Provision Multi Valued attribute in OpenLDAP from Identity Attribute

acosson · March 24, 2025, 4:13pm

Hi folks,
We need to provision the departmentNumber in OpenLDAP as a multi-valued attribute.

Below is the current setup :

An identity attribute named “openldapDepartmentNumber”, which contains the expected format "Option 1, Option 2,Option 3
A source OpenLDAP on which the attribute “departmentNumber” has been set to “Multi-Valued” in Account Schema
A provisioning policy with the below JSON for attribute “departmentNumber” :

{
    "name": "departmentNumber",
    "transform": {
        "type": "identityAttribute",
        "attributes": {
            "name": "openldapDepartmentNumber"
        }
    },
    "attributes": {
    	"cloudDelimiter": ","
    },
    "isRequired": false,
    "type": "string",
    "isMultiValued": true
}

Attribute sync for “departmentNumber” is enabled and update is performed when identity data gets updated.

Current output is the attribute being provisioned as one string with separated valued, instead of being sent as multiple lines.

Anyhelp is much appreciated !

MVKR7T · March 24, 2025, 4:20pm

It should work.

Are you facing this issue while creating account or updating account or both ?

RAKRHEEM · March 24, 2025, 4:25pm

Hi Adrien,
Have you check the below link. Please let me know after following the below link you are not able to provision multivalued attribute in target.

https://community.sailpoint.com/t5/IdentityNow-Articles/Best-Practices-Provisioning-Multi-Valued-Attributes/ta-p/153748

acosson · March 24, 2025, 5:29pm

Hello Krishna,
It works on Account Creation.
I am trying on update now and will revert to you.

acosson · March 24, 2025, 5:46pm

Hi Rakesh,

It seems my implementation is working fine on Create, but sends a String on Update.
EDIT : I have read the provided document but there is no additional indication for managing the same during the Update.

RAKRHEEM · March 24, 2025, 6:17pm

@acosson : Can you please check this link. We can achieve this using a cloud rule

IIQUserOnCompass · March 24, 2025, 8:23pm

Such a fragmented approach to do essentially the same thing (attribute lands on the target object, regardless of create or update). …and…it’s been 18months+ since that post.

RAKRHEEM · March 25, 2025, 10:45am

Agreed @IIQUserOnCompass, I think the best option here to use a before Provisioning rule and make changes before provisioning

IIQUserOnCompass · March 25, 2025, 4:26pm

Yeah, agree. Unfortunately so.