The erURI is not used by ISIM (anymore) - I think it is a leftover from some project. I have been working with ISIM for now almost 20 year (Grey can beat me there) but I never been able to find out why we have that specific attribute support there...
So - forget about the erURI and let's solve your problem instead.
You talking about a way to find a person by an unique identifier - now ISIM does not enforce what YOU define as the unique identifier for a person - and it actually may be multiple attributes depending on usage. In the ldap world (and in ISIM used as the default user id) the uid attribute is used. But consider you are e.g. using SAP HCM as your authoritative identity source for employees - there the unique ID is in the employee number in SAP and you would use an attribute (your choice in your design where that goes) in the identity feed to uniquely manage the person entity.
Regarding documentation - yes we would all like good documentation that exactly covers our problems - alas ISIM is more a process framework for identity management - so it makes mostly sense to describe only default samples of the functionality (and I admit this could be better) - but I believe that is not problem here. You come with an expectation from a different domain where the URI has a meaning - it does not in ISIM so you are getting confused I believe. Let m just state that it is dangerous to carry over that kind of expectations from one domain to another :-)
HTH
------------------------------
Franz Wolfhagen
IAM Technical Architect for Europe - Certified Consulting IT Specialist
IBM Security Expert Labs
------------------------------
Original Message:
Sent: Fri August 27, 2021 09:04 AM
From: Hakan Aydin
Subject: PersonSearch.SearchByURI
I don't see any object (in all ldap tree) with erURI attribute. I suspect if there is a problem in my system? I don't have experience with this attribute before.
And, if erURI is not set on Person objects, why there is a function as PersonSearch.SearchByURI ?
We really need a better documentation including good samples.
------------------------------
Hakan Aydin
Security Engineer
Prime Therapeutics
Original Message:
Sent: Thu August 26, 2021 05:25 PM
From: Grey Thrasher
Subject: PersonSearch.SearchByURI
erURI isn't normally set on Person objects...so likely why you're not seeing it.
------------------------------
Grey Thrasher
IBM
Original Message:
Sent: Thu August 26, 2021 05:16 PM
From: Hakan Aydin
Subject: PersonSearch.SearchByURI
Hi Grey,
Do you have an idea why I can't see any erURI value in the ldap? (I see it's in the schema)
Thanks
------------------------------
Hakan Aydin
Security Engineer
Prime Therapeutics
Original Message:
Sent: Thu August 26, 2021 05:09 PM
From: Grey Thrasher
Subject: PersonSearch.SearchByURI
Hi Hakan...
searchByURI essentially should take the uri value and essentially do a searchByFilter with erURI=uri filter. There's a similar method on the PersonSearch ISIM Java Class, so was likely added to the JS extensions to keep parity.
------------------------------
Grey Thrasher
IBM
Original Message:
Sent: Thu August 26, 2021 04:46 PM
From: Hakan Aydin
Subject: PersonSearch.SearchByURI
Hi
I want to find a person in a workflow using their an unique identifier. Is it possible to use PersonSearch.searchByURI(containerDN, uri) instead of using personSearch.searchByFilter. I could not figure out how to use uri parameter. I could not find any example. If this parameter is for erURI attribute in ldap schema, I can't list any object with this attribute populated. What is a sample uri value for this function? What can be the reason I can't see any erURI value in the ldap?
Thanks
------------------------------
Hakan Aydin
Security Engineer
Prime Therapeutics
------------------------------