on 04-13-2009 3:02 PM
All:
I have a few questions about how to handle EP users and privileges in IDM.
The EP uses a LDAP as the data source
1. How do I do the initial load. Do I use AS Java (LDAP) or AS Java(Database) or both
2. Looking at the passes under the job AS Java (LDAP) is looks like it reads the localjavausers but how would it read the backend LDAP because we do not give the user and password for LDAP in the repository constants.
3. OR should I connect the backend LDAP as a seperate repository and do its own initail load.
Thanks for your time.
Thanks
S.
Found out, you need to change to Ldap filter in the source tab of the readlocaljavausers job
datasource = PRIVATE_DATASOURCE
to whatever the ldap datasource is set as.
e.g. datasource = CORP_LDAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This works now. I had to restart dispatcher for the 3600s setting to work.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shabnam
Regarding your second question below
2. Looking at the passes under the job AS Java (LDAP) is looks like it reads the localjavausers but how would it read the backend LDAP because we do not give the user and password for LDAP in the repository constants.
Did you manage to load the backend ldap accounts with the AS Java (database) job? because it still looks like the job will only pull the ume accounts and not the ldap ones.
Regards
Leo
Shabnam,
I'd suggest taking a look at the SAP Provisioning framework. It should point you in the right direction.
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Shabnam,
The framework does include inital load tasks. Please consult the operations guide. [https://www.sdn.sap.com/irj/sdn/nw-identitymanagement?rid=/webcontent/uuid/405d9f79-3287-2b10-e884-ab766860762d] [original link is broken]; for more information. I saw a reference around page 34.
Hope this helps,
Matt
Matt,
I am running IDM version 7.0. The operations guide does not says anything about initial loads.
I started a AS JAVA(LDAP) initial load and on the first pass "ReadLocalJavaUsers" itself it hangs and times out.
13.04.2009 13:21:54 :I:Initializing custom pass FromSPML: ReadLocalJavaUsers
13.04.2009 13:21:54 :I:Initializing SPML search
13.04.2009 13:21:54 :I:http://<hostname>:<port>/spml/provisioning
13.04.2009 13:21:54 :I:SAPprincipals
SAPprincipals is the starting point and it doesnt go any further. I was able to successfully do a load when I tried it on IDM SP1 last year. I am not sure whats changed since then
Thanks
S.
Hi Shabnam
I used the Database for my Inital Load and had no problems so far. This even worked with a MiniSAP.
Can you reach the portal under http://hostname:port when you open a browser on the IDM machine? Might be a firewall issue. Maybe also try to enter the IP in your repository definition. You might have a DNS issue.
If I enter the URL in my browser I get: SPML Provider successfully installed and configured (full access)
As you said it worked before I assume the problem is in this area.
HTH
Chris
Chris,
I am able to access http://<host>:<port>/spml/provisioning from the IDM machine with any problems. I also get the SPML Provider successfully installed and configured (full access).
I am not sure where things are going wrong.
Thanks
S.
I am using the AS JAVA (Database) initial load. It keeps getting timed out and re-scheduled.
I also tried increasing the "execution timeout" to even upto 3600 sec. Still it does not go beyond
:I:Initializing custom pass FromSPML: ReadLocalJavaUsers
:I:Initializing SPML search
:I:http://<host>:50000/spml/provisioning
:I:SAPprincipals
I can get to http://<host>:50000/spml/provisioning in the same box, I can telnnt to the port.
I keeps timing out and rescheduling.
:I:Job completed in 3389.274 seconds.
:I:Handled: 0 Warnings: 4
:I:Total time used is 3390.039 seconds.
:W:mc_job_set_finish(2374) signalled failure! Status=Not legal to stop job in this state (1)
:X:Closing IdentityCenter
:X:Execution completed in 3390.54 seconds.
Why is this happening?
Thanks
S.
User | Count |
---|---|
81 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.