Skip to Content
0
Dec 28, 2011 at 06:01 PM

Add to an AD Group from a Privilege

46 Views

Hereu2019s my dilemma:

Use Case: There are a number of Active Directory groups that we have reconciled in as IDM Privileges. Each IDM Privilege has an attribute called PRIVDN that contains that contains the AD DN of the related Group. When a privilege is assigned to a user, we would like them automatically assigned to the relevant AD group.

Question: The relevant Framework task (AssignUserToADSGroup) is looking for an MSKEY in the DN ($FUNCTION.sap_core_getGroupACCOUNTFromPrivilege(%MSKEY%)$$). What MSKEY are they looking for? I know the Framework Task uses a different attribute, and I have no problem moving back to it.

Also, has anyone seen documentation for the 7.2 Provisioning Framework? I think Iu2019m missing the context that this task is supposed to execute in, because I think whatever it is Iu2019m missing is probably something pretty basic that if I did some reading, I would not have to ask this question at all. If anyone has a better way of doing this, let me know.

Thanks again for your help / advice.

Matt