Update LDAP DN in provisioning rule (LDAP Connector)

OS111 · January 12, 2024, 7:55pm

Hi,

The goal is to change the DN of the LDAP account when the disable operation is triggered, similar to the post describing AD account moves:

Best Practices: Active Directory Account Moves - Compass (sailpoint.com)

However, in order to change the DN in LDAP, the attributes newrdn, deleteoldrdn and newsuperior need to be specified. Reference: LDIF(5) (openldap.org)

Can this be achieved with an attribute request, similar to the “AC_NewParent” attribute?
In this case, using an attribute request for all 3 attributes above?

Example:

accountRequest.add(new AttributeRequest("newsuperior", ProvisioningPlan.Operation.Set, "ou=disabled,dc=example,dc=com"));
accountRequest.add(new AttributeRequest("deleteoldrdn", ProvisioningPlan.Operation.Set, 0));

I would also appreciate to know any prerequisites needed for the execution of this task and any important considerations.

Thanks in advance.

RAKGDS · February 26, 2024, 5:00pm

Hi Octavio,
Thank you for your post. I dont think the move of DN is supported for LDAP connector.

Thanks

system · April 26, 2024, 5:01pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
LDAP Account Move during provisioning (LDAP Connector) ISC Discussion and Questions identity-security-cloud , provisioning	9	219	April 13, 2024
AD before provisioning rule to move OU on disable ISC Discussion and Questions identity-security-cloud	1	1051	July 19, 2023
OpenLDAP enable/disable account ISC Discussion and Questions	3	2620	July 19, 2023
AD before provisioning rule ISC Discussion and Questions	5	2601	July 19, 2023
LDAP Change DN and Delete ISC Discussion and Questions identity-security-cloud	4	355	July 3, 2023

Update LDAP DN in provisioning rule (LDAP Connector)

Related Topics