Overview

This PhenixID Solution Document (PSD) is written for PhenixID Identity Manager 5.x/6.x or later.

In MAIN view you can add all or parts of OUs from an LDAP directory. If you like to create a virtual OU structure based on attribute values on objects this PSD will explain how to do that. This PSD explains how to do this based on parent and child attributes on directory objects.

System Requirements

• PhenixID Identity Manager 5.x/6.x installed
• Downloaded class files

Instruction

Download

Download from link below the correct file depending on what version you run:

Download Virtual View PSD package

Place the content in the dowloaded /psd folder in /customer/extension/class/psd in the IM folder. If a psd folder does not exist under the class folder, create one.

Configuration

IM must be configured using the new files explained above.

1. Open the file /customer/config/actiontranslation.properties in a text editor.
2. Change three of the parameters, as listed below.
   rootTree=psd.ViewRootEntriesParentChild rootTreeChildren=psd.ViewChildEntryProviderParentChild gridChildren=psd.ViewGridResultFromTreeParentChild
3. Restart PIM

Policies

There are a number of policies that have to be added to DSEditor.properties. It is possible to have multiple sets of top nodes, with different configuration. Therefor each policy set has a number in the policy names. In the instruction below, the number 1 is used as the first set. To add another set, exchange the number 1 with number 2 in the second set of policies.

PARENT_CHILD_NODE_1_NAME

The name of the top node in the tree. Below this top node, the objects without a parent will be listed. The name is localizable.

PARENT_CHILD_NODE_1_PARENT_ATTRIBUTE

The name of the attribute that contains the parent for the object.

PARENT_CHILD_NODE_1_PARENT_MATCH_ATTRIBUTE

The name of the attribute in the parent object that matches the value in PARENT_CHILD_NODE_1_PARENT_ATTRIBUTE.

PARENT_CHILD_NODE_1_CHILD_ATTRIBUTE

The name of the attribute that contains the children for the object.

PARENT_CHILD_NODE_1_CHILD_MATCH_ATTRIBUTE

The name of the attribute in the child object that matches the value in PARENT_CHILD_NODE_1_CHILD_ATTRIBUTE.

PARENT_CHILD_NODE_1_SEARCH_BASE

The search base in the directory, where the objects are located.

PARENT_CHILD_NODE_1_DISPLAY_ADDITIONAL_ATTRIBUTES

The attributes to show in the result grid at the right side of the application. Attributes are entered in a comma separated list, and to give the attribute a display name in the column title use |.

This policy is optional. If no attributes are entered, only the objects naming value will be shown.

Example:

PARENT_CHILD_NODE_1_DISPLAY_ADDITIONAL_ATTRIBUTES=givenname|First Name,sn|Last Name

PARENT_CHILD_NODE_1_TREE_NODE_ATTRIBUTE

The attribute to show for the object node in the tree. The value can be formatted with multiple attributes and texts. Text values must be surrounded by “” and a + must be entered between each attribute name and each text value.

This policy is optional. If no attributes are entered, the objects naming value will be used.

Example:

PARENT_CHILD_NODE_1_TREE_NODE_ATTRIBUTE=givenname+" "+sn

PARENT_CHILD_NODE_1_TREE_NODE_SORT_ATTRIBUTE

The attribute(s) to sort the object nodes in the tree, if other then the visible node name. Multiple attributes can be entered, separated by a comma.

This policy is optional. If no attributes are entered, the objects will only be sorted by their visible names.

Example:

PARENT_CHILD_NODE_1_TREE_NODE_SORT_ATTRIBUTE=company,department

PARENT_CHILD_NODE_1_ADDITIONAL_SEARCH_FILTER

If any additional LDAP search filter should be applied when searching for parent and child objects.

This policy is optional.

PARENT_CHILD_NODE_1_PLACE_LEAF_CHILDREN_FIRST_IN_TREE

Set this policy to true to sort leaf objects above the objects with children. An additional search will be made for each child node to decide whether it has children of its own or if it is a leaf object.

This policy is optional, and has the default value of false.

PARENT_CHILD_NODE_1_CHECK_GRANDCHILDREN

An additional search will be made for each child node to decide whether a plus sign should be visible in the tree or not. Set this policy to false to avoid those additional searches.

This policy is optional, and has the default value of true.

PARENT_CHILD_NODE_1_SHOW_ALL_OBJECTS_IN_TREE

If both container objects and leaf objects should be shown in the tree, set this to true. This will also make that the marked node will be shown in the grid together with the marked nodes children.

This policy is optional, and has the default value of false.

Example 1, manager / directReports

PARENT_CHILD_NODE_1_NAME=Employees
PARENT_CHILD_NODE_1_PARENT_ATTRIBUTE=manager
PARENT_CHILD_NODE_1_PARENT_MATCH_ATTRIBUTE=distinguishedName
PARENT_CHILD_NODE_1_CHILD_ATTRIBUTE=directReports
PARENT_CHILD_NODE_1_CHILD_MATCH_ATTRIBUTE=distinguishedName
PARENT_CHILD_NODE_1_SEARCH_BASE=ou=employees,dc=company,dc=com
PARENT_CHILD_NODE_1_DISPLAY_ADDITIONAL_ATTRIBUTES=givenname|First Name,sn|Last Name
PARENT_CHILD_NODE_1_TREE_NODE_ATTRIBUTE=givenname+" "+sn+" ("+sAMAccountName+")"
PARENT_CHILD_NODE_1_TREE_NODE_SORT_ATTRIBUTE=company,department
PARENT_CHILD_NODE_1_PLACE_LEAF_CHILDREN_FIRST_IN_TREE=true
PARENT_CHILD_NODE_1_ADDITIONAL_SEARCH_FILTER=(objectClass=user)
PARENT_CHILD_NODE_1_CHECK_GRANDCHILDREN=true
PARENT_CHILD_NODE_1_SHOW_ALL_OBJECTS_IN_TREE=false

Example 2, nested groups

PARENT_CHILD_NODE_1_NAME=NestedGroups
PARENT_CHILD_NODE_1_PARENT_ATTRIBUTE=memberOf
PARENT_CHILD_NODE_1_PARENT_MATCH_ATTRIBUTE=distinguishedName
PARENT_CHILD_NODE_1_CHILD_ATTRIBUTE=member
PARENT_CHILD_NODE_1_CHILD_MATCH_ATTRIBUTE=distinguishedName
PARENT_CHILD_NODE_1_SEARCH_BASE=dc=company,dc=local
PARENT_CHILD_NODE_1_DISPLAY_ADDITIONAL_ATTRIBUTES=cn,description
PARENT_CHILD_NODE_1_TREE_NODE_ATTRIBUTE=cn
PARENT_CHILD_NODE_1_TREE_NODE_SORT_ATTRIBUTE=department
PARENT_CHILD_NODE_1_PLACE_LEAF_CHILDREN_FIRST_IN_TREE=false
PARENT_CHILD_NODE_1_ADDITIONAL_SEARCH_FILTER=(|(&(objectClass=group)(member=*))(objectClass=user))
PARENT_CHILD_NODE_1_CHECK_GRANDCHILDREN=true
PARENT_CHILD_NODE_1_SHOW_ALL_OBJECTS_IN_TREE=false