Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/17/2023 05:31 AM
10/23/2023 07:16 AM
@Caesrob , so if you want to remove a group for a user then you remove the user from group and then update these 2 attributes explicitly or ldap takes care of this on its own.
I am asking because generally we just remove and add the user to groups and then these attribute at account level memberOf,groupmembership is handled by LDAP automatically.
Also in your implementation do you have an entitlement type for groups which gets populated on import.
And in EIC on addition/removal of group only AddAccess/Remove Access task is generated no update account unless any attribute at account level/form is updated. Can you confirm on this?
10/23/2023 11:23 PM
We have to update these 2 attributes explicitly, this is not a standard OpenLDAP implementation. It is something custom for the customer.
Yes, although the entitlement type is "member" and not groups. This is because the customer's OpenLDAP is a bit more complicated.
We run a report to see which accounts are in which groups on OpenLDAP. Then we fill in customproperty61 & customproperty62 using the results of this report. If customproperty61 or customproperty62 is updated, an update account task is triggered to update the values in OpenLDAP.