Saviynt Forums

nfraternali · ‎10/17/2022

Hi,

we are testing the Ldap connector for provisioning, in particular the enable account json. We are trying some configuration such us:

{

"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"REMOVEGROUPS": "NO",
"ENABLEACCOUNTOU":"OU=employees,OU=disabled,OU=users,O=calzedonia",
"AFTERMOVEACTIONS" : {
"loginDisabled": "true" }
}

in this configuration we also put the login disable to false but the status of the account remain set inactive and we also put the login disable into the afterenableactions and it doesn't work. The account remain always with all the configurations we tested with status inactive.

How can we activate the account?

Thank you

Noemi

@FCaremoli @JustSalva

avinashchhetri · ‎10/17/2022

@nfraternali,

Which LDAP is this ? Your disable account works fine ?

Can you share the logic for disable account ?

Regards,
Avinash Chhetri

JustSalva · ‎10/17/2022

Hi,

We are using the standard AD connector with the LDAP_OR_AD parameter set as "LDAP", the target system is a Microfocus LDAP. The requirement is to simply set the loginDisabled account parameter to "true".

Yes, our disable account works fine, you can find it below:

{
"deleteAllGroups":"No",
"uid": "${user.username}",
"loginDisabled": "true"
}

Ankyt19 · ‎10/17/2022

Hi @JustSalva @and @nfraternali ,

try putting like this :

loginDisabled": "”

don’t put value as true for above parameter and give a try .

please let me know if issues persists .

thank you

Ankit

nfraternali · ‎10/18/2022

Hi @Ankyt19,

I try putting "loginDisabled": "" but remain always inactive.

avinashchhetri · ‎10/17/2022

@JustSalva,

Does loginDisabled happens to be an operational attribute ?

If the "loginDisabled": "true" for disable Account, then while enabling it back, shouldn't it probably be "loginDisabled": "false" ? I see it being set to true again while enabling from the snippet that @nfraternali shared.

Regards,
Avinash Chhetri

JustSalva · ‎10/18/2022

Hi,

I'm unsure whether loginDisabled is an operational attribute or not, but setting the READ_OPERATIONAL_ATTRIBUTES parameter did not change the behavior of the EnableAccountJson

Yes, we want to set the "loginDisabled" as "false" while enabling the account, but the problem is that whichever value we put there is not written in LDAP.

Is there something wrong in our configuration? it is picked 1:1 from the documentation and there is not present any explanation of the possible parameters and their behavior in the ENABLEACCOUNTJSON

avinashchhetri · ‎10/19/2022

No, the configuration seems correct, anything specific in the logs when it tries to modify the said attribute ?

Regards,
Avinash Chhetri

nfraternali · ‎10/20/2022

Hi,

in the logs i only found this:

avinashchhetri · ‎10/20/2022

@nfraternali,

The log snippet that you have shared are from the reconciliation, not provisioning operation on the user enable.

Regards,
Avinash Chhetri

nfraternali · ‎10/21/2022

Hi,

i resolved with this:

{
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "NO",
"REMOVEGROUPS": "NO", "ENABLEACCOUNTOU":"OU=employees,OU=disabled,OU=users,O=",
"uid": "${user.username}",
"AFTERMOVEACTIONS" : {
"loginDisabled": "false"
}
}

now the account is active.

avinashchhetri · ‎10/21/2022

@nfraternali,

Did you add "uid": "${user.username}" to make it work ?

Was the logs any helpful to get you the information leading you to this change/update ?

Regards,
Avinash Chhetri

Saviynt Forums

EnableAccountJson doesn't set the status active