Automatic user provisioing with SUN Directory Server

Hi

Thanks for your reply.

Can you tell me in which form i have to put this code.

I did not get this line

You'll also need to make sure that your edit user form sets the resource attributes for this resource either directly or through globals.

I wana set these value blobally.

Thanks.

rahulsainia at 2007-7-12 9:39:47 >

Hi

Suren thanks for reply.

Here I explain what is the requirement here.

I have two target soource SUN LDAP and Active Directory.

In SUN LDAP I am storing posixuser and posixgroup.

In Active directory i have some groups and containers.

I am using flatfile as a authorative datasource.

So in a flatfile we are passing accountid,firstname,lastname,uidnumber, role,rolestatus , departmentnumber,description

When user will get account in IDM then It should get account in AD and LDAP automatically.

But provisioning is based on role.

IN LDAP

suppose i have 5 unixgroup(posixgroup).

So in ldap user can have multiple group on a single role.

Based on flatfile role user should get account in LDAP group.

For AD

In AD i have some group and container.

AD group will be based on flatfile role and Container will be based on department number.

for example

deptno=100

ou=sales,dc=example,dc=com

deptno=101

ou=IT,dc=example,dc=com

Because provisioning is based on role so once the role changedn in flatfile then LDAP group and AD group shud be changed.

Rolestatus=A for account is active

Rolestatus=O for account is not active

please help me

I m doing it onsite and i am getting gud doc.

thanks

rahulsainia at 2007-7-12 9:39:47 >

All you are saying can be done in the active sync form you will attach with your flat file RA config.

For resources you have to set something like

<Field name='waveset.resources'>

..

<Expansion>

<block trace='true'>

<list>

<s>LDAP</s> -- Your LDAP RA name

<s>AD</s> -- Your AD RA name

</block>

</Expansion>

<Disable>

<neq>

<ref>feedOp</ref>

<s>create</s>

</neq>

</Disable>

</Field>

For those role assignment, you can write rules to set the values for all of them.

Regards,

Suren

Surinder_Singh_Boraa at 2007-7-12 9:39:47 >

Once again thanks.

or example

deptno=100

ou=sales,dc=example,dc=com

deptno=101

ou=IT,dc=example,dc=com

can you give me a sample rule code for this and how can i call this rule code in

form or workflow.

Please give me a proper syntax or code for this.

Really i m stuck with this.

Awaiting for response.

Thanks in Advanace.

rahulsainia at 2007-7-12 9:39:47 >

Thanks suren

I am sorry i m disturbing you again and again.Please dont mind.

I got your idea.

See I am using remedy as authorative source and i am fetching data from remedy. The same filed i m getting from remedy and doing provisioning with AD and LDAP based on role.

Because i m using Remedy ActiveSync . In remedy ActiveSync its use default form. so i cant pass value in form so want to call in workflow .

For container placement i can write rule based deprtno.

Again i explain you my whole requirement.

I have two target resource LDAP and AD.

In LDAP we have already posixaccount and posixgroup. I have imported all posixaccount and posixgroup in LDAP.

From Remedy i m getting uid(accountId),firstname,lastname,role,rolestatus,departmentnumber,description

and uidNumber.

Based on uidNumber will link ldap user and based on role will asign a posixgroup.

This for LDAP requirement.

For AD based on deptnumber will asign container and based on role will asign group.

We have two status for role A for active and O for inactive.

If statsu is A den user should get an access.If status is O then his account should be disable.

You have a very gud experience in SIM

Can you give me your persnal contact id or number so i can contact you.

Can we do

rahulsainia at 2007-7-12 9:39:47 >

For this lastest thing as your member thing is also related to the identity of the user, you have to rename ur user identity in the workflow.

Below is the whole activity for that :

<Activity id='1' name='Move User'>

<Action id='0' name='Modify AD User' application='com.waveset.session.WorkflowServices'>

<Argument name='op' value='checkoutView'/>

<Argument name='type' value='RenameUser'/>

<Argument name='id' value='$(accountId)'/>

<Argument name='authorized' value='true'/>

<Argument name='toRename' value='[AD]'/>

<Argument name='resourceAccounts.currentResourceAccounts[AD].selected' value='true'/>

<Return from='view' to='manNewView'/>

</Action>

<Action id='1'>

<expression>

<block trace='true'>

<block trace='true'>

<set name='new_identity'>

<concat>

<s>cn=</s>

<ref>accountId</ref>

<s>,OU=xxx,OU=xx,DC=abc,DC=acd</s>

</concat>

</set>

</block>

<set name='manNewView.accounts[AD].identity'>

<ref>new_identity</ref>

</set>

<set name='manNewView.resourceAccounts.currentResourceAccounts[AM AD].identity'>

<ref>new_identity</ref>

</set>

<set name='manNewView.resourceAccounts.currentResourceAccounts[AD].selected'>

<s>true</s>

</set>

</block>

</expression>

</Action>

<Action id='2' name='Rename Checkin' application='com.waveset.session.WorkflowServices'>

<Argument name='op' value='checkinView'/>

<Argument name='view' value='$(manNewView)'/>

<Argument name='authorized' value='true'/>

</Action>

</Activity>

Hope this will give you a hint. In case you want to mail me personally, here is my personl id : surinder_bora@yahoo.com

Rgds,

Suren

Surinder_Singh_Boraa at 2007-7-12 9:39:47 >