cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Update SMTP in Active Directory through LDAP Passes

Ckumar
Contributor

on ‎11-14-2014 12:39 PM

0 Kudos

Hi Experts,

Presently I am working on SAP IDM 7.2

We have requirement that whenever anyone update user's mail address in IDM, IDM must update the new mail address in IDM.

The same new mail address must be updated as mail and SMTP(Proxyaddresses) in AD and SMTP should be chnaged to smtp.

Now we are using Powershell Script for the above however new requirement is to use LDAP Passes for the same.

for example-

User1 has mail address xyz@123.com in IDM.

and AD data of this user is
mail = xyz@123.com
proxyAddresses = SMTP:xyz@123.com

when anyone change mail address of user1 to abc@123.com
the mail address in IDM should be abc@123.com This is working fine.

and IDm should update AD data as
mail = abc@123.com
proxyAddresses = SMTP:abc@123.com
proxyAddresses = smtp:xyz@123.com

so that user can have multiple secondary email addresses(smtp) and one primary email address(SMTP)

Please help me regarding this.

Waiting for your response

Thanks in Advance

Regards,

C Kumar

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member2987
Active Contributor
‎11-14-2014 2:41 PM
0 Kudos

This can all be accomplished by updating the relevant attributes in Active Directory.  Powershell is not required (and actually can slow down your tasks since you need to open a shell to run the script)

I would suggest working with your AD administrators to make sure you have the correct attribute names and that your service account has the correct permissions in AD.

Regards,

Matt

Show replies
Show replies
Ckumar
Contributor
‎11-14-2014 2:47 PM
0 Kudos

Thanks for Reply Matt,

The requirement is that IDM should update SMTP and smtp in AD whenever anyone change mail address in IDM.

IDM and AD are in SYNC already.

It would be great help if you could provide me details how to write LDAP passes for this.

Regards,

C Kumar


jaisuryan
Active Contributor
‎11-14-2014 5:10 PM
0 Kudos

Hi Kumar,

Assuming that you store the email address in the attribute MX_MAIL_PRIMARY. Create a task with a to LDAP pass and attributes like below,

Then link this task to "On Modify" event task of the attribute MX_MAIL_PRIMARY. So whenever email address is changed for an user, this task will be called to modify the AD attribute proxyAddresses. One thing to keep in mind is to exclude MX_MAIL_PRIMARY when you add trigger attributes for system privilege, else modify even task set up for the repository will also be executed and might over right the changes.

Kind regards,

Jai

Ckumar
Contributor
‎11-18-2014 1:12 PM
0 Kudos

Thanks for Reply Jai,

you are right i am storing the mail in MX_MAIL_PRIMARY.

If i will do as per the process explained then i think it will update the new mail as smtp in AD.

My requirement is that whenever anyone update mail address in IDM, New mail address should be SMTP in AD while old mail address should become smtp automatically.

jaisuryan
Active Contributor
‎11-19-2014 4:56 PM
0 Kudos

Hi Kumar,

When you change email in IDM, the value is instantly replaced and the old value can be fetched only from history table MXIV_OENTRIES.

1) Create a task group with two tasks

2) 1st task with a 'to LDAP' pass as below, to update current email

3) 2nd task with 'to LDAP' pass as below, to fetch previous mail address and assign to user in AD

Inside the function you query the mxiv_oentries to get the email id.

var mskey = uGetEntryID();

  var sql = "select avalue from mxiv_oentries where mskey =" + mskey + " and attrname = 'MX_MAIL_PRIMARY'";

  var result = uSelect(sql);

  return result;

4) Add this task group to onModify event task for MX_MAIL_PRIMARY attribute

5) Remove MX_MAIL_PRIMARY from trigger attributes for the system privilege

Hope this helps. Let us know if it works.

Kind regards,

Jai

Ckumar
Contributor
‎11-20-2014 10:55 AM
0 Kudos

Thanks for reply Jai,

I have written the task as you explained and its working fine however i am getting one issue which is explained below.

User1 has mail address xyz@123.com in IDM.

and AD data of this user is
mail = xyz@123.com
proxyAddresses = SMTP:xyz@123.com

Case 1 - Working fine

when anyone change mail address of user1 to abc@123.com
the mail address in IDM should be abc@123.com This is working fine.

and IDm should update AD data as
mail = abc@123.com This is working fine.
proxyAddresses = SMTP:abc@123.com This is working fine.
proxyAddresses = smtp:xyz@123.com This is working fine.

so that user can have multiple secondary email addresses(smtp) and one primary email address(SMTP)

Case 2 - Not Working

After the above change, again anyone changed mail address of user1 to pqr@123.com
the mail address in IDM should be pqr@123.com This is working fine.

and IDm should update AD data as
mail = pqr@123.com This is working fine.
proxyAddresses = SMTP:pqr@123.com This is working fine.
proxyAddresses = smtp:abc@123.com Not working

proxyAddresses = smtp:xyz@123.com Not Wroking

instead of above result i am getting result as

proxyAddresses = SMTP:pqr@123.com This is working fine.

proxyAddresses = smtp:abc@123.com !! xyz@123.com which is incorrect

IDM is updating two email addresses as smtp because now mxiv_oentries table has two values for email addresses.

Is there any way to separate these two(even more than two also possible) mail address and assign it separately as smtp.

Looking forward for your help

Regards,

C Kumar

jaisuryan
Active Contributor
‎12-23-2014 2:15 PM
0 Kudos

Hi Kumar,

Sorry, I lost the track of it. Did you resolve this? If so, please post your solution for other's consumption and close the thread. Thanks.

Kind regards,

Jaisuryan

Ask a Question