Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
sma2006
sma2006 Outstanding Contributor.
Outstanding Contributor.
‎2019-05-21 15:50

Re: eDirectory LDAP fulfillment -- calling for example /use

So, I tried to start again from scratch with the ADIR permissions/accounts:

1) Delete the current AD application data source --> OK
2) Create new application data source --> OK
3) Add AD account collector with default value --> OK
4) Collect & publish --> get new accounts for AD users that are mapped with Identities --> OK
5) Add AD permission collector with default value --> OK
6) Collect & publish again --> get new permisssions for group membership of AD account --> OK
7) All identities from AD Identity source are mapped with AD account (same source) and get permissions (AD group) and also groups (same AD group).


This looks ok , now , I'm going to configure and test the LDAP fulfillment.
0 Likes
Reply
sma2006
sma2006 Outstanding Contributor.
Outstanding Contributor.
‎2019-05-21 16:49

Re: eDirectory LDAP fulfillment -- calling for example /use

I made a try with a CSV fulfillment for AD permission, just to see attributes availability and I get this:

changeItemId,changeRequestType,fulfillmentInstructions,userName,account,appName,reason,permName
"19","ADD_PERMISSION_TO_USER","","John Demo","","AD Account Permissions","Add Permission to user for permission ERP_Administrators to be given to John Demo requested by John Demo. Reason for request: test; test","ERP_Administrators"

And I can see there is no account ?

Let's try now with LDAP fulfillment.
0 Likes
Reply
Highlighted
sma2006
sma2006 Outstanding Contributor.
Outstanding Contributor.
‎2019-05-21 16:54

Re: eDirectory LDAP fulfillment -- calling for example /use

Still error : y
May 21, 2019 5:53:58 PM
Comment: Item 'ADD_PERMISSION_TO_USER' does not contain all required provisioning attributes (permProvAttr, permProvId, accountProvId).

With LDAP Fulfillment
0 Likes
Reply
sma2006
sma2006 Outstanding Contributor.
Outstanding Contributor.
‎2019-05-21 17:09

Re: eDirectory LDAP fulfillment -- calling for example /use

Reading your answer again, I think I found the problem, the default mapping for "permission-account or user mapping" is User ID from source and NOT Account ID from source.


Now after changing this I get the following with CSV fulfillment :

changeItemId,changeRequestType,fulfillmentInstructions,userName,account,appName,reason,permName
"22","ADD_PERMISSION_TO_USER","","John Demo","CN=John Demo,OU=users,OU=idsa,DC=demoidsa,DC=com","AD Account Permissions","Add Permission to user for permission ERP_Administrators to be given to John Demo requested by John Demo. Reason for request: Test; Test with member mapped to Account ID from source","ERP_Administrators"


And finally , the LDAP AD Fulfillment get :

Fulfilled Via DAAS
May 21, 2019 6:07:13 PM
Comment: Change Item '23' Fulfilled. Type: ADD_PERMISSION_TO_USER, Target Account: CN=John Demo,OU=users,OU=idsa,DC=demoidsa,DC=com, Target Permission: CN=ERP_Administrators,OU=groups,OU=idsa,DC=demoidsa,DC=com
Verification required

Great , it works !!!!

Thanks a lot for you valuable help.

Sylvain
0 Likes
Reply
geoffc
Knowledge Partner
Knowledge Partner
‎2019-05-21 17:30

Re: eDirectory LDAP fulfillment -- calling for example /use case

On 5/21/2019 12:14 PM, sma wrote:
>
> Reading your answer again, I think I found the problem, the default
> mapping for "permission-account or user mapping" is User ID from source
> and NOT Account ID from source.
>
>
> Now after changing this I get the following with CSV fulfillment :
>
> changeItemId,changeRequestType,fulfillmentInstructions,userName,account,appName,reason,permName
> "22","ADD_PERMISSION_TO_USER","","John Demo","CN=John
> Demo,OU=users,OU=idsa,DC=demoidsa,DC=com","AD Account Permissions","Add
> Permission to user for permission ERP_Administrators to be given to John
> Demo requested by John Demo. Reason for request: Test; Test with member
> mapped to Account ID from source","ERP_Administrators"
>
>
> And finally , the LDAP AD Fulfillment get :
>
> Fulfilled Via DAAS
> May 21, 2019 6:07:13 PM
> Comment: Change Item '23' Fulfilled. Type: ADD_PERMISSION_TO_USER,
> Target Account: CN=John Demo,OU=users,OU=idsa,DC=demoidsa,DC=com, Target
> Permission: CN=ERP_Administrators,OU=groups,OU=idsa,DC=demoidsa,DC=com
> Verification required

Woo Hoo! I got one right! See what I mean about thiis aspect being a
little bit confusing?

0 Likes
Reply
stevewdj
Micro Focus Expert
Micro Focus Expert
‎2019-05-23 13:32

Re: eDirectory LDAP fulfillment -- calling for example /use case

On 5/21/19 12:14 PM, sma wrote:
>
> Reading your answer again, I think I found the problem, the default
> mapping for "permission-account or user mapping" is User ID from source
> and NOT Account ID from source.
>
>
> Now after changing this I get the following with CSV fulfillment :
>
> changeItemId,changeRequestType,fulfillmentInstructions,userName,account,appName,reason,permName
> "22","ADD_PERMISSION_TO_USER","","John Demo","CN=John
> Demo,OU=users,OU=idsa,DC=demoidsa,DC=com","AD Account Permissions","Add
> Permission to user for permission ERP_Administrators to be given to John
> Demo requested by John Demo. Reason for request: Test; Test with member
> mapped to Account ID from source","ERP_Administrators"
>
>
> And finally , the LDAP AD Fulfillment get :
>
> Fulfilled Via DAAS
> May 21, 2019 6:07:13 PM
> Comment: Change Item '23' Fulfilled. Type: ADD_PERMISSION_TO_USER,
> Target Account: CN=John Demo,OU=users,OU=idsa,DC=demoidsa,DC=com, Target
> Permission: CN=ERP_Administrators,OU=groups,OU=idsa,DC=demoidsa,DC=com
> Verification required
>
> Great , it works !!!!
>
> Thanks a lot for you valuable help.
>
> Sylvain
>
>
Greetings,
This shows that you were not correctly set-up. As I outlined
earlier you have to go Permission -> Account -> Identity. You were sill
going Permission -> Identity.


--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.