We have a requirement to display the user's thumbnail image on their AD profile (Picture) on the self-service profile page. Can this be done? Is it mapped like any other attribute in AD?

Thanks,

Gerald

Hi,

I am working with a customer to put their AD groups into IT Shop & have come across an issue that I had not considered before.   In AD users and groups I can see that some groups are managed by other AD groups rather than an AD user account.

This is perfectly legal in AD.   However, our mapping connects the managedBy AD property to uid_ADSAccountManager (via a search of the FK table ADSAccount for the DN) so, when the managedBy is a group, our Manager parameter in the ADSGroup object is NULL

The knock on effect is that the product owner is not set in IT Shop.

This must have been encountered before.   Has anyone got any suggestions as to the best way to handle this ?

Thanks

Jon.

Hi Community, long time no see...

I've got a question for you which is resulting based upon my "weird" scenario:

Our customer does have a bunch of systems that are managed manually but they do want to reconcile the data with Q1IM based upon CSV files. So we implemented an import that is mapping user accounts, entitlements and entitlement assignements into the UNS namespace leveraging one UNSRoot per manual system. So far, so good. Now the challenge is: if a new manual system does appear in the import file, we'd like to create a new UNSRoot for that new manual system, stuffed with an user accounts resource that is available through IT Shop.

Now here's the issue: when creating the user account resource, we're getting the following error message:

Detailed Error Message: Resources: Write permission denied for value "Path".

This is the script code which we built to create the UNS Root including the user account resource:

''' <summary>

        ''' Procedure to handle the resource of an manual resource import

        ''' </summary>

        ''' <param name="Resource">Teh resource to be handled</param>

        ''' <param name="Log">the log file</param>

        ''' <remarks></remarks>

        Private Sub XXX_Import_ManualResources_HandleResource(ByVal Resource As String, ByVal Log As String)

            Dim UNSRoot As ISingleDbObject = Nothing

            Dim f As ISqlFormatter = Connection.SqlFormatter

            Dim AccountResource As ISingleDbObject = Nothing

            Dim AccProduct As ISingleDbObject = Nothing

            Dim AccProductGroup As ISingleDbObject = Nothing

            Dim ITShopOrg As ISingleDbObject = Nothing

            Dim ITShopOrgHasResource As ISingleDbObject = Nothing

            Try

                'check existence of UNSRoot

                If Not Connection.Exists("UNSRoot", f.AndRelation(f.Comparison("Ident_UNSRoot", Resource, ValType.String, CompareOperator.Equal), f.Comparison("XXX_IsManualResource", True, ValType.Bool, CompareOperator.Equal))) Then

                    'create new UNSRoot for Resource

                    VID_Write2Log(Log, String.Format("Detected new resource {0}.", Resource))

                    UNSRoot = Connection.CreateSingle("UNSRoot")

                    UNSRoot.PutValue("Ident_UNSRoot", Resource)

                    UNSRoot.PutValue("DisplayName", Resource)

                    UNSRoot.PutValue("XXX_IsManualResource", True)

                    UNSRoot.PutValue("Description", "Automatically created by manual resource reconciliation")

                    'UNSRoot.Save()

                    'VID_Write2Log(Log, String.Format("Resource {0} created", Resource))

                    'create user account resource

                    AccountResource = Connection.CreateSingle("Ressource")

                    AccountResource.PutValue("Ident_Ressource", String.Format("Resource Access {0}", Resource))

                    AccountResource.PutValue("IsAccountRessource", True)

                    AccountResource.PutValue("ConnectionPath", Resource)

                    AccountResource.PutValue("ConnectionTable", "UNSAccount")

                    AccountResource.PutValue("DefaultManageLevel", "1")

                    'create AccProduct

                    AccProduct = Connection.CreateSingle("AccProduct")

                    AccProduct.PutValue("Ident_AccProduct", String.Format("Resource Access {0}", Resource))

                    'create Service Category

                    If Not Connection.Exists("AccProductGroup", f.AndRelation(f.Comparison("Ident_AccProductGroup", Resource, ValType.String, CompareOperator.Equal), f.Comparison("UID_AccProductGroupParent", Connection.GetSingleProperty("AccProductGroup", "UID_AccProductGroup", f.Comparison("Ident_AccProductGroup", "Manual Resources", ValType.String, CompareOperator.Equal)), ValType.String, CompareOperator.Equal))) Then

                        AccProductGroup = Connection.CreateSingle("AccProductGroup")

                        AccProductGroup.PutValue("Ident_AccProductGroup", Resource)

                        AccProductGroup.PutValue("UID_AccProductGroupParent", Connection.GetSingleProperty("AccProductGroup", "UID_AccProductGroup", f.Comparison("Ident_AccProductGroup", "Manual Resources", ValType.String, CompareOperator.Equal)))

                        AccProduct.Save()

                        'map AccProduct into ProductGroup

                        AccProduct.PutValue("UID_AccProductGroup", AccProductGroup.GetValue("UID_AccProductGroup"))

                    Else

                        AccProduct.PutValue("UID_AccProductGroup", Connection.GetSingleProperty("AccProductGroup", "UID_AccProductGroup", f.AndRelation(f.Comparison("Ident_AccProductGroup", Resource, ValType.String, CompareOperator.Equal), f.Comparison("UID_AccProductGroupParent", Connection.GetSingleProperty("AccProductGroup", "UID_AccProductGroup", f.Comparison("Ident_AccProductGroup", "Manual Resources", ValType.String, CompareOperator.Equal)), ValType.String, CompareOperator.Equal))))

                    End If

                    'save AccProduct

                    AccProduct.Save()

                    AccountResource.PutValue("UID_AccProduct", AccProduct.GetValue("UID_AccProduct"))

                    AccountResource.PutValue("IsForITShop", True)

                    AccountResource.Save()

                    'save UNSRoot with AccountResource

                    UNSRoot.PutValue("UID_AccountRessource", AccountResource.GetValue("UID_Ressource"))

                    UNSRoot.Save()

                    VID_Write2Log(Log, String.Format("Resource {0} created", Resource))

                    'create Shop

                    If Not Connection.Exists("ITShopOrg", f.AndRelation(f.Comparison("ITShopInfo", "BO", ValType.String, CompareOperator.Equal), f.Comparison("Ident_Org", Resource, ValType.String, CompareOperator.Equal), f.Comparison("UID_ParentITShopOrg", Connection.GetSingleProperty("ITShopOrg", "UID_ITShopOrg", f.AndRelation(f.Comparison("Ident_ITShopOrg", "XXX", ValType.String, CompareOperator.Equal), f.Comparison("ITShopInfo", "SH", ValType.String, CompareOperator.Equal))), ValType.String, CompareOperator.Equal))) Then

                        ITShopOrg = Connection.CreateSingle("ITShopOrg")

                        ITShopOrg.PutValue("Ident_Org", Resource)

                        ITShopOrg.PutValue("ITShopInfo", "BO")

                        ITShopOrg.PutValue("UID_ParentITShopOrg", Connection.GetSingleProperty("ITShopOrg", "UID_ITShopOrg", f.AndRelation(f.Comparison("Ident_ITShopOrg", "XXX", ValType.String, CompareOperator.Equal), f.Comparison("ITShopInfo", "SH", ValType.String, CompareOperator.Equal))))

                        ITShopOrg.Save()

                        'put resource in shop

                        ITShopOrgHasResource = Connection.CreateSingle("ITShopOrgHasRessource")

                        ITShopOrgHasResource.PutValue("UID_ITShopOrg", ITShopOrg.GetValue("UID_ITShopOrg"))

                        ITShopOrgHasResource.PutValue("UID_Ressource", AccountResource.GetValue("UID_Ressource"))

                        ITShopOrgHasResource.Save()

                    Else

                        'put resource in Shop

                        ITShopOrgHasResource = Connection.CreateSingle("ITShopOrgHasRessource")

                        ITShopOrgHasResource.PutValue("UID_ITShopOrg", Connection.GetSingleProperty("ITShopOrg", "UID_ITShopOrg", f.AndRelation(f.Comparison("ITShopInfo", "BO", ValType.String, CompareOperator.Equal), f.Comparison("Ident_Org", Resource, ValType.String, CompareOperator.Equal), f.Comparison("UID_ParentITShopOrg", Connection.GetSingleProperty("ITShopOrg", "UID_ITShopOrg", f.AndRelation(f.Comparison("Ident_ITShopOrg", "XXX", ValType.String, CompareOperator.Equal), f.Comparison("ITShopInfo", "SH", ValType.String, CompareOperator.Equal))), ValType.String, CompareOperator.Equal))))

                        ITShopOrgHasResource.PutValue("UID_Ressource", AccountResource.GetValue("UID_Ressource"))

                        ITShopOrgHasResource.Save()

                    End If

                End If

            Catch ex As Exception

                Throw ex

            Finally

                'freeing up memory resources

                UNSRoot = Nothing

                f = Nothing

                AccountResource = Nothing

                ITShopOrg = Nothing

                ITShopOrgHasResource = Nothing

                AccProduct = Nothing

                AccProductGroup = Nothing

            End Try

        End Sub

I just replaced our customer prefix using XXX.

So what would be the best way to create a user account resource script based without experiencing error messages when setting the connection path and connection table?

Thanks

Carsten

Hi all,

The customer told they occasionally have some temporary contractors be changed to permanent employees. For those whose Person records are the same except the PersonnelNumber (unique identifier and key). OOTB Q1IM checks the PersonnelNumber if it is unique then creating a new employee in Person therefore a duplicate employee record being created. I wonder if there is a way that Q1IM could capture the Temp being converted to Perm before inserting new data into Person table. For instance, it performs a pre-condition check to determine if there is an existing match in the Person.

Is there anything i could do in "Linde condition". Please advise. Your suggestions or insights would be very helpful and truly appreciate. I have seen more and more requests from the customer for this.

Recently I've noticed that ADSGroup memberships between the Active Directory environment and IdentityManager are showing a larger disparity where membership removals in AD are not being detected and updated in IdentityManager even after a synchronization is run.  I've run multiple simulations with synchronizations running full synchronizations and just specific Object Types (Groups + ADSGroupMember).  These syncs always are set with IdentityManager as the slave system so group membership removals will be deleted and any new direct assignment membership will be updated in the IdentityManager Db. (see image)

The synchronization has failed consistently with errors as seen below for multiple Groups and Users.

tart processing objects /  relation of type "ADSGROUPMember" using following settings:

database amount : IGNORE,

intersection amount: UPDATEDB,

namespace amount: IMPORT - USN optimization False.

[854011] Error processing M:N relations of CN=\#Some DL,OU=Distribution Lists,OU=Location,OU=Location Data Center,OU=NA,DC=1234,DC=net in database.

[921056] Error inserting relation CN=Some Group,OU=Groups,OU=Contacts,OU=NA,DC=1234,DC=net - CN=\#Covidien Sales Force.com Support,OU=Distribution Lists,OU=Mansfield01,OU=Mansfield Data Center,OU=NA,DC=thcg,DC=net into database table ADSAccountInADSGroupTotal.

[854041] No relation definition exists for object type publicFolder in relation block ADSGROUPMember .

[854011] Error processing M:N relations of CN=\#Some DL1,OU=Distribution Lists,OU=Location,OU=LocationData Center,OU=NA,DC=1234,DC=net in database.

[921056] Error inserting relation CN=Some User,OU=Misc,OU=Contacts,OU=NA,DC=1234,DC=net - CN=\#Some DL3,OU=Distribution Lists,OU=Location,OU=LocationData Center,OU=NA,DC=1234,DC=net into database table ADSAccountInADSGroupTotal.

[854011] Error processing M:N relations of CN=\#Some other DL,OU=Distribution Lists,OU=Location2,OU=Location2 Data Center,OU=NA,DC=1234,DC=net in database.

[921056] Error inserting relation CN=Some User,OU=Misc,OU=Contacts,OU=NA,DC=1234,DC=net - CN=\Some DL 3,OU=Distribution Lists,OU=Location2,OU=Location2 Data Center,OU=NA,DC=1234,DC=net into database table ADSAccountInADSGroupTotal.

Has anyone encountered a similar issue with sychronizations?  This disparity is causing owners to be unable to manage their groups and put additional pressure on the call center .

We are using DGE Locally Managed Agent on Windows Server. The Managed Host is configured with following settings:

- Resource Activity Tracking is NOT enabled

- With Security Index Roots are configured

- What information does the DGE Agent stores in DataGovernanceAgentService@NTFS.SSDB (Agent Store)?

- How frequently does information in this files gets updated by Agent?

- Does this information is stored on DB (Q1IM or DGE Activity)

- Do we need to perform any house-keeping for these SSDB/SYDB/LGSDB files?

Appreciate your advice

Hey everyone...  we're busy with the launch but wanted to share this list with you in the meantime to give you an idea of what we just released!

Updated list of upcoming Version 6:

Legacy Reports:

Account Access

Account Activity

Active Directory User Account and Group Distribution Summary

ActiveDirectory Data Quality Summary

Actual Status of License Group

Application Role Historical Memberships

Attestation Business Role Overview

Attestation Cost Center Overview

Attestation Department Overview

Attestation Location Overview

Attestation System Role Overview

Business Role Historical Memberships

Categorized Data Location

Comparison of working copy and running version of a company policy

Comparison of working copy and running version of a compliance rule

Compliance Framework Detail

Compliance Framework Overview

Compliance Framework Policy Overview

Compliance Group Overview

Compliance Rule Overview

Compliance Violations By Department

Cost center employee overview

Cost Center Historical Memberships

Data Owners vs. Perceived Owners

Data Ownership Over Time

Department employee overview

Department Historical Memberships

Employee History Overview

Employee History Overview

Employee Overview

Employees with multiple user accounts per target system

Empty Groups

Exchange 2000 Mailbox Sizes for a Location

Group Members

Group Members Comparison

Interesting Resources

IT Shop Overview

LDAP Data Quality Summary

LDAP User Account and Group Distribution Summary

License Group Status after Inventory

Licenses per Organizational Unit

Local Rights and Service Identities

Location Historical Memberships

Lotus Notes Data Quality Summary

Lotus Notes Mailbox Sizes for a Location

Lotus Notes User Account and Group Distribution Summary

Member Of

Member Of Comparison

Number of Employee per Location

Number of Employees per Cost Center

Number of Employees per Department

Orphaned User Accounts Across All Systems

Overview of Application Role Members

Overview of outstanding orders by product group

Perceived Owners for Governed Data

Policy Group Overview

Policy Overview

Production Cost Accounting

Products for approval

Q1IM Reporting Template Landscape incl. parameters

Q1IM Reporting Template Portrait incl. parameters

Resource Access

Resource Activity

Rule violations

Rule Violations (Roles)

Rule Violations (System Roles)

Rule violations with SAP roles

Rule violations with SAP transactions

SAP R/3 Data Quality Summary

SAP R/3 User Account and Group Distribution Summary

Summary of Employee Data Set Quality

System Entitlement Historical Memberships

System Entitlement Overview

Target status of License Group

Unified Namespace Data Quality Summary

Unified Namespace User Account and Group Distribution Summary

Unused Groups

Web Report Template

Window NT User Account and Group Distribution Summary

ITShop:

Attestation Business Role Overview

Attestation Cost Center Overview

Attestation Department Overview

Attestation Location Overview

Attestation System Role Overview

Comparison of working copy and running version of a compliance rule

Compliance Framework Overview

Compliance Framework Policy Overview

Compliance Group Overview

Compliance Rule Overview

Compliance Violations By Department

Cost center employee overview

Department employee overview

Employee Overview

Overview of Application Role Members

Policy Group Overview

Policy Overview

System Entitlement Overview

Hello, in our environment we have employees with multiple AD accounts linked to their person record. When we fire templates on an employee whose manager has multiple AD accounts linked the correct account appears as the manager (UID_PersonHead@Person) on the person record but the incorrect account appears on the ADS Account (UID_ADSAccountManager@ADSAccount). I have provided the custom scripts that we have in Designer. It may be something simple that I am just over looking, any help would be appreciated. Thank you

ADSACCOUNT Table UID_ADSAccountManager Column

Dim f as ISqlFormatter=connection.SqlFormatter

SelectCase ($ManageLevel:Int$)

      Case0:'Unmanaged (do not get data from employee)

      Case1:'Managed (fill all possible fields about employee)

                  Value = connection.GetSingleProperty("ADSAccount", "UID_ADSAccount", f.Comparison("UID_Person", $FK(UID_Person).UID_PersonHead$, valtype.string)) 

      CaseElse:'Unspecified manage level

            ThrowNew ViException(#LD("Non specified manage level: {0}", $ManageLevel:Int$)#)

EndSelect

Person table UID_PERSONHEAD Columns

Value=$FK(UID_Department).UID_PersonHead$

Thanks,

Jim

Gurus,

I am back again with another one of those custom script questions. It seems that one of my Quest engineers is on vacation and the other is on the first week of an engagement so I have no idea when they might be able to help me. The problem I have now is that in my Development lab, none of the Person records have a Manager assigned to them. I know that the ADSAccount table is storing the user's manager in the UID_ADSAccountManager field and 90% of the accounts have a manager assigned. The problem is that the value for the manager is not being stored in the Person table and I have no idea why. Much like my other problems, this same symptom does not appear in the PRD database which was almost entirely created by Quest engineers. Yet, I would think that if we transported all changes from one system to the other, the code would still work.

Here is what I do know. We have two custom scripts that are all about user records. The first one is QC1_PersonAuto_ADS which basically delivers the users from ADSAccount, filters the accounts we are not interested in and then puts the remainder in Person table. This particular one is connected to the ADS/EX2K_ADSAccount_Insert/Update process. Then, we have a QC1_AD_Department_Import file that basically looks at one of our custom AD Attribs and populates the Department field. Lastly, there is a QC1_UpdatePersonDepartment_FromADS which serves the purpose of assigning the user to the department to which they belong. These scripts all seem to work and the values are there but the Manager is not populated.

We also have a script called QC1_PersonUpdate_ADS but it currently does not appear to be linked to any schedule or process plan.There is a possibility that this is the script that needs to be run to populate manager, I do see a section in the code that says this:

VID_PutValueSafe(Person, "UID_PersonHead", Connection.GetSingleProperty("ADSAccount", "UID_Person", f.Comparison("UID_ADSAccount", Account.GetValue("UID_ADSAccountManager").String, ValType.String)).String)

Is this setting the Manager property for UID_PersonHead? If so, I need ot figure out how to get this script put into a process. I tried setting one up to do so but the other import process have some ParameterValue0, 1 and 2 set for different things and I am not sure what parameters I would want to set in these values to ensure that the data is properly imported.

Accordnig to what I have in the comments of the code mentioned above, this script ovverides the VI_PersonUpdate_ADS function. So if I were to set this script in the orchestration with the same parameters as the VI_PersonUpdate_ADS function, would it populate the proper values when orchestrated?

I know this is a huge and funky question but my knowledge of coding is very limited.

The following code used in the template of UID_ADSaccountManager and occasionally threw very odd exception showing in the screen. If I commented out the highlights then it works fine. I could not see what could be the cause in the template. Can anyone please help me on troubleshooting? Thank you in advance!

Dim f As ISqlFormatter = Connection.SqlFormatter

If CBool(Connection.Variables.Get("FULLSYNC")) = False Then

     Select Case ($ManageLevel:Int$)

        Case 0:'Unmanaged (do not get data from employee)

        Case 1:'Full-Managed (fill all possible fields about employee)

         If $FK(UID_Person).IsInActive:Bool$ And $AccountDisabled:Bool$ Then

    Value = String.Empty  

   Else

    If $UID_ADSAccountManager$.Length = 0 Then

     If $FK(UID_Person).UID_PersonDeputySecond$ <> "" Then

      Value = Connection.GetSingleProperty("ADSAccount", "UID_ADSAccount", _

        f.AndRelation( _

         f.Comparison("AccountDisabled", False, ValType.Bool, CompareOperator.Equal), _

         f.Comparison("UID_Person", $FK(UID_Person).UID_PersonDeputySecond$, ValType.String, CompareOperator.Equal), _

         f.Comparison("IsPreferredAccount", True, ValType.Bool, CompareOperator.Equal))).ToString()

     Else

      Value = Connection.GetSingleProperty("ADSAccount", "UID_ADSAccount", _

        f.AndRelation( _

         f.Comparison("AccountDisabled", False, ValType.Bool, CompareOperator.Equal), _

         f.Comparison("UID_Person", $FK(UID_Person).UID_PersonHead$, ValType.String, CompareOperator.Equal), _

         f.Comparison("IsPreferredAccount", True, ValType.Bool, CompareOperator.Equal))).ToString()    

     End If

   Else

     If $FK(UID_ADSAccountManager).UID_Person$.Equals($FK(UID_Person).UID_PersonDeputySecond$) Then

      Value = $UID_ADSAccountManager$

     Else

      If $FK(UID_Person).UID_PersonDeputySecond$ <> "" Then 

       Value = Connection.GetSingleProperty("ADSAccount", "UID_ADSAccount", _

         f.AndRelation( _

          f.Comparison("AccountDisabled", False, ValType.Bool,CompareOperator.Equal), _

          f.Comparison("UID_Person", $FK(UID_Person).UID_PersonDeputySecond$, ValType.String, CompareOperator.Equal), _

          f.Comparison("IsPreferredAccount", True, ValType.Bool, CompareOperator.Equal))).ToString()

      End If

     End If   

    End If  

   End If

        Case Else:

            Throw New ViException(#LD("The manage level is unknown.")#)

    End Select

End If

Hi everyone.

At this time I would like to ask you for some advice or best practices. The story goes like this: If someone changes their name (last name after getting married for example) he or she also wants to change his or her identity. For example if Macy Lennon gets married and becomes Macy Gray , she also wants to change her identity in information systems (First name, Last name, Active directory user name and email address) from macy.lennon to macy.gray. We presume that each person gets username like firstname.lastname and username and we are talking just about Active directory username and Exchange e-mail address. Now we want that his/her old AD user account becomes unavailable for reuse. It means that no one could ever get the same username again. If another Macy Lennon comes after »the old one« (who is now Macy Gray), we have to provide that she would not get the username and e-mail address macy.lennon, but macy.lennon1 for example.

Do you have any experience how to solve this problem in Q1IM? What would be you best practice? Rename the old (existing) username to macy.gray and then create additional username in Active Directory called macy.lennon and disable it? Is there any setting in Q1IM that prevents user name reuse?

Thanks for your opinion and help.

Hello

Currently I am triggering a script to run on some actions around UNSAccountB.  However, it looks like I have a requirement to grab the IT Shop request number at this point as well to pass into my script.  How would I access this from the UNSAccountB level?  It looks like I can't trace back any action on UNSAccountB to the request that it came from.

Thanks

Hi all,

I downloaded a few days ago a language pack for Q1IM.

This package contains CSV files (one per language) to translate the portal.

What should I do to import it ?

Thanks for your help,

Steph.

Hi,

I try to use the "CP - Calculated group of approvers" procedure.

First I try to select the manager of the "UID_PersonOrdered" person with the condition below:

select *

from Person

where UID_Person in

(

          select UID_PersonHead

          from Person

          where UID_Person = '@UID_PersonOrdered'

)

But the request was aborted with the following reason: "Approval decided by the system, no approver available."

This is why I suppose my condition is not correct.

Does anyone see the error?

Regards,

Serge

Our current Q1IM 6.1.1 implentation has Person contractor records that required an expiration date prior to our enabling of Employee/Manager attestation.  As we have enabled the Attestation policy for this subset of users I would like to run a script or query to find all records that have gone through the Attestation policy and remove their expiration as we will know that the user has been certified by someone once they have successfully been attested to.  I am unable to correlate the Person record to the AttestationCase table to discover which contractor records have had an attestation performed against them.  Has anyone encountered a similar situation and devised a solution?

Another possibility is to take the DateHead value and use the DateAdd function to add the number of days until the next Attestation schedule begins and pipe that to the Account Expiration value via a template.  As I have been unable to correlate the two datasets together, I have not been able to devise a solution for displaying the expiration value accurately.

Any help would be greatly appreciated.

Hi All,

Please let us know if anyone has an idea on the components involved to enable the password synchronization of user accounts from AD to Q1IM DB?

Note: We are looking at a scenario where a user changes password through ctrl+alt+del in the workstation due to which the password is updated in AD directly. We need the passwords to be synced back to Q1IM DB so that the new password is propagated to the other connected target systems (LDAP, etc)

Thanks,

Priya

Hi,

I'am using a script that inserts objects in PersonWantsOrg table and I run sometimes a following exception:

[810008] Could not save object Request procedures ("PersonName" - 02/13/2014 16:07:48).
[881173] This employee is not authorized to place an request here. (Possibly wait for the DBScheduler evaluation)

Actually I'am working on two environments, and this exception is generated only on one of them althought the procedures are the same...

Could you please help me to understand a cause of this issue?

Regards,

Anton

Hi all,

Within the Web Designer I want to create a menu called "White pages".

This menu won't need any submenu since the only page is the White pages.

Am I forced to create a submenu to be sure that the main menu is appearing on the web page ?

The screenshot below shows my tree in the WebDesigner with two menu items pointing to the same page

and below the result in the web app

When I remove the submenu in the Web Designer, the whole menu disapear.

=> Is there a solution to display only the main menu ?

Thanks again you for your help !

Hi all,

Does anybody know if its possible to change the New user certification attestation policy to be able to use custom workflow instead of only "New user certifiation" approval polilcy? Thanks in advance!

Kenny

Hello all,

For current customer application group membership to work, the following attributes need to be written when assigning users to groups (see link for further details http://www.novell.com/support/kb/doc.php?id=10101120):

LDAP user:

-securityEquals

-groupMembership (this one already happens OOB)

LDAP group:

-EquivalentToMe

On the LDAP side, for this to happen (manually or by direct assignment), the following LDAP commands are run on group:

changetype: modify

add: equivalentToMe

equivalentToMe: cn=username,ou=users,etc...

and on the user:

changetype: modify

add: securityEquals

securityEquals: cn=groupname,ou=groups,etc...

Now in Q1IM, this relationship is created using the "LDAPAccountInLDAPGroup" table (and also UNSAccountInUNSGroup), and in the mapping definition, I can map LDAPAccountInLDAPGroup to the target system class "top" (where attributes equivalentToMe and securityEquals live). I can also map LDAP account directly to attribute securityEquals and LDAP group directly to equivalentToMe...but not sure if that's required or correct method???

Also, do I need to update the XYZ_LDAPAccountInLDAPGroup_Insert_SyncNS process to add these attributes to the corresponding sql record that is created for account in group (would require schema ext)...and then sync those over?...or is it something simpler than that like through a script where we can send parameter values over with a direct connection to LDAP?

Thanks always for any guidance!!!

Kenny