none
BHOLD SP1 Questions RRS feed

  • Question

  • Hi All
    I try to figure out how the new Access Management Connector works. Not to speak of all the other features of BHOLD.
    But the documentation says only a little about it. The walk through doesn't work for me.
    Has anyone had more success and is willing to share it?
    Some of my Problems are:
    - Documentation says nothing about the application. In RTM Active Directory was described as an application in BHOLD. Not a word about it now? Is it not required anymore?
    - Documentation says I should flow out department into OrganizationalUnit as string but OrganizationalUnit comes back in as reference value containing some sort of XML structure. (part of step 17 AMCUsers MA)
    - Documentation says I should flow out domain name as an advanced export into a cs-attribute named "Domain" but the connector space doesn't hold such an attribute? (step 18 AMCUsers MA)
    - Documentation says nothing about the hierarchy for organizational units.
    - Documentation says nothing about changes in the underlying SQL tables and the new AMC hides what is nessecary to bring users into the right organizational unit. all my users are in root.

    It could of cause be that I missed the right link to a current version of the documentation. So please every help is appreciated.

    Henry

    Saturday, February 2, 2013 4:23 PM

All replies

  • Hi Henry,

    I tried the Access Management Connector and was able to provision users into BHOLD core. as you mentioned, the documentation needs more clarity.

    1. flowing department to OrganizationalUnit doesn't add users to appropriate Org.Unit in BHOLD. so i took the Org.Unit reference value and assigned during the connector creation. i hardcoded the DN <OI>...<OI> of the Org.Unit on the user connector. This helped me to add user into a specific Org.Unit, but still the user is also added to root OU. I dont know how to keep the user in one target OU.

    2. I set the constant value to Domain attribute bholdDomain on the CS. However the alias must have Domain\AccountName format, for users to access BHOLD portal [ex: Attestation]. 

    3. in SP1 the Application is no longer available on the Connector, I only see Org.Unit, Groups and Users object types. However we can create policy in BHOLD core to assign Application and Permissions via Role.

    I tried to included Org.Unit object type on the user provision MA, and did a full import - just to pull the org.unit place holders. but still flowing department as per the documentation didn't work. Not sure its by design where the users by default will be added to root OU. and you will need to add specific OUs references to add them to more than 1 OUs. 

    4. I see one more issue, the refresh schema option on the connector didnt work. it always throwing credential error though i specified integrated authentication. i modified the schema on the BHOLD core, and only new MAs are reflecting the new attributes. not sure its bug or my environmental issue.

    -Prakash

    Saturday, February 2, 2013 8:43 PM
  • I'm working through the SP1 stuff now and will update my Blog once it's complete.

    Prakash - I confirm the refresh schema doesnt work. You have to create another MA if you change the BHOLD schema :(

    Dave


    Dave Nesbitt | Architect | Oxford Computer Group

    Wednesday, February 6, 2013 12:06 PM
  • I am running into the same issues as Henry.  I also cannot flow users into correct OrgUnits.  But I also noticed that the profile runs do not work as one would observe with other MAs, like AD, for example.  Confirming imports for AMCUsers don't work throwing an exception as well as Delta Syncs sometimes.  Perhaps, this could be the reason where OrgUnit is not getting resolved as it's supposed to?

    Have you, guys, been able to find a solution?

    Ilya

    Wednesday, June 12, 2013 9:41 PM
  • Rockmus

    Are you following the test lab guide for the AM MA? What documentation are you using? If you are using the TLG, there are some errors in the steps. There are some changes that need to be made to the provisioning code in order to successfully export OUs and Users to the BHOLD DB.

    Thursday, June 13, 2013 3:27 AM
  • Yes, I am following the TLG.  Could you please elaborate as to what kind of changes need to be made?  Thank you!
    Thursday, June 13, 2013 3:30 PM
  • I've spoken with a co-worker, and, in brief, the problem basically is that when you try to flow, say, "Sales" (the string) department into BHOLD, it doesn't understand what it is.  I haven't tried it yet, but what you need is a rule extension on the department attribute flow which will intercept the department string and convert it to the appropriate DN (xml structure mentioned in one of the posts) that can be found in the metaverse for a given object.  Does this sound right?
    Thursday, June 13, 2013 4:25 PM
  • Rockmus,

    Yes, exactly right...........the TLG flows several attributes as strings that are in fact supposed to be in references. So instead of flowing the value of 'Sales', it would be something like

    <Orgunit><Id>5</Id></Orgunit>

    The above is just an example but in my case I used the function FindMVEntry to find the correct value to set in the rules extensions.

    Friday, June 14, 2013 2:57 AM
  • Hello Gienn,

    could You please share the rule extension code?

    I'm having the same issue.

    The id for the OrganisationalUnit attribute for User object must be an id from BHold OrganizationUnit object. So I flow it back to metaverse.

    Though I also have my custom OrgUnitId that flows from source system.

    How to map OrganisationalUnit attribute for User object to dn/ObjectIdentifier attribute value for OrganizationUnit object?

    Wednesday, June 19, 2013 12:13 PM
  • This is what I added to my import extension for SQL MA that brings users from SQL to BHOLD. I flow the EmpDepartment attribute in SQL to Department in the MV using a rules extension. This is the only code I added to extension, just replace the entire MapAttributesForImport function in your environment with this:

    Sub MapAttributesForImport(ByVal FlowRuleName As String, ByVal csentry As CSEntry, ByVal mventry As MVEntry) Implements IMASynchronization.MapAttributesForImport

           

    Dim findResultList() As MVEntry = Nothing

    Dim mvEntryFound As MVEntry = Nothing

    Dim strFormat As String = Nothing

           

    Select Case FlowRuleName

               

    Case "department"

                    strFormat =

    "<OI><OT>OrganizationalUnit</OT><I>"


                    findResultList = Utils.FindMVEntries(

    "description", csentry("EmpDepartment").Value)

                   

    If findResultList.Length > 0 Then


                        mvEntryFound = findResultList(0)

                        mventry(

    "department").Value = strFormat + mvEntryFound.Item("displayName").Value.Replace("0", "") + "</I></OI>"


                   

    End If



                   


               

    Case Else


           

    End Select



       

    End Sub

    • Proposed as answer by freadomfee Thursday, July 25, 2013 11:07 AM
    Thursday, June 20, 2013 1:25 AM
  • Thank You very much for sharing.

    But I have some trouble to load my extension rule.

    Could it be the reason that I have developed it with VS 2012 version? It seems that I've have checked everything else, but the rule is not executed, nor hit by debugger.

    Iv'e also changed the .net version for the project to 3.5, but it didn't help.

    Thursday, June 20, 2013 1:18 PM
  • I did this in VS 2008 but I don't think it should matter. There are some carriage returns in the above that should not be there. Try putting it in notepad first and then copying it to your environment.
    Friday, June 21, 2013 12:58 AM
  • The problem was that in MA I've mapped attributes from two different objects. When I corrected that everything started to work. Thanks Glenn Z. 

    Thursday, July 25, 2013 11:06 AM
  • Hey Dave,

    Is there any chance you could do a soup to nuts BHOLD write up on your blog? There's a real need for a getting started doc that explains why, what, and how.

    Just a thought.

    Monday, May 5, 2014 6:09 PM
  • Hi Joshua,

    I haven't looked at BHOLD for over a year now, sorry. If I thought enough people were using it and were still interested I guess I could try, but it would be quite an undertaking. I keep meaning to rebuild my lab but then work keeps getting in the way.

    Now, if anyone wants to sponsor me, I guess I could be persuaded ;)

    Dave

    Tuesday, May 6, 2014 10:11 AM