0
Answered

UNIFYBroker/AD & dn field type

Adrian Corston 1 month ago in UNIFYBroker/Microsoft Active Directory • updated 1 month ago 2

I have configured my UNIFYBroker/AD connector to use objectGUID as the key, so I can modify the "dn" attribute to move users between AD OUs.  I configured my "dn" attribute as a "Distinguished Name (DN)" type in the AD connector and I generate an appropriate value for the field in a PowerShell Link Task.  But when I attempt to sync to the AD adapter I see this error:

It looks to me like the UNIFYBroker/AD connector code needs me to configure the "dn" attribute as a String type.  Is that correct?  I'd prefer to have it configured as a Distinguished Name (DN), because that is what it is in AD and I want to use it elsewhere as a Distinguished Name (DN) data type (e.g. when I join to it for use on another user's "manager" attribute).

Affected Versions:
Fixed by Version:

Answer

Answer
Answered

Hey Adrian,

Unfortunately that's correct - the AD connector expects the DN field to be a string value type.

This is because the underlying Microsoft library used for integration requires the DN to be a string value, so we enforce that value type further up the chain to ensure we don't cause any strange behaviour doing the conversion ourselves.

Answer
Answered

Hey Adrian,

Unfortunately that's correct - the AD connector expects the DN field to be a string value type.

This is because the underlying Microsoft library used for integration requires the DN to be a string value, so we enforce that value type further up the chain to ensure we don't cause any strange behaviour doing the conversion ourselves.

Is that true for "manager" as well?  If manager and dn are different types, that means a PowerShell transformation will always be required after the join from a user to their manager's user object.  It would be nice to have a cleaner approach than that.