3 Replies Latest reply on Oct 29, 2008 11:35 AM by mrgui

    SafeBoot Connector with AD/LDAP null attribute...

      Our SafeBoot connector is reading certain attribute from AD server to group the users nicely... However, due to certain process, sometimes the attribute will be null or empty... Is any way for SafeBoot Connector to understand the null attribute? If I simply leave it empty, it's pretty much ignored...

        • 1. RE: SafeBoot Connector with AD/LDAP null attribute...
          Use a "default" group, for when no matches are found.

          Another option is to use a virtual directory, custom directory proxy rewrites, or metadirectory engine to build the data you need into your LDAP repository. You could then lookup a custom attribute, like "sbgroup", which could be dynamically populated as part of a nightly script.

          The only note on this is, that users do not get new settings if the Connector Manager moves them from one group to another. You would have to force the system to re-apply group configs to all users through a nightly or weekly scheduled task.
          • 2. thanks!
            default group:
            I kind of use "Create a new group with .... from attribute xyz..". So, I was hoping I can do a group mapping. i.e. The group name might change due to some reason regularly.

            virtual directory:
            I will check this with our AD support.

            in the end, I might just use default group but using a script as second stage update to change the group name...
            • 3. RE: thanks!
              By Virtual Directory, I don't mean folder, share point, or DFS. I mean a Virtual Directory services engine, which creates a real-time representation of information from various systems and presents it as a single entity. This technology normally even allows for data rewrites (like breaking first/last name into separate fields) and data hierarchy (like AD is a better resource for getting e-mail address, than HR database; while the PBX is more accurate for phone numbers than AD).

              Another technology you may want to look at, instead of a MetaDirectory service, you could look at products for Data Aggregation or Aggregation Engines.

              Hope that helps.