IBM Support

Maximo: Update Person's Supervisor from Active Directory using Escalation and Automation Script

Technical Blog Post


Abstract

Maximo: Update Person's Supervisor from Active Directory using Escalation and Automation Script

Body

Problem Description / Requirement

You want to synchronize the Person's supervisor from Active Directory Manager attribute. This requirement cannot be addressed by updating LDAPSYNC mapping configuration. That is because the Manager attribute in Active Directory and Supervisor attribute in Maximo Person object are not referenced to the same attribute. In Active Directory, the Manager attribute value is the Distinguished Name (dn) of the manager's record, while in Maximo, the Supervisor of a Person record is the personid attribute of the manager's record. And the personid is usually mapped to sAMAccountName attribute in Active Directory.

Solution

Use Automation Script to lookup the person's manager record in Active Directory, and the script will get the manager's sAMAccountName to be updated into person's supervisor attribute.

Pre-requisites and Assumptions

1. LDAPSYNC should have been configured and running

2. The Manager record must exist in both Active Directory and in Maximo Person object

3. Maximo Personid is mapped to Active Directory sAMAccountName attribute

 

Configuration Steps

1. Download and extract the Automation Script file: getldapmgr.zipView Details

2. Create Script with Action Launch Point:

  • Launch Point: GETLDAPMGR
  • Description: Get LDAP Manager
  • Object: PERSON
  • Action: GETLDAPMGR
  • Action Description: Get LDAP Manager
  • Active: Ticked
  • Script: New

image

3. Click to the next dialog to input script information and variables:

  • Script: GETLDAPMGR
  • Script Description: Get LDAP Manager
  • Script Language: jython
  • Add four (4) variables:
Variable Variable Type Binding Type Binding Value
ldapurl IN LITERAL ldap server url with this format ldap://<ip/hostname>:<port>
ldapuser IN LITERAL ldap query user distinguish name
ldappwd IN LITERAL password of ldap query user
basedn IN LITERAL

base search dn

Note: You can use other binding type such as SYSPROP and register the values in System Properties

image

4. Click to the next dialog and import or paste the script from step #1 into the provided Source Code field:

image

5. Create Action Group:

  • Action: GETLDAPMGR_GRP
  • Action Description: Get LDAP Manager Action Group
  • Object: PERSON
  • Type: Action Group
  • Members: GETLDAPMGR

image

6. Create Escalation:

  • Escalation: GETLDAPMGR
  • Description: Get LDAP Manager
  • Applies To: PERSON
  • Schedule: Adjust as needed e.g. daily / weekly
  • Condition: 1=1 or other 'where clause' condition as needed.
  • Add one (1) escalation point with Repeat box option ticked
  • Set Action Group: GETLDAPMGR_GRP

image

7. Activate GETLDAPMGR Escalation.

 

[{"Business Unit":{"code":"BU005","label":"IoT"}, "Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11130175