Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

AD Connector - Syntax for Endpoints_tfilter

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on November 21 2019 at 21:17 UTC

Hello,

In the AD Connector documentation, there is an example explaining how we can use the ENDPOINTS_FILTER field to dynamically create endpoints during the import and attach accounts and entitlements to it. Example is as follows:

{ "Sharepoint Server": [ { "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] } ] }

Does this JSon field allow creating endpoints with more attributes? For example, could we create endpoints and assign values to specific properties (ex: description, owner, risk, customproperties, etc)?


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
15 REPLIES 15

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on November 22 2019 at 03:57 UTC

Greetings!!


we do not support any other key support (like Description, owner, risk etc.) in endpoint filter apart from memberOf attribute.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on November 26 2019 at 16:10 UTC

Hi Anand,

I understand you do not support other keys as a filter.

however, is it possible to define the new endpoints with more details/information?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on November 27 2019 at 04:37 UTC

Hi Fabrice,


Greetings!!

As a part of endpoint filter configuration, we allow to define endpoint filter based endpoint name and filter attribute with filter value.

let's say if i talk about this example:

{ "Sharepoint Server": [ { "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] } ] }


Then, "Sharepoint Server" is the endpoint name (based on our endpoint filter).

while, "memberOf": [

"%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" is filter criteria with value.

Apart from these, we do not have any other information inclusion option here.


Please let me know, if you need some other information here as well.

Additionally, please feel free to raise enhancement/improvement tickets, if you need something specific here.



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on November 28 2019 at 15:53 UTC

Thank you. You can consider this topic as answered

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 26 2020 at 20:33 UTC

Hi,


I am trying to add the user to AD Group and I did the Add account configuration as per given AD Connector guide. I am getting below error. Could you please help me here?


2020-03-26 15:35:20,701 [quartzScheduler_Worker-2] ERROR ldap.SaviyntGroovyLdapService - Error while creating account userTest in AD - Ambiguous method overloading for method groovy.text.SimpleTemplateEngine#createTemplate.

Cannot resolve which method to invoke for [null] due to overlapping prototypes between:

[class java.io.File]

[class java.io.Reader]

[class java.lang.String]

[class java.net.URL]

groovy.lang.GroovyRuntimeException: Ambiguous method overloading for method groovy.text.SimpleTemplateEngine#createTemplate.

Cannot resolve which method to invoke for [null] due to overlapping prototypes between:

[class java.io.File]

[class java.io.Reader]

[class java.lang.String]

[class java.net.URL]

at com.saviynt.utility.TemplateUtilityService.getSimpleTemplateString(TemplateUtilityService.groovy:42)

at com.saviynt.utility.TemplateUtilityService.getTemplateString(TemplateUtilityService.groovy:27)

at com.saviynt.ldap.SaviyntGroovyLdapService$_createAccountGLDAP_closure3.doCall(SaviyntGroovyLdapService.groovy:435)

at com.saviynt.ldap.SaviyntGroovyLdapService.createAccountGLDAP(SaviyntGroovyLdapService.groovy:258)

at com.saviynt.ecm.services.ArsTaskService.createAccountTarget(ArsTaskService.groovy:8216)

at com.saviynt.ecm.services.ArsTaskHelperService$_whenTaskTypeIsThreeNewAccountAccess_closure39.doCall(ArsTaskHelperService.groovy:2134)

at com.saviynt.ecm.services.ArsTaskHelperService.whenTaskTypeIsThreeNewAccountAccess(ArsTaskHelperService.groovy:2125)

at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:117)

at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:102)

at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:154)

at org.quartz.core.JobRunShell.run(JobRunShell.java:199)

at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)

2020-03-26 15:47:43,084 [quartzScheduler_Worker-4] ERROR ldap.SaviyntGroovyLdapService - Error while creating account userTest in AD - Ambiguous method overloading for method groovy.text.SimpleTemplateEngine#createTemplate.

Cannot resolve which method to invoke for [null] due to overlapping prototypes between:

[class java.io.File]

[class java.io.Reader]

[class java.lang.String]

[class java.net.URL]

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 27 2020 at 04:56 UTC

Hi Suneel,


Greetings!!


Kindly share the version details of SSM (You are using currently) along with your connection parameter details.

Additionally, I would like to understand.

1) If you created this connection manually or used any template to create it.

2) Do you have any similar setup, where multiple security systems are consuming a single connection?


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 27 2020 at 05:03 UTC

Hi Anand,


I am using v5.4.0.


1. I used the connection manually configured as per given below screen shot.


2. I am using separate same connection for Recon and this connection for Provisioning.


image


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 27 2020 at 05:06 UTC

Hi Anand,


This configuration for Add account works for one user but getting error for anther user for same or other entitlement.


Here is CreateAccount JSON Configuration.


{

"sAMAccountName": "${task.accountName}",

"givenName": "${user.firstname}",

"sn": "${user.lastname}",

"uid": "${user.username}",

"cn": "${user.displayname}",

"objectclass": [

"top",

"person",

"organizationalPerson",

"user"

]

}

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 27 2020 at 05:59 UTC

Please follow steps below and let me know your result:

1) In your provisioning connection itself, try to define/fill your Account_Attribute and Status_Threshold_config as per our documentation.

2) Once you are done with updating the recommended fields in your Prov connection, use the same for your connection and provisioning connection in your security system.

3) Try to provisioning once again.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 31 2020 at 20:46 UTC

Thanks Anand. Yes now it's is working fine.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on April 1 2020 at 04:25 UTC

Awesome!! Glad to hear that Suneel.


Could you please let me know, what actually you were missing or did you follow entire recommendation suggested by me to resolve this.?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on April 6 2020 at 18:11 UTC

yes I followed your suggestion to solve this issue.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on April 7 2020 at 04:28 UTC

Thanks for your comments.


Cheers!!

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on April 9 2020 at 14:14 UTC

Hi Anand,

I am not seeing any field for DisableAccount in AD Connection, where can we use the DisableAccount in ADConnection?



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on February 12 2021 at 08:59 UTC

hi,

can i create a endpoint filter like this ? will it work ?


{ "Sharepoint Server": [ { "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] },

{ "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] } ] }

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.