Copy Ldap Object – PhenixID Support

Version: 1.0.0

Category: Input, Process, Output

Extended Category: Ldap

Action Package: Standard Actions

Description

Copy a Ldap object from one Ldap-database to another, making explicit modifications during the copy.

Parameter	Description	Example
Source LDAP datasource	The source LDAP datasource. If empty, the current policy’s datasource is being used (must be LDAP).	My-source-ldap-database
Source LDAP object DN	The source LDAP object DN. Determines the LDAP object do make a copy of.	cn=SESSION(source-cn),ou=users,dc=prod,dc=phenixid,dc=net
Target LDAP datasource	The target LDAP datasource. If empty, the current policy’s datasource is being used (must be LDAP).	My-target-ldap-database
Target LDAP object DN	The target LDAP object DN. Determines the new DN for the new copy.	cn=SESSION(target-cn),ou=users,dc=staging,dc=phenixid,dc=net
Target LDAP object attributes to set	The target LDAP object attributes to set, a comma-delimited string. Each entry is a pipe-delimited pair, the left is the name of a LDAP attribute, and the right is the name of a session attribute. An empty value for the session attribute is valid, this will simply clear the existing value. Example: cn\|session-username,givenName\|session-person-name,street\| Some attributes are read only, or may not be allowed to modify by anyone else than the system, and thus they must be excluded. Example of attributes that must/should be excluded when copying a user in a Windows AD: distinguishedName\|,objectGUID\|,objectSid\|,logonCount\|,dSCorePropagationData\|,dSCorePropagationData\|,primaryGroupID\|,badPwdCount\|,lastLogoff\|,whenChanged\|,whenCreated\|,uSNChanged\|,uSNCreated\|,lastLogon\|,badPasswordTime\|,pwdLastSet\|,sAMAccountType\| Some attributes must be changed when copying, for example: cn\|session-cn,sAMAccountName\|session-windows-username	cn\|target-cn,objectGUID\|

Use Cases

Example 1: Copy a user from one AD to another AD

Will copy a user from AD-staging to AD-prod

Parameter	Value
Source LDAP datasource	AD-staging
Source LDAP object DN	cn=SESSION(user-cn),ou=users,dc=foo,dc=bar
Target LDAP datasource	AD-prod
Target LDAP object DN	cn=SESSION(user-cn),ou=users,dc=foo,dc=bar
Target LDAP object attributes to set	distinguishedName\|,objectGUID\|,objectSid\|,logonCount\|,dSCorePropagationData\|,dSCorePropagationData\|,primaryGroupID\|,badPwdCount\|,lastLogoff\|,whenChanged\|,whenCreated\|,uSNChanged\|,uSNCreated\|,lastLogon\|,badPasswordTime\|,pwdLastSet\|,sAMAccountType\|

DISCLAIMER

Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se