Layer 7 Identity Management

Expand all | Collapse all

ADS Schema extension on unix IDentity suite

Jump to Best Answer
  • 1.  ADS Schema extension on unix IDentity suite

    Posted 07-29-2019 08:42 AM
    ​Hi Guys,
       i am extending the ADS schema to be able to populate some extended custom AD attributes using the Provisioning engine.
    I already did this several time on IM based on Windows servers but now I have to do this with Identity Suite vApp and Unix.
    I created the schema.ext file in PS_HOME/data/ads/ folder listing all custom attributes name.
    I restarted PS and JCS, closed and restarted the Provisioning Manager but I am not able to see these attributes in a new template creation process.
    Does anybody have any suggestion about this is not working or can give me a check list for Identity suite vApp ?
    Is this extension supported by IS vApp?
    Many thanks in advance
    Regards,
    Claudio

    ------------------------------
    Claudio Cordaro
    Services Architect
    ------------------------------


  • 2.  RE: ADS Schema extension on unix IDentity suite
    Best Answer

    Posted 07-29-2019 09:09 AM
    When using the IM vapp you need to install an instance of the JCS/CCS on a Windows machine and then use ConnectorXpress to configure the routing of AD Connector requests to this Windows instance. You should put the schema.ext file on that Windows instance.


  • 3.  RE: ADS Schema extension on unix IDentity suite

    Posted 07-29-2019 09:18 AM
    Hi Kenneth, thanks for your quick reply. The Windows server hosting JCS and CCS is already in place, I will make the configuration over there.
    Many thanks
    Claudio​


  • 4.  RE: ADS Schema extension on unix IDentity suite

    Posted 22 days ago
    ​Hi Kenneth, even modifying the JCS/CCS Windows Servers hosting the connector used by vApp to provision AD I am not currently able to view the extended attributes in the AD Account Templates.
    I read about the needing to make some explore and correlate task with "update GU" option, but I wouldn't make this update since this could make some modification to customer current environment.
    Is this needed?
    Could I put inside the eTADSPayload attribute the correct syntax manually so that the template can show that fields in the configuration and process it?

    I found this example:
    extendedAttribute1:01:0006=value1;extendedAttribute2:01:0007=value10;extendedAttribute2:01:0008=value100

    How should I configure that string to provision, for instance, the following attributes:
    costCenter
    employeeStatus
    enrollID

    I remember I already did this for another customer but didn't have all this issues… the new attributes appeared in the template immediately.

    Thanks in advance for your help.
    Claudio


  • 5.  RE: ADS Schema extension on unix IDentity suite

    Posted 22 days ago
    ​I have manually modified all "eTADSPayload" attributes in Provisioning Directory and I have been able to provision the required information to AD extended attributes… anyway I can only see these custom mappings in the Account Template configuration but, browsing the AD Account from the Provisioning Manager, the custom tab is empty even if the attributes have been provisioned.
    Claudio


  • 6.  RE: ADS Schema extension on unix IDentity suite

    Posted 22 days ago
    Hi Claudio,

    You should be able to run just explore task (not correlate). And you should be able to see the attributes in custom tab. 

    Also, just explore will not make any changes/updates to environment.

    Thanks,
    Sai