Symantec Identity Manager - How to view user endpoint account via TEWS (Active Directory)
search cancel

Symantec Identity Manager - How to view user endpoint account via TEWS (Active Directory)

book

Article ID: 278872

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

This KB article will guide you on how to configure a task and TEWS to view a user's Active Directory endpoint account.

Environment

Identity Manager: 14.5

Resolution

Log into Identity Manager

> Roles and Tasks > Admin Tasks > Create Admin Task > Select "Create a copy of an admin task" > Select "View Active Directory Account" > Rename accordingly and Enable Web Services.

Navigate to Roles and Tasks > Admin Roles > Modify Admin Role > Select the appropriate role being used > Add the new task to the desired admin role.

Open SoapUI and generate a new soap project.
http://host:port/iam/im/TEWS6/environmentalias?wsdl

Reference:
WSDL Generation


Once loaded then navigate to your new task, this KB will use the default task as a sample.

Open the request for the task and modify it to look similar to the template below:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
   <soapenv:Header>
      <wsdl:ViewActiveDirectoryAccountQueryTaskContext>
         <wsdl:admin_id><Admin></wsdl:admin_id>
         <wsdl:admin_password><AdminPassword></wsdl:admin_password>
      </wsdl:ViewActiveDirectoryAccountQueryTaskContext>
   </soapenv:Header>
   <soapenv:Body>
      <wsdl:ViewActiveDirectoryAccountQuery>
         <wsdl:ViewActiveDirectoryAccountSearch>
            <wsdl:Subject index="?">
               <wsdl:UniqueName>Account=<UserName>,ADSOrgUnit=<Container Name>,EndPoint=<Endpoint Name>,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
            </wsdl:Subject>
         </wsdl:ViewActiveDirectoryAccountSearch>
      </wsdl:ViewActiveDirectoryAccountQuery>
   </soapenv:Body>
</soapenv:Envelope>

Example:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsdl="http://tews6/wsdl">
   <soapenv:Header>
      <wsdl:ViewActiveDirectoryAccountQueryTaskContext>
         <wsdl:admin_id>imadmin</wsdl:admin_id>
         <wsdl:admin_password>AdminPassword123</wsdl:admin_password>
      </wsdl:ViewActiveDirectoryAccountQueryTaskContext>
   </soapenv:Header>
   <soapenv:Body>
      <wsdl:ViewActiveDirectoryAccountQuery>
         <wsdl:ViewActiveDirectoryAccountSearch>
            <wsdl:Subject index="?">
               <wsdl:UniqueName>Account=ADUser0001,ADSOrgUnit=MyUserContainer,EndPoint=Active Directory,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName>
            </wsdl:Subject>
         </wsdl:ViewActiveDirectoryAccountSearch>
      </wsdl:ViewActiveDirectoryAccountQuery>
   </soapenv:Body>
</soapenv:Envelope>

The response should now include all the user's Active Directory endpoint account information.
ve Directory Account"

Additional Information

SoapUI tends to default the URL to:
http://localhost:port/iam/im/TEWS6/identityEnv

Ensure it is set correctly to:
https://IP:Port/iam/im/TEWS6/identityEnv

------------------------------------------------------------------
The path of the Active Directory user can be pulled from using an LDAP browser connecting to the provisioning server.

Example uses Jxplorer:
Open Jxplorer and connect with the below credentials:

IP / 20389
User: eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta
Password: <etaadmin Password>

Then navigate to where the Active Directory users are stored. 
Base Location: eTNamespaceName=ActiveDirectory,dc=im,dc=eta

Powered by Wolken Software