Hello Everyone,
I have been working on mapping the manager attribute from AD to IDM, and I am in need of assistance. Could anyone share some insights? Any help or guidance is highly appreciated.
Thanks in Advance
Rini
Hi Rini,
It seems the following discussion may be similar as your use case?
Hope
1 Like
Hi Hope,
Thanks for the reply and guidance. I had a quick look, and it seems to explain something related to mapping from IDM to AD, which is pretty straightforward. In this case, we would need to map it to the Manager attribute, which of a relationship type.
Hi rinivijayan,
I understand that your specific requirement involves mapping to the Manager attribute, which falls under the category of a relationship type.
To assist further, I recommend checking out the following documentation: IDM 7.2 Objects Guide - Relationships. This resource should provide valuable insights and guidance on handling relationships in IDM, including mapping to attributes like Manager.
Please let us know if this helps.
Cheers,
Sheila
Hello Folks,
Thanks for your valuable inputs. I have attempted several ways but haven’t been able to achieve my desired goal.
To provide better clarity, the most recent approach I have attempted is using the transformational script shown below:
// Check if the "manager" attribute exists in the source AD
if (source.manager) {
// If it exists, extract the "manager" DN (Distinguished Name)
var managerDN = source.manager;
// Check if the "manager" DN has a value
if (managerDN) {
// Use a regular expression to find the value of "CN" (Common Name) from the DN
var regex = /cn=([^,]+)/;
var match = managerDN.match(regex);
// If the "CN" value is found
if (match) {
// Extract the manager's name and store it in the "managerUID" variable
var managerUID = match[1];
// Construct a reference for the manager in Forgerock IDM
var managerRef = "managed/user/" + managerUID;
// Set the "manager" attribute in Forgerock IDM to the constructed reference
target.manager = managerRef;
} else {
// Handle the case where the DN couldn't be parsed (e.g., invalid format)
// Set the "manager" attribute in Forgerock IDM to null
target.manager = null;
}
} else {
// Handle the case where the "manager" attribute is present but has no value
// Set the "manager" attribute in Forgerock IDM to null
target.manager = null;
}
} else {
// Handle the case where the "manager" attribute is not present in the source AD
// Set the "manager" attribute in Forgerock IDM to null
target.manager = null;
}
Still I am getting error. I would greatly appreciate any further insights or assistance.
Thank you
I haven’t looked to closely at your code sample, but could you elaborate a bit more on what sort of error you are getting?
1 Like
@rinivijayan - upon review of your script, I can see a couple of issues that need to be addressed.
- You are attempting to use the
sourceobject as though it contains a mapping of all of the available properties from the source of the mapping, but you’ve also defined an explicit property (manager) in your mapping. When you define an explicit property,sourceno longer represents all of the source properties, but instead represents the selected property. That is to say that with how you have this defined currently, the variablesourcewould resolve to the distinguished name of the manager. In your current script, you should handle this by convertingsource.managerto justsource. - You are attempting to assign the value using a variable named
target. This variable is not a valid variable in a property mapping (see Script triggers defined in mappings :: IDM 7.4.0). When assigning a value in a transformation, simply state the final value of the property. For exampe, where you have:
target.manager = managerRef;
change that to:
managerRef;
It’s not quite intuitive, but that is how it works. You can see some examples here.
1 Like