Department attribute not syncing from eDirectory to AD

  • 7007059
  • 18-Oct-2010
  • 11-Jul-2012

Environment

Novell eDirectory 8.8 for All Platforms
Novell Identity Manager 3.6.1
Novell iManager 2.7
SUSE Linux Enterprise Server 10 Service Pack 3
SUSE Linux Enterprise Server 11 Service Pack 1

Situation

Department attribute not syncing from eDirectory to AD
Department attribute is not syncing from eDirectory to Active Directory.


Resolution

  •         Steps to resolve via iManager:

 1.     Launch iManager

     1.1   Identity Manager Administration and click on Identity Manager Overview.

     1.2   Select the driver set and click on AD driver.

     1.3   Right side of the window it opens driver overview with Publisher and Subscriber Channel.

 2. Click on Schema Mapping Policies in Subscriber Channel

     2.1 Click on Policy named"smp.Active Directory.driverset.context", it will show different eDirectory Classes mapped to Application Classes.
     2.2 By defualt Group, Locality, Organization, Organization Unit and User classes in eDirectory are mapped to group, locality, organization, organizationalUnit and user in Connected system.

3.  Click on user class in eDirectory and Application classes

     3.1  Click on Attributes button and add OU attribute in eDirectory and department attribute in Application and click on Add button and hit OK

     3.2 Apply the changes and it will prompt for restart the AD driver and hit OK.

 4. Click on Schema Mapping in Publisher Channel and follow steps 2 and 3 mentioned above.

 5. Click on AD driver properties

     5.1 Click on Filter tab and in User class click on Add Attribute tab

     5.2 Add OU attribute and make sure both Publish and Subscriber are set to Synchronize. Apply the changes and restart the driver.

 

  •         Steps to resolve via Designer:

 1. Launch Designer     1.1 Click on Active Directory driver connection in Developer Mode

     1.2 Under the outline view click on show policy flow icon, double click on Schema Mapping icon and click on edit the policy named "smp.Active Directory.driverset"

     1.3 Click on User class and expand it and click on Insert Identity Vault Attributes icon on upper right side of the Designer

     1.4 Select "OU" attribute and click on ok. Now click on Insert Application Attribute icon on the upper side of the page.

     1.5 Select "department" and click on ok. On file tab save the changes.

 2.  Double click on sync icon of the driver in subscriber channel

     2.1 Select user class and select Add attributes icon on the upper side of the page

     2.2  Select"OU" attribute and click on ok and save the changes.

3. Double click on sync icon of the driver in Publisher Channel

     3.1 Select user class and select Add attributes icon on the upper side of the page

     3.2 Select "OU" attribute and click on ok and save the changes.

Additional Information

Symptoms:
As per schema rules in eDirectory schema "OU" attribute is bind to department attribute in AD and by default the attribute is not added in filters on Active Directory driver. So manual adding of attribute in AD schema and then mapping it to OU attribute in eDirectory.