ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to get the members from all Provisioning Roles

book

Article ID: 240604

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

There are a lot of Provisioning Roles, some exists but never were used. So I need to delete some of them.

How to get all the members from the Provisioning Roles, via LDAP search or something ?

 

Environment

Release : 14.4

Component :

Resolution

Some examples as list as dsa user:

1. return only Prov role DNs

dxsearch -h <host> -p 20389 -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w <password> 
-D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" "(&(objectclass=eTGlobalUser)(eTRoleDN=*))" eTRoleDN

2) to get all the global users that have some particular provisioning role:

dxsearch -h <host> -p 20389 -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w <password> 
-D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" 
"(&(objectclass=eTGlobalUser)(eTRoleDN=eTRoleName=<role name>,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im))" "1.1"

3) or try 
dxsearch -h <hostname> -p 20389 -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w <password> 
-D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" "(&(objectclass=eTGlobalUser)(eTRoleDN=*))"