Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/14/2022 05:12 AM
I have a dynamic attribute on my application form of single select sql type and the query returns the DN of AD account of the requestee (stored in AD accounts accountid). The query is below:
SELECT accounts.accountid AS id
FROM accounts
LEFT JOIN user_accounts ON user_accounts.ACCOUNTKEY = accounts.ACCOUNTKEY
LEFT JOIN endpoints ON endpoints.ENDPOINTKEY = accounts.ENDPOINTKEY
LEFT JOIN users u ON u.userkey = user_accounts.userkey
WHERE endpoints.ENDPOINTNAME = 'Active_Directory'
AND u.username = '${user.username}'
The value returned by this query contains a "\" backslash as the value is like this:
CN=Kushwaha\, Yogesh,OU=NA,OU=Users,OU=xx,DC=yyyy,DC=net
The query is working fine and the DN is also showing up fine on the submission page:
But on pressing the submit button below error is shown:
(The server encountered an error and cannot complete your request)
On release notes page of v2021.0.3 (https://saviynt.freshdesk.com/support/solutions/articles/43000664437-release-notes-v2021-0-3) it says that this is a known issue:
Is there a workaround for this?
Usecase:
1. To provision an AD Admin account to user (requestable endpoint), This is in addition to the Normal AD account that is provisioned on birthright.
2. The manager attribute at the AD end for this Admin account should be set to the DN of the Normal AD Account of the Requestee. Normal Admin account is assigned to user on birthright.
3. Thus I want to fetch the account ID (which stores DN) of the Normal AD account of requestee and send it as manager attribute for the Admin AD Account.
Solved! Go to Solution.
06/14/2022 05:52 AM
Hi Yogesh,
Yes, this is an existing issue and has already been taken care of and fixed in our future release which is v2022.
06/24/2022 12:15 PM - edited 06/24/2022 02:11 PM
Yogesh,
You can try this workaround , if it is feasible.
a) Create a Saviynt4Saviynt connection with the query to populate the DN of the AD account in user profile, say in user comments. (assuming that there is a way to identify primary accounts e.g SavUsername=SamAccountName or some other identifier(s) )
b) Schedule this connection to run after each AD import (to update new DN's, if any)
c) Now, since the user has the Primary AD DN in the user comments, this can be used in the Provisioning logic to update the Manager DN in the new secondary/admin account request.
Regards,
Avinash Chhetri
06/27/2022 08:23 AM
@yogesh Did the reply by Avinash help? If you feel one of the replies is the appropriate answer to your question, please click the "Accept As Solution" button, even if the solution is "it is fixed in a future release." This will help others users searching the forum for the same question. Thank you!