This project has moved and is read-only. For the latest updates, please go here.

Value Declarations

A value declaration is a string used to compose an attribute value based on attributes present on a object being imported or exported from FIM.

Value declarations are strings containing attribute names enclosed in braces ({ }) as well as other static values.

Simple declarations

/usr/sbin/useradd {accountName}

The MA will substitute whatever value it has stored for the accountName attribute with this text. So an account name of jsmith with expand to

/usr/sbin/useradd jsmith

Optional declarations

When a value is not present, the MA will replace the declaration text with an empty string. This can introduce unwanted behaviour when constucting command line arguments. Consider the following declaration, when the homeDirectory attribute is not present.

/usr/sbin/useradd -h {homeDirectory} {accountName}

The declaration will expand to:
/usr/sbin/useradd -h jsmith

This will cause the command to fail, because the {{-h} parameter expects a path argument to follow. In order to deal with this situation, the MA supports optional declarations, where a section of the declaration can be dropped if the attribute isnt present. In the following example, the text enclosed in the square brackets is removed if the contained attribute is not present

/usr/sbin/useradd [-h {homeDirectory} ]{accountName}

The declaration will expand to:
/usr/sbin/useradd jsmith

Using DN components in value declarations

Where an attribute contains an LDAP-style DN, a specific component of the DN can be extracted using a special syntax. The following example extracts the first component of the DN for the object

/usr/sbin/useradd {dn:$1}

If the DN is cn=jsmith,ou=users, the value declaration will expand to

/usr/sbin/useradd jsmith

If the entire component is required, the '+' modifier can be used

/usr/sbin/useradd {dn:+1}

If the DN is cn=jsmith,ou=users, the value declaration will expand to

/usr/sbin/useradd cn=jsmith

Special declarations

The MA supports special declarations that do not exist as attributes in the schema. These values are built-in and cannot be changed.
Declaration Description
{dn} The DN of the object
{newpassword} During a password change or set operation, contains the new password
{oldpassword} During a password change operation, contains the old password

Supported operations

Value declarations can only be used in the context of certain operations. The following list details the operations and the supported value declarations that can be used with them.

Export operations

  • Any attribute that is defined in the schema and is present on the object on export
  • {dn}

Import operations

  • Value declarations are not supported on import operations

Password operations

  • {dn}
  • {newpassword}
  • {oldpassword} (only present on password change operations)

Last edited Sep 21, 2013 at 5:02 AM by ryannewington, version 7