Hello everyone,

Here is my ramblings of today, and I hope someone out there can help me
(or has at least come up against this issue). What I want to do is run
a report using the reporting module (4.0.1) against the IDV and one
Active Directory Managed System which will give me the following
information:

A list of those 'managed' Users who are assigned Group Membership in
the IDV and who ARE NOT in the Group in Active Directory
A list of those 'not managed' Users who are assigned Group Membership
in Active Directory, therefore telling us that Users in an Active
Directory Group are there illegally. And for reasons beyond my control,
we are not allowed to use the AD Connector to remove the rogue users

But, for the life of me, I cannot find anywhere in the data where the
Group in the Identity Vault is mapped to the Group in Active Directory,
for instance via the GROUP_ID in the idmrpt_group Table. I was hoping I
could search on the association between the Managed System and the
Identity Vault in order to help me do my join between the two systems.

Example:

DirXML-Association value on Group
** 1ae7ba97719b4b41a6cf24ed473e730e **

This value was found in the tables listed below:
idmrpt_idv_ent_bindings
idmrpt_idv_ent_bindings_hist
idmrpt_idv_identity_trust
idmrpt_ms_ent

This is an example User
** PLSAIARMST **

This User was found in the tables listed below:
idmrpt_association
idmrpt_ext_item_attr
idmrpt_idv_acct
idmrpt_idv_identity_trust
idmrpt_idv_identity_trust_hist
idmrpt_ms_identity
idmrpt_ms_acct
idmrpt_ms_ent_trust

PLSAIARMST had one value from the ** idmrpt_idv_identity_trust **
table:
trust_id: 3fa31a4998d343689934beeabfc1b23c
identity_id: 106470d33fc043a8a20ce7ffe734f8e9
trust_obj_id: 925a0b27f59d400db50c17024223bf00
trust_type_id: RESOURCE_ASSIGNMENT
trust_status: 1
requester_id: dcd9794c96564f7db3a3df44cb4260ad
request_date: 2012-03-12 10:52:15+01
request_comment: [Mar 12, 2012 10:52:14 AM] [assign-resource]
[LSA-ACCOUNT-PROD] [PLSAIARMST]
cause_type: user
approval_info: \N
trust_params: <parameter><value
parm-key="param1">PLSAIARMST</value><value
parm-key="param2">LSA-ACCOUNT-PROD</value><value
parm-key="EntitlementParamKey"/></parameter>
idmrpt_valid_from: 2012-03-12 02:11:10
idmrpt_deleted: FALSE
trust_start_time: 2012-03-12 10:52:14+01
idmrpt_syn_state: 1

PLSAIARMST had One values from the ** idmrpt_ms_ent_trust ** table:

trustee_id: 8163eb615c3e4bb89088d0bd8461ea98
trustee_type_id: IDENTITY
ms_ent_trustee_idv_assoc: 034c12c6efbd3845982a52a5516719d5
ms_ent_trustee_identifier:
CN=PLSAIARMST,OU=LSA,OU=Users,OU=TA,OU=Tenants,DC= D-INSIM,DC=BIZ
ms_ent_id: 7763f99b7cbf4cad8cd670b5bc65e583
ms_id: 71916c4af69f4ca585021c549fcdae87
me_ent_type_id: fe62559c8160444282df0b0bf8a6aae6
ms_trust_id: bc77bb75fdb34f1bbecc00643dbaf353
idmrpt_valid_from: 2012-03-12 14:40:51.353
idmrpt_deleted: FALSE
idmrpt_syn_state: 1

The User PLSAIARMST is a member of the Group with the following
details:
Distinguished Name: cn=gracia,ou=groups,ou=insim,ou=services,o=ing
GROUP_ID: 601894259d404d8bad56fd89df3467cd

The GROUP_ID is referenced in the table idmrpt_idv_identity_trust.
trust_id: f398bc2566a8444785a06907a048c3ff
identity_id: 25120dc1a8344d1495070d4059a8dcb5
trust_obj_id: 601894259d404d8bad56fd89df3467cd
trust_type_id: GROUP_ASSIGNMENT
trust_status: 1
idmrpt_valid_from: 2012-03-12 03:42:57
idmrpt_deleted: FALSE
idmrpt_syn_state: 1

I do notice in the table above that there is a column called MS_ENT_ID,
and this might be the association...but it has no value on any of our
data rows.

So. how to do the join between IDV and AD?

Thanks in advance,

-KA


--
karmst
------------------------------------------------------------------------
karmst's Profile: http://forums.novell.com/member.php?userid=5937
View this thread: http://forums.novell.com/showthread.php?t=453332