0
Answered

Identity Broker Provisioning

Peter Wass 7 years ago in UNIFYBroker/Microsoft Identity Manager • updated by anonymous 4 years ago 4

Do we have any examples of provisioning to Broker if the object has a multi-part DN (eg: UID=<object>,OU=users). Currently I'm getting an error in that OU=users does not exist. Has this been done? Proven not to work?

Affected Versions:
Fixed by Version:

Hey Peter,

The reason it hasn't really been "documented" as such is because this issue is actually a FIM-side issue to do with containers, common to all management agents. In the same way as you can't provision to AD without bringing in a matching hierarchy first via import or otherwise, you can't provision an object in FIM unless the container already exists in the connector space. This could be resolved in two ways, possibly more:

  • Run an import with at least one item present to bring in the container, the same as you would for Active Directory/ADAM
  • If you have no entities, you will need to initially provision the container in your logic (object class "container", DN of the same format you want, ie. OU=Users)

Let me know if you have any further thoughts on this or if this does not help.

Matt

Yeah - knew that was a problem. I was wondering if someone had worked around it somehow. I have 4 object types to provision for Cisco and can't break it up any other way. Its a pity that we can't 'autoprovision' as they do for the AD MA.

Peter,

Good point on the Provisioning Hierarchy thing, it could be useful to have. I've added it as a feature request when looking at IDBFIM-18 (if it's possible for us to do). Otherwise, import a single entity in that container, or provision the container initially.

Question answered - will work around it.