on 07-02-2015 9:57 PM
Hi experts!
Im working in GRC10.1 AC SP07, and im trying to configure provisioning for AD Groups. I have created group in BRM, and im able to do the request; however, when this request is approved provisioning fails.
In SLG1 i get following message and audit log for request says: "Auto provisoning failed; Applied Escape route"
MSADCLNT000 is LDAP connector and "APP_NEX_Operacion" is the AD group.
Any idea about which could be the problem?
I think problem could be USER PATH and GROUP PATH; i don´t know exactly how to configure this point because users belong to a certain OU in AD, and groups belong to another OU.
Note im using LDAP connector like Data Source until now, and it works fine.
Thanks a lot!
Emiliano
LDAP group provisioning is configured in SPRO "Assign Group Parameter Mapping' under "Maintain mapping for Actions and Connector groups". There map the 'GROUPMEMBER' AC filed to 'uniquemember' parameter value, that will solve the problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
No solution to that problem ? I have the same issue.
My search patch is : CN=XXXX-ALL-SysGroup,OU=ouDistribution,OU=ouGroups,DC=XXXXt,DC=XXXX"
Thanks is someone can help,
Pierre
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pierre!
In my case, i have two OU, one for AD Groups and another for Users; yo can map these under SPRO>> Governance, Risk and Compliance>> Access Control>> Maintain Connector Setting; there you select your LDAP Connector and then "Assign attributes to the connector". Attribute names are "GROUP PATH" and "USER PATH".
I hope this help you.
Regards
Emiliano
Hello,
Please make sure in your LDAP attribute mapping you map all the required objectClasses that exist in target LDAP server to group parameter User:OCThis is sample LDAP group parameter mapping for action type 4:
User:OC top
User:OC person
User:OC user
User:OC organizationalPerson
User:OC inetOrgPerson
Also the default password for LDAP user is hardcoded to Password1!, but if in case customer wants to change it,
please add an attribute Password and provide the value that matches with the password policy of your LDAP server.
Ex. in group field mapping:
PASSWORD Password123!
Ex. of group field mappings:
PASSWORD Password1!
USERID CN
FIRSTNAME SN
LASTNAME givenName
EMAIL mail
COMPANY COMPANY
Please make sure you map CN to userID field. As that is used to construct DN for the provisioned user.
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.