I am using the below transform in the create provisioning policy. Syntactically, it is correct and not throwing any error during execution. But, it is not working as expected. It should pass a blank value on not meeting the if condition.
@ashish_kumar3284 Can you show an example of a user where the employeeType is âinternal-primaryâ and the manager is not set to null? Can this logic be added to the managerDN transform so that the provisioning policy is just a direct Identity Attribute mapping?
Manager is getting set in both cases. We want the managerâs value should not to be set in the negative condition.
No, logic could not be added to âmanagerDNâ transform as we want to populate manager value on Identity but donât get synced with the application.
Yes, it is working for the positive condition. During the negative condition, the manager is being set as it is being set during the positive condition.
That tells me that the condition is always true. Either your input data always has the emplType of internal-primary, or there is some kind of syntax error in your code.
Try these two tests:
Set the output of your value to $emplType instead of $managerDn to see what value for emplType you are testing. This will verify whether you are actually testing the negative condition for emplType or if you are always getting a value of internal-primary.
The only difference that I can see between your code and Edwardâs code is that Edward put spaces between his equal signs. I doubt that is an issue, but maybe this is resulting in an always true evaluation.
I have tested the same transform in the Identity mappings and it is working flawlessly. I was able to test both conditions and got the results same as Edwardâs. But, the same transform is not working in the provisioning policy.
I tested the following code in one of my CREATE provisioning policies. The conditional will work, however it requires the negativeCondition to have a value and it cannot just be null.
With that being said the second method with a static transform worked in my provisioning policy. I tested it with static values instead of identityAttributes to simplify things. When I set the emplType to internal-primary, I got back the result DNName and any other value returned null. If youâre always getting back the positiveCondition I would agree with @colin_mckibben in that the emplType is always equal to internal-primary.