Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Account import status - LDAP

piotrj
New Contributor III
New Contributor III

‎02/03/2023 08:19 AM

Hello,

We need to use LDAP connection to import accounts from Unix system.

Unix account status (active/inactive) is set by nsaccountlock attribute. The issue is that it's only present for when the account is inactive and it's set to true. When account is active it could be set to false but usually it's not present at all.

We matched it with customproperty10 for account import and it's fine for inactive account but it's not imported for active ones. It simply is not there in account 'Other Attributes' section.

How we can configure connection to set accounts to active?

Extract from ACCOUNT_ATTRIBUTE section

[
ACCOUNTID::krbPrincipalName#String,
NAME::uid#String,
CUSTOMPROPERTY10::nsaccountlock#String,
RECONCILATION_FIELD::NAME
]

And STATUS_THRESHOLD_CONFIG

{
"statusAndThresholdConfig":{
"statusColumn":"customproperty10",
"activeStatus":[
"False",
"false",
"FALSE",
""
],
"deleteLinks":false,
"accountThresholdValue":3000,
"correlateInactiveAccounts":true,
"inactivateAccountsNotInFile":false
}
}

 

Thank you for you help,

Peter

0 Kudos
4 REPLIES 4

sk
All-Star
All-Star

‎02/03/2023 08:27 AM - edited ‎02/03/2023 08:28 AM

Yeah if no value is assigned to cp attribute then it won't show up in UI. But do see active status getting reflected correctly? if not try to include null to list and see if that works?

"activeStatus":[
"False",
"false",
"FALSE",
"",

null
],

Also you mentioned when account is active it could be set as false. But do you have any account which is active and has this parameter set as false? If so is it working fine for such user?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

piotrj
New Contributor III
New Contributor III
In response to sk

‎02/08/2023 02:01 AM

We have tried this and it doesn't make a difference. We are now going to test with account which has value manually set to 'False'. If that works we will set this for the rest of them and make sure that when creating or enabling an account we will pass the value in JSON.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎02/03/2023 11:43 AM

what are currently possible values for nsaccountlock


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

piotrj
New Contributor III
New Contributor III

‎02/16/2023 10:05 AM

We have resolved it, thank you all for your help.

The values appears when it's administratively set. We needed to run a script that set value to 'false' for all active users and they appeared in the next import.

0 Kudos
Copyright © 2024 Khoros, LLC