on 10-01-2012 3:27 PM
Hello experts,
I am running idm 7.2 sp5 patch 1 and facing some trouble around reconciliation...
Basically my point is to reconcile users, groups and privileges between idm and my target system (ie an active directory).
My trouble comes when writing the missing users in the ids. I used the pass used in the ADS initial load, just changing the initial query. so i read my users and then write them to my identity store, giving them the priv system and priv only. But it then triggers provisioning and so try to create the user... if i use a changetype add, it fails because the user already exists in AD (resulting in a failed assignment of the priv:ad:only and so no further assignment possible), if i use a changetype modify it also fails except if i disable some attributes that i want to have when a really create a new user...
Do you know anyway to avoid this or should i just create a csv file where i write that the user exists in AD but not in IDM but do nothing?
Thanks a lot for your answers,
Clotilde
ok, i found my answer. I deleted the line changetype and then for every attribute I changed it to write them only when writing the entry, this way my pass doesn't fail. The only trouble left is that going through provisioning again, it creates a new password for the user but since it is sent to a generic adress, there is no big problem here.
Thanks a lot,
Clotilde
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
thankfully, my client doesn't need a lot of attributes to be updated and those can go through without the 'write only when adding entry' (like name, surname, etc...).
Would you happen to have a better way to do it?
Actually i'm having trouble with every bit of reconciliation with AD, especially when it comes to user to group assignment or missing groups in idm since the provisioning is always triggered and always fails (the AssignUserToADSGroup for example fails because the assignment already exists in the AD).
Do you know how i could manage to do this without errors?
Thank you,
Clotilde
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.