none
BHOLD SP1 Access Management Connector RRS feed

  • Question

  • Hi,

    I have a FIM 2010 SP1 Lab environment, consisting of VMs, configured as follows: 1 VM that hosts the SQL databases (FIMSQL), 1 VM that hosts Exchange 2010 (Exchange), 1 VM that hosts the SCSM data warehouse (FIMDW)and 1 VM that hosts SharePoint, the FIM Service, Portal, Password Registration and Password Reset portals (FIM01).

    I have installed all the BHOLD components upon FIM01 . All are accessible from their portal interfaces and seems to be functional upon access.

    I need to understand how the Access Management Connector ("ACM") functions. These are some of the questions I need answered:

    What is the purpose of the ACM?

    Does the ACM Sync from FIM MV to the BHOLD database (and Portal) and back to FIM MV and if so, what attributes must be in place in order to do so and what is the process?

    An error I receive on the attempting a sync from AMC users to BHOLD is "Required attribute 'ObjectIdentifier' is missing.

    Is it possible to create one ACM that can provision into BHOLD Users, Groups and OrgUnits and if so , how? If not which attributes are pre-requisite?

    How do AD groups tie in with Permissions within BHOLD and what is the process to implement

    How do BHOLD roles sync with FIM?

    How does one configure permissions for an application in BHOLD and what is the process for this to flow through FIM back to AD so that users are able to access the application based upon their role membership?

    All assistance would be appreciated.

    PS. The MS BHOLD Lab documentation is a start but is thin when it comes to in depth detail.


    Gavin Jacobs

    Tuesday, July 9, 2013 6:45 PM

All replies

  • Gavin,

    The ACM is designed to sync users, OUs and permissions(groups) between the metaverse and BHOLD DB using the sync engine. Are you using the test lab guide for the Access Management connector, available at http://technet.microsoft.com/en-us/library/jj853085(v=ws.10).aspx? If so, there are some flaws in the code samples here. One of the required attributes for OUs, Groups and Users in the BHOLD DB is the objectIdentifier attribute. It is the primary identifier in the B1 DB for these object types and cannot be duplicated.

    Wednesday, July 10, 2013 1:00 AM
  • Hi Glenn,

    Thanks for responding and for the information. Yes, I am using the MS BHOLD Lab guide and am aware of the deficiencies. Which attribute must the ObjectIdentifier be flowed to? Are you able to clarify any of the other questions I raised?

    Thanks.


    Gavin Jacobs

    Wednesday, July 10, 2013 5:47 AM
  • Same problem.  were you able to resolve and if so can you share how you did it?  thx!

    Paul N Smith

    Friday, October 11, 2013 10:06 PM