Mapping Manager DN in a Provisioning Policy
Below is a helpful little script that makes it possible for a provisioning policy (in this case AD) to map the correct DN for a manager:
/*AD Manager*/
var adDN = '';
var myServiceDN = service.dn;
var mySupvDN = subject.getProperty('manager');
if (mySupvDN != null && mySupvDN.length >0){
mySupvDN = mySupvDN[0];
var globalid = mySupvDN.substring(mySupvDN.indexOf("=")+1,mySupvDN.indexOf(","));
var myPersonSearch = new PersonSearch();
var searchResult1 = myPersonSearch.searchByFilter("Person","(erglobalid="+globalid+")", 2);
if (searchResult1 != null && searchResult1.length > 0) {
var mySupv = new Person(mySupvDN);
var supvUID = mySupv.getProperty('uid');
if ((supvUID != null) && (supvUID.length > 0)){
supvUID = supvUID[0];
var myAccountSearch = new AccountSearch();
var mySupvAccountList = myAccountSearch.searchByUid(supvUID, myServiceDN);
if (mySupvAccountList!=null && mySupvAccountList.length > 0) {
mySupvAccount = mySupvAccountList[0];
var adDN = mySupvAccount.getProperty("eraddistinguishedname");
if (adDN !=null && adDN.length >0) {
adDN = adDN[0];
return adDN;
}
}
}
}
}
Here is a list of steps that are being taken by this script to return the AD DN of the manager: Read more
