This topic has 1 reply, 2 voices, and was last updated 3 weeks, 4 days ago by 
-
Posts
-
I’m following a documentation[1] and trying to create new users from CSV file and create some of these users in a MS AD.
What I did:
– Create a Connector to read CSV file (CSVUsers)
– Create a Connector to write to Active Directory (AD1)
– Create a Mapping CSV_to_Local (Source: CSVUsers; Target: Managed/User)
– Create a Mapping Local_to_AD (Source: Managed/User; Target: AD1)
– Create a Assignment (AD), mapping to Local_to_AD
– Create a new Role (AD), linking with Assignment “AD”What I was expect: only the users that I added manually in AD’ Role was created in Active Directory through Mapping Local_to_AD.
What are happens: all users created using CSV_to_Local Mapping are created in Managed/User and Active Directory, ignoring my Role list users.If I add an attribute in Assignment using some field to test, work. But I would like to use the Role to group the users to be added in AD.
Someone can help me?
I’m using OpenIDM 7.0.1 (revision: 9be45fd)
Thanks!
[1] https://backstage.forgerock.com/docs/idm/7/samples-guide/provisioning-with-roles.html
Hello,
assignments and roles can only be used – from what I understand – to populate specific attributes / values.
If you want to restrict creation of account in your AD, you should use the validSource in your sync.json.
For example, I use this in my User_AD mapping :
"validSource" : { "type" : "text/javascript", "source" : "source.physicalDeliveryOfficeName != null" },in your case, you should probable find the effectiveRole which is OK for AD account creation.
You can also use a javascript file, like this example:"validSource" : { "type" : "text/javascript", "file" : "script/AD/isUserValidForAD.js" },
You must be logged in to reply to this topic.
