mickelarsson1 Absent Member.
Absent Member.
157 views

Identity Manager AE Permission collector and LDAP-query

Hi

I'm trying test collection on the Identity Manager AE Permission collector during an attempt to read the attribute nrfRequestDef on permissions. This results every time with the fact that no information is picked up. When looking at the LDAP-query when doing the test collection I only see this simple query:

base: "cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=Driver Set,ou=System,o=IDM"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=nrfRole)"
attribute: "nrfLocalizedNames"
attribute: "nrfLocalizedDescrs"
attribute: "owner"

Is the collector predefind to only query the attributes above on role objects? How can I change that?
0 Likes
5 Replies
mickelarsson1 Absent Member.
Absent Member.

Re: Identity Manager AE Permission collector and LDAP-query

OK, some study of the template json-file opened my eyes for the field "Additional permission attributes to collect". Which in fact is a "Comma-separated list of additional attributes to collect from Role, Resource, Group, and Container type permissions". That's good. Kind of odd however. Can collect nrfRequestDef now. Got the work on the transformation script then.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Identity Manager AE Permission collector and LDAP-query

On 6/13/19 11:14 AM, mickelarsson wrote:
>
> OK, some study of the template json-file opened my eyes for the field
> "Additional permission attributes to collect". Which in fact is a
> "Comma-separated list of additional attributes to collect from Role,
> Resource, Group, and Container type permissions". That's good. Kind of
> odd however. Can collect nrfRequestDef now. Got the work on the
> transformation script then.
>
>

Greetings,
I would strongly suggest that you do not change the behavior of the
IDM Permission Collector.



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
mickelarsson1 Absent Member.
Absent Member.

Re: Identity Manager AE Permission collector and LDAP-query

Even not to read additional attributes?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Identity Manager AE Permission collector and LDAP-query

On 6/14/19 3:34 AM, mickelarsson wrote:
>
> Even not to read additional attributes?
>
>

Greetings,
We have set-up the IDM Permission collector to work correctly with
IDM. If there is use case that you believe we are not covering with
this collector, then please open a Service Request so that you can I can
talk.

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
Knowledge Partner
Knowledge Partner

Re: Identity Manager AE Permission collector and LDAP-query

I think Steve is suggesting that you not export the Template JSON and then modify and remiport it as your collector.

If you want to add a new attribute of your own, I do not think it should be a problem.  Then display stuff based on that attribute (Multivalued or single valued).

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.