Topic
7 replies Latest Post - ‏2013-03-05T17:09:14Z by bobby99
SystemAdmin
SystemAdmin
9855 Posts
ACCEPTED ANSWER

Pinned topic Reconcile email address from Lotus Notes and set back to AD attribute

‏2013-02-26T04:30:05Z |
Hi Experts,

I need your help. I'm new on ISIM 6.0, I have to reconcile email address from Lotus Notes and set back to AD attribute.
How should I do? Can I use JavaScript in somewhere?
Could anyone give me an example please..

Thank a lot,
Nuttapong
Updated on 2013-03-05T17:09:14Z at 2013-03-05T17:09:14Z by bobby99
  • SystemAdmin
    SystemAdmin
    9855 Posts
    ACCEPTED ANSWER

    Re: Reconcile email address from Lotus Notes and set back to AD attribute

    ‏2013-02-26T10:07:30Z  in response to SystemAdmin
    This is not how it should work....

    You should :

    1.Set the email on the person entity (owner of the account)
    2.Create Provisioning Policies that governs the email attribute in AD and Notes

    ITIM is designed as a top/down system - i.e. driving the data from person data to the accounts. This is different philosophy than some of the other IdM products in the market that traditionally uses the old school directory synchronization strategy.

    Although it is technically possible to do what you want I will strongly discourage it for 2 reasons :

    1.It is against the ITIM fundamental architecture and hence will create you long term problems
    2.You are a beginner of the product - to work around the fundamental architecture requires a skill level you do not have yet and you will almost certainly create a solution that will hurt you more than will ever wish for...

    HTH

    Regards
    Franz Wolfhagen
  • SystemAdmin
    SystemAdmin
    9855 Posts
    ACCEPTED ANSWER

    Re: Reconcile email address from Lotus Notes and set back to AD attribute

    ‏2013-02-26T10:44:00Z  in response to SystemAdmin
    Hi Franz Wolfhagen,

    Thank for your suggestion, I really understand.

    So could you expand:
    1.Set the email on the person entity (owner of the account)
    2.Create Provisioning Policies that governs the email attribute in AD and Notes

    Best regards,
    Nuttapong
    • SystemAdmin
      SystemAdmin
      9855 Posts
      ACCEPTED ANSWER

      Re: Reconcile email address from Lotus Notes and set back to AD attribute

      ‏2013-02-26T10:56:45Z  in response to SystemAdmin
      What you need is to set the email attribute on the person - this is either done through the console/selfservice or your HRFeed. The important thing is actually not how - but who owns and governs this piece of data and where it is created. The is prerequisite.

      Creating Provisioning Policies is a fundamental piece of ITIM administration - you will need to study that in the doc - there are too many options on how this is done. I will not be able to help you out on that. The problem is simply too large to cover here.

      When you have found out what your usecases are and how the system should reflect these - and you cannot make to work - then I may be able to help you.

      Regards
      Franz Wolfhagen
  • SystemAdmin
    SystemAdmin
    9855 Posts
    ACCEPTED ANSWER

    Re: Reconcile email address from Lotus Notes and set back to AD attribute

    ‏2013-02-26T11:21:34Z  in response to SystemAdmin
    That right, I have the HRFeed that feed the employee to ITIM but some employees not have an email yet, I don't know why. The customer tell me to reconcile the missing of the email of the employees from Lotus Notes.

    So what I need is how to reconcile the email address from Lotus Notes and set back to the email attribute on the person.

    I have already known how to set the email address from the person to AD attribute by setting the attribute as "mandatory" and the policy enforcement is set to "correct".
    Could you help me how to set the email attribute on the person from Lotus Notes's account please..

    Best regards,
    Nuttapong
    • SystemAdmin
      SystemAdmin
      9855 Posts
      ACCEPTED ANSWER

      Re: Reconcile email address from Lotus Notes and set back to AD attribute

      ‏2013-02-26T12:00:27Z  in response to SystemAdmin
      Well - you are in a completely other situation - what you need is an one off fix to populate the persons with the email from notes.

      I would just get the list of all email ids from notes - compare them with the ITIM persons.

      This should be easily performed using ITDI - you should use the HRFeed mechanism to update ITIM (not ldap although that is easier) as this will trigger the provisioning flow and the policy you already have in place...

      If you update ldap directly you need to trigger the provisioning flow in ITIM using other mechanisms (e.g. write a workflow that simply does an "enforce policy for person" and run it through the Life Cycle Rules).

      You can use a lot of other tools - but the advantage of using ITDI is that it can connect to to basically anything and is very easy to use one you have tried a couple of times....

      HTH

      Regards
      Franz Wolfhagen
  • SystemAdmin
    SystemAdmin
    9855 Posts
    ACCEPTED ANSWER

    Re: Reconcile email address from Lotus Notes and set back to AD attribute

    ‏2013-02-27T03:13:19Z  in response to SystemAdmin
    Thank a lot, I will try TDI first.

    Best regards,
    Nuttapong
  • bobby99
    bobby99
    95 Posts
    ACCEPTED ANSWER

    Re: Reconcile email address from Lotus Notes and set back to AD attribute

    ‏2013-03-05T17:09:14Z  in response to SystemAdmin
    here this might be useful add a script notes with this code to your Lotus Notes Add workflow and create an extension node aftger it to update the person record.

    //theOwner is the Person Record
    theOwner = owner.get();
    personRecordEmail = theOwner.getProperty("mail");

    //theAccount is the Notes Account
    theAccount = account.get();

    //The following line gets the Notes Internet Address field
    notesEmail = theAccount.getProperty("ernotesinternetaddress")[0];

    //The following lines sets the Person Record with the notesEmail value
    if (personRecordEmail != notesEmail) {
    theOwner.setProperty("mail", notesEmail);
    owner.set(theOwner);
    UpdateFlag.set("true");
    }