on 02-25-2015 4:31 PM
As per the requirment I have to provision the existing AD groups to users in AD through GRC10.1. The connection between AD(Microsoft) and GRC is already established through LDAP connector.
Apprecaite your quick response on the same.
Thanks,
Trinetra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Trinetra,
Please first follow the additional steps as mentioned by Sammukh.
Even our AD group was showing as"Not Exists" after running LDAP synch successfully. So, we manually synched the LDAP group using program GRAC_OBJ_MANUAL_SYNC as shown below and then it started working properly You can try this approach.
Regards,
Madhu.
Hello !
I am not able to assign LDAP group to user through GRC. Getting the below SLG1 log..
Started provisioning for request number 429
End request status for request no 429 is X
Message from plugin for system LDAP_***100: Other Error
Error in changing user in system
Message from plugin for system LDAP_***100: Could not assign Role: g.ZSA_***_XX_*** to us
Error in assgning gRole: g.ZSA_***_XX_*** to user Role: g.ZSA_***_XX_*** in system
Callback service, req system:
I have followed steps mentioned above.
Can any one please help here?
Thank you!
Akshat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Akshat,
Please complete the above mentioned steps carefully.
If still the group assignmnet is not woking then check below:
1. LDAP Connector is assiginged to PROV scenario.
2. The file path/use group o ldap is defined in LDAP connetor attribute where you are trying to do group assigmnet.
Thanks,
Trinetra
Hello Trintra,
Sorry for the late reply -
yes, LDAP is set for PROV.
Can you please explain the point 2?
What is happening right now is, I am using port 389 in LDAP server and as soon as I do this, my GRC is not able to read any data from LDAP but working perfectly ( able to read ) when we put port - 3268, but the drawback is - 3268 cannot be used to provision.
I am able to provision AD group from Tcode -LDAP, but as soon as I create Access Request it fails.
Request to please guide
Just want to confirm, is provisioning from GRC 10.1 working for you?
Thanks a lot !
Akshat
Hi ,
I can see you are using two LDAP connectors and then adding them in group.
To narrow down the issues please do the following:
1. Use only one connector(User should have Admin access in AD-Read/Write).
2. Define Attribute for this connector.
3. Define Prov/Auth scenraio for the same.
4. Upload the AD group in GRC using Import.
5. Run the manual Sync job to make sure the Group is visible for provisionong.
6. Assign using GRC.
Send all docs to trinetra.bhushan@gmail.com
Thanks,
Trinetra
Hi Trinetra,
You can upload your AD group into GRC system with below options:
Role Name: AD Group Name
Role Type: GRP
System: LDAP connector
Business Process, Sub Process, Approvers etc same as how you maintain for all other roles.
Once you have imported this AD group into GRC run Repository Object Sync for your LDAP connector and once completed your AD group is selectable in Access request and will be provisioned to users.
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
15 | |
4 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.