Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/03/2024 07:19 AM
We have a linux ldap connection where the group membership is stored in group object as multivalued attribute (attribute name in memberuid), when we ran access import, groups are getting created in saviynt but mapping of accounts to entitlements are not happening. Any insights on this. Below are the jsons:
Account mapping:
[CUSTOMPROPERTY19::nsUniqueId#String,
CUSTOMPROPERTY18::entrydn#String,
CUSTOMPROPERTY20::nameinnamespace#String,
CUSTOMPROPERTY1::entrydn#String,
ACCOUNTID::uid#String,
NAME::uid#String,
CREATED_ON::createTimestamp#customDate--yyyyMMddHHmmss,
UPDATEDATE::modifyTimestamp#customDate--yyyyMMddHHmmss,
ACCOUNTCLASS::objectClass#String,
CREATOR::creatorsName#String,
CUSTOMPROPERTY2::cn#String,
CUSTOMPROPERTY3::uidNumber#String,
CUSTOMPROPERTY4::gidNumber#String,
CUSTOMPROPERTY5::modifiersName#String,
CUSTOMPROPERTY6::entryid#String,
CUSTOMPROPERTY7::nsUniqueId#String,
CUSTOMPROPERTY8::parentid#String,
CUSTOMPROPERTY9::homeDirectory#String,
CUSTOMPROPERTY10::loginShell#String,
CUSTOMPROPERTY51::host#String,
CUSTOMPROPERTY12::nsAccountLock#String,
CUSTOMPROPERTY13::shadowMax#String,
CUSTOMPROPERTY14::shadowWarning#String,
CUSTOMPROPERTY15::lastLoginTime#customDate--yyyyMMddHHmmss,
CUSTOMPROPERTY16::passwordExpirationTime#customDate--yyyyMMddHHmmss,
CUSTOMPROPERTY17::pwdReset#String,
RECONCILATION_FIELD::ACCOUNTID
]
groupImportMapping
{
"importGroupHierarchy": "false",
"entitlementTypeName": "memberUid",
"performGroupAccountLinking": "true",
"groupObjectClass": "(objectClass=posixGroup)",
"mapping": "memberHash:memberUid_char,entitlement_value:nameinnamespace_char,entitlement_glossary:description_char,lastscandate:createtimestamp_date,displayName:cn_char,customProperty1:entryid_char,customProperty2:objectclass_char,customProperty3:gidnumber_char,customProperty7:creatorsname_char,customProperty4:memberuid_char,customProperty5:modifiersname_char,customProperty6:uidNumber_char,customProperty5:entrydn_char,RECONCILATION_FIELD:customproperty18,customproperty18:nsUniqueId_char"
}
05/03/2024 07:39 AM
Hi @TAR , could you share other details from connection? Mask the sensitive values.
05/03/2024 08:13 AM
05/03/2024 11:11 AM
Hi @TAR config looks okay, do you see any mapping after running account and access import seperately?
05/03/2024 11:58 AM
Hi @NM
What kind of mapping are you referring to here, when access import is ran, I see the below logs:
05/03/2024 10:09 PM
Hi @TAR, trigger account import first and share the logs plus check once if you see any entitlement mapping for account ... Then trigger access import, share logs and check entitlement mapping if it is affected.
05/04/2024 07:47 AM
Below attribute is missing in mapping json
"groupAccountMappingAttributeName":"member",
05/09/2024 12:33 PM
adding that attribute also did not work
05/09/2024 07:03 PM
Please share logs in text file
05/10/2024 07:52 AM
05/06/2024 08:24 PM
Hi @TAR , were you able to resolve the issue?
05/09/2024 12:32 PM