on 08-19-2014 11:20 AM
Hi Experts,
We are planning to implement the LDAP group assignment from GRC10
For this we have performed end to end configuration
Created the connector and performed LDAP server configuration ( for LDAP system user we have given pseudo access)
Done mapping for connector etc
Performed the all the synchronizations and everything is working fine
I have imported the groups as single roles using role import and scheduled synchronization job (full sync), but the role exits says No'.
Even the roles are present in the tables GRACRLCONN & GRACROLE.
Current SP level is 13
Kindly suggest.
Thanks,
Sriram
Hi All,
I have implemented the note 1867742 and now it is working fine.
Thanks all for your support.
Regards,
Sriram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sriram,
did you try to run the GRAC_REP_OBJ_SYNC (Full sync mode) to a specific connector? Actually this changes the status "Role exists" when the role exists in the back-end.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Alessandro,
in addition to that i have added the LDAP connector to AUTH/PROV/ROLMG scenario
Also assigned the actions Role Generation, Role Risk Analysis, Authorization Maintenance, Provisioning
Maintained the Group path and user path
Below is the mapping details that i have done for provisioning groups
Kindly analyse and suggest
Thanks,
Sriram
HI Prasant,
Thanks for your reply.
Here i am trying to provision LDAP groups from GRC 10.
So is there any separate mapping i need to do.
If i change these mapping then schedule the sync job and import the LDAP groups then Role Exist will then convert to 'YES'.
Awaiting fro your response
Thanks,
Sriram
Hi Alessandro/Prasant,
I have deleted group parameter mapping (please check the above screen shot) in 'maintain mapping for actions and connector groups'.
Now i have again run the sync job, but i can see there are total 5 values sitting in GRACRLCONN table.
Here both the users & groups came for the ROLE_ID value.
Even now the Role Exist show NO.
Kindly please suggest.
Thanks,
Sriram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.