribute for full name in user profile then plz replace the displayname with that attribute and pass that to AD with destination DN that should help.

Thank you

Show replies
Show replies
Former Member
‎03-19-2014 2:13 PM
0 Kudos

Hi Tero thank you for you answer,

Let me try explain what is the goal here.

I need create new identity from UI for third party users ok? (That there are no on HR systems)

When I create this new identity I need assing the manager who will responsable for this new third party employee.

I will update this information (manager) on AD, I will writting a script to get this name and put on DN necessary to update on ad (because attribute manager on ad just accept DN ok.

In this case . I just want get this value from MSKEY related to manager that I assigned before and get the real value in this case ( Peter Ferreira). I need get this name to put in my other script that will treat a specific DN.

I am trying using the uIS_sGetValue to get this mskey related manager and print the name (Peter Ferreira) in this case.

Do you have idea how can I use this uIS_sGetValue to get mskey value as name?

Thank you very much.

Show replies
Show replies
Ask a Question