Home

Results 1 to 3 of 3

Thread: Disable a Account

  1. #1
    Join Date
    Feb 2017
    Posts
    4

    Cool Disable a Account

    To disable a account we use an internal variable called Login Disabled which is transformed into dirxml-uACAccountDisable. After this action a rule has the following <do-if>-statements in which a variable is use that is no longer available, I think, because of the transformation process:

    <do-if>
    <arg-conditions>
    <and>
    <if-op-attr mode="nocase" name="Login Disabled" op="changing-to">false</if-op-attr>
    </and>
    </arg-conditions>
    <arg-actions>
    <do-append-xml-element expression="operation-data/event-audit" name="activated"/>
    <do-append-xml-text expression="operation-data/event-audit/activated">
    <arg-string>
    <token-text xml:space="preserve">true</token-text>
    </arg-string>
    </do-append-xml-text>
    </arg-actions>
    <arg-actions/>
    </do-if>
    I want to know if I am right and I have to use the variable dirxml-uACAcccountDisable or a statement using the source attribute? Thank you in advance!

  2. #2

    Re: Disable a Account

    OlafMeuther wrote:

    > To disable a account we use an internal variable called Login Disabled


    there are no "internal variables" in IDM, you are looking at an operation
    attribute in this case. Helps a lot if we all speak the same language... :-)

    > which is transformed into dirxml-uACAccountDisable. After this action a
    > rule has the following <do-if>-statements in which a variable is use
    > that is no longer available, I think, because of the transformation
    > process:


    we would need to see a level 3 trace to verify your assumption, you can post it
    to susepaste.org or similar services and link it here, if too long to attach
    directly.

    In general, class and attribute names are mapped from Edir namespace to
    application namespace in schema mapping policies (hence the name) and you'll
    have to use those names in input/output transforms.

    --
    http://www.is4it.de/en/solution/iden...ss-management/

    (If you find this post helpful, please click on the star below.)

  3. #3
    Join Date
    Dec 2007
    Location
    Brooklyn, NY
    Posts
    6,213

    Re: Disable a Account

    On 1/29/2019 5:16 AM, OlafMeuther wrote:
    >
    > To disable a account we use an internal variable called Login Disabled
    > which is transformed into dirxml-uACAccountDisable. After this action a
    > rule has the following <do-if>-statements in which a variable is use
    > that is no longer available, I think, because of the transformation
    > process:


    First off, this is the Designer forum, you will get better results in
    the Engine-driver forum.

    Second, in general, reference the specific driver you are working with.
    I can tell from the uAC part that it is User Account Control, so Active
    Directory. but worth clarifying it. Also this is Sub channel as you send
    to AD.

    As Lothar noted, you work in the eDir namespace (Login Disabled) until
    you get to the schema map, where it gets renamed to the application
    namespace.

    The policy below is for the Account Tracking to send an extra message
    when an account is disabled. A message to another system (Account
    tracking) not actually disable the user. It is the schema map that does
    the change over of attribute names.


    >
    > <do-if>
    > <arg-conditions>
    > <and>
    > <if-op-attr mode="nocase" name="Login Disabled"
    > op="changing-to">false</if-op-attr>
    > </and>
    > </arg-conditions>
    > <arg-actions>
    > <do-append-xml-element expression="operation-data/event-audit"
    > name="activated"/>
    > <do-append-xml-text
    > expression="operation-data/event-audit/activated">
    > <arg-string>
    > <token-text xml:space="preserve">true</token-text>
    > </arg-string>
    > </do-append-xml-text>
    > </arg-actions>
    > <arg-actions/>
    > </do-if>
    > I want to know if I am right and I have to use the variable
    > dirxml-uACAcccountDisable or a statement using the source attribute?
    > Thank you in advance!
    >
    >



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •