How to get the members from all Provisioning Roles
search cancel

How to get the members from all Provisioning Roles

book

Article ID: 240604

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

There are a lot of Provisioning Roles, some exists but never were used. So I need to delete some of them.

How to get all the members from the Provisioning Roles, via LDAP search or something ?

 

Environment

Release : 14.4

Component :

Resolution

Some examples as list as dsa user:

1. return only Prov role DNs

dxsearch -h <host> -p 20389 -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w <password> 
-D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" "(&(objectclass=eTGlobalUser)(eTRoleDN=*))" eTRoleDN

2) to get all the global users that have some particular provisioning role:

dxsearch -h <host> -p 20389 -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w <password> 
-D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" 
"(&(objectclass=eTGlobalUser)(eTRoleDN=eTRoleName=<role name>,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im))" "1.1"

3) or try 
dxsearch -h <host> -p 20389 -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w <password> 
-D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" "(&(objectclass=eTGlobalUser)(eTRoleDN=*))"

Additional Information

If you need to use LDAP command, see the article

https://knowledge.broadcom.com/external/article/278482

 

Powered by Wolken Software