Example comma-separated value (CSV) file
Create a CSV file for reconciliation of the manual service instance. The CSV file contains both accounts and group definitions that exist on the manual service.
Using a CSV file for reconciliation of a manual service
eruid,description
batman,uses technology
superman,flies through the air
spiderman,uses a web
ghostrider, rides a motorcycle
#GROUP_OBJECT_PROFILE#accessgroupGroupProfile
cn,description
daredevil,this group represents daredevils
superhero,this group represents superheroes
The
example file creates two groups for this service instance: daredevil and
superhero. Because cn is used for both the
id and name attributes in the group schema, list it
only one time in the CSV file. The example file also creates four accounts for this service
instance: batman, superman,
spiderman, and ghostrider.Format of the example CSV file
A CSV file contains a set of records separated by a carriage return/line feed (CR/LF) pair (\r\n), or by a line feed (LF) character. Each record contains a set of fields separated by a comma. If the field contains either a comma or a CR/LF, the comma must be escaped with double quotation marks as the delimiter.
The first line of the example CSV file contains the attribute header list for accounts. The list contains the attributes that are defined in the accounts section of the service type definition. Be sure to include any required attributes in this line, or else the reconciliation fails.
The next set of lines (up until the #GROUP_OBJECT_PROFILE#
line) represents the
accounts that are to be loaded into IBM® Security Identity Manager. Each line represents one account. The content of these rows is the values
to apply to the attributes defined in the first row. All required attributes must have a value, or
else the reconciliation of that account fails.
The line that starts with #GROUP_OBJECT_PROFILE#
is a line that delineates the
start of a new group schema (as defined in the Manage Service Types task).
The string immediately after #GROUP_OBJECT_PROFILE#
is the name of the group schema
as stored in IBM Security Identity Manager. The
value is always objectclassGroupProfile. In the example
file, the accessgroup objectclass is used for the group schema, so the value
for this line is accessgroupGroupProfile
. If this line does not reference an
existing group profile in IBM Security Identity Manager, the reconciliation fails.
The line immediately following the #GROUP_OBJECT_PROFILE#
line is the group
header line that lists the attributes of the group that is defined on the previous line. This line
should contain the three attributes defined on the Groups page of the
Manage Service Types task.
Following the example, the values are the group id, group name, and group description: cn, cn, description. If these attributes do not exist in the group profile, the reconciliation fails. Include any attribute that exists in the group schema objectclass that you defined, but only the group name and group description appear in the IBM Security Identity Manager interface.
The next group of lines represents individual groups of the group schema type. Each line
represents one group. The values listed on this line correspond to the attribute list on the line
immediately following the #GROUP_OBJECT_PROFILE#
line. If the values on this line
are not valid, then the creation of that group in IBM Security Identity Manager fails when the reconciliation
is done.
Example CSV file for loading two types of group profiles
#GROUP_OBJECT_PROFILE#
line in the CSV file. Here is an example that loads two
types of group
profiles:eruid,description
batman,uses technology
superman,flies through the air
spiderman,uses a web
ghostrider, rides a motorcycle
#GROUP_OBJECT_PROFILE#accessgroupGroupProfile
cn,description
daredevil,this group represents daredevils
superhero,this group represents superheroes
#GROUP_OBJECT_PROFILE#aixaccessgroupGroupProfile
aixgroupadminlist,ibm-aixprojectnamelist,ergroupdescription
eadmins,eadmingroup,admins on ephone
eguests,eguestgroup,guests on ephone
The
two group schemas used in this example are accessgroup and
aixaccessgroup. For the reconciliation to work, both group schemas must be
defined on the service type.Reconciling supporting data only
When you do the reconciliation, you can select a check box for supporting data only. If you select the check box, the reconciliation ignores the account information and processes only the group information. If you do not select the check box, both account and group information is processed. The CSV file can contain both accounts and groups, groups only, or accounts only. The reconciliation ignores missing data.