6.18 Placement - Publisher By Dept

This rule places objects from one container in the data store into multiple containers in the Identity Vault based on the value of the OU attribute. Implement the rule on the Publisher Placement policy in the driver.

There are two steps involved in using the predefined rules: creating a policy in the Placement policy set, and importing the predefined rule. If you already have a Placement policy that you want to add this rule to, skip to Importing the Predefined Rule.

6.18.1 Creating a Policy

  1. Open the Identity Manager Driver Overview for the driver you want to manage.

  2. Click the Placement Policy object on the Publisher channel.

  3. Click Insert.

  4. Name the policy, make sure to implement the policy with the Policy Builder, then click OK.

    The Rule Builder is launched.

  5. Continue with Section 6.18.2, Importing the Predefined Rule.

6.18.2 Importing the Predefined Rule

  1. In the Rule Builder, click Insert.

  2. Select Placement - Publisher By Dept.

    Placement - publisher by dept

  3. To edit the rule, click Placement - Publisher By Dept.

  4. Delete [Enter DN of destination Organization] from the Enter String field.

  5. Click the Edit Arguments icon to launch the Argument Builder.

  6. Select Text in the Noun list, then click Add.

  7. In the Editor, click the browse button, then browse to and select the parent container in the Identity Vault. Make sure all of the department containers are child containers of this DN, then click OK.

  8. Click OK.

6.18.3 How the Rule Works

This rule places User objects in the correct department containers depending upon what value is stored in the OU attribute. If a User object needs to be placed and has the OU attribute available, then the User object is placed in the dest-base\value of OU attribute\CN attribute.

The dest-base is a local variable. The DN must be the relative root path of the department containers. It can be an organization or an organizational unit. The value stored in the OU attribute must be the name of a child container of the dest-base local variable.

The value of the OU attribute must be the name of the child container. If the OU attribute is not present, this rule is not executed.

The CN attribute of the User object is the first two letters of the Given Name attribute plus the Surname attribute as lowercase. The rule uses slash format.