Regarding eDir to OID synchronization via an LDAP driver:

I'm an IDM 3.5.1 novice, but Iíve gotten an LDAP driver working for OID
based on Michael Bluteau's appnote. The major deviation from his app
note is that I am only doing a one way push from IDM / eDir to OID. One
other exception is that I added synchronization of an attribute (via the
Sync Filter and Schema Map), from eDir to OID via the subscriber
channel. More specifically Iím trying to sync the login expiration time
attribute to OIDís orclactiveenddate attribute. Unfortunately this isnít
working properly even though looking at both directories via Softera
LDAP Browser shows the values of the corresponding attributes have the
same format. After searching the internet for a solution I came up with
two approaches in an attempt to address this. The first (using xpath) I
pulled from this forum and the other I attempted to write my self.
Viewing the driverís trace file neither approach seems to work and I
canít remember for the life of me how to dump the values (before and
after) to a local variable and then display them in the trace fileÖ
much like I would if I was stepping through C++ code with break and
watch points.

So my questions are:
- How would I watch the values to debug my own codeÖ
- Do I have the policy in the right place from a design standpoint?
- And finally can anyone point me in the right direction and or
provide suggestions for converting the time from unix to zulu which is
the format that OID expects. Note that Iím using IDM 3.5.1 and or 3.6

Thanks for any an all help

Michael Bluteauís appnote: 'Cool Solutions: AppNote: Using IDM to
Synchronize with Oracle Internet Directory and Integrate Multiple Oracle
Databases' (

LDIF exports of the two attributes:
eDirís loginExpirationTime attribute: 20110114060000Z
OIDís Orclactivestartdate attribute: 20110114060000Z

The rules / actions that Iíve attempted to use under my subscriberís
output transformation policy:
<?xml version="1.0" encoding="UTF-8"?><policy>
<description>Convert eDir Time to UTC on Login Expiry</description>
<comment xml:space="preserve">By default the eDir time is converted
by the driver to UNIX time and OID expects Zulu time. Therfore this
policy (pulled from the Novell forums) will mike the necessary time
<do-reformat-op-attr name="Login Expiration Time">
<arg-value type="string">
<token-xpath expression="format:format(format:new('yyyyMMddHHmm
ss'), date:new($current-value * 1000))"/>
<token-text xml:space="preserve">z</token-text>
<description>Map Login Disabled to OrclIsEnabled</description>
<do-reformat-op-attr name="OrclIsEnabled">
<token-map default-value="DISABLED" dest="OID" src="eDir"
<token-local-variable name="current-value"/>
<description>new test</description>
<do-reformat-op-attr name="Login Expiration Time">
<arg-value type="string">
<token-convert-time dest-format="yyyyMMddHHmmssz"
dest-lang="en-US" dest-tz="UTC" src-format="!CTIME" src-lang="en-US"

See the attached document for a trace of the driver when using the
previously mention rules / actions

|Filename: OIDlog.xml |
|Download: |

jeschaff's Profile:
View this thread: