How to explore/correlate Endpoints in batch jobs, especially dynamic endpoints.

Document ID : KB000050746
Last Modified Date : 14/02/2018
Show Technical Document Details


Initially an issue was opened because Client did not succeed in performing an etautil command against a dynamic endpoint as following:

Figure 1

etautil does not work when performing explore operations against dynamic endpoints.

This is due to some checks against the DYN parser table (see dumpptt -f -t dynparse -of dynparse.txt) where Namespace name in PTT (DYN) does not match with the custom namespace name (e.g. dynsql).

The solution to run an Explore/Correlate process in a batch mode is using the LDAPSEARCH command.


With the sample below requesting eTExploreCorrelateUsers and eTExploreCreateUsers attributes means that accounts will be explored, correlated with global users and global users will be created when needed:

Figure 2

In the previous sample you can only request eTExploreCreateUsers, it implicitly means that explore and correlate will be performed.

eTExploreUpdateEtrust retrieves all managed objects.

eTExploreCorrelateUsers correlates accounts with existing global users.

eTExploreCreateUsers creates global users as needed during the correlation.

eTExploreUpdateUsers sets/refreshes the global user attributes using account attribute values.

>> Combining explore, correlate and update actions into a single request is not supported.

To explore the endpoint and update the global users from accounts through the attribute mapping you must run the LDAPSEARCH with eTExploreUpdateUsers attribute only in a separate request. See below:

Figure 3

With the following mapping (e.g.):

Figure 4

Global user Company attribute values will be updated with Account Company attribute values.

E.g. See below:

Figure 5

After LDAPSEARCH with eTExploreUpdateUsers:

Figure 6