on 03-24-2022 3:46 PM
Hello everyone! Long time no see. 😉
I need a list of all the user attributes the IDM LDAP connector knows.
I've found it can't "see" (meaning "read") every attribute that's present in our AD (even with the correct permissions), so there seems to be a limitation of sorts. Since we are trying to find out, which attributes are usable via the connector, I'm looking for a complete list.
We're on IDM 8.0, SP 7.
For IDM 7.2 there was a technical reference in the SAP Help that listed the attributes for some of the connectors (I remember at least ABAP & AD).
Now with 8.0 I was looking for the same thing for the AD connector, but all I could find was
Maybe I'm just too blind to find it in the SAP documentation or maybe it really isn't there. Has any of you fellow IDM admins something like this available or knows where I can find the info?
Regards,
Steffi.
Hi Steffi,
unfortunately I cannot provide decent documentation either.
But I would try to find a workaround for your problem like this:
Maybe my thoughts can help you to get around the problem. But it would also be nice and handy to have decent documentation for the standard connectors!
Regards,
Alex
P.S..: Additionally I would try to raise this as an OSS issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the input, Alex!
For a "FromLDAP" pass you need to add the attributes in the destination tab. At least I know of no way to just say: "Give me everything!". 😕 And the "Use template" button is useless for me, always saying it can't connect to the LDAP server to get the attributes.
BUT... you just gave me an idea what I could check with your second tip!
I'm using a list of attributes, that my AD jobs should read in and just noticed, that the attribute I'm missing is... you can guess it... missing in the list! I'll try adding it and see what that does. Maybe I played myself here. 😄
Regards,
Steffi.
Hi Steffi,
sorry, you are right... for the FromLDAP-Pass you would need the attribute name...
I just remembered I had a similar problem and solved it like that. But I guess I used an LDAP tool with a generic filter to get me all attributes. Maybe it does the trick for you, keep my fingers crossed.
Regards,
Alex
Found it! I can't believe, that I trolled myself like that and didn't realize it yesterday, when I was playing around with the LDAP URL. *facepalm*
Thank you so, so much for the nudge in the right direction, Alex! Your tips didn't help directly, but reminded me of something and that was it!
Like I wrote in the other comment, in my LDAP URL I use a list of attributes (for performance reasons & in a nice repository type constant) and this attribute just wasn't in the list. Just a simple, small thing, but it haunted me for months now! MONTHS! GRR!
Sometimes the best thing to do is explain a problem to somebody else and you get new ideas just by explaining. 😄 Should have come to the IDM community last year, when I encountered it the first time. Would have saved me so much time.
The list of AD attributes of the connector is therefor not really relevant or needed anymore, because now I think that pretty much every AD attribute could be read and written to. Checking in AD or via an LDAP tool should help.
So the question is answered for me. 🙂
Regards,
Steffi.
User | Count |
---|---|
72 | |
8 | |
8 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.