Example comma-separated value (CSV) file

Create a CSV file for reconciliation of the manual service instance. The CSV file contains both accounts and group definitions that exist on the manual service.

Using a CSV file for reconciliation of a manual service

Here is an example CSV file that contains both account and group information:

eruid,description
batman,uses technology
superman,flies through the air
spiderman,uses a web
ghostrider, rides a motorcycle
#GROUP_OBJECT_PROFILE#accessgroupGroupProfile
cn,description
daredevil,this group represents daredevils
superhero,this group represents superheroes

The example file creates two groups for this service instance: daredevil and superhero. Because cn is used for both the id and name attributes in the group schema, list it only one time in the CSV file. The example file also creates four accounts for this service instance: batman, superman, spiderman, and ghostrider.

Format of the example CSV file

A CSV file contains a set of records separated by a carriage return/line feed (CR/LF) pair (\r\n), or by a line feed (LF) character. Each record contains a set of fields separated by a comma. If the field contains either a comma or a CR/LF, the comma must be escaped with double quotation marks as the delimiter.

The first line of the example CSV file contains the attribute header list for accounts. The list contains the attributes that are defined in the accounts section of the service type definition. Be sure to include any required attributes in this line, or else the reconciliation fails.

The next set of lines (up until the #GROUP_OBJECT_PROFILE# line) represents the accounts that are to be loaded into IBM® Security Identity Manager. Each line represents one account. The content of these rows is the values to apply to the attributes defined in the first row. All required attributes must have a value, or else the reconciliation of that account fails.

The line that starts with #GROUP_OBJECT_PROFILE# is a line that delineates the start of a new group schema (as defined in the Manage Service Types task). The string immediately after #GROUP_OBJECT_PROFILE# is the name of the group schema as stored in IBM Security Identity Manager. The value is always objectclassGroupProfile. In the example file, the accessgroup objectclass is used for the group schema, so the value for this line is accessgroupGroupProfile. If this line does not reference an existing group profile in IBM Security Identity Manager, the reconciliation fails.

The line immediately following the #GROUP_OBJECT_PROFILE# line is the group header line that lists the attributes of the group that is defined on the previous line. This line should contain the three attributes defined on the Groups page of the Manage Service Types task.

Following the example, the values are the group id, group name, and group description: cn, cn, description. If these attributes do not exist in the group profile, the reconciliation fails. Include any attribute that exists in the group schema objectclass that you defined, but only the group name and group description appear in the IBM Security Identity Manager interface.

The next group of lines represents individual groups of the group schema type. Each line represents one group. The values listed on this line correspond to the attribute list on the line immediately following the #GROUP_OBJECT_PROFILE# line. If the values on this line are not valid, then the creation of that group in IBM Security Identity Manager fails when the reconciliation is done.

Example CSV file for loading two types of group profiles

More than one type of group can be loaded by using the reconciliation file. To do so, repeat the #GROUP_OBJECT_PROFILE# line in the CSV file. Here is an example that loads two types of group profiles:

eruid,description
batman,uses technology
superman,flies through the air
spiderman,uses a web
ghostrider, rides a motorcycle
#GROUP_OBJECT_PROFILE#accessgroupGroupProfile
cn,description
daredevil,this group represents daredevils
superhero,this group represents superheroes
#GROUP_OBJECT_PROFILE#aixaccessgroupGroupProfile
aixgroupadminlist,ibm-aixprojectnamelist,ergroupdescription
eadmins,eadmingroup,admins on ephone
eguests,eguestgroup,guests on ephone

The two group schemas used in this example are accessgroup and aixaccessgroup. For the reconciliation to work, both group schemas must be defined on the service type.

Reconciling supporting data only

When you do the reconciliation, you can select a check box for supporting data only. If you select the check box, the reconciliation ignores the account information and processes only the group information. If you do not select the check box, both account and group information is processed. The CSV file can contain both accounts and groups, groups only, or accounts only. The reconciliation ignores missing data.