AD group in multivalue attribute in OIA

Hi,
I am trying to load AD groups into OIA via csv feed using schema files. I have created a multivalue attribute adgroup in OIA, but when i am entering multiple AD groups in the csv feed file for one user as "ou=abc,dc=abc ; ou=def,dc=ab", so instead of getting separated into two groups it is getting split into 4 different values at commas, is there any way to handle this type of values in the feed file or OIA cannot handle this kind of multiple values.
Any pointers would be really helpful.

Hi there abhishek,
By default the seperator char is a comma, that's why OIA splits it up into the "wrong pieces".
If you would like to use a different separator, you'll have to make a config adjustment in the database.
Find the NAMESPACES table and look for the AD resource you created (resource has to be created first). One of the other fields is the 'multivalue_separator' field, if you change this to a semicolon (;) it should work alright. You might want to restart the application for it to work and re-import the accounts.
I'm still looking for a more gentle way to commit the change instead of restarting OIA.
Hope this helps you!
Best regards,
Jeff

Similar Messages

LDAP Data Set - Group Membership / Multivalued attributes

Hello
I am attempting to get a list of groups and for which a user is a member in LDAP. I have created an LDAP datasource, and am attempting to create a new dataset.
Details are as follows:
Name: Roles
Datasource: LDAP Server
Searchbase: ou=people,dc=example,dc=com
Attributes: cn, description, uid, mail, isMemberOf
Filter: (objectclass=inetOrgPerson)
When I look at the Data in Tree View for this, I do not get what I am expecting. What is see is:
DATA_DS
-ROLES
--Description: Description goes here
--CN: My Name
--mail: [email protected]
--uid: [email protected]
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
--isMemberOf: role1DNRole2DNRole3DNRole4DNRole5DN (notice they are not splitting on space etc etc)
If I have 5 roles, I see 5 isMemberOf attributes, but each value has all 5 memberships in it.
Is there something special that I need to do with multi valued ldap attributes?
Thank you.

Chris,
Brilliant! I had already enabled extended logging in OpenLDAP, but it didn't give me the answers I was looking for. I setup an OID instance (didn't want to get into packet sniffing when it's someone else's directory), captured the packets with ethereal, and there it was! I'm going to post more details about this (more on the process than the result), but here's my answer:
Filter: (|(uniquemember=cn=user1,cn=users,dc=demo1,dc=com)(member=cn=user1,cn=users,dc=demo1,dc=com))There's more to the process, but that's the answer I needed.
Thanks again for putting me back on track,
Tyler

FIM multivalue attribute export to SQL - error 0x80230808

Hi,
Running FIM Synchronization Service v 4.0.3531.2 - Update1.
This instance is a simple setup, import from AD, export to SQL. I'm trying to export two multivalue attributes, one is a normal multivalue string, second is a reference attribute (member). My anchor is the GUID from AD in string format, perfectly fitting
into uniqueidentifier sql datatype.
Since I wanted to have the member values in the multivalue table also stored in a uniqueidentifier column (for further linking) I had to create two columns, one as "uniqueidentifier" and second as "text". FIM configuration went smoothly,
I defined a member multivalue reference attribute and selected the uniqueidentifier column as "String attribute column", and the other multivalue string attribute had to be linked as "Large string attribute column" and I pointed it to the
text datatype column.
Synchronization completed without errors, export step properly exported all multivalue string attributes to the text column, BUT when it came to exporting the GUID reference attribute to the uniqueidentifier column it exported only the first value showing
a "dn-attribute-failure" error. From the FIM GUI it was only showing the error number = 0x80230808.
I did a SQL trace to see what's going on. I re-run the export and saw FIM trying to delete all the values for this attribute multiple times with:
DELETE from [tblAD_Multivalue] WHERE [objectGUID] = N'{B011B424-5B2F-43A9-84C5-8605A570487B}' AND [attributeName] = N'member'
followed by doing cursor magic with the first value that was already added:
exec sp_cursor 180150007,4,0,N'tblAD_Multivalue',@objectGUID='B011B424-5B2F-43A9-84C5-8605A570487B',@attributeName='member',@guidValue='2E52A484-C7F6-49C0-AAC8-0A30C732A385'
After repeating the above for over 10 times it added a export_error_detail:
update [mms_connectorspace] set [export_error_detail] = N'<export-status>
<cd-error>
<error-code>0x80230808</error-code><error-literal>[Modify] Failed operation</error-literal>
</cd-error>
</export-status>
',[count_export_error_retries] = 0,[is_export_error] = 1,[initial_export_error_date] = '2011-02-12 21:36:08.995',[last_export_error_date] = '2011-02-12 21:36:08.995',[export_error_code] = -2145189885,[unapplied_export_batch_number] = 1,[unapplied_export_sequencer_number] = 2162572,[original_export_batch_number] = 1,[original_export_sequencer_number] = 2162572,[current_export_batch_number] = 4,[current_export_sequence_number] = 2216213 where ([object_id] = '6F5C98E3-38FF-4F32-95F6-B5A315B71D7A')
I tried manually adding one of the following values directly to SQL and it worked, so I'm not really sure what's wrong here.
Any ideas?
Piotr

Hi Markus,
yes, I know all about the architecture to allow multi-value attributes to be exported to SQL.
Everything works when I have just one string value column in my tblAD_Multivalue. The problem is that my anchor in the primary table is a GUID in a uniqueidentifier SQL column type (in FIM MV it's a string), so when I'm exporting multivalue reference attributes
to SQL I would like the GUID values also to go to a uniqueidentifier type column. That's why I set up the secondary column in the multi-value table with text datatype, so FIM recognizes it as a "large string column". I think I did everything within
the guidelines, so I was puzzled when I saw that error.
Consider this simple example, you're exporting users and groups from AD, you're anchor data type is uniqueidentifier, and you need to export the member attribute and the proxyAddresses attribute. What would you do to allow future SQL joins to calculate membership?
hope this explains a bit more this scenario, would appreciate any suggestions.
Piotr

Updating MultiValued Attribute in AD

Hi,
Is there any way to update an multivalued attribute in AD using AD Connector?.Thanks in advance

What do you mean by that ? ? AD Groups for a user is a multivalued attribute and we can update it, by editing the Resource Profile associated with any user. See memberOf attribute in AD target. Is there something else you wanted to ask ? ?

Provision a multivalued attribute from OIM to OID

Hi,
I have a requirement to provision a new multivalued attribute from OIM to OID.
Steps followed:
Created a child form
Attached child form to the OID Parent form
Created a process task adapter.
Created a task in process definition and the attached the adapter
Adapter code.
public String addChildData(tcDataProvider ioDatabase, long procInstKey, long childDefKey){
          try{
               tcFormInstanceOperationsIntf formInstOper = (tcFormInstanceOperationsIntf)tcUtilityFactory.getUtility(ioDatabase, "Thor.API.Operations.tcFormInstanceOperationsIntf");
               HashMap testval = new HashMap();
               testval.put("UD_TESTCHIL_TESTGROUP","abcd2134");
               System.out.println("testval..."+testval);
               long formreturn = formInstOper.addProcessFormChildData(childDefKey,procInstKey,testval);
               System.out.println("formreturn" +formreturn);
          catch(Exception e){
               System.out.println("exce" +e);
          return "Success";
After attaching while provisioning I am seeing both parent and child forms. I have provided the values and its successfully provisioning.
But how I can provision the new OID multivalued attribute. We have to do any setting in the lookup?
Regards,
KK

Just create your new adapter for add and delete from this new child table just like the other triggered tasks. If it's a multi value on the user profile, use the adapter for Add Multi Value Attribute that comes with the connector. In the property name, put in your multi value attribute name, and map the value from the child table.
-Kevin

How to define a multivalued attribute in spml2.xml(spml2PersonForm)?

I need to define a multivalued attribute in spml2.xml for modifying security answers and adding resources during add request. I tried by giving multivalued="true" during the attribute definition.
<spmldsml:attributeDefinition name="questions" description="Secret questions" multivalued ="true"/>
but still the lookup response shows the value as a single attribute
<dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='questions'>
<dsml:value>[What is your mother's maiden name?, asrfasdhfgjk, adsggfjhgkjhl]</dsml:value>
</dsml:attr>
Kindly suggest if i missed out anything during the configuration.

Hi!
I was unable to post any message. It was displaying that "Message blocked".
Please help me in this issue.
Regards
Mourya

Multivalue Attributes

We are implementing Portal, and one of the requirements we have is to load multiple values into a single attribute. For example, a document might have an attribute for Manufacturer. We want to be able to assign GM, FORD, or both values. I know we can use a multivalue attribute, but there doesn't appear to be a way to validate the contents or select values from a predefined list. What is the best way to address this problem?
Any help is greatly appreciated.
Kevin

hi kevin,
you could use the perspectives attribute to implement this. the perspective is our only multi-value attribute that we have in portal.
regards,
christian

Related Products, Grouping and Product Attributes?

My client http://www.meluka.co.nz/home has a new product range of Sofas. A new sub-catalog called Sofas, under the LIVINGroom catalog will be created with the six new products. By selecting a product in this sub-catalog, you are then taken to the Individual Product – Large window. This is where the layout will need to differ as each product has five different fabric options and within these fabric options there needs to be a choice of up to eight fabric colors. I’m already using Grouping & Related Products within the site. Ideally I’d like a dropdown of the different fabric types (as currently used for Grouping) and once this is chosen then the different colors shown (using Related Products) for that fabric type. The problem that I have is that Related Products need to appear in a Catalog (or Sub-Catalog) and I only want one of each of the products appearing on the Sub-Catalog page (i.e. not all the different colors.) It would seem that Product Attributes may be the answer? The large image view needs to show the chosen fabric and color. Promotion starts next week so mildly panicking…

A combination of mandatory attribute groups, non mandatory attribute groups and javascript to show hide them based on the needs you mentioned above would be what I would be doing in that case.

Exchange Connector 9.1.1.1.0 -Support for multivalued attribute

Hi,
I am currently on OIM 9.1 BP07 + weblogic 10.3 + RHEL5.
Currently I have a mutlvalued attribute that needs to be reconciled, when I use OOTB reconciliation task i get column not found exception on child table which is configured to hold multivalued attribute.
1. Is OOTB exchange connector supports Multivalued attribute reconciliation?
2. If no, how can i populate the child form during custom reconciliation process?
Thanks

Hello,
This is the Berkeley DB forum. As such you can try your question in the General Database forum at:
General Database Discussions
Thanks,
Sandra

Help with target filter in an ACI and editing multivalue attributes

Here is the ACI I tried to use:
(targetattr = "*")
(target = "ldap:///ou=xyz,dc=company,dc=com")
(targetfilter=(objectclass=groupofuniquenames)||(objectclass=extendedobjectclass1)||(objectclass=extendedobjectcla ss2))
(version 3.0;acl "xyzadmin privileges";
allow (selfwrite,write,delete,add)
(userdn = ldap:///uid=xyzadmin,ou=people,dc=company,dc=com");)
1. Is the targetfilter syntax above correct? This does not work even when I tried the other notation
" (|(|(objectclass=X)(objectclass=Y))(objectclass=Z)) "
2. xyzadmin needs to update (another system creates a value initially) an 'extendedattribute' in either of the 'extendedobjectclass1/2'. This works if I set seperate ACIs. If I combine them (as above) does not work. Any solutions?
3. Not exactly related to this. The 'extendedattribute' is a multi-value attribute. Say it has two values,
(extendedattribute: ID1=222|ID2=333, ID1=444|ID2=-1). If I want to use ldapmodify and replace the
'ID1=444|ID2=-1' to 'ID1=444|ID2=555', how can it be done?
The same question can be rephrased as 'how can I replace a value amongst a set of values in a multivalued attribute with ldapmodify'? Is it possible?
p.s.: Please don't ask to split the ID1, ID2 into 2 attributes as one of the products using the directory requires it to be that way (ID1=<vale>|ID2=<value>).

My answer will concerne only your first query.
Firstly, the target syntax must include the target keywork in the first portion of rule.
Have you try these syntax ===>
(targetfilter="(|(objectClass=groupofuniquenames)(|(objectClass=extendedobjectclass1)(objectClass=extendedobjectclass2)))")
or
(targetfilter="(|(objectclass=groupofuniquenames)(objectclass=extendedobjectclass1)(objectclass=extendedobjectclass2))"
The first syntax works correctly for me.
I hope this is help you and good luck for the rest.

Modifying Multivalued Attribute - Error?

Hi All,
Im able to update the LDAP Attributes by using modifyAttributes method, But i want to update a multivalued Attribute in the Active Directory.
I tried using array its not working help me out...
Jagan Thanks.....

Just iterate through the array members and add them to the attribute. Something like:String phoneNumbers[] = {"123 456 7890","456 789 0123", "789012 3456"};
ModificationItem[] mods = new ModificationItem[phoneNumbers.length];
for (int i = 0;i<phoneNumbers.length;i++) {
mods[i] = new ModificationItem(DirContext.ADD_ATTRIBUTE, new BasicAttribute("otherTelephone",phoneNumbers));
Just be aware of the different operations that can be performed against a multi-valued attribute, clearing all of the values, replacing or deleting a single value and appending values.

Reading multivalued attribute

Hi,
I have a multivalued attribute defined in LDAP and was synchronized to plumtree. After synchroinzation, the attribute with multiple values came in to plumtree and I am able to see the values of the attribute by clicking on user profile. But when I try to read the attribute using the following query only the last value is coming up.
Here is the query I am using.
IPortletContext portletContext = PortletContextFactory.createPortletContext(request, response);IPortletRequest portletRequest = portletContext.getRequest(); out.write("locationString = " + portletRequest.getSettingValue(SettingType.UserInfo,"ttcmytlocation"));
In the profile of the user ttcmytlocation attribute has multiple values, but reading returns only the last value. Is there any other way to query the values? Please help!!
Thanks.

Use LDAP is ticked but no server specified
Tried Selecting the server but no effect
Every where I look in POA, Domain setting its set to the SERVER's IP address
not DNS name!!
Copied NAMED.NLM (just the NLM) from SP5 server - error gone but still get
the LDAP error 81 when a
user tries to login to GW.
I also POA > Security - I tried setting security to LOW (which unticks LDAP)
but still can't login
"Anders Gustafsson" <[email protected]> wrote in message
news:[email protected]..
> Eric,
>> "Starting eDirectory integrated Novell DNS Server...
>> error:NWDSRead Failed while reading a multivalued attribute: -603
>> Loading the configuration and zone data completed .
>> DNS Server running "
>>
> OK. I assume that you have configured your POA to use the same server for
> LDAP. If so, did you use the DNS name or IP address? If DNS name, I
> suggest you try IP address as this takes DNS out of the picture.
>
> The error you are seeing indicates that you are not current on servicer
> packs:
> http://www.novell.com/support/search...200%2043955231
>
> I suggest you apply SP6 plus the post SP6 fixes after resolving your POA
> issue and reading this:
> http://wiki.novell.com/index.php/Nw65sp6
>
> - Anders Gustafsson, Engineer, CNE6, ASE
> NSC Volunteer Sysop
> Pedago, The Aaland Islands (N60 E20)
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
>
> Using VA 5.51 build 315 on Windows 2000 build 2600
>

Fetch a multivalued attribute using Data Bean

Hello,
I am trying to fetch employee user related information using Data Bean.
Here employee has position as a multivalued attribute.
Currently when I fetch record for an employee I get information only for one position.
I want to fetch the whole list of position's assigned to this employee.
Can any one please help me on how to achieve this?
Thanks,
Harshal

Please read the Bookshelf on GetMVGBusComp.
http://docs.oracle.com/cd/E14004_01/books/OIRef/OIRef_Interfaces_Reference11.html#wp1185173

Grouping by custom attribute

Hi,
When you do a Edit Region properties in a Portal page, there is a section called Item Display Options. It has a Group By option, wherein you can group it by Category, Author, Date and Item type. Is it possible to have a custom defined attribute in this list?
Thanks,
Vijay.

hi vijay,
sorry but there is currently no way to group items in a region by any other attribute (also custom attribute).
regards,
christian

UserManaged group: AUTOREFRESH+PROPAGATE attributes together

Hi,
please advise me with the following situation.
I have a lot of tables in Oracle, some of them shall be cached to TimesTen (for performance reasons). For most of the tables to be cached readonly access is suffecient but for some of them (3-4) I will need to write the changes done in TimesTen back to Oracle.
So after studying TT documents I came to conclusion that the only way to handle this is to use USERMANAGED cache group with both AUTOREFRESH and PROPAGATE attributes set. Could you please comment whether this approach will work and is generally safe from Oracle<->TT synchronization point of view?
Is there any other way to get such automated bi-directional synchronization? As I get it READONLY can only be refreshed from Oracle while SWT/AWT can only update Oracle from TT but with no way to auto refresh TT.
Thank you very much,
Max

This setup (USERMANAGED cache group with AUTOREFRESH and PROPAGATE defined for all tables in the CG) is the only one that enables bi-directional synchronisation. The reason is that this is a form of multi-master replication with all the attendant issues and dangers that brings with it...
As to whether this is 'safe' depends on how you use it. Things to consider are:
- The AUTOREFRESH mechanism works on a time based pull. As a result, any change made to data in Oracle will not be visible in TimesTen until, on average, half the defined autorefresh interval has elapsed and in the worst case until all of the defined interval has elapsed. The effect of this can be minimised by using a shoirt refresh inbterval but that can impose quite a load on oracle if the tables are large and/or the rate of changes are high. Essentially, the data in TimesTen is potntially always a little 'stale' compared to Oracle.
- Changes made to PROPAGATE tables in TimesTen are not pushed to Oracle until the transaction in TimesTen commits. Thus locking behaviour is very different compared to executing those transactions directly in Oracle. Data may have changed in Oracle in the meantime such that the original values in TimesTen are no longer the same as those in Oracle. PROPAGATE does not perform any check for this but wimply applies the changes from TT to Oracle. This effect can be compounded by the inherent potential 'staleness' of AUTOREFRESHed data.
- This type of cache group cannot be replicated using TimesTen replication. This may not matter depending on your planned usage.
- If you have more than one TT cache caching the same data this is a very bad idea as there is no co-ordination between the caches. In that case you would need to ensure that the data is partitioned across the caches such that any item of data exists on only one cache and the npartition the application access accordingly.
Basically, any form of bi-directional replication/synchronisation is always problematic and the problems become more severe as replication/synchronisation latency increases, and as the rate of data change increases. You need to consider your use case and determine if this will be 'safe' for you.
Chris

AD group in multivalue attribute in OIA

Similar Messages

Maybe you are looking for