Symantec IGA

  • Private Community

  • 1.  ETAUTIL Syntax DYN Endpoint

    Posted Oct 15, 2012 02:28 PM
    Hi,
    I'm looking for more info on the proper systax for exploring a DYN ldap endpoint, via etautil. My current command line is as follows:

    "D:\Program Files\CA\Identity Manager\Provisioning Server\bin\etautil" -o -DYN -u %etauser% -p %etapswd% EXPLORE 'eTDYNContainerName=FFS-Third-Party,eTDYNContainerName=%container%,eTDYNDirectoryName=Oracle Enterprise Directory,eTNamespaceName=Oracle Directory' eTDYNAccount list eTExploreUpdateEtrust >> %logfile%

    no matter using eTDYNAccount or eTDYNContainer as my class i get no users back in my provisioning store.
    Any help or info would be appreciated.


  • 2.  RE: ETAUTIL Syntax DYN Endpoint

    Posted Oct 16, 2012 07:52 AM
    Try the following:


    set container2= "eTDYNContainerName=<container name>,eTDYNDirectoryName=<endpoint name>,eTNamespaceName=<Endpoint type>,dc=im,dc=eta"
    set user="eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta

    %var%\ldapsearch.exe -h %COMPUTERNAME% -p 20389 -D %user% -w <password> -b %container2% -s sub "(objectClass=*)" eTExploreUpdateUsers

    %var%\ldapsearch.exe -h %COMPUTERNAME% -p 20389 -D %user% -w <password> -b %container2% -s sub "(objectClass=*)" eTExploreCorrelateUsers





    Jose


  • 3.  RE: ETAUTIL Syntax DYN Endpoint
    Best Answer

    Posted Oct 16, 2012 04:46 PM
    It looks like my issue was related to not having the proper objectClasses mapped in the DYN connector. After doing a better mapping in connector Xpress it seems to run as expected. My next question would be: What does the scope=# parameter do in the etautil?

    Rob


  • 4.  RE: ETAUTIL Syntax DYN Endpoint

    Posted Oct 17, 2012 01:26 AM

    roblewkowski wrote:

    It looks like my issue was related to not having the proper objectClasses mapped in the DYN connector. After doing a better mapping in connector Xpress it seems to run as expected. My next question would be: What does the scope=# parameter do in the etautil?

    Rob
    Rob,
    In many way you can think of etautil as a "wrapper" around ldapsearch, ldapadd, ldapmod and ldapdelete. Meaning that you can use the help pages from those programs to figure out things.
    For scope, the man pages for ldapsearch shows:
    Specifies the scope of the search. The scope can be one of the following:

    base searches only the entry specified in the -b option or defined by the LDAP_BASEDN environment variable.

    one searches only the immediate children of the entry specified in the -b option. Only the children are searched; the actual entry specified in the -b option is not searched.

    sub searches the entry specified in the -b option and all of its descendants; that is, perform a subtree search starting at the point identified in the -b option. This is the default.


    Cheers, Atle


  • 5.  RE: ETAUTIL Syntax DYN Endpoint

    Posted Nov 26, 2013 11:34 AM

    If i need to correlate only specific users which will be specified in txt file then what should be the etautil command . has any one experienced  ?



  • 6.  RE: ETAUTIL Syntax DYN Endpoint

    Posted Nov 26, 2013 03:42 PM

    If we run explore for specific users via etautil then corelate will be effective only to those explored users . Now i am able to do explore for specific users so will be able to do correlation on specific users.the only thing now i need to look for is to write a script which will take users from a txt file.

     



  • 7.  RE: ETAUTIL Syntax DYN Endpoint

    Posted Nov 26, 2013 04:10 PM

    For reading from a file, Google is your friend. Take a look at the example provided here:

    http://goo.gl/HhUV9Y

    Replace the lie that reads: "

    call:readLine %line%

    This will be a call to your ETAUTIL batch file. %line% will contain the entry in the file was read.

     



  • 8.  RE: ETAUTIL Syntax DYN Endpoint

    Posted Dec 20, 2013 02:59 AM
    renu8:

    If we run explore for specific users via etautil then corelate will be effective only to those explored users . Now i am able to do explore for specific users so will be able to do correlation on specific users.the only thing now i need to look for is to write a script which will take users from a txt file.

     



    Can U wrote your syntaxs for explore specific user please?
     



  • 9.  RE: ETAUTIL Syntax DYN Endpoint

    Posted Dec 20, 2013 12:22 PM

    Try this . If it is in different container then connect with provisioning directory and copy the respective DN of the container accordingly .

     

    C:\Program Files (x86)\CA\Identity Manager\Provisioning Server\bin>etautil -d im -u <etaadmin> -p <Password> -o explore 'eTADSContainerName=Users,eTADSDirectoryName=AD Endpoint,eTNamespaceName=ActiveDirectory' eTADSAccount eTADSAccountName=<userid> list eTExploreUpdateEtrust

    Thanks

    Renuka



  • 10.  RE: ETAUTIL Syntax DYN Endpoint

    Posted Dec 21, 2013 05:09 AM

    Thanks Renu

    Bob