Jaa


How to Provision an object with multiple objectclasses in LDAP server

It is a common scenario when you want to provision an object with structural objectClasses to a LDAP server. So how can we achieve this by Generic LDAP connector in FIM? ( Generic LDAP management agent is published by Microsoft and supposed to work with any LDAP system. You can download it here.)

By some search, I find the below function which seems to point out the possible solution. There is an override constructor for the method to pass the additional objectclasses as a collection. With below code snippet, I found it didn’t work as expected.

ConnectorCollection.StartNewConnector Method (String, ValueCollection)

 ValueCollection objectClassValues = Utils.ValueCollection(new String[] { "fimAccount", "contosoExternalUser","contosoStudent”});
CSEntry csEntry = openldapMA.Connectors.StartNewConnector("fimAccount", objectClassValues);

After digging into the implementation of Generic LDAP, I am aware it relies on the attribute called “objectClass” to detect the desired structure classes. So instead of passing the collection to the call, we shall flow the attribute into objectClass. Of course, you need to add an attribute called objectClass by extending the Schema in the LDAP server. Here’s the code snippet which works in my lab.

 ValueCollection objectClassValues = Utils.ValueCollection(new String[] { "fimAccount", " contosoExternalUser"," contosoStudent”});
CSEntry csEntry = openldapMA.Connectors.StartNewConnector("fimAccount");
csEntry["objectClass"].Values = objectClassValues;

Further, with this feature we can also easily provision the object using a declarative synchronization Rule. Adding an export attribute flow in outbound rule to LDAP system is enough, then the export logic will do the magic for you.

Comments

  • Anonymous
    April 15, 2016
    This helped us. Thanks!

    However, were you able to select attributes from the additional objectClasses, to flow data to them?
  • Anonymous
    April 18, 2016
    leo,

    yes, you can do it via an attribute flow as well.