Multi vlaued attribute in IDM Schema Configuration

The IdM docs - states
Optionally, an IDMAttributeConfiguration
can specify whether the attribute is multivalued,
and can provide a display name (currently not used),
and a description.http://docs.sun.com/source/820-2961/A_edit_configObjects.html#wp19336
Does anyone have any idea ... how to specify an multi valued attribute in the IDM Schema Configuration ?
Or how can i have the email attribute configured as multi-valued.

you need to have multi='true' in the resource configuration. Something like this:
<AccountAttributeType id='11' name='changedate' syntax='string' mapName='changedate' mapType='string' multi='true'/>
I don't think you can set that through the gui; you have to edit the xml manually
see the post http://forums.sun.com/thread.jspa?forumID=764&threadID=5370337 for more details

Similar Messages

  • Storing multi-valued attributes from IDM

    I can't find anything in the docs about storing multivalued attributes in an LDAP resource. Can this be done?

    The following code enables the conversion of a single attribute with delimited data to a structured data form. This is very useful in advanced SAP IDM Driver customization.
    <?xml version="1.0" encoding="UTF-8"?><policy>
    <rule>
    <description>Convert Parameter from string to structured attribute.</description>
    <conditions>
    <and>
    <if-op-attr name="PARAMETER" op="available"/>
    </and>
    </conditions>
    <actions>
    <do-reformat-op-attr name="PARAMETER">
    <arg-value type="structured">
    <arg-component name="PARVA">
    <token-xpath expression="substring-after($current-value,'|')"/>
    </arg-component>
    <arg-component name="PARID">
    <token-xpath expression="substring-before($current-value,'|')"/>
    </arg-component>
    </arg-value>
    </do-reformat-op-attr>
    </actions>
    </rule>
    </policy>
    John
    http://base.google.com/base/items?customerId=1008580&offerId=8960059067219260173
    http://www.latimes.com/search/dispatcher.front?page=1&target=google&y=1&x=20&Query=site:www.media-press-release.com+press

  • I don't find User Extended attributes in IDM 8

    Hi all,
    I have installed idm8 and I need to extend the user attributes, but I can't find the User Extended Attributes object (or Extended User Attributes). Can anyone help me?

    From the release notes :
    Identity Manager 8.0 consolidates the locations where an administrator specifies extended,
    queryable, and summary attributes for user objects into the new
    IDM Schema Configuration object. (ID-17784) In prior versions of Identity Manager, an administrator
    edited the User Extended Attributes configuration object to add extended attributes for
    user objects and the UserUIConfig configuration object to specify additional queryable or
    summary attributes for user objects. An administrator now edits the IDM Schema Configuration
    object for these purposes.

  • Extended role attributes in IDM 8

    I managed to add extended attributes to standard role types(Role, ITRole). But when I'm trying to add extended attribute to my role type Role1, it doesn't work.
    Is it my problem or IDM 8 doesn't support extended attributes for custom role extensions?

    From the release notes :
    Identity Manager 8.0 consolidates the locations where an administrator specifies extended,
    queryable, and summary attributes for user objects into the new
    IDM Schema Configuration object. (ID-17784) In prior versions of Identity Manager, an administrator
    edited the User Extended Attributes configuration object to add extended attributes for
    user objects and the UserUIConfig configuration object to specify additional queryable or
    summary attributes for user objects. An administrator now edits the IDM Schema Configuration
    object for these purposes.

  • IDM schema and attribute mapping

    As I understood from the documents - Identity manager doesn't store any data in local database.I have 60 attributes in resource-1 which needs to be flown to resource-2
    ==>As per my understanding, i will need to create 60 attributes in IDM as user extended attributes and do the mapping between Resource1 -- IDM -- Resource-2
    ==>But if I create this schema in IDM will it hold the whole data locally ?
    Or will it hold the data between scheduled jobs for Resource-1 and Resource-2
    ==>Or I have to enable somewhere to store the data locally?
    ==>Also if there is any other option that I don't need to configure schema and attribute mapping ?
    I am new to IDM so not sure how to configure the flow in better way.

    First things first keep the extended attributes to the minimum in IDM
    for your case
    To get the values from one resource to the other you have to have attribute mappings in IDM for both the resources.
    There is no need for storing them in the extended attributes just have a job that picks up the users data from resource 1 and push it to resource 2 if the user in IDM has both the resources linked.
    Hope this works

  • Multi value attribute question

    Hello there,
    Our application would like to have a multi value attribute in DS11.1.1.7.0 on SLES platform. But here is my question..
    1. Can i have a one single attribute with value like companyCode: ABC,XYZ,QWE,RTY
    2. OR , can i have like below..
    CompayCode: ABC
    CompanyCode: XYZ
    CompanyCode: QWE
    CompanyCode: RTY
    which is the best method for LDAP server performance?
    Thanks

    Hi,
    Multi-valued attribute is supported OOTB by LDAP and it seems simpler&better (possibility to have better indexing, more efficient to add/delete values)  to use the second option, especially if you need to search for entries based on one of the attribute value. By default, LDAP attributes are multi-valued in the LDAP schema so you can store several values for companyCode.
    Note: attribute values in an LDAP attribute are unordered, so choose the primary option if you need to maintain ordering across attribute values.
    HTH
    -Sylvain

  • How does IDP handle multi-value attributes in directory?

    I have a directory referenced by the IDP where the mail attribute is multi-value. Assertions being received by the SP are indicating that the mail attribute is null or empty. How does the Oracle IDP handle multi-value attributes from a directory? Is there a way to select the first entry in an array of multi-values?

    On the IdP side, passing of multi-valued attributes is supported. Read this section:
    http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/configuring.htm#BCGCGFCJ
    Snippet (under 'Delimited Data'):
    "In addition to supporting and passing multi-valued attributes, Oracle Identity Federation can also support delimited data to provide multiple values for assertion attributes ......"
    This information is also available on the OIF screen for 'Add Assertion Profile'.
    On the SP side, mapping a multi-valued assertion attribute to a local user attribute is NOT supported. Read this section:
    http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/b25355/configuring.htm#BCGGEAEA
    Snippet (under Submit/Reset button):
    "Note: Mapping an assertion attribute containing multiple values to a local user is not supported."
    So, basically, there is no way to send only the first value of an LDAP attribute.
    -shetty2k

  • How to handle multi valued attributes

    Hi All,
    I am supposed to populate multivalued attributes for a field in oim resource profile. Lets assume the field is mailbox. The issue is that I am supposed to reconcile this field from the directory server during initial load. The mailboxes are fetched from the DS based on organization. For provisioning I have to get the mailboxes from the database and these mailboxes are based on the role a user has. At the time of provisioing, I am supposed to populate the mailbox field with values the user already has been provisioned with and also display the mailboxes that he can get access to. I have created the mailbox as a resource with id and name as two of its fields. Could someone please tell me how do I handle this?
    Thanks,
    Supreetha

    I am not sure if I could follow the same thing as mentioned in the link above. Here is my case, Role is a multi valued attribute which i need to handle in oim and is very different from the usual roles. For this purpose, I have created roles as a resource object with role_id as field in its process form.When an admin logs in to assign a new role_id, he should be able to see only those roles for assignment that the admin's org has. I have these org and role mappings in a custom table that I have created in the oim schema. How will I able to display only these available role_ids so that the admin can choose them and assign for the role resource.
    Could you please let me know how do I do the config in oim?
    Thanks,
    supreetha
    Edited by: Supreetha on Nov 13, 2010 2:54 AM

  • Problems to map organization attribute from IDM 7 to my own Resource

    Hi
    I have a problem mapping the organization user attribute to my resource. My Resource xml looks like:
              " <AccountAttributeTypes>\n"+
              " <AccountAttributeType name='accountId' mapName='loginName' mapType='string'/>\n"+
              " <AccountAttributeType name='email' mapName='email' mapType='string'/>\n"+
              " <AccountAttributeType name='firstname' mapName='firstname' mapType='string'/>\n"+
              " <AccountAttributeType name='lastname' mapName='lastname' mapType='string'/>\n"+
              " <AccountAttributeType name='organization' mapName='organization' mapType='string'/>\n"+     
              " </AccountAttributeTypes>\n"+
    but when I try to get the organization attribute in my resource it comes null. I get it like follows:
         WSAttributes attributes = user.getWSAttributes();
         attributes.getValueAsString("organization")
    Does anyone know how to map organization attribute to a Resource?
    Thanks.

    I can pass the Organization attribute to my Resource configuring this in MetaView tab.. But only pass me this attribute when I update an account.
    in my resource xml is:
    static String gfResourceXml =
              "<Resource name='ResourceAdapter' class='com.qoslabs.jes.idm.ResourceAdapter' typeString='ResourceAdapter' typeDisplayString='ResourceAdapter'>\n"+
              "     <Template>\n"+
              "           <AttrDef name='accountId' type='string'/>\n"+ 
              "  </Template>\n"+ <AccountAttributeTypes>\n"+
              "    <AccountAttributeType name='accountId' mapName='loginName' mapType='string'/>\n"+
              "       <AccountAttributeType name='password' mapName='password' mapType='string'/>\n"+   
              "    <AccountAttributeType name='email' mapName='email' mapType='string'/>\n"+
              "    <AccountAttributeType name='firstname' mapName='firstname' mapType='string'/>\n"+   
              "    <AccountAttributeType name='lastname' mapName='lastname' mapType='string'/>\n"+
              "    <AccountAttributeType name='organization' mapName='organization' mapType='string'>\n"+
             "      <AttributeDefinitionRef>\n" +
             "        <ObjectRef type='AttributeDefinition' name='organization'/>\n" +
             "      </AttributeDefinitionRef>\n" +
             "    </AccountAttributeType>\n" +
              "  </AccountAttributeTypes>\n"+
    "</Resource>\n"; and in metaview tab in Admintrator console I configure like this:
    AttributeName: organization
    Sources: None
    How to set Identity Attribute  : Set to value
    Store attribute in IDM repository: checked
    Targets: MyResourceAdapter         organization        Create, UpdateHow can I configure the meta view to pass me the attribte organization when I create a user account?
    Thanks,
    Message was edited by:
    ima_dev

  • Multi level attribute form LDAP

    multi level attribute form LDAP
    I am trying to write an custom mapping to use to retrieve a value from a multialued field in LDAP (nsRole). Has anyone done this before?
    Rigth now all my mappings are 1:1. However the goal is to get a 1 : M and parse thru it till i get the desied value (1:1)

    Darwin Hammons - Assurant 
    2:44pm, May 17 
    Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location)  queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
    Great conversation. I have a very similar question about the use of the custom JAVA mappings with the LDAP Login process. I want to include an additional (event) step in the login process. Does anyone have an example or experience with a custom Java Class mapping that can use an LDAP attribute (location)  queriing the data to execute an event that populates an RequestCenter OU or Group if the person login location equal say " Argentina" ? Looking for a way to manage / build catalog entitlements during login. Suggestions ?
    Anthony Erickson
    2:52pm, May 18  
    Hi Darwin,
    We're about to embark on a piece of work with newScale which would be similar to this to support our Multilingual catalogue.  I'll provide any updates I'm able. 
    Thanks,
    Ant 
    Darwin Hammons - Assurant 
    3:25pm, May 18 
    Great, Thanks Anthony ! I hope our bringing up this topic will spark a bit of interest. The Custom Java Mapping  / Directory integration is documented more with RC 9.1. It will be good to hear more about your project and use of Java mappings with LDAP Directories. 

  • OAM : Multi-valued attribute in Authorization Rule Actions

    Our application is protected by an Oracle Access Manager deployment, where the identity user base is based in an Oracle Internet Directory.
    In the OID, for every user entry, we have a multi valued attribute (say, 'roleattr') which contains the roles recognized in our application. Once the user is authenticated by the Access Server, we need the roles associated to him to be fetched and returned in the page header (similar to uid).
    Hence, our question is, in PolicyManager, by setting the Authorization Rule > Actions, is it possible to retrieve this attribute (which is 'multivalued') and populated into the pageHeader, so that our application can retrieve the same.

    Sure, you'll get a colon-delimited list of the multiple values in your header!
    -Vinod

  • Using "Update All Mapped Fields" with multi-value attributes

    Is it possible to update a value in a multi-value attribute through the import manager?  It appears that if a source value is different then it just gets added as another value to the record.
    For example, a product has an attribute of speed which is measured in revolutions/minute. Some products can be rated at two speeds (i.e. 1800/3600).
    I created a numeric attribute for speed and enable only nominal rating and selected multi-valued.
    In import manager, I set "/" as multi delimiter for source field.  This created two entries in destination attribute, 1800 and 3600. 
    However, if on subsequent imports the speed values changes for this record (i.e. 1200 and 1800) then I will now have 1200, 1800, and 3600 as values for this record.
    Would the proper solution be to create two individual numeric attributes that are single valued (i.e. Speed1 and Speed2)?

    Hi Aaron,
    in your example it would make sense to use two different attributes called "Speed1" and "Speed2". Using the multi value option, MDM allows you to store a list of values into a single field. This list is more or less unlimited, you can add as many values as you like. A change of an existing value is not possible. The reason is that Import Manager does not know, which value you've changed! So it simply adds the "new" record (which is the 1200 in your example) to your value list. This is the intended behaviour of the "update all mapped fields option". If you really want to replace the values, you can check if the "Replace" option is useable for you. But note, that the replace will replace the complete existing record with the incoming new one. This means if the product you want to import with the replace option is smaller than the existing one (maybe it does not contain values for all segments), you'll loose data in MDM.
    BR Michael

  • Finding exception with the read-write-backing-map-scheme configuration.

    Finding exception with the <read-write-backing-map-scheme> configuration, that is setup against a simple database cache store implementation. The class SimpleCacheEventStoreImpl implements CacheStore interface.
    Exception in thread "main" java.lang.UnsupportedOperationException: configureCache: read-write-backing-map-scheme
         at com.tangosol.net.DefaultConfigurableCacheFactory.configureCache(DefaultConfigurableCacheFactory.java:995)
         at com.tangosol.net.DefaultConfigurableCacheFactory.ensureCache(DefaultConfigurableCacheFactory.java:277)
         at com.tangosol.net.CacheFactory.getCache(CacheFactory.java:689)
         at com.tangosol.net.CacheFactory.getCache(CacheFactory.java:667)
         at Sample.SimpleEventStoreConsumer.main(SimpleEventStoreConsumer.java:10)
    The cache store is interfaced to the program SimpleEventStoreConsumer(where I have a put and get operation) through the following cache configuration descriptor. On running the SimpleEventStoreConsumer, the exception happens on trying to get the Named cache from the cache factory
    <cache-config>
         <caching-scheme-mapping>
              <cache-mapping>
                   <cache-name>Evt*</cache-name>
                   <scheme-name>SampleDatabaseScheme</scheme-name>
              </cache-mapping>
         </caching-scheme-mapping>
         <caching-schemes>
              <read-write-backing-map-scheme>
                   <scheme-name>SampleDatabaseScheme</scheme-name>
                   <internal-cache-scheme>
                        <local-scheme>
                             <scheme-ref>SampleMemoryScheme</scheme-ref>
                        </local-scheme>
                   </internal-cache-scheme>
                   <cachestore-scheme>
                        <class-scheme>
                             <class-name>com.emc.srm.cachestore.SimpleCacheEventStoreImpl</class-name>
                             <init-params>
                                  <init-param>
                                       <param-type>java.lang.String</param-type>
                                       <param-value>{cache-name}</param-value>
                                  </init-param>
                             </init-params>
                        </class-scheme>
                   </cachestore-scheme>
              </read-write-backing-map-scheme>
              <local-scheme>
                   <scheme-name>SampleMemoryScheme</scheme-name>
              </local-scheme>
         </caching-schemes>
    </cache-config>

    you are missing <backing-map-scheme>. Do like following:
    <caching-schemes>
              <distributed-scheme>
                   <scheme-name>distributed-scheme</scheme-name>
                   <service-name>DistributedQueryCache</service-name>
                   <backing-map-scheme>
                        <read-write-backing-map-scheme>
                             <scheme-ref>rw-bm</scheme-ref>
                        </read-write-backing-map-scheme>
                   </backing-map-scheme>
    <autostart>true</autostart>
              </distributed-scheme>
              <read-write-backing-map-scheme>
                   <scheme-name>rw-bm</scheme-name>
    <internal-cache-scheme>
         <local-scheme>
                        </local-scheme>
                   </internal-cache-scheme>               
              </read-write-backing-map-scheme>
    </caching-schemes>

  • Pre-populate a multi-valued attribute on target?

    Hi. I am working on pre-populating our I-Planet target resource with data we are storing in OIM User(Address data). it is a requirement by the AD group to store the data as a multi-valued attribute in the LDAP attribute postaladdress. I have tried setting up the resource form to use a pre-populate adapter to populate each line of the address, but I can only add the adapter once for the attribute. Any ideas on how to do this with a pre-populate adapter?
    rkimbal45

    You will probably need to write your own custom code to connect to your ldap directory and perform any actions needed when the field is updated. So you'll need a pre-populate to fill in the date with some sort of delimiter. Then on provisioning, you'll want to trigger this task after the create user. Then when any updates are performed, you'll need to completely refresh the multivalue attribute in the target. I would suggest one function to be called in your custom code, then query ldap for what exists, and parse your data for any updates neccessary, and then do as needed based on what exists and what needs to be added/deleted/updated.
    -Kevin

  • Multi value attributes not appearing in the Web UI

    Hello,
    I've created a multi value attribute in the SAP GUI in CRM 2007 which appears correctly against the product. When I transfer this multi value attribute to the web UI, it doesn't appear at all unless you add values against it in the SAP GUI, in which case it appears, but the set type attributes are not editable.
    Any suggestions as to why the attribute is not appearing and what can be done to resolve this?
    Thanks,
    Alison

    Hi,
    I fear I did not completely get your point.
    One thing I noticed some time ago while playing with the marketing attributes is this:
    When you define an attribute that has multiple values, but no fixed values assigned, you are only able to maintain one value for this attribute. Maybe it is this what you are describing?
    The WebClient only adds new lines in the table for the attribute, when a server roundtrip is triggered by selecting a value from the DDLB.
    I do not know if SAP provided a fix for it in the meantime.
    cheers Carsten

Maybe you are looking for