You should not update ldap directly - that may cause inconsistency in the system - especially if you have multiple nodes.
Instead you should use the APIs created for that purpose - the Java API you can find here : https://assets.madigansolutions.com/javadoc/tim5.0/com/ibm/itim/apps/identity/OrganizationalContainerMO.html - REST and WS/SOAP are in the examples.
Here is a Connector (ISIMContainerConnector.jar) using the JAVA API (you will need to read the examples to configure it - but it should be straight forward from there and if you follow this guide :
https://www.ibm.com/support/pages/configuring-ibm-directory-integrator-websphere-client-identity-manager-virtual-appliance-java-apis/stub )
There is a undocumented API to create erglobalids called com.ibm.itim.util.GUIDGenerator - the erglobalid is basically a random based on the current time.
It can be used like this :
myGUID = com.ibm.itim.util.GUIDGenerator.getInstance();
Enrole.log("TEST",myGUID.getguidString());
Spelling and syntax not guaranteed...
HTH
------------------------------
Franz Wolfhagen
WW IAM Solution Architect - Certified Consulting IT Specialist
IBM Expert Labs
------------------------------
Original Message:
Sent: Thu April 17, 2025 11:57 AM
From: Mohamed El Harroudi
Subject: Understanding and Automating erglobalID Generation in ISDI for Organizational Unit
Hello,
I'm looking for information I couldn't find in IBM's documentation.
I'm trying to automate the creation of organizational units via ISDI, so that the creation is reflected in LDAP.
The issue I'm facing is related to the generation of the erglobalID. This ID is usually generated automatically when creating an identity, organizational unit, account, etc.
I would like to understand the specifics of how the erglobalID is generated, depending on the object type (identity, organizational unit, account, etc.).
Any insights or experience regarding this would be greatly appreciated.
Thanks in advance!
------------------------------
Mohamed El Harroudi
------------------------------