-
Title
A policy enforcing possible values for an attribute of syntax DN is not respected in the Active Roles Web Interface -
Description
Any custom scripted policy which is enforcing possible values for an attribute which has a single-valued or multi-valued DN (distinguishedName) syntax functions as expected in the Active Roles Console, but not in the Active Roles Web Interface. In the Active Roles Web Interface, the policy is ignored and an object picker is spawned so that the user can choose any object.
An example of such a custom policy would be:
function onGetEffectivePolicy($Request) { if($Request.Class -eq "user") { $arr =@("CN=TestGroup1,OU=Groups,DC=domain,DC=local","CN=TestGroup2,OU=Groups,DC=domain,DC=local") $Request.SetEffectivePolicyInfo('memberOf', $Constants.EDS_EPI_UI_POSSIBLE_VALUES, [string[]]$arr) } } -
Cause
This issue is being tracked as Enhancement ID 273022.
-
Resolution
WORKAROUND
None.
STATUS
An Enhancement Request has been created to change the existing functionality in Active Roles.
Product Management will evaluate the request and this feature may become available in a future release of the product.
There are no guarantees that this specific enhancement request will be implemented in a future release. For more information regarding our Enhancement Request policy, refer to our Global Support Guide on the Support Portal at: https://support.oneidentity.com/essentials/support-guide/
-
Change Request
TF00273022