Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/17/2022 03:08 AM
Hi,
we are testing the Ldap connector for provisioning, in particular the enable account json. We are trying some configuration such us:
{
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"REMOVEGROUPS": "NO",
"ENABLEACCOUNTOU":"OU=employees,OU=disabled,OU=users,O=calzedonia",
"AFTERMOVEACTIONS" : {
"loginDisabled": "true" }
}
in this configuration we also put the login disable to false but the status of the account remain set inactive and we also put the login disable into the afterenableactions and it doesn't work. The account remain always with all the configurations we tested with status inactive.
How can we activate the account?
Thank you
Noemi
10/17/2022 07:50 AM
Which LDAP is this ? Your disable account works fine ?
Can you share the logic for disable account ?
10/17/2022 09:15 AM
Hi,
We are using the standard AD connector with the LDAP_OR_AD parameter set as "LDAP", the target system is a Microfocus LDAP. The requirement is to simply set the loginDisabled account parameter to "true".
Yes, our disable account works fine, you can find it below:
{
"deleteAllGroups":"No",
"uid": "${user.username}",
"loginDisabled": "true"
}
10/17/2022 10:01 AM
Hi @JustSalva @and @nfraternali ,
try putting like this :
loginDisabled": "”
don’t put value as true for above parameter and give a try .
please let me know if issues persists .
thank you
Ankit
10/18/2022 02:39 AM
Hi @Ankyt19,
I try putting "loginDisabled": "" but remain always inactive.
10/17/2022 10:31 AM - edited 10/17/2022 01:13 PM
Does loginDisabled happens to be an operational attribute ?
If the "loginDisabled": "true" for disable Account, then while enabling it back, shouldn't it probably be "loginDisabled": "false" ? I see it being set to true again while enabling from the snippet that @nfraternali shared.
10/18/2022 11:49 PM
Hi,
I'm unsure whether loginDisabled is an operational attribute or not, but setting the READ_OPERATIONAL_ATTRIBUTES parameter did not change the behavior of the EnableAccountJson
Yes, we want to set the "loginDisabled" as "false" while enabling the account, but the problem is that whichever value we put there is not written in LDAP.
Is there something wrong in our configuration? it is picked 1:1 from the documentation and there is not present any explanation of the possible parameters and their behavior in the ENABLEACCOUNTJSON
10/19/2022 07:03 AM
No, the configuration seems correct, anything specific in the logs when it tries to modify the said attribute ?
10/20/2022 02:15 AM
Hi,
in the logs i only found this:
10/20/2022 04:49 AM
The log snippet that you have shared are from the reconciliation, not provisioning operation on the user enable.
10/21/2022 02:06 AM - edited 10/21/2022 05:39 AM
Hi,
i resolved with this:
{
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "NO",
"REMOVEGROUPS": "NO", "ENABLEACCOUNTOU":"OU=employees,OU=disabled,OU=users,O=",
"uid": "${user.username}",
"AFTERMOVEACTIONS" : {
"loginDisabled": "false"
}
}
now the account is active.
10/21/2022 06:44 AM
Did you add "uid": "${user.username}" to make it work ?
Was the logs any helpful to get you the information leading you to this change/update ?