suneet_shah

[suneet_shah]

The configuration looks correct. Its possible that there is a problem in the transformation script.
One way to troubleshoot would be connect to the synchronization container and watch the logs. You can put in some comments in the script so that you can see where its failing.

Alternatively, you can post your script and we can try to help you.

[suneet_shah]

Can you post your synchronization configuration?

[suneet_shah]

Hi Alexandre,

We will share a full overview of how to do this by early next week.
It will be a complete overview of working with openldap

[suneet_shah]

Hello Bublic, we will check and update you.
Which version are you using?

[suneet_shah]

Hi Davide,
Can you post your synch configuration? Also, what do you see in the audit logs?

[suneet_shah]

Hi Shaun
Are you using Docker or RPM?

From the connector, are able to do test connection?
Is port 5672 open on both the linux and windows servers? If not, it needs to be.
If you are using docker,then you also need to open this port in the docker compose file.

[suneet_shah]

Hi Alexandre

You are trying to import groups from LDAP to OpenIAM? If so, I would recommend that you use Synchronization instead of reconciliation for this. Synch is used for both importing data and automated provisioning. Reconciliation is a bi-directional comparison and not what you need here.

[suneet_shah]

Thank you, Neil. Additionally, all sessions will be recorded and uploaded to our training workshop playlist.

[suneet_shah]

Thank you – Will try it out and see if we can duplicate it.

[suneet_shah]

Hi Tamas,

Please see the attached screenshot. You dont need the ssh://
But there are other parameters that should be there.

Attachments:

You must be logged in to view attached files.

[suneet_shah]

Hi Ben

The idea behind orphan detection is to find accounts in your target system like AD which dont below to a user. These users either need to be linked to a real user or they need to removed. You will be able to see these in the webconsole orphan management UI.

If you want to just add these users to OpenIAM then
– disable orphan management
– disable downstream provisioning

Synch the users.

[suneet_shah]

Thanks for posting this
Which version of OpenIAM are you using and which OS/version are using so that we can try to duplicate the problem.

[suneet_shah]

Hi Ben,

Neil is correct that you might be mixing up configuration between the AD powershell connector and the ldap connector.

Can you post the configuration for your managed system first?

Do you have an active connection on the dashboard? Lets resolve that first and then we can move to the synch

[suneet_shah]

Hi Jens
At a high level, you need to do the following:
a) Configure a synchronization task which will import the csv file into OpenIAM. (webconsole -> provisioning -> synchronization)
b) You will need to update the transformation script to map data from your csv file to fields in OpenIAM. I would recommend using one of the out of the box scripts as a base
c)In the transformation script, you should add logic to assign the user to one or more roles. Note that this steps is not necessary in the enterprise version as the business rules engine does this for you automatically
d) These first steps will add users to OpenIAM. If you assign the user to a role, then that role will be used to trigger provisioning to down stream applications.

We will update the docs in the next couple of day to include a full example. If you have any questions, feel free to post here

[suneet_shah]

Hi Travis
Do you have a valid connection in the managed system dashboard?
Which connector are you using – ldap or the AD powershell connector?
Do you see anything in the audit logs?

[Author]

Posts