NSD1207 How to configure search view using policies in Identity Manager
Fact
Identity Manager 4
Situation
The search view of the Identity Manager can be configured using policies. This way the customer can modify the searches and also have different searches available for different users / roles.
Solution
The search view of Identity Manager can be dynamically modified by policies. The policies should be in the format of:
SEARCH_TYPE_aUniqueName=sort|1,displayName|My Search,attribute|attribDisplayName,attribute2|attribDisplayName2,filter|(objectClass=customObjectClass)
sample:
SEARCH_TYPE_USER=sort|1,displayName|User,uid$samaccountname$cn|UserID,givenName|Givenname,sn|Surname,telephoneNumber|Telephone,mail|Mail,mobile|Mobile,filter|(|(objectClass=inetOrgPerson)(objectClass=user))
The policy above will add a search alternative as number one in the list of searches and the display name of "User". The attributes available for search will be:
UserID – the filter will be (|(uid=whatTheUserEnterAsID)(samaccountname=whatTheUserEnterAsID)(cn=whatTheUserEnterAsID))
Givenname – the filter will be (givenName=whatTheUserEnterAsGivenname)
Surname – the filter will be (sn=whatTheUserEnterAsSurname)
Telephone – the filter will be (telephoneNumber=whatTheUserEnterAsTelephone)
Mail – the filter will be (mail=whatTheUserEnterAsMail)
Mobile – the filter will be (mobile=whatTheUserEnterAsMobile)
Also to all searches the additional filter "(|(objectClass=inetOrgPerson)(objectClass=user))" will be added.
Each attribute can also be configured with a search type (contains,startsWith, endsWith), like:
uid$samaccountname$cn|UserID|searchType|contains
will add the filter:
(|(uid=*whatTheUserEnterAsID*)(samaccountname=*whatTheUserEnterAsID*)(cn=*whatTheUserEnterAsID*))
Note: This was added to IM version 4.0.8704
The standard search could be set by adding the following policies:
SEARCH_TYPE_USER=sort|1,displayName|User,uid$samaccountname$cn|UserID,givenName|Givenname,sn|Surname,telephoneNumber|Telephone,mail|Mail,mobile|Mobile,filter|(|(objectClass=inetOrgPerson)(objectClass=user))
SEARCH_TYPE_OU=sort|2,displayName|Organization,o$ou|Name,description|Description,telephoneNumber|Telephone,filter|(|(objectClass=organization)(objectClass=organizationalUnit))
SEARCH_TYPE_CONTACT=sort|3,displayName|Contact,givenName|Givenname,sn|Surname,mail|Mail,filter|(objectClass=contact)
SEARCH_TYPE_ROLE=sort|4,displayName|Role,cn|Name,description|Description,filter|(&(|(objectClass=role)(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))
SEARCH_TYPE_COMPUTER=sort|5,displayName|Computer,cn|Name,description|Description,filter|(objectClass=computer)
SEARCH_TYPE_LDAPFILTER=sort|6,displayName|LDAP Filter,|LDAP Filter
To add the policy, open PolicyManager and add manual policy, enter the policy name, sample "SEARCH_TYPE_USER", and the value, sample "sort|1,displayName|User,uid$samaccountname$cn|UserID,givenName|Givenname,sn|Surname,telephoneNumber|Telephone,mail|Mail,mobile|Mobile,filter|(|(objectClass=inetOrgPerson)(objectClass=user))".
So, with this two similar searches can be created, with different name and filter:
SEARCH_TYPE_USER1=sort|1,displayName|User – Internal,uid$samaccountname$cn|UserID,givenName|Givenname,sn|Surname,telephoneNumber|Telephone,mail|Mail,mobile|Mobile,filter|(&(|(objectClass=inetOrgPerson)(objectClass=user))(department=internal))
SEARCH_TYPE_USER2=sort|2,displayName|User – External,uid$samaccountname$cn|UserID,givenName|Givenname,sn|Surname,telephoneNumber|Telephone,mail|Mail,mobile|Mobile,filter|(&(|(objectClass=inetOrgPerson)(objectClass=user))(department=external))
Disclaimer
The origin of this information may be internal or external to Nordic Edge™. Nordic Edge™ makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Nordic Edge™ makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.
Nordic Edge Support – www.nordicedge.se
