cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Manager attribute from AD and to AD

Go to solution
Former Member

on ‎03-19-2014 5:23 PM

0 Kudos

Hello Experts,


I am working with AD-IDM implementation.


I am facing two problems here:

1. Issue in getting Manager attribute of the users from HR system onto IDM via initial load and

2. Issue in assigning the Manager attribute to a user from IDM while creating a new user on AD

In case 1, I am simply trying to pass the manager in HR system to attribute MX_MANAGER as

in pass 'to identity store' ->  MX_MANAGER = %manager%

For this, the IDM throws an error as "Entry reference value is not numeric when storing attribute MX_MANAGER=xyz"

In case 2, while creating a new identity assigning the AD privilege, I am trying to assign the manager to that new AD user. But it fails to create a user on AD as the manager attribute value comes with an error "CONSTRAINT_ATT_TYPE"

I know that the manager value on AD resides in DN format, but not sure how to resolve that to use the same for purposes.

Could you please suggest on the above issues.

FYKI - Version: IDM 7.2

Many thanks in advance!

Naveen

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-19-2014 6:45 PM
0 Kudos

MX_MANAGER is a reference to the MSKEY of the manager object.  You need to look up the manager mskey off the manager object using the ID passed by HR.  Essentially:

MX_MANAGER GetMskeyFromMSKeyValue(%manager%)

You need the same process for AD:

manager  GetADDNFromMskey(%manager%)

Look up the AD DN off the managers IDM object with a script.

Peter

Show replies
Show replies
Former Member
‎03-19-2014 7:16 PM
0 Kudos

Hello Peter,

Thanks for the reply.

Are these scripts for lookup already available in IDM or these needs to be created separately?

If yes, then could you please helpout with a sample script ? as I have a very bad footprint scripting !

Many thanks,

Naveen

Former Member
‎03-19-2014 10:25 PM
0 Kudos

I don't recall if there's something you can use but its a pretty straightforward script:


var arrParams = Par.split("!!");

var attrToFind = arrParams[0];

var userMskey = arrParams[1];

var IDStore = GetIDStore();

attrValue = uIS_GetValue(userMskey, IDStore, attrToFind);

return attrValue;

===

manager  script(ADDN!!%MX_MANAGER%)

EDIT: Just realised you wanted to get the managers attribute.  Script edited.

Former Member
‎03-20-2014 3:50 AM
0 Kudos

Hi Naveen,

In order to start writing scripts, you should know what are the tables/views to query for getting the required information.

I strongly recommend you to go through the the blog by  Per Krabsetsve

Anyways I am writing down the sample scripts for your reference, which you can make use of.

Let me know for any further queries.

1. For getting the MSKEY of the user from MSKEYVALUE

// Main function: z_sap_getMskeyForMskeyvalue

function z_sap_getMskeyForMskeyvalue(Par)

{

  var msKey = "";

  msKey = "select distinct mcMSKEY from idmv_entry_simple where mcMSKEYVALUE='"+Par+"'";

  msKey = uSelect(msKey);

  return msKey;

}

2.  For gettting the DN of the Manager with MSKey as the input to the script.

// Main function: z_sap_getManagerADDN

function z_sap_getManagerADDN(Par)

{

   var msKey = Par;

  var managerADDN = "";

  managerADDN = "select avalue from idmv_value_basic where MSKEY="+Par+" and AttrName='ACCOUNTIDECAD'";

  // in the above select query ACCOUNTIDECAD is my AD account attribute. In your case it is ACCOUNT<AD Rep Name>

  managerADDN = uSelect(managerADDN);

  return managerADDN;

}

All the best !!

~ Krishna.

Former Member
‎03-20-2014 4:29 AM
0 Kudos

You're making it too hard for yourself Krishna.  At lot of that can be done with the internal functions which will also be faster...

Peter

Former Member
‎03-20-2014 5:10 AM
0 Kudos

Yes, Peter You are correct !! and thanks for pointing that.

And also Its always recommedned to use the internal functions as they serve the prupose without any performance issue.

Like to get he mskey of the mskeyvalue OutString=uIS_Get(Int iStore, String EntryValue);

and to get the value of a sepcific attribute, we can use the function OutString=uIS_GetValue(25, 0, "MyAttr")

It would be appropriate if I  could have mentioned that for other scenarios where we don't have any internal functions that serve the purpose, the custom scripts can be written like mentioned in my previous post.

Hi Naveen,

You can refer to here https://help.sap.com/saphelp_nwidmic71/en/using_functions/dse_internal_functions.htm to know what are the internal functions available

Cheers,

Krishna.

Former Member
‎03-20-2014 5:15 AM
0 Kudos

Dear Krishna,

Thanks so much for the guide. Will write you back in case of any issues.

Regards,

Naveen

Former Member
‎03-20-2014 5:48 AM
0 Kudos

Hello Peter,

Thank you very much for the guide. Will try using the function to accomplish my task.

Many thanks,

Naveen

Former Member
‎03-20-2014 4:52 PM
0 Kudos

Hi Krishna,

Thanks for the reply again.

Another thing which I need to achieve is to get manager of any employee from HR system to IDM (MX_MANAGER).

For this which function will be used (does it needs any special query ?) ?

Regards,

Naveen

Steffi_Warnecke
Active Contributor
‎03-20-2014 5:09 PM
0 Kudos

Hello Naveen,

Peter kind of gave you the answer to that question in his first reply here.

Regards,

Steffi.

Former Member
‎03-20-2014 9:37 PM
0 Kudos

Hello Steffi,

You are right. I followed that approach. Below is what I am doing:

function getmskeyofmanager(Par)

{

var get_mskey=uIS_Get(uGetIDStore(), Par);

if(get_mskey.indexOf("!ERROR:")>-1) return "no value";

return get_mskey;

}

and this is being called as

mx_manager = $FUNCTION.getmskeyofmanager(%MGR%)$$     


where MGR being the manager field on HR system.

I am doing this above while transferring users from HR system to IDM. The above is part of my "to identity store" pass.

I tried reading the value being returned by uGetIDStore, it is returning zero.

So the script is being called, but it is returning "no value" as the obvious error output.

Please suggest!

Regards,

Naveen

Former Member
‎03-21-2014 2:00 AM
0 Kudos

Hi Naveen,

Where are you using this functions ? In a provisioning job ? or in  initial load/ normal jobs.

The problem is with the uGetIDStore function. This function returns the id store ID if it is called from a provisioning job. Else it always returns 0.

In your case, I believe the uGetIDStore is returning always 0, as you are not calling it from a provisioning job thus resulting in no such attribute error message.

So, hardcode the ID store value in the script or the best way is to use the MASTER ID store constant in the global constants.

All the best !!

~ Krishna.

Former Member
‎03-21-2014 2:16 AM
0 Kudos

uIS_Get is only available in the Identity Store as well (although it might be 'accidentally' availalbe in jobds, I can't recall)

Former Member
‎03-21-2014 7:20 AM
0 Kudos

Hi Krishna,

Yes, I am trying to transfer users from HR system via job. It is correct that returns zero as value of Id store. I already tried fixing the value of id store to 2, but I receive the same error yet.

How the master ID store global constant can be used here ? Could you please suggest about the syntax.

Many thanks,

Naveen

Former Member
‎03-21-2014 9:58 AM
0 Kudos

Hi Naveen,

PFB the syntax.

function getmskeyofmanager(Par)

{

var get_mskey=uIS_Get(uGetConstant("glb.SAP_MASTER_IDS_ID"), Par);

//SAP_MASTER_IDS_ID is my global constant with value as 2, which is my IDstore ID

return get_mskey;

}

~ Krishna

Answers (1)

Answers (1)

Former Member
‎03-21-2014 9:04 PM
0 Kudos

Thank you so much PETER, KRISHNA and STEFFI for the help and support. the issue is resolved now.

Many thanks!

Show replies
Show replies
Ask a Question