Update LDAP DN in provisioning rule (LDAP Connector)


The goal is to change the DN of the LDAP account when the disable operation is triggered, similar to the post describing AD account moves:

Best Practices: Active Directory Account Moves - Compass (sailpoint.com)

However, in order to change the DN in LDAP, the attributes newrdn, deleteoldrdn and newsuperior need to be specified. Reference: LDIF(5) (openldap.org)

Can this be achieved with an attribute request, similar to the “AC_NewParent” attribute?
In this case, using an attribute request for all 3 attributes above?


accountRequest.add(new AttributeRequest("newsuperior", ProvisioningPlan.Operation.Set, "ou=disabled,dc=example,dc=com"));
accountRequest.add(new AttributeRequest("deleteoldrdn", ProvisioningPlan.Operation.Set, 0));

I would also appreciate to know any prerequisites needed for the execution of this task and any important considerations.

Thanks in advance.

Hi Octavio,
Thank you for your post. I dont think the move of DN is supported for LDAP connector.