Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/11/2024 10:08 PM
Hi
I wanted to confirm following w.r.t ADSI group management in Saviynt:
"managedBy": "${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:null}"
Working config for CREATEGROUPJSON in ADSI connector
08/11/2024 10:10 PM
08/11/2024 11:16 PM
Thanks @rushikeshvartak for quick revert.
On point 2 - Target was not updated with owner information even after putting a configuration for "managedBy" in CREATEGROUPJSON json as mentioned above. There is no error in logs for this. i have logged a FD as well for this.
On point 3 - following is the error message in logs with httpParams and responseText - not able to evaluate groovy expressions
httpParams: [objects:[[objectClasses:[group], baseDn:${role.customproperty24}, attributes:[cn:${role.displayname}, name:${role.displayname}, samaccountname:${role.displayname}, description:${role.description}, displayName:${role.displayname}, groupType:${role?.customproperty21 == 'Security' && role?.customproperty22 == 'Global'?'-2147483646' : role?.customproperty21=='Security'&&role?.customproperty22=='Universal'?'-2147483640' : role?.customproperty21== 'Security'&&role?.customproperty22=='Domain Local' ? '-2147483644':role?.customproperty21=='Distribution'&&role?.customproperty22=='Global' ? '2':role?.customproperty21== 'Distribution'&&role?.customproperty22=='Universal'?'8':role?.customproperty21=='Distribution'&& role?.customproperty22=='Domain Local'?'4':''}, managedBy:${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:null}]]], connectionString:[LDAP://domain:636]]
responseText:{| status": "Failure" | "failedObjects": [| {| "id": "${role.customproperty24}" | "status": "Failure" | "message": "Failed to create object of given objectClasses" | "messageCodes": "OBJ_ERR_00001" | "errorDetails": "OBJ_ERR_00001 : -2147016654 : An invalid dn syntax has been specified. : 0000208F: NameErr: DSID-03100225 problem 2006 (BAD_NAME) data 8350 best match of:\n\t'${role.customproperty24}'\n"| }| ] | "connectionString": "LDAP://domain:636"|}
Error in createOrUpdateGroups :
"java.lang.Exception: Error while GROUP CREATION IN ADSI at com.saviynt.provisoning.adsi.AdsiGroupManagementService.createOrUpdateGroups(AdsiGroupManagementService.groovy:156) at com.saviynt.provisoning.adsi.AdsiGroupManagementService.createUpdateDeleteGroupADSI(AdsiGroupManagementService.groovy:67) at com.saviynt.ecm.services.ArsTaskService.createEntitlementTarget(ArsTaskService.groovy:16815) at com.saviynt.ecm.services.ArsTaskService$_processParentTask_closure206.doCall(ArsTaskService.groovy:17055) at com.saviynt.ecm.services.ArsTaskService.processParentTask(ArsTaskService.groovy:17045) at com.saviynt.ecm.services.ArsTaskService.createEntitlement(ArsTaskService.groovy:16852) at com.saviynt.ecm.services.ArsTaskHelperService$_completeAutoProvTasksUpgraded_closure1.doCall(ArsTaskHelperService.groovy:212) at com.saviynt.ecm.services.ArsTaskHelperService.completeAutoProvTasksUpgraded(ArsTaskHelperService.groovy:160) at MultipleProvisioningJob.execute(MultipleProvisioningJob.groovy:222) at org.quartz.core.JobRunShell.run(JobRunShell.java:199) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:546)"
08/12/2024 05:25 AM
Validate in latest v24.7 version
08/13/2024 09:48 PM
Are you saying this will not work in 24.4 version?
08/13/2024 10:01 PM
To check if its not version issue validate in latest version.
08/13/2024 10:31 PM
that's something we will have to plan, cant just update version in the environment. Also, don't see anything w.r.t to this in relase notes for 24.7. I will raise a FD ticket for this. thanks.
08/11/2024 11:05 PM
Hi @GauravJain try this once
"managedBy": "${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:''}"
08/12/2024 12:23 AM
Hi @NM tried this but still getting same error as mentioned earlier.