/scripts/ahub.form.attachments.js
0

How to read AD Attributes but not in IDM SAP standard mapping table

Jan 11, 2017 at 01:20 AM

292

avatar image

Hi All expert,

How can i read AD Attributes but not in IDM SAP standard mapping table?

Ref:

http://help.sap.com/saphelp_nwidmic_80/helpdata/en/ca/f828deac524dc3bf4f151077c687e2/content.htm

Example. I would like to read "EmployeeID" from AD attribute and write to IDM, therefore, i can read "EmployeeID" attribute via IDM UI page.

Is it possible? If you have any idea or ref link, please share and appreciate your help.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

10 Answers

Best Answer
C Kumar Jan 28, 2017 at 08:14 PM
0

Hello Shunji,

I remember that I have also faced the same issue while using the True for local time.

Could you please try with true and TRUE. As I remember, one of this works fine for the local time.

If you still face the issue then please open a new thread (as suggested by Matt) or raise OSS.

Regards,

C Kumar

Share
10 |10000 characters needed characters left characters exceeded
Matt Pollicove
Jan 11, 2017 at 02:22 PM
0

Hi,

Can you post a screenshot? Also the link you are using doesn't seem to work. Also, please confirm what version of IDM you are using, but it's possible to represent just about all AD atrributes in IDM, it's just a matter of creating a custom attribute and then putting it into the pass.

Share
10 |10000 characters needed characters left characters exceeded
Shunji Yamada Jan 12, 2017 at 06:32 PM
0

Hi Matt,

I am using IDM8.0 SP3, I can open the link but I have the print screen as below,

The attribute I want to sync to IDM,

Example : "Enabled", or EmployeeID ( It is empty now )


Share
10 |10000 characters needed characters left characters exceeded
Deva Prakash B Jan 12, 2017 at 10:45 PM
0

Hi Shunji,

If i understand correctly, there are some fields in AD which holds the Employee ID and Enabled values. and you would like to fetch them form Ad and write IDM? If yes then kindly find the attribute name which holds those values in AD and use the same field/attribute names in the Read Pass at the time of reading values from AD.

For Example: MailNickName attribute is available in AD attribute Editor section, but it is not mentioned in IDM -AD Mapping sheet. So in the read pass i would inlcude MailNickName attribute just like other attributes and reads the data.

Regards,

DP

Share
10 |10000 characters needed characters left characters exceeded
Deva Prakash B Jan 12, 2017 at 10:45 PM
0

Hi Shunji,

If i understand correctly, there are some fields in AD which holds the Employee ID and Enabled values. and you would like to fetch them form Ad and write IDM? If yes then kindly find the attribute name which holds those values in AD and use the same field/attribute names in the Read Pass at the time of reading values from AD.

For Example: MailNickName attribute is available in AD attribute Editor section, but it is not mentioned in IDM -AD Mapping sheet. So in the read pass i would inlcude MailNickName attribute just like other attributes and reads the data.

Regards,

DP

Share
10 |10000 characters needed characters left characters exceeded
Shunji Yamada Jan 13, 2017 at 01:29 PM
0

I tied but it didn't read that attributes. Do we need to create new javascript to read the non-standard AD attribute?


Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Shunji,

I wrote a blog which hopefully will help.

https://blogs.sap.com/2017/01/13/adding-ad-attributes-to-the-identity-store/

Matt

0
Shunji Yamada Jan 23, 2017 at 02:27 PM
0

Hi Matt and DP,

Thank you for your answer and I found out the main reason why I cannot get some attributes value from AD to IDM.

IDM only support attributes under "ADSIEdit", but not all from Powershell script "Get-Aduser" command.

Example, there is no "Enabled" attribute under ADSIEdit but Get-Aduser, therefore, IDM cannot get the correct value from AD.

Thank you again, now I need to find out how to convert from "AD Timestamp" -> human readable time,

Example, AD time stamp " 131220187990000000 " - > 26 Oct 2016.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Shunji,

Do you have a reference for that? The only time I've ever had an issue is if SSL is involved, or if there is a permissions issue. If it's part of the schema, IDM should be able to read it.

Thanks,

Matt

0
C Kumar Jan 24, 2017 at 09:06 AM
0

Hello Shunji,

you can use uint8ToDate function to convert AD timestamp to Human readable date format. For more details please check the below link.

http://help.sap.com/saphelp_nwidmic_80/helpdata/en/d3/24b691e99340b08ba9d5e1bea65e36/content.htm

Regards,

C Kumar

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Kumar,

Thank you for your answer!! It works if I put "return uInt8ToDate(Par)" without local time.

However, when i put "local time" which is ( return uInt8ToDate(Par,True)). I got error as below

addEntry failed

undefined: "True" is not defined.

Any idea?

0
Matt Pollicove
Jan 25, 2017 at 03:36 PM
0

Hi Guys,


This should be in a separate thread. Thanks!

Share
10 |10000 characters needed characters left characters exceeded
Shunji Yamada Jan 26, 2017 at 12:27 PM
0

Hi Matt,

You are right, will open the new thread next time. Thank.

Share
10 |10000 characters needed characters left characters exceeded
Skip to Content