cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Group Assignment from GRC10

Go to solution
Former Member

on ‎08-19-2014 11:20 AM

0 Kudos

Hi Experts,

We are planning to implement the LDAP group assignment from GRC10

For this we have performed end to end configuration

Created the connector and performed LDAP server configuration ( for LDAP system user we have given pseudo access)

Done mapping for connector etc

Performed the all the synchronizations and everything is working fine

I have imported the groups as single roles using role import and scheduled synchronization job (full sync), but the role exits says No'.

Even the roles are present in the tables GRACRLCONN & GRACROLE.

Current SP level is 13

Kindly suggest.

Thanks,

Sriram

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-20-2014 11:45 PM
0 Kudos

Hi All,

I have implemented the note 1867742 and now it is working fine.

Thanks all for your support.

Regards,

Sriram

Show replies
Show replies

Answers (1)

Answers (1)

alessandr0
Active Contributor
‎08-19-2014 11:37 AM
0 Kudos

Hi Sriram,

did you try to run the GRAC_REP_OBJ_SYNC (Full sync mode) to a specific connector? Actually this changes the status "Role exists" when the role exists in the back-end.

Regards,

Alessandro

Show replies
Show replies
Former Member
‎08-19-2014 12:02 PM
0 Kudos

Hi Alessandro,

Yes... I have schedule the full sync job many times .. but still it is showing that the Role Exists 'NO'.

even in the result of the full sych it is giving the exact number of roles and users that have sync in to GRC.

Thanks,

Sriram

alessandr0
Active Contributor
‎08-19-2014 12:10 PM
0 Kudos

Strange - can you check SLG1 in both systems (grc and plug-in) after running the sync job? Any error message showing up?

Former Member
‎08-19-2014 12:31 PM
0 Kudos

HI Alessandro,

Again i have scheduled the full sync job in grc for LDAP connector to capture SLG1 logs

Job is successful and there were no errors and we have 2 users & 2 groups in the current base entry.

Here plugin system in LDAP so i cannot get Log there.

Below is the SLG1 log in GRC10

Thanks,

Sriram

Former Member
‎08-19-2014 4:53 PM
0 Kudos

HI Alessandro,


in addition to that i have added the LDAP connector to AUTH/PROV/ROLMG scenario


Also assigned the actions Role Generation, Role Risk Analysis, Authorization Maintenance, Provisioning


Maintained the Group path and user path


Below is the mapping details that i have done for provisioning groups




Kindly analyse and suggest


Thanks,

Sriram

former_member193066
Active Contributor
‎08-19-2014 6:57 PM
0 Kudos

Thats group parameter mapping.

This activity is for provisioning into systems that are SPML1.0 compliant, like IDMs and SAP EP. These entries are based on the schema exposed by IDMs.

Let me know incase you have any query.

Regards,

Prasant.

Former Member
‎08-19-2014 8:08 PM
0 Kudos

HI Prasant,

Thanks for your reply.

Here i am trying to provision LDAP groups from GRC 10.

So is there any separate mapping i need to do.

If i change these mapping then schedule the sync job and import the LDAP groups then Role Exist will then convert to 'YES'.

Awaiting fro your response

Thanks,

Sriram

Former Member
‎08-20-2014 10:07 AM
0 Kudos

Hi Alessandro/Prasant,

I have deleted group parameter mapping (please check the above screen shot)  in 'maintain mapping for actions and connector groups'.

Now i have again run the sync job, but i can see there are total 5 values sitting in GRACRLCONN table.

Here both the users & groups came for the ROLE_ID value.

Even now the Role Exist show NO.

Kindly please suggest.

Thanks,

Sriram

former_member193066
Active Contributor
‎08-20-2014 2:19 PM
0 Kudos

CL_GRAC_AD_AUTH_MGMT_LDAP IF_GRAC_AD_AUTH_MGMT~GET_ROLE_LIST is for

CL_GRAC_AD_AUTH_MGMT_LDAP check if you have maintained in integration scenario

Regards,

Prasant

Former Member
‎08-20-2014 6:20 PM
0 Kudos

Hi Prasanth,

Yes CL_GRAC_AD_AUTH_MGMT_LDAP is maintained in AUTH scenario for LDAP connector

CL_GRAC_AD_ACCESS_MGMT_LDAP maintained for ROLMG & PROV scenario

And i have added LDAP connector to all the 3 scenarios

Thanks,

Sriram

Former Member
‎08-20-2014 6:21 PM
0 Kudos

In Addition to that in ROLMG scenario i have added CL_GRAC_AD_ACCESS_MGMT_LDAP

Ask a Question