Microsoft Identity Integration Server 2003 Developer Reference |
One common conflict in joining attributes from different management agents into one metaverse object is that occasionally the attribute on which they are joined is incorrect. This results in the connector space object being joined to the wrong metaverse object. This section describes a technique to detect such a conflict and correct an incorrect join based on incorrect attributes.
For example, suppose the user accounts in Active Directory have an employeeID attribute set. Accounts are joined using the employeeID attribute. Sometimes a mistake is made and the account has an incorrect employeeID, which results in it being joined with the wrong metaverse object. The following example illustrates how to solve this problem.
The following example shows how to use a management agent rules extension to determine whether the employeeID attribute differs between the connector space object and the metaverse object. If they differ, an incorrect join might have happened. You can correct an incorrect join by disconnecting the connector space object, therefore making it available again for joining the next time the management agent runs.
Public Sub MapAttributesForImport( _ ByVal FlowRuleName As String, _ ByVal csentry As CSEntry, _ ByVal mventry As MVEntry) _ Implements IMASynchronization.MapAttributesForImport Select Case FlowRuleName Case "cd.user:employeeID->mv.person:comment" If mventry("employeeID").IsPresent Then If Not csentry("employeeID").Value.Equals(mventry("employeeID").Value) Then Utils.TransactionProperties.Add("ma-employeeID-changed", _ csentry.MA.Name) End If End If Case Else Throw New EntryPointNotImplementedException End Select End Sub
void IMASynchronization.MapAttributesForImport( string FlowRuleName, CSEntry csentry, MVEntry mventry) { switch(FlowRuleName) { case "cd.person:employeeID->mv.person:employeeID": { if(mventry["employeeID"].IsPresent) { if(!csentry["employeeID"].Value.Equals(mventry["employeeID"].Value)) { Utils.TransactionProperties.Add("ma-employeeID-changed", csentry.MA.Name); } } break; } default: { throw new EntryPointNotImplementedException(); } } }
The following example shows how to use a metaverse rules extension to deprovision any metaverse object with an incorrect join:
Public Sub Provision(ByVal mventry As MVEntry) Implements IMVSynchronization.Provision Dim changedMA As String changedMA = Utils.TransactionProperties("ma-employeeID-changed") If Not changedMA Is Nothing Then mventry.ConnectedMAs(changedMA).Connectors.DeprovisionAll() End If End Sub
void IMVSynchronization.Provision(MVEntry mventry) { string changedMA = (string)Utils.TransactionProperties["ma-employeeID-changed"]; if(null != changedMA) { mventry.ConnectedMAs[changedMA].Connectors.DeprovisionAll(); } }