Symantec IGA

  • Private Community
 View Only

  • 1.  Policy Xpress: Obtain the DN of and User Manager

    Posted Sep 26, 2016 10:19 AM

    We want to synchronize the Global User Manager with the Active Directory Account Manager attribute of the user,

    we already know how to add the manager to the user's active directory account, but we cant obtain the Distinguished name of the user Manager.

     

    We tried to obtain the Manager DN using a data element of the type Account Values by Account Identifier using the Manager Account Identifier. all the times this data element returns an empty value

     

    How can we obtain an specific user Distinguished Name from their Active Directory Account



  • 2.  Re: Policy Xpress: Obtain the DN of and User Manager

    Broadcom Employee
    Posted Sep 26, 2016 10:32 AM
      |   view attached

    Hello,

     

    You can use combination of BLTH and PX for getting UserDN via Logical Attribute. Please check attached file for that. Instead of Logical Attribute, you can also use Session Attribute if you don't want to update Profile Screen.

     

    Regards,

    Sumeet

    Attachment(s)

    docx
    Get UserDN - BLTH & PX.docx   493 KB 1 version


  • 3.  Re: Policy Xpress: Obtain the DN of and User Manager

    Posted Sep 26, 2016 10:50 AM

    Hi Sumeet

     

    I think you forgot to attach the file

     

    The specific case that we are trying to apply is an user modification where we want to synchronize the manager with the AD manager attribute, if I understand well what you are suggesting is to use BLTH to obtain the User´s Manager DN?



  • 4.  Re: Policy Xpress: Obtain the DN of and User Manager

    Broadcom Employee
    Posted Sep 26, 2016 11:00 AM
      |   view attached

    Hi,

     

    Yeah my example was to get UserDN from User Store for Subject User/User's Manager. This DN would be different from AD DN. Via PX, try to search AD Account (which is Manager) and then in return get its distinguishedName value.

     

    Regards,

    Sumeet

     

    Attachment(s)

    docx
    Get UserDN - BLTH & PX.docx   493 KB 1 version


  • 5.  Re: Policy Xpress: Obtain the DN of and User Manager

    Posted Sep 26, 2016 11:07 AM

    Hi,

     

    Yes we are trying to search the Manager AD Account via PX to obtain the distinguishedName value, but we always obtain an empty value

    we only can obtain the distinguishedName value of the same User that we are modifying not another user (the manager)

     

    Regards



  • 6.  Re: Policy Xpress: Obtain the DN of and User Manager
    Best Answer

    Posted Sep 26, 2016 03:13 PM

    Hugo:

    Please open a support ticket if you continue to have issues with your PX Policy screenshots, IDM version # and we will be happy to take a look

    Thanks

    Palaka Bhattacharya

    Support Delivery Manager



  • 7.  Re: Policy Xpress: Obtain the DN of and User Manager

    Broadcom Employee
    Posted Sep 29, 2016 04:12 AM

    I've done this in the past with PX. Use an "LDAP search" element within PX to search AD. Assuming that the user id in the user store matches the sAMAccountName in the AD, then the search attribute is sAMAccountName and the value is the manager's uid. The attribute you want to return is "distinguishedName". This will give you the manager's full AD DN, which you can then store as a user attribute against the user and map to a provisioning server attribute and then the AD attribute.

     

    The LDAP search element only allows one server name. So to ensure HA, I just enter the domain name instead of an FQDN for an individual domain controller (e.g. just enter "ca.com" rather than "dc1.ca.com")