We are working on making the mail attribute unique in Identity Manger similar to the userid attribute so that no user gets a duplicate email address.
We came across a command "set unique-attrs = attribute [subtree = DN] " in CA documents but could not figure out how and where to run it.
Please comment if you have any clue on it.
I am not sure where to use this in the directory but you can use PX to enforce uniqueness of an attribute. Develop one PX to run when a user is created and have it check the submitted email address. If the value is not unique it should fail if the task is a bulk task, sending an email to the user who submitted the task, and issue a screen message otherwise. A second PX should be developed to monitor for changes to the attribute. Checks for uniqueness and performs a screen message or email notification. Depending on your environment and use cases this should make the value unique. Ho
Thanks David for the reply. We will consider this approach if we didn't get the solution we are thinking.
The command you have come across is for CA Directory DSA where you can set a uniqueness on an attribute. If that is the router you are taking (or end up taking) just be aware that this will not be effective on existing data. Only the new data that gets added as the check is only add on an 'add' or 'modify' operation.
Further information can be found at:
set unique-attrs Command -- Enable Checks for Uniqueness of Attribute Values - CA Directory - 12.6 - CA Technologies Doc…
Which I believe you already came across.
Thanks for the reply. We are using this command for the new data but dont know where to execute it. If you have any idea please let us know.
Yes, I do have an idea. This is not something you execute. This is something you set in your SETTINGS .dxc configuration file that this specific DSA is using as a parameter.
e.g. If you want to set attributes called 'telephoneNumber' and 'eMail' to be unique, you would:
set unique-attrs = telephoneNumber, email;
Once done, restart the DSA and after that if you try to add duplicate value for any of those two that might have already been assigned to an existing user, it will be denied and the add or modify operation will fail.
Hope this helps.
Thanks for the information. This is what exactly we were looking for.