This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can I update different attributes on LDAP based on some enterprise role

abhiupadhyay
New Contributor III
New Contributor III

‎02/09/2023 09:05 AM

So in our use case, other than normal LDAP groups.. client has list of actions to be taken based on a role provided. this mainly because the unix authentication is managed by LDAP. 

For example if I assign enterprise role "host1" to the user, it should add "host1" in the "host" field of LDAP and also should update UID etc. 

Similarly some other enterprise role, a different set of fields needs to be updated in LDAP with specific values. 

What is the best way to achieve this. Since it's not direct entitlement, not sure how can I link these "actions" with enterprise roles. 

Labels:
0 Kudos
3 REPLIES 3

sk
All-Star
All-Star

‎02/09/2023 11:02 AM

Why you have to use enterprise roles to provision certain attributes? why not dynamic attributes or other ways to do this?

Can you please explain your use case? why you want to use enterprise role to update LDAP attributes?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

abhiupadhyay
New Contributor III
New Contributor III

‎02/13/2023 06:57 PM

In this scenario LDAP servers has a list of UNIX Profiles. If a user has this profile listed under multivalued attribute "host", he/she would have authentication access to that specific unix machine.

For different hostprofiles there could be some additional attributes also needs to be populated… like if it is a Database server profile then ldap attribute related to DB home needs to be populated.

It is a normal linux server profile .. Then "homedirectory",'Shell" etc needs to be populated.

 

We need to link these provisions with roles in Saviynt, so if a user requests for a particular role, the required access policy should invoke to populate different fields in LDAP.

How would I achieve this with dynamic role ? We are not going to expose account farm to user.

They will have only enterprise roles to request for.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to abhiupadhyay

‎02/13/2023 09:26 PM - edited ‎02/13/2023 09:27 PM

Directly you can’t fetch enterprise roles in JSON

 

workaround :

create actionable report for update account task and build your logic to pass required additional attributes to ldap / target


Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.
0 Kudos
Copyright © 2023 Khoros, LLC