Saturday, February 02, 2013 4:23 PM
I try to figure out how the new Access Management Connector works. Not to speak of all the other features of BHOLD.
But the documentation says only a little about it. The walk through doesn't work for me.
Has anyone had more success and is willing to share it?
Some of my Problems are:
- Documentation says nothing about the application. In RTM Active Directory was described as an application in BHOLD. Not a word about it now? Is it not required anymore?
- Documentation says I should flow out department into OrganizationalUnit as string but OrganizationalUnit comes back in as reference value containing some sort of XML structure. (part of step 17 AMCUsers MA)
- Documentation says I should flow out domain name as an advanced export into a cs-attribute named "Domain" but the connector space doesn't hold such an attribute? (step 18 AMCUsers MA)
- Documentation says nothing about the hierarchy for organizational units.
- Documentation says nothing about changes in the underlying SQL tables and the new AMC hides what is nessecary to bring users into the right organizational unit. all my users are in root.
It could of cause be that I missed the right link to a current version of the documentation. So please every help is appreciated.
Saturday, February 02, 2013 8:43 PM
I tried the Access Management Connector and was able to provision users into BHOLD core. as you mentioned, the documentation needs more clarity.
1. flowing department to OrganizationalUnit doesn't add users to appropriate Org.Unit in BHOLD. so i took the Org.Unit reference value and assigned during the connector creation. i hardcoded the DN <OI>...<OI> of the Org.Unit on the user connector. This helped me to add user into a specific Org.Unit, but still the user is also added to root OU. I dont know how to keep the user in one target OU.
2. I set the constant value to Domain attribute bholdDomain on the CS. However the alias must have Domain\AccountName format, for users to access BHOLD portal [ex: Attestation].
3. in SP1 the Application is no longer available on the Connector, I only see Org.Unit, Groups and Users object types. However we can create policy in BHOLD core to assign Application and Permissions via Role.
I tried to included Org.Unit object type on the user provision MA, and did a full import - just to pull the org.unit place holders. but still flowing department as per the documentation didn't work. Not sure its by design where the users by default will be added to root OU. and you will need to add specific OUs references to add them to more than 1 OUs.
4. I see one more issue, the refresh schema option on the connector didnt work. it always throwing credential error though i specified integrated authentication. i modified the schema on the BHOLD core, and only new MAs are reflecting the new attributes. not sure its bug or my environmental issue.
Wednesday, February 06, 2013 12:06 PM
I'm working through the SP1 stuff now and will update my Blog once it's complete.
Prakash - I confirm the refresh schema doesnt work. You have to create another MA if you change the BHOLD schema :(
Dave Nesbitt | Architect | Oxford Computer Group