We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

How can I update different attributes on LDAP based on some enterprise role

abhiupadhyay
New Contributor III
New Contributor III

So in our use case, other than normal LDAP groups.. client has list of actions to be taken based on a role provided. this mainly because the unix authentication is managed by LDAP. 

For example if I assign enterprise role "host1" to the user, it should add "host1" in the "host" field of LDAP and also should update UID etc. 

Similarly some other enterprise role, a different set of fields needs to be updated in LDAP with specific values. 

What is the best way to achieve this. Since it's not direct entitlement, not sure how can I link these "actions" with enterprise roles. 

3 REPLIES 3

sk
All-Star
All-Star

Why you have to use enterprise roles to provision certain attributes? why not dynamic attributes or other ways to do this?

Can you please explain your use case? why you want to use enterprise role to update LDAP attributes?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

abhiupadhyay
New Contributor III
New Contributor III

In this scenario LDAP servers has a list of UNIX Profiles. If a user has this profile listed under multivalued attribute "host", he/she would have authentication access to that specific unix machine.

For different hostprofiles there could be some additional attributes also needs to be populated… like if it is a Database server profile then ldap attribute related to DB home needs to be populated.

It is a normal linux server profile .. Then "homedirectory",'Shell" etc needs to be populated.

 

We need to link these provisions with roles in Saviynt, so if a user requests for a particular role, the required access policy should invoke to populate different fields in LDAP.

How would I achieve this with dynamic role ? We are not going to expose account farm to user.

They will have only enterprise roles to request for.

Directly you can’t fetch enterprise roles in JSON

 

workaround :

create actionable report for update account task and build your logic to pass required additional attributes to ldap / target


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.