follow below post to create filter
Filtering Data in Incremental Reconciliation
Changelog query returns incremental changes of user/role accounts or entries in the LDAP server to Oracle Identity Manager database during changelog reconciliation when LDAP synchronization incremental reconciliation jobs are run. However, you can choose not to return changes to Oracle Identity Manager database for some entries in LDAP based on a rule or filter during the changelog reconciliation when LDAP synchronization incremental reconcilaition jobs are run. To do so, you can use the includeEntriesFilter filter tag or filter parameter in the LDAPUser.xml file to filter out the unwanted entries and bring in only the required entries based on the rule before sending the data to the reconciliation engine, so that those entries are not in Oracle Identity Manager database. In other words, support for attribute level filtering is provided.
The following example shows how you can specify the attribute-level filtering in the LDAPUser.xml file:
<parameter name="includeEntriesFilter"> <value>employeeNumber=123456</value> </parameter>
Here, the <value> tag contains the employeeNumber LDAP attribute and the corresponding value. This filters out all the changelog entries or user entries from the LDAP server that match the criteria "employeeNumber=123456", and sends them to the reconciliation engine for the users to be reconciled into Oracle Identity Manager database. Other changelog entries that do not match this filter are stopped from being sent to the reconciliation engine to be reconciled into Oracle Identity Manager database.
The following is a sample of the includeEntriesFilter filter parameter:
(!(LDAP_attribute=val1)(LDAP_attribute=val2)(LDAP_attribute=val3)...)
If the values are variables, then the filter must be "ObjectClass=*". You must specify a variable value for LDAP_attribute as different users have different attribute values.
No comments:
Post a Comment