Skip to main content

developerWorks >  Tivoli  >  Forums  >  Security Management  >  developerWorks

ITIM Reconciliation Problem    Point your RSS reader here for a feed of the latest messages in this thread


     
 
 
My developerWorks
 Welcome, Guest
Sign in or register
Reply to this Thread Reply to this Thread Post New Thread Post New Thread Watch list Watch list Forum settings Forum settings Help Help
Permlink Replies: 4 - Pages: 1 - Last Post: Nov 16, 2009 10:53 PM Last Post By: Mahe Threads: [ Previous | Next ]
Mahe

Posts: 5
Registered: Feb 17, 2009 01:27:42 AM
ITIM Reconciliation Problem
Posted: Nov 05, 2009 03:50:38 AM
Click to report abuse...   Click to reply to this thread Reply
Hi Guys,

We have RMI custom adapter which is using script connectors to connect to target system . The adapter has a functionality on add, modify, delete and search . For Add and modify functionality we are sending 10 attributes to the target system and also the objectclass have the same in ITIM . But while reconciliation we are suppose to get 7 attributes for each record . In this case the adapter fucntionality is perfect and it is sending all the records to ITIM . ITIM has a Privisioning Policy mapped to this service .While reconciliation this PP is triggering account modify operation for all the records on reconciliation (even there is no data change on those records) . Can anyone help me what went wrong and how to stop the account modification triggering.
yn2000

Posts: 440
Registered: Aug 03, 2005 04:28:21 PM
Re: ITIM Reconciliation Problem
Posted: Nov 05, 2009 07:54:39 PM   in response to: Mahe in response to: Mahe's post
Click to report abuse...   Click to reply to this thread Reply
A possible scenario is that you set the PP to 'mandatory' and the service to 'correct' non compliance. Then when reconcile come back with only 7 attributes, the PP said it is not compliance, because PP is expecting for 10 attributes.
It means that you have to double check your design more carefully.
Rgds. YN.
Mahe

Posts: 5
Registered: Feb 17, 2009 01:27:42 AM
Re: ITIM Reconciliation Problem
Posted: Nov 06, 2009 01:55:14 AM   in response to: yn2000 in response to: yn2000's post
Click to report abuse...   Click to reply to this thread Reply
Hi,

Thanks for your reply, We have set the enforcement policy to correct. But it is triggering the account modify operation due to those missing attributes . But we dont need to trigger that operation while reconciliation . Is there any other way to exclude those missing attributes in provisioning policy ?
yn2000

Posts: 440
Registered: Aug 03, 2005 04:28:21 PM
Re: ITIM Reconciliation Problem
Posted: Nov 06, 2009 12:05:54 PM   in response to: Mahe in response to: Mahe's post
Click to report abuse...   Click to reply to this thread Reply
Set that missing attributes to 'default' instead of 'mandatory'
Rgds. YN.
Mahe

Posts: 5
Registered: Feb 17, 2009 01:27:42 AM
Re: ITIM Reconciliation Problem
Posted: Nov 16, 2009 10:53:35 PM   in response to: yn2000 in response to: yn2000's post
Click to report abuse...   Click to reply to this thread Reply
Hi Guys,

Thanks for your reply . We have fulfill our requirement by changing the implementation logic littlebit.
Pages: 1
Go Back Back to Thread List
Threads: [ Previous | Next ]

Update your My developerWorks profile and start connecting with others.

Point your RSS reader here for a feed of the latest messages in all forums