Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STATUS_THRESHOLD_CONFIG locked/unlocked status

Tezinder
New Contributor
New Contributor

‎03/15/2024 06:47 AM

We are using STATUS_THRESHOLD_CONFIG where we are trying to mark account as locked or unlocked based on lockouttime. If lockouttime value is 0 then unlock or for any other value locked. But it not working. We have tried only by passing only unlock value but that did not worked either.

STATUS_THRESHOLD_CONFIG:

{
"statusAndThresholdConfig": {
"statusColumn": "customproperty29",
"activeStatus": [
"512",
"544",
"66048"
],
"inactiveStatus": [
"546",
"514",
"66050"
],
"deleteLinks": false,
"accountThresholdValue": 15000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": false,
"lockedStatusColumn": "customproperty31",
"lockedStatusMapping": {
"Unlocked": [
"0"
]
}
}
}

Value of lockouttime is not consistent in case of locked state but will be 0 in case of unlocked state. When we hardcode the value, something like this "Locked": ["132959598087830995"], then it works for the account that have lockouttime with this value. We have to somehow apply the logic for locked state that status should be locked when anything other than 0 is passed in lockouttime including null value.

We are importing lockouttime as string and also tried with millisec. CUSTOMPROPERTY31::lockoutTime#String

Any suggestions?

 

Labels:
0 Kudos
9 REPLIES 9

rushikeshvartak
All-Star
All-Star

‎03/17/2024 06:34 PM

instead of STATUS_THRESHOLD_CONFIG for lock status use import json using CONST


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Tezinder
New Contributor
New Contributor
In response to rushikeshvartak

‎03/18/2024 05:08 AM

I have tried this:

"customproperty31":: "#CONST#${(lockoutTime == '' || lockoutTime == null || lockoutTime = '0' ) ? '' : '1')}#String"

Error Log: 

2024-03-18T17:36:22+05:30-ecm-ldap.AdValidationService-http-nio-8080-exec-14-5nblm-DEBUG-Enter AD validateConnectionParameter()
 
2024-03-18T17:36:22+05:30-ecm-ldap.AdValidationService-http-nio-8080-exec-14-5nblm-DEBUG-Exit AD validateConnectionParameter()
 
2024-03-18T17:36:22+05:30-ecm-generic.GenericValidationService-http-nio-8080-exec-14-5nblm-ERROR-Connection Attributes Validation Errors :
 
2024-03-18T17:36:22+05:30-ecm-ldap.SaviyntGroovyLdapService-http-nio-8080-exec-14-5nblm-ERROR-Error while saving the Connection: ACCOUNT_ATTRIBUTE : Found bad value near : "customproperty31":: "#CONST#${(lockoutTime == '' || lockoutTime == null || lockoutTime = '0' ) ? '' : '1')}#String"
 
Also tried these with the same error:
"customproperty31":: "#CONST#${(lockoutTime == '' || lockoutTime == null || lockoutTime = '0' ) ? '' : '1')}~#~String"
 
 
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Tezinder

‎03/18/2024 06:33 AM 

"customproperty10": "#CONST#${(1==1)?'true':'false'}~#~char",

 

try above simple and lockoutTime should be response.lockoutTime


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Tezinder
New Contributor
New Contributor
In response to rushikeshvartak

‎03/18/2024 07:12 AM

Same error:

2024-03-18T19:38:53+05:30-ecm-ldap.AdValidationService-http-nio-8080-exec-39-5nblm-DEBUG-Enter AD validateConnectionParameter()
 
2024-03-18T19:38:53+05:30-ecm-ldap.AdValidationService-http-nio-8080-exec-39-5nblm-DEBUG-Exit AD validateConnectionParameter()
 
2024-03-18T19:38:53+05:30-ecm-generic.GenericValidationService-http-nio-8080-exec-39-5nblm-ERROR-Connection Attributes Validation Errors :
 
2024-03-18T19:38:53+05:30-ecm-ldap.SaviyntGroovyLdapService-http-nio-8080-exec-39-5nblm-ERROR-Error while saving the Connection: ACCOUNT_ATTRIBUTE : Found bad value near : "customproperty31": "#CONST#${(1==1)?'1':'0'}~#~char"
 
2024-03-18T19:41:53+05:30-ecm-ldap.AdValidationService-http-nio-8080-exec-41-5nblm-DEBUG-Enter AD validateConnectionParameter()
 
2024-03-18T19:41:53+05:30-ecm-ldap.AdValidationService-http-nio-8080-exec-41-5nblm-DEBUG-Exit AD validateConnectionParameter()
 
2024-03-18T19:41:53+05:30-ecm-generic.GenericValidationService-http-nio-8080-exec-41-5nblm-ERROR-Connection Attributes Validation Errors :
 
2024-03-18T19:41:53+05:30-ecm-ldap.SaviyntGroovyLdapService-http-nio-8080-exec-41-5nblm-ERROR-Error while saving the Connection: ACCOUNT_ATTRIBUTE : Found bad value near : "customproperty31": "#CONST#${(1==1)?'1':'0'}~#~string"
 
Just an FYI, it an AD connector and not ADSI
 
 
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Tezinder

‎03/18/2024 09:28 PM

AD Connector may not support CONST


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

adarshk
Saviynt Employee
Saviynt Employee

‎03/21/2024 10:15 AM

Hi @Tezinder 

As mentioned in the document, lockedStatusColumn needs to be defined stating possible values for both Locked and Unlocked. Below is the syntax:

{
  "statusAndThresholdConfig": {
    "accountThresholdValue": 1000,
    "statusColumn": "customproperty10",
    "activeStatus": ["true"],
    "deleteLinks": true,
    "lockedStatusColumn": "customproperty22",
    "lockedStatusMapping": {
      "Locked": ["1"],
      "Unlocked": ["0"]
    }
  }
}

Meanwhile as we check the solution to modify the import value and make it consistent to define in locked block, please confirm if the values for locked state consistent and do we have a defined list which can be used under locked state. 

Referance:

https://docs.saviyntcloud.com/bundle/Alibaba-v24x/page/Content/Creating-a-Connection.htm

 

 

0 Kudos

Tezinder
New Contributor
New Contributor
In response to adarshk

‎03/21/2024 08:51 PM

I have tried having locked and unlocked status both in the statusthresholdconfig.

The issues is lockouttime is not consistent. Connector is expecting it to be in 0 or 1 format but it is not. Locouttime status is "0" only in case when unlock action is performed on AD

There is no "1" there, rather it has timestamp of when the account is locked on AD which would never be consistent. That's problem and accounts are not getting locked on saviynt. 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Tezinder

‎03/27/2024 09:17 PM

You can use #CONST


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

adarshk
Saviynt Employee
Saviynt Employee

‎03/27/2024 12:04 AM - edited ‎03/27/2024 12:05 AM

Instead can you use useraccountcontrol and store it on a poperty in saviynt and include the expected status values under status threshold 

Ex:

"lockedStatusColumn":"customproperty5",
"lockedStatusMapping":{
"Locked":[
"0"
],
"Unlocked":[
"1"

You can check the possible userAccountControl values here:

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-...

 

0 Kudos
Copyright © 2024 Khoros, LLC