Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Account to Entitlement mapping issue for LDAP Application

BalajiEpari
New Contributor III
New Contributor III

Hi Team,

We are integrating LDAP Application, during the import accounts and entitlements are imported successfully but accounts to entitlements mapping are not happening.

Pls find below account and group import jsons.

ACCOUNT_ATTRIBUTE:

[ACCOUNTID::nameinnamespace#String,
NAME::nameinnamespace#String,
CUSTOMPROPERTY2::cn#String,
CUSTOMPROPERTY3::givenname#String,
CUSTOMPROPERTY4::uid#String,
CUSTOMPROPERTY5::sn#String,
CUSTOMPROPERTY6::employeenumber#String,
RECONCILATION_FIELD::CUSTOMPROPERTY4]

 

groupImportMapping:

{
"entitlementTypeName":"memberOf",
"groupAccountMappingAttributeName":"member",
"importGroupHierarchy":"true",
"performGroupAccountLinking":"true",
"groupObjectClass":"(objectclass=groupOfNames)",
"mapping":"memberHash:member_char,entitlement_value:cn_char,displayname:cn_char,customproperty2:nameinnamespace_char,customproperty4:description_char,RECONCILATION_FIELD:customproperty2"
}

 

Here is a one group structure in LDAP.

# gsn_supplier_email_group_dev, Groups, AHM, na, XXXXX.com
dn: cn=gsn_supplier_email_group_dev,ou=Groups,ou=AHM,o=na,dc=XXXXX,dc=com
objectclass: top
objectclass: groupOfNames
cn: gsn_supplier_email_group_dev
description: TESTING
member: secAuthority=Default
member: uid=XXXXX209,ou=External,ou=People,ou=AHM,o=NA,DC=XXXXX,DC=COM
member: uid=XXXXX211,ou=External,ou=People,ou=AHM,o=NA,DC=XXXXX,DC=COM

 

In logs i can see instead of insert operation for Account_entitlements1 table during import. it tries to execute only delete operation as below.

Logs:

"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,289 [quartzScheduler_Worker-1] DEBUG services.AdImportService - existingAccountsList size: 6195\n","stream":"stdout","time":"2023-07-07T11:55:04.290061983Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,295 [quartzScheduler_Worker-1] DEBUG services.AdImportService - accountIDToNameMap size: 12342\n","stream":"stdout","time":"2023-07-07T11:55:04.295833798Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,297 [quartzScheduler_Worker-1] DEBUG services.AdImportService - entValueIDMap size: 70\n","stream":"stdout","time":"2023-07-07T11:55:04.297878168Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,297 [quartzScheduler_Worker-1] DEBUG services.AdImportService - start processing Entitlements2\n","stream":"stdout","time":"2023-07-07T11:55:04.297890473Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,297 [quartzScheduler_Worker-1] DEBUG services.AdImportService - entTypeMap size: 1\n","stream":"stdout","time":"2023-07-07T11:55:04.297893192Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,297 [quartzScheduler_Worker-1] DEBUG services.AdImportService - entMembers size: 69\n","stream":"stdout","time":"2023-07-07T11:55:04.297897197Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,302 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Start delete Account_entitlements1 and Entitlements2 not imported in this job for entitlementIds: 69\n","stream":"stdout","time":"2023-07-07T11:55:04.302865219Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,302 [quartzScheduler_Worker-1] DEBUG services.SaviyntCommonUtilityService - itemIdSetList Size:: 1\n","stream":"stdout","time":"2023-07-07T11:55:04.302933862Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,306 [quartzScheduler_Worker-1] DEBUG services.AdImportService - deleting ae1Set: []\n","stream":"stdout","time":"2023-07-07T11:55:04.306163697Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,308 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Deleted account_entitlements1:: 0\n","stream":"stdout","time":"2023-07-07T11:55:04.308955581Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,308 [quartzScheduler_Worker-1] DEBUG services.AdImportService - deleting ent2Set: []\n","stream":"stdout","time":"2023-07-07T11:55:04.309008787Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,311 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Deleted Entitlements2:: 0\n","stream":"stdout","time":"2023-07-07T11:55:04.311763983Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,311 [quartzScheduler_Worker-1] DEBUG services.AdImportService - End delete Account_entitlements1 and Entitlements2 not imported in this job\n","stream":"stdout","time":"2023-07-07T11:55:04.311772603Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,311 [quartzScheduler_Worker-1] DEBUG services.AdImportService - entitlementownerattribute / tablefieldattribute is not present, skipping owners processing.\n","stream":"stdout","time":"2023-07-07T11:55:04.311775432Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,311 [quartzScheduler_Worker-1] DEBUG services.AdImportService - End processing Entitlements LDAP data\n","stream":"stdout","time":"2023-07-07T11:55:04.311785932Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,311 [quartzScheduler_Worker-1] DEBUG services.ImportUtilityService - isImportSuccess: true\n","stream":"stdout","time":"2023-07-07T11:55:04.311850294Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,316 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Start inactivate Entitlements and mappings not imported in this job\n","stream":"stdout","time":"2023-07-07T11:55:04.316832934Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,316 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Qry to inactivate Entitlements: \n","stream":"stdout","time":"2023-07-07T11:55:04.316841965Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" update Entitlement_values set status=2\n","stream":"stdout","time":"2023-07-07T11:55:04.316844859Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" where entitlementtypekey in (2,4,6) and JOB_ID \u003c\u003e 10102 and status \u003c\u003e 2\n","stream":"stdout","time":"2023-07-07T11:55:04.316847122Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" \n","stream":"stdout","time":"2023-07-07T11:55:04.316849764Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,318 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Entitlements inactivated: 0\n","stream":"stdout","time":"2023-07-07T11:55:04.318259918Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,318 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Qry to delete Account_entitlements1: \n","stream":"stdout","time":"2023-07-07T11:55:04.318269055Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" delete ae1 from Account_entitlements1 ae1 inner join Entitlement_values ev on ae1.ENTITLEMENT_VALUEKEY = ev.ENTITLEMENT_VALUEKEY\n","stream":"stdout","time":"2023-07-07T11:55:04.318272283Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" where ev.status=2 and ev.referenced_entitlement is null and ev.entitlementtypekey in (2,4,6)\n","stream":"stdout","time":"2023-07-07T11:55:04.318275937Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" \n","stream":"stdout","time":"2023-07-07T11:55:04.318279331Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,319 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Deleted account_entitlements1: 0\n","stream":"stdout","time":"2023-07-07T11:55:04.319383652Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,319 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Qry to delete Entitlements2: \n","stream":"stdout","time":"2023-07-07T11:55:04.319390179Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" delete e2 from Entitlements2 e2 inner join Entitlement_values ev on e2.ENTITLEMENT_VALUE1KEY = ev.ENTITLEMENT_VALUEKEY\n","stream":"stdout","time":"2023-07-07T11:55:04.319393872Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" where ev.status=2 and ev.entitlementtypekey in (2,4,6)\n","stream":"stdout","time":"2023-07-07T11:55:04.319396359Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":" \n","stream":"stdout","time":"2023-07-07T11:55:04.319398559Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,320 [quartzScheduler_Worker-1] DEBUG services.AdImportService - Deleted Entitlements2: 0\n","stream":"stdout","time":"2023-07-07T11:55:04.320209119Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,320 [quartzScheduler_Worker-1] DEBUG services.AdImportService - End inactivate Entitlements and mappings not imported in this job\n","stream":"stdout","time":"2023-07-07T11:55:04.320219659Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,346 [quartzScheduler_Worker-1] DEBUG services.ImportUtilityService - Writing job history to import logs.\n","stream":"stdout","time":"2023-07-07T11:55:04.346484593Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,346 [quartzScheduler_Worker-1] DEBUG services.ImportUtilityService - Number of log entries to be written : 12\n","stream":"stdout","time":"2023-07-07T11:55:04.346500673Z"}"
"ecm-worker","2023-07-07T11:55:04.652+00:00","{"log":"2023-07-07 11:55:04,360 [quartzScheduler_Worker-1] DEBUG integration.ExternalConnectionCallService - END INVOKING EXTERNAL

 

 

 

 

3 REPLIES 3

pmahalle
All-Star
All-Star

Hi @BalajiEpari ,

Are you using any any objectFilter? Objectfilter might be restricting accounts to be reconciled, which are part entitlements you are looking.


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

BalajiEpari
New Contributor III
New Contributor III

Hi Paddy,

Yes, we are using objectFilter. with below filters all accounts got imported. but entitlements mapping with accounts is not happening.

Here is SEARCHFILTER, OBJECTFILTER for Accounts.

SEARCHFILTER:  ou=External,ou=People,ou=AHM,o=NA,DC=HONDA,DC=COM

OBJECTFILTER: objectclass=*

 

PFB Account structure in LDAP. All the accounts which got imported are as below.

# XXXXX209, External, People, AHM, NA, XXXXX.COM
dn: uid=XXXXX209,ou=External,ou=People,ou=AHM,o=NA,DC=XXXXX,DC=COM
uid: XXXXX209
ahmpositionnumber: 50070
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ePerson
sn: TestSn
cn: TestCn

 

 

pmahalle
All-Star
All-Star

Hi @BalajiEpari ,

From above provided info, seems like groups are present in ou=Groups,ou=AHM,o=na,dc=XXXXX,dc=com and accounts are in ou=External,ou=People,ou=AHM,o=NA,DC=XXXXX,DC=COM.

Can you try with searchfilter "ou=NA,DC=XXXXX,DC=COM" or "DC=XXXXX,DC=COM"?


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂