Environment
NetIQ Identity Manager 4.5
NetIQ Identity Manager Driver - Bi-directional driver for eDirectory
Situation
How to sync Password Expiration time with the Bi-directional eDirectory Driver.
Currently on a new user add, the setting of the password will override the setting of the password expiration time from the source system.
Resolution
The following rule can sync the value. It comes in as a secondary event after the user and password are already set. It happens at the same time as the association creation for the user.
The reason for adding the CN is because the attr name is not in the LDAP namespace. Also, this rule can then be placed in the input transformation policy if desired. The variable names may be changed as desired.
< <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE policy PUBLIC "policy-builder-dtd" "C:\netiq\idm\apps\Designer\plugins\com.novell.idm.policybuilder_4.0.0.201601220536\DTD\dirxmlscript4.5.2.dtd"><policy>
<rule>
<description>Write Password sync timeout</description>
<conditions>
<and>
<if-operation op="equal">add-association</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="varPET" scope="policy">
<arg-string>
<token-dest-attr class-name="User" name="Password Expiration Time"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="varCN" scope="policy">
<arg-string>
<token-dest-attr class-name="User" name="CN"/>
</arg-string>
</do-set-local-variable>
<do-set-src-attr-value class-name="inetOrgPerson" name="passwordExpirationTime">
<arg-association>
<token-association/>
</arg-association>
<arg-value type="time">
<token-local-variable name="varPET"/>
</arg-value>
</do-set-src-attr-value>
</actions>
</rule>
</policy>
<rule>
<description>Write Password sync timeout</description>
<conditions>
<and>
<if-operation op="equal">add-association</if-operation>
</and>
</conditions>
<actions>
<do-set-local-variable name="varPET" scope="policy">
<arg-string>
<token-dest-attr class-name="User" name="Password Expiration Time"/>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="varCN" scope="policy">
<arg-string>
<token-dest-attr class-name="User" name="CN"/>
</arg-string>
</do-set-local-variable>
<do-set-src-attr-value class-name="inetOrgPerson" name="passwordExpirationTime">
<arg-association>
<token-association/>
</arg-association>
<arg-value type="time">
<token-local-variable name="varPET"/>
</arg-value>
</do-set-src-attr-value>
</actions>
</rule>
</policy>