Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

memberuid account to entitlement mapping

TAR
New Contributor
New Contributor

‎05/03/2024 07:19 AM

We have a linux ldap connection where the group membership is stored in group object as multivalued attribute (attribute name in memberuid), when we ran access import, groups are getting created in saviynt but mapping of accounts to entitlements are not happening. Any insights on this. Below are the jsons:

Account mapping:

[CUSTOMPROPERTY19::nsUniqueId#String,
CUSTOMPROPERTY18::entrydn#String,
CUSTOMPROPERTY20::nameinnamespace#String,
CUSTOMPROPERTY1::entrydn#String,
ACCOUNTID::uid#String,
NAME::uid#String,
CREATED_ON::createTimestamp#customDate--yyyyMMddHHmmss,
UPDATEDATE::modifyTimestamp#customDate--yyyyMMddHHmmss,
ACCOUNTCLASS::objectClass#String,
CREATOR::creatorsName#String,
CUSTOMPROPERTY2::cn#String,
CUSTOMPROPERTY3::uidNumber#String,
CUSTOMPROPERTY4::gidNumber#String,
CUSTOMPROPERTY5::modifiersName#String,
CUSTOMPROPERTY6::entryid#String,
CUSTOMPROPERTY7::nsUniqueId#String,
CUSTOMPROPERTY8::parentid#String,
CUSTOMPROPERTY9::homeDirectory#String,
CUSTOMPROPERTY10::loginShell#String,
CUSTOMPROPERTY51::host#String,
CUSTOMPROPERTY12::nsAccountLock#String,
CUSTOMPROPERTY13::shadowMax#String,
CUSTOMPROPERTY14::shadowWarning#String,
CUSTOMPROPERTY15::lastLoginTime#customDate--yyyyMMddHHmmss,
CUSTOMPROPERTY16::passwordExpirationTime#customDate--yyyyMMddHHmmss,
CUSTOMPROPERTY17::pwdReset#String,
RECONCILATION_FIELD::ACCOUNTID
]

 

groupImportMapping

 

{
"importGroupHierarchy": "false",
"entitlementTypeName": "memberUid",
"performGroupAccountLinking": "true",
"groupObjectClass": "(objectClass=posixGroup)",
"mapping": "memberHash:memberUid_char,entitlement_value:nameinnamespace_char,entitlement_glossary:description_char,lastscandate:createtimestamp_date,displayName:cn_char,customProperty1:entryid_char,customProperty2:objectclass_char,customProperty3:gidnumber_char,customProperty7:creatorsname_char,customProperty4:memberuid_char,customProperty5:modifiersname_char,customProperty6:uidNumber_char,customProperty5:entrydn_char,RECONCILATION_FIELD:customproperty18,customproperty18:nsUniqueId_char"
}

 

TAR_0-1714745942016.png

 

Labels:
0 Kudos
11 REPLIES 11

NM
Honored Contributor II
Honored Contributor II

‎05/03/2024 07:39 AM

Hi @TAR , could you share other details from connection? Mask the sensitive values.

0 Kudos

TAR
New Contributor
New Contributor

‎05/03/2024 08:13 AM

Hi @NM 

Please check the below screenshot:

 

TAR_0-1714748994903.pngTAR_1-1714749055942.pngTAR_2-1714749080920.pngTAR_3-1714749110956.pngTAR_4-1714749139891.pngTAR_5-1714749169542.pngTAR_6-1714749190178.png

 

0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to TAR

‎05/03/2024 11:11 AM

Hi @TAR config looks okay, do you see any mapping after running account and access import seperately?

0 Kudos

TAR
New Contributor
New Contributor

‎05/03/2024 11:58 AM

Hi @NM 

What kind of mapping are you referring to here, when access import is ran, I see the below logs:

 

2024-05-03T14:11:05.590625213Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [jwwegert] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590659468Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [cmfranco] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590698396Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [mfma] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590751943Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [sxtrupia] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590781362Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [jwwegert] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590814814Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [MFMA] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590852645Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [sxtrupia] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590877667Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [kmcoles] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590913131Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [bhdowns] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590965889Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [tqtran] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.590998189Z stdout F 2024-05-03 14:11:05,590 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [mastefan] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.59103107Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [jwwegert] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.59106785Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [mfma] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.591108892Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [mfma] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.59115277Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [sapadm is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.591154705Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - aetadm is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.59117721Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - apdougla is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.591181358Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - aksulliv is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.59119422Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - jwjoiner is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.591209978Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - root is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.59122841Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - tcmoeur is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.591244636Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - vkmallel] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.591279484Z stdout F 2024-05-03 14:11:05,591 [quartzScheduler_Worker-10] DEBUG services.AdImportService - [chhogan] is not available
 
2024-05-03T09:11:06-05:00-ecm-worker--null-q56ls--2024-05-03T14:11:05.592181661Z stdout F 2024-05-03 14:11:05,592 [quartzScheduler_Worker-10] DEBUG services.AdImportService - Start delete Account_entitlements1 and Entitlements2 not imported in this job for entitlementIds: 249
0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to TAR

‎05/03/2024 10:09 PM

Hi @TAR, trigger account import first and share the logs plus check once if you see any entitlement mapping for account ... Then trigger access import, share logs and check entitlement mapping if it is affected.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to TAR

‎05/04/2024 07:47 AM

Below attribute is missing in mapping json

"groupAccountMappingAttributeName":"member",

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

TAR
New Contributor
New Contributor
In response to rushikeshvartak

‎05/09/2024 12:33 PM

Hi @rushikeshvartak 

adding that attribute also did not work

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to TAR

‎05/09/2024 07:03 PM

Please share logs in text file


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

TAR
New Contributor
New Contributor
In response to rushikeshvartak

‎05/10/2024 07:52 AM

Hi @rushikeshvartak 

 

Please find attached

Preview file
476 KB
Preview file
189 KB
0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to TAR

‎05/06/2024 08:24 PM

Hi @TAR , were you able to resolve the issue?

0 Kudos

TAR
New Contributor
New Contributor

‎05/09/2024 12:32 PM

Hi @NM 

I have ran both recon but the mapping is still not happening.

attached is the logs

Preview file
476 KB
Preview file
189 KB
0 Kudos
Copyright © 2024 Khoros, LLC