Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Provisioning and Import not working as expected

ryneg
Visitor
Visitor

‎10/23/2024 06:54 AM

Hello,

 

We have an integration being created with LDAP directory. We are able to import both access and accounts. However, there is no correlation between the accounts and the group memberships that those accounts have.

 

Also when provisioning a new account and access, the account is created and then the account is added to the group under attribute "uniquemember" but the group membership is not displayed under the account attribute "memberof" (example). 

 

We are not seeing any errors as provisioning is happening but it seems like we are overlooking some mapping that could help fix all of this issue. We do have customproperty2 set in the entitlement type for the integration and also have the following placed in to the config for the endpoint:

{"conf":[{"ADDMEMBERTOENT":"TRUE"},{"ADDUSERTOENT":"TRUE"}]}

 

Any help on this would be greatly appreciated. Below is the current group import mapping being used for reference. Please let me know if there is anything else I need to add for better documentation of the problem.

 

{
"importGroupHierarchy": "true",
"entitlementTypeName": "memberOf",
"performGroupAccountLinking": "true",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:uniqueMember_char,customproperty1:cn_char,customproperty2:instanceType_char,customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty12:dn_char,customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:cn_char,customproperty9:name_char,customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,entitlement_value:nameinnamespace_char,entitlementid:nameinnamespace_char,customproperty14:objectClass_char,updatedate:whenChanged_date,customproperty17:nameinnamespace_char,customproperty18:objectGUID_Binary,RECONCILATION_FIELD:customproperty17"
}

 

Labels:
0 Kudos
1 REPLY 1

rushikeshvartak
All-Star
All-Star

‎10/23/2024 06:58 AM

Use below sample

{
"importGroupHierarchy": "true", 
"entitlementTypeName": "", 
"performGroupAccountLinking": "false",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)", 
"mapping":"memberHash:member_char,entitlement_value:distinguishedName_char, entitlement_glossary:description_char, description:description_char, displayname:cn_char, createdate:whenCreated_date, updatedate:whenChanged_date, customProperty24:grouptype_char, customProperty25:dscorepropagationdata_char, customProperty28:managedby_char, customproperty29:name_char, customproperty30:objectCategory_char, customProperty31:samaccountname_char, customproperty32:uSNCreated_char, customproperty33:cn_char, customproperty34:objectClass_char, customProperty35:samaccounttype_char, customproperty36:instanceType_char, customproperty37:objectGUID_Binary, customproperty38:uSNChanged_char, customproperty39:extensionAttribute4_char,customproperty40:gcAcctFlags_char,RECONCILATION_FIELD:customproperty33", "activeGroupPossibleValues": ["active","a","l","TRUE"]
 }

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC