and more in a single search tool across platforms. Read the announcement here. |
06/10/2024 01:22 AM
Hello,
We have a use case where we import existing ad accounts and correlate them with the user. After importing these accounts and correlating them with their respective user, if the user receives any change in an attribute, the user update rules trigger and update these attributes in the ad account, even, depending on the attribute (if it is a location related one) the account is moved from one OU to another.
The problem we are having is that for certain users we have to prevent them from moving from OU, currently the UPDATEACCOUNTJSON contains
"moveUsertoOU": "${if(user.employeeType.equals('External')){'OU=external,OU=saviynt,DC=AAA,DC=AAA'} else {user.customproperty9}}"
*customproperty9 contains an OU for other users calculated with inline preprocessor
Could you give me an example of logic added to the configuration we already have so that users who have an ad account that belongs to the OU ‘OU=cantmove,OU=saviynt,DC=AAA,DC=AAA’ are not moved from OU?
In brief,
External users will be moved to OU=external,OU=saviynt,DC=AAA,DC=AAA
Users who have an account in the OU "OU=cantmove,OU=saviynt,DC=AAA,DC=AAA,DC=AAA" will not be moved.
All other users move to the OU contained in customproperty9.
Thank you
06/10/2024 01:41 AM
Try below in your update account json. In case you are storing DN in other attribute than accountid the replace accountid (mark is bold) with that attribute name.
"moveUsertoOU": "${account.accountid.contains('OU=cantmove,OU=saviynt,DC=AAA,DC=AAA,DC=AAA') ? 'OU=cantmove,OU=saviynt,DC=AAA,DC=AAA,DC=AAA' : user.customproperty9}"
06/10/2024 01:59 AM
Hi @pmahalle ,
Thanks for your help
Two things here,
is it possible to do an else if in the json?
Kind regards,
Ivan
06/10/2024 02:19 AM
@Ivan5533 If you are storing information like canmove or cantmove in account's/user's customproperty then you can use it in your condition. If it's canmove then push custompropery9 else calculated the existing OU from user's the existing DN using substring function and push..
06/10/2024 02:27 AM
@pmahalle That would work, but as I still need to cover 3 use cases
1. users who don't move
2. external users with predefined ou
3. users who move
How can I do it in the same condition? I would appreciate if you can give me an example of an else if included in a userupdatejson?
Kind regards,
Ivan
06/10/2024 03:12 AM - edited 06/10/2024 03:13 AM
Try below:
"moveUsertoOU": "${if(user.employeeType.equals('External')){'OU=external,OU=saviynt,DC=AAA,DC=AAA'} else if(account.customproperty1.equals('canmove')) {user.customproperty9} else {substring(account.accountid.indexOf(',')+1,account.accountid.length()}}"
Giving that you have DN present in accountid attribute of the account.
06/11/2024 06:44 AM
I have the dn in the attribute customproperty1, I have adapted it to my environment as follows
"moveUsertoOU": "${if(user.employeeType.equals('Contractor')){'OU=Users,OU=external,OU=saviynt,DC=XX,DC=XX'} else if(account.customproperty1.contains('canmove')) {user.customproperty9} else {substring(account.customproperty1.indexOf('OU'),account.customproperty1.length())}}"
but when I update a user that would fall into the else condition I get the following error
customproperty1 of the account-> CN=ciro kanpel,OU=XX-TEST,OU=Users,OU=AA,OU=BBB,OU=saviynt,DC=XX,DC=XX
Error while Update operation for account-ckanpel in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091284, comment: Error in attribute conversion operation, data 0, v4563]
Kind regards,
Ivan
06/13/2024 10:48 PM
"moveUsertoOU": "${if(user.employeeType.equals('Contractor')) {'OU=Users,OU=external,OU=saviynt,DC=XX,DC=XX'} else if(account.customproperty1.contains('canmove')) {user.customproperty9} else {substring(account.customproperty1, account.customproperty1.indexOf('OU'))}}"
06/26/2024 08:53 AM - edited 06/26/2024 08:55 AM
Hi Rushikesh,
I have tried with your code and I get the same AD error... even when I use customproperty9 as result. When there is no else if is working correctly, so it is not the customproperty9
Working:
"moveUsertoOU": "${if(user.employeeType.equals('Contractor')) {'OU=Users,OU=external,OU=saviynt,DC=XX,DC=XX'} else {user.customproperty9}}"
Using static values in the else if and else conditions is not working either, e.g.
"moveUsertoOU": "${if(user.employeeType.equals('Contractor')){'OU=Users,OU=external,OU=saviynt,DC=XX,DC=XX'} else if(account.customproperty1.contains('canmove')) {'OU=Users,OU=test2,OU=saviynt,DC=XX,DC=XX'} else 'OU=Users,OU=test1,OU=saviynt,DC=XX,DC=XX' }"
Do you have any idea what it might be?
Kind regards,
Ivan