search cancel

Managing multiple users with a single template.


Article ID: 133841


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite


A customer has a specific scenario :

We have developed an LDAP connector using a CA template on the Connector Xpress. In our connector we defined User and Group entities with relative Associations and an Account Container. We have created a Provisioning Role (TestPR) which contains an Account Template (TestAT) which allows to add/remove the user to one group on the ldap (TestGroup) according to the assigning of the Role to the user.

The following issue is encountered: 

We need to manage users from two different path, Path1 and Path2 with the same father node that we can call Root. When we defined the Account Template TestAT we had to specify the Account Container and we have noticed that we receive an error if the TestPR is added to a user that is not contained in the path specified as Account Container.  We have tried to specify the father Root as Account Container but we received the same error for all the users since it does not look for them in the two subtrees (Path1 and Path2) only in the Root folder. 

Is it  possible to specify more than one Account Container or to specify as Container all the subtrees starting from a root?


Release : 14.1

Component : IdentityMinder(Identity Manager)


This is working as designed


The Provisioning Server determines if the account the user has is correct or not based on the role/template by depending on the account name and container. As you are trying to manage accounts in two different containers we would suggest having two different provisioning roles each with a different template where each template points to a different container. This way assigning one of the roles will create/update an account in one or the other container. This assumes there is some logical basis for why an account will exist in one container versus the other.