Overview
This PhenixID Solution Document (PSD) is written for PhenixID Identity Manager 5.x/6.x or later.
In MAIN view you can add all or parts of OUs from an LDAP directory. If you like to create a virtual OU structure based on attribute values on objects this PSD will explain how to do that. This PSD explains how to do this based on parent and child attributes on directory objects.
System Requirements
- PhenixID Identity Manager 5.x/6.x installed
- Downloaded class files
Instruction
Download
Download from link below the correct file depending on what version you run:
Download Virtual View PSD package
Place the content in the dowloaded /psd folder in /customer/extension/class/psd in the IM folder. If a psd folder does not exist under the class folder, create one.
Configuration
IM must be configured using the new files explained above.
- Open the file /customer/config/actiontranslation.properties in a text editor.
- Change three of the parameters, as listed below.
rootTree=psd.ViewRootEntriesParentChild rootTreeChildren=psd.ViewChildEntryProviderParentChild gridChildren=psd.ViewGridResultFromTreeParentChild - Restart PIM
Policies
There are a number of policies that have to be added to DSEditor.properties. It is possible to have multiple sets of top nodes, with different configuration. Therefor each policy set has a number in the policy names. In the instruction below, the number 1 is used as the first set. To add another set, exchange the number 1 with number 2 in the second set of policies.
PARENT_CHILD_NODE_1_NAME
The name of the top node in the tree. Below this top node, the objects without a parent will be listed. The name is localizable.
PARENT_CHILD_NODE_1_PARENT_ATTRIBUTE
The name of the attribute that contains the parent for the object.
PARENT_CHILD_NODE_1_PARENT_MATCH_ATTRIBUTE
The name of the attribute in the parent object that matches the value in PARENT_CHILD_NODE_1_PARENT_ATTRIBUTE.
PARENT_CHILD_NODE_1_CHILD_ATTRIBUTE
The name of the attribute that contains the children for the object.
PARENT_CHILD_NODE_1_CHILD_MATCH_ATTRIBUTE
The name of the attribute in the child object that matches the value in PARENT_CHILD_NODE_1_CHILD_ATTRIBUTE.
PARENT_CHILD_NODE_1_SEARCH_BASE
The search base in the directory, where the objects are located.
PARENT_CHILD_NODE_1_DISPLAY_ADDITIONAL_ATTRIBUTES
The attributes to show in the result grid at the right side of the application. Attributes are entered in a comma separated list, and to give the attribute a display name in the column title use |.
This policy is optional. If no attributes are entered, only the objects naming value will be shown.
Example:
PARENT_CHILD_NODE_1_DISPLAY_ADDITIONAL_ATTRIBUTES=givenname|First Name,sn|Last Name
PARENT_CHILD_NODE_1_TREE_NODE_ATTRIBUTE
The attribute to show for the object node in the tree. The value can be formatted with multiple attributes and texts. Text values must be surrounded by “” and a + must be entered between each attribute name and each text value.
This policy is optional. If no attributes are entered, the objects naming value will be used.
Example:
PARENT_CHILD_NODE_1_TREE_NODE_ATTRIBUTE=givenname+" "+sn
PARENT_CHILD_NODE_1_TREE_NODE_SORT_ATTRIBUTE
The attribute(s) to sort the object nodes in the tree, if other then the visible node name. Multiple attributes can be entered, separated by a comma.
This policy is optional. If no attributes are entered, the objects will only be sorted by their visible names.
Example:
PARENT_CHILD_NODE_1_TREE_NODE_SORT_ATTRIBUTE=company,department
PARENT_CHILD_NODE_1_ADDITIONAL_SEARCH_FILTER
If any additional LDAP search filter should be applied when searching for parent and child objects.
This policy is optional.
PARENT_CHILD_NODE_1_PLACE_LEAF_CHILDREN_FIRST_IN_TREE
Set this policy to true to sort leaf objects above the objects with children. An additional search will be made for each child node to decide whether it has children of its own or if it is a leaf object.
This policy is optional, and has the default value of false.
PARENT_CHILD_NODE_1_CHECK_GRANDCHILDREN
An additional search will be made for each child node to decide whether a plus sign should be visible in the tree or not. Set this policy to false to avoid those additional searches.
This policy is optional, and has the default value of true.
PARENT_CHILD_NODE_1_SHOW_ALL_OBJECTS_IN_TREE
If both container objects and leaf objects should be shown in the tree, set this to true. This will also make that the marked node will be shown in the grid together with the marked nodes children.
This policy is optional, and has the default value of false.
Example 1, manager / directReports
PARENT_CHILD_NODE_1_NAME=Employees PARENT_CHILD_NODE_1_PARENT_ATTRIBUTE=manager PARENT_CHILD_NODE_1_PARENT_MATCH_ATTRIBUTE=distinguishedName PARENT_CHILD_NODE_1_CHILD_ATTRIBUTE=directReports PARENT_CHILD_NODE_1_CHILD_MATCH_ATTRIBUTE=distinguishedName PARENT_CHILD_NODE_1_SEARCH_BASE=ou=employees,dc=company,dc=com PARENT_CHILD_NODE_1_DISPLAY_ADDITIONAL_ATTRIBUTES=givenname|First Name,sn|Last Name PARENT_CHILD_NODE_1_TREE_NODE_ATTRIBUTE=givenname+" "+sn+" ("+sAMAccountName+")" PARENT_CHILD_NODE_1_TREE_NODE_SORT_ATTRIBUTE=company,department PARENT_CHILD_NODE_1_PLACE_LEAF_CHILDREN_FIRST_IN_TREE=true PARENT_CHILD_NODE_1_ADDITIONAL_SEARCH_FILTER=(objectClass=user) PARENT_CHILD_NODE_1_CHECK_GRANDCHILDREN=true PARENT_CHILD_NODE_1_SHOW_ALL_OBJECTS_IN_TREE=false
Example 2, nested groups
PARENT_CHILD_NODE_1_NAME=NestedGroups PARENT_CHILD_NODE_1_PARENT_ATTRIBUTE=memberOf PARENT_CHILD_NODE_1_PARENT_MATCH_ATTRIBUTE=distinguishedName PARENT_CHILD_NODE_1_CHILD_ATTRIBUTE=member PARENT_CHILD_NODE_1_CHILD_MATCH_ATTRIBUTE=distinguishedName PARENT_CHILD_NODE_1_SEARCH_BASE=dc=company,dc=local PARENT_CHILD_NODE_1_DISPLAY_ADDITIONAL_ATTRIBUTES=cn,description PARENT_CHILD_NODE_1_TREE_NODE_ATTRIBUTE=cn PARENT_CHILD_NODE_1_TREE_NODE_SORT_ATTRIBUTE=department PARENT_CHILD_NODE_1_PLACE_LEAF_CHILDREN_FIRST_IN_TREE=false PARENT_CHILD_NODE_1_ADDITIONAL_SEARCH_FILTER=(|(&(objectClass=group)(member=*))(objectClass=user)) PARENT_CHILD_NODE_1_CHECK_GRANDCHILDREN=true PARENT_CHILD_NODE_1_SHOW_ALL_OBJECTS_IN_TREE=false
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se