How to propagate the "Suspended" state from the Provisioning Server "Global User" to a DYN connector
Article ID: 404024
Updated On:
Products
Issue/Introduction
DYN connector requires implementation of the the "Suspended" state.
Environment
IM 14.5
Resolution
Follow the steps below:
1. Update directory schema on the endpoint to include a special attribute representing the suspended state. For example:
set oid-prefix myCompanyAttributeType = ( 1.3.6.1.4.1.123456.1 );
set oid-prefix myCompanyObjectClass = ( 1.3.6.1.4.1.123456.2 );
set attribute myCompanyAttributeType:1 = {
name = myCustomAttr
syntax = caseExactString
single-valued
description = "My custom string attribute"
};
set object-class myCompanyObjectClass:1 = {
name = myCustomObject
subclass-of top
kind = auxiliary
may-contain
myCustomAttr
description = "My custom object class with one required attribute"
};
Then check that accounts on the endpoint can be extended by adding the above class and the new attribute can be set to various string values.
2. In the connector express project add this class to the classes of User Account:
3. Create a new attribute and map it to myCustomObject:myCustomAttr. In the example below "eTSuspended" is used as the name of the attribute, but it is not important and you can call it the way you like:
4. Save the project and exported metadata into XML file. Find all occurrences of eTSuspended. In the above example they appear in two places:
a. Inside the eTDYNAccoun section
b. Inside the eTDYNPolicy section
In both places replace the automatic attribute name of the property to eTSuspended:
<property name="eTSuspended">
<doc></doc>
<value default="false">
<strValue></strValue>
</value>
<value>
<strValue>eTSuspended</strValue>
</value>
</metadata>
<value>
<strValue>eTSuspended</strValue>
</value>
</metadata>
<value>
<boolValue>false</boolValue>
</value>
</metadata>
<value>
<sequenceValue>
<baseType>
<strValue></strValue>
</baseType>
<val>
<strValue>myCustomObject:myCustomAttr</strValue>
</val>
</sequenceValue>
</value>
</metadata>
</property>
<property name="eTSuspended">
<value>
<strValue></strValue>
</value>
<value>
<strValue>eTSuspended</strValue>
</value>
</metadata>
<value>
<strValue>eTSuspended</strValue>
</value>
</metadata>
<value>
<boolValue>false</boolValue>
</value>
</metadata>
<value>
<sequenceValue>
<baseType>
<strValue></strValue>
</baseType>
<val>
<strValue>myCustomObject:myCustomAttr</strValue>
</val>
</sequenceValue>
</value>
</metadata>
</property>
Then import the changed metadata back to the project and saved it.
5. Create an endpoint type and new endpoint at the Provisioning Server. During creation map it to CCS.
6. Explore and correlate the endpoint. No need to use a template for the accounts since eTSuspended is propagated without a template.
7. Check that when global user Suspension State is changed the endpoint attribute myCustomAttr changes its value as well.
Additional Information
Note that there is a special flag in the endpoint configuration in the CA IM Provisioning Manager which controls propagation of the "Disabled State" to the Provisioning Server:
The check box needs to be unchecked to enable propagation from the PS.
Feedback
