Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ADSI - AddAccessJSON reads variables as plain text

Go to solution
adriencosson
Valued Contributor
Valued Contributor

‎06/07/2023 04:16 PM

Hello folks ! 

We are currently working on integrating ADSI to handle provisioning groups to users accross multiple domains.

During implementation, we have generated the below JSON for AddAccessJSON based on given documentation : 

https://docs.saviyntcloud.com/bundle/ADSI-v55x/page/Content/Configuring-the-Integration-for-Provisio... 

{
   "objects":[
      {
         "objectClasses":[
            "group"
         ],
         "distinguishedName":"${account.customproperty1?.replace('\\', '\\\\')?.replace('/','\\/')}",
         "addGroup":"${entitlementValue.entitlement_value?.replace('\\','\\\\')?.replace('/','\\/')}"
      }
   ],
   "requestConfiguration":{
      "grpMemExistenceChk":{
         "enable":true
      }
   }
}

Note : Our Account attribute mapping has account's customproperty1 mapped with distinguishedName

However, when launching WSRetryJob, we are getting the below error.

${account.customproperty1?.replace('\\', '\\\\')?.replace('/','\\/')} does not exist.

Note : I also tried accountID or customproperty1 alone and it did not helped.

Has anyone came accross this issue ? Anyone has a working JSON for this use case ?

Regards,
Adrien COSSON
Labels:
0 Kudos
7 REPLIES 7

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎06/07/2023 08:47 PM

Hello @adriencosson ,

Could you please try with the accountId, and share what are you seeing in the log snippet?

Sample Json,
{
"objects":[
{
"objectClasses":[
"group"
],
"distinguishedName":"${accountID?.replace('\\', '\\\\')?.replace('/','\\/')}",
"addGroup":"${entitlementValue.entitlement_value?.replace('\\','\\\\')?.replace('/','\\/')}"
}
],
"requestConfiguration":{
"grpMemExistenceChk":{
"enable":true
}
}


Thanks,

For Ref: https://docs.saviyntcloud.com/bundle/ADSI-v23x/page/Content/Configuring-the-Integration-for-Provisio... 

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
adriencosson
Valued Contributor
Valued Contributor

‎06/07/2023 11:32 PM

Hello @sudeshjaiswal ,

Thanks for the sample JSON.

I did try the same and I am getting the below error : 

{
   "status":"Failure",
   "failedObjects":[
      {
         "id":"${accountID?.replace('\\', '\\\\')?.replace('/','\\/')}",
         "status":"Failure",
         "message":"${accountID?.replace('\\', '\\\\')?.replace('/','\\/')} does not exist.",
         "messageCodes":"OBJ_ERR_MSG_00002"
      }
   ],
   "connectionString":"LDAP://mydomain.acmecorp.local:636"
}

Looks like the connector retrieves the variable as plain text.

I have open an internal FD ticket as well to get as much help as I can.

Note : I am running 23.5 version.

Regards,
Adrien COSSON
0 Kudos

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎06/08/2023 02:21 AM

Hello @adriencosson.,

Could you please try using it instead of "${entitlementValue.entitlement_value?.replace('\\','\\\\')?.replace('/','\\/')}".

entitlement_values

 Please use the below sample and try it,

{
  "objects": [
    {
      "objectClasses": [
        "user"
      ],
      "distinguishedName": "${accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",
      "addGroup": "${entitlement_values}"
    }
  ],
  "requestConfiguration": {
    "grpMemExistenceChk": {
      "enable": true
    }
  }
}


Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
adriencosson
Valued Contributor
Valued Contributor

‎06/08/2023 04:57 AM

Hello @sudeshjaiswal,

I did try with the suggested ${entitlement_values} and still I am getting the same error on the accountID :

{
   "status":"Failure",
   "failedObjects":[
      {
         "id":"${accountID?.replace('\\', '\\\\')?.replace('/','\\/')}",
         "status":"Failure",
         "message":"${accountID?.replace('\\', '\\\\')?.replace('/','\\/')} does not exist.",
         "messageCodes":"OBJ_ERR_MSG_00002"
      }
   ],
   "connectionString":"LDAP://mydomain.acmecorp.local:636"
}

 

Regards,
Adrien COSSON
0 Kudos

Go to solution
sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎06/08/2023 06:31 AM

Hello @adriencosson ,

Seems weird, Could you please share the log.

Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Go to solution
adriencosson
Valued Contributor
Valued Contributor

‎06/08/2023 01:39 PM

Hello @sudeshjaiswal , I provided you the logs in private message to prevent sensitive data.

Thanks for your help.

Regards,
Adrien COSSON

Go to solution
adriencosson
Valued Contributor
Valued Contributor

‎06/12/2023 08:06 AM

Hello,
After a few retries, it looks that the below JSON is working.

{
   "objects":[
      {
         "objectClasses":[
            "group"
         ],
         "distinguishedName":"${accountID?.replace('\\', '\\\\')?.replace('/','\\/')}",
         "addGroup":"${entitlement_values?.replace('\\','\\\\')?.replace('/','\\/')}"
      }
   ],
   "requestConfiguration":{
      "grpMemExistenceChk":{
         "enable":true
      }
   }
}

 

Thanks for the help !

Regards,
Adrien COSSON
Copyright © 2024 Khoros, LLC