Quantcast
Channel: Software Communities : Discussion List - Dell One Identity Manager
Viewing all 379 articles
Browse latest View live

Designer - Preparation for importing from CSV

July 30, 2013, 1:51 pm
$
0
0

Quest Gurus,

In our production environment we have two applications that draw data from an SQL DB for the users and their roles and then we have a CSV file used to determine group owners for attestation that is imported separately. These items were configured by Quest Engineers. I am in the process of replicating the setup in our Test lab and noticed something unusual. The group owners import files are called as custom variables in the designer and point to a local path on the server. I noticed that there are some XML files in this directory in addition to the CSVs we need. However, in the test lab, I only have the CSV files and no XML even though I have fired off the import event many times. Do I need to use the CSV import tool or some other preparatory steps so that these files are imported and thusly create those XML files? The software is configured the exact same in Test (scripts, custom changes, etc.) I am not updating the schema or anything of that sort, the files are simply dumping data into some of the UNS tables. Hope the question isn't too vague.

Search

Exchange attributes mapping

August 1, 2013, 11:42 pm
$
0
0

Hi everyone.

 

I see that following error appears in log files when creating a new Exchange mailbox:

 

Loading import file C:\Program Files (x86)\Quest Software\Quest One Identity Manager\Ex2010Component.dll.xml has changed the object property assignment rules and the member relationships. Property Mail not set. ([System.Runtime.InteropServices.COMException] The attribute syntax specified to the directory service is invalid. ) Property mailNickname not set. ([System.Runtime.InteropServices.COMException] The attribute syntax specified to the directory service is invalid. ) [1607003] Process task Update Mailbox failed. [921044] Error writing one or more properties of object. at StdioProcessor.StdioProcessor._Execute(Job job) at VI.JobService.JobComponents.Ex2010Component.Activate(String Task) ---- Start of Inner Exception ---- at VI.JobService.JobComponents.Ex2010Component.Activate(String Task) at VI.JobService.JobComponents.Ex2010Component._UPDATE_MAILBOX() at VI.JobService.JobComponents.NsJobComponent.MapPropertiesParamstoNS(PropertyMapping propMap)

 

However mailbox is created as it should be, but the process failed at step Update_Mailbox. I have checked mapping for Exchange attributes and everything seems OK. I have also checked XML file Ex2010Component.dll.xml and I can find following lines in it:

 

    <Data Name="Mail" NSColumn="Mail" UpdatableNS="True" DBColumn="Mail" UpdatableDB="True" IsFK="False" ParamsColumn="Mail" IsMVP="False" />
    <Data Name="mailNickname" NSColumn="mailNickname" UpdatableNS="True" DBColumn="mailNickname" UpdatableDB="True" IsFK="False" ParamsColumn="mailNickname" IsMVP="False" />

 

What else should I check?

 

Thanks,

Evgen

Templates for custom attributes

August 1, 2013, 2:17 pm
$
0
0

Hello everybody.

 

I'v got some problems with filling custom attributes. I have extended my Q1IM schema with 6 new attributes - I can see these new attributes in Designer under Show table definition (table ADSAccount). I have written custom templates to fill these attributes. When a new user is created, these attributes are filled with values. But when I try to execute templates on existing users (user accounts) two templates are not fired even though I have as easy template code as I can: Value = "some string".

 

What could be wrong? Any idea?

 

Thanks. Best regards,

Evgen

proxyAddresses attribute in Q1IM ADE version

August 2, 2013, 2:45 pm
$
0
0

Hi,

 

I´m implementing Q1IM 6.0.1 ADE version and I would like to synchronize proxyAddresses attribute.

In my schema mappings, there is not a mapping between AD proxyAddresses atribute and Q1IM.

My question is:

- is it possible to synchronize proxyAddresses attribute if I only have Q1IM ADE version?

 

If the answer is "Yes", a few points on how to do it, would be gladly received!

 

Thanks in advaced.

 

Osvaldo Fonseca

For an ITShop Request how do I limit the length of a account name and prevent special characters from being used?

August 5, 2013, 8:19 am
$
0
0

I am creating Active Directory requests for Distribution Lists, Generic Mailboxes, Service Accounts etc.. For the all these accounts - some are of type user and some of type group - I am supposed to limit the account length to 20 characters. I also have a list of characters that are not allowed. I am using a custom process that fires when an update occurs on the personwantsorg table. The second step in the process sets the Active Directory attributes and pushed them to the ADSAccounts table. In the ITShop I have an associated resource and request properties. The request properties show up when the user adds the AD Request to their shopping cart.

 

I do not know where to put the logic for limiting the name to 20 characters and preventing the use of the special characters. I could truncate the name in the back end when it comes in and I guess I could strip the characters out of the name as well. But I would rather interact with the user and make them retype the name.

 

Any ideas or examples would be greatly appreciated.

SQLIn() WebDesigner

July 3, 2013, 6:28 am
$
0
0

Hi community,

 

I have a question regarding the SQLIn() function in the webdesigner. The object layer documentation describes 4 overloads:

 


InClause(String, ValType, IEnumerable)

Format an IN clause.


InClause(String, ValType, array<Object>[]()[][])

Format an IN clause.


InClause(String, ValType, FormatterOptions, IEnumerable)

Format an IN clause.


InClause(String, ValType, FormatterOptions, array<Object>[]()[][])

Format an IN clause.

 

But the webdesigner inline documentation knows only three parameters:

 

     sqlin(columnName, valType, valueList)

 

 

So, what's correct?

 

 

Thank you for your reply,

 

Norbert

How to migrate orders incl. ValidUntil to PersonWantsOrg?

August 5, 2013, 6:36 am
$
0
0

We want to migrate software orders. Every user who has xxx-Software assigned should become an additional order for 7ZIP.

The PersonOrdered, PersonInserted, ValidUntil and OrderReason incl. an hint of the old order should be copied from the xxx-Software order. The order should be assigned without any workflow or emails started.

 

 

We tried                    

DBObject.Custom.CallMethod("CreateITShopOrder", strUID_ITShopOrg, strUID_Person, CustomScriptName)

with DBObject = PersonInOrg

We have no opurtunity to assign different ValidUntil values. The CustomScriptName can only have a fix ValidUntil for every order. We can't dynamic create CustomScripts or pass parameters to the CustomScript.

 

Are there any ideas?

 


Best Regards Bernd Nicklaus

Unable to log into IT Shop - A server for login could not be determined

August 5, 2013, 7:30 am
$
0
0

Hello,

 

I have been working to configure a Quest One Identity Manager IT Shop, but have not had success when logging into the web interface.

 

The message I get from the website is "[1074013] Login Failed! A server for login could not be determined. Servers are overloaded or partially not operational."

 

MessageFromWebsite.PNG

 

Opening the IT Shop log file, I see the following at the bottom:

 

2013-08-05 11:22:06 Error (VI.WebBase.AppInfo) : [1068007] Error detecting state of application (App01).
  [System.Net.WebException] The remote server returned an error: (401) Unauthorized.
   at VI.WebBase.AppInfo._GetValues(String values)
   at System.Net.WebClient.DownloadData(Uri address)
   at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)

 

2013-08-05 11:22:10 Error (VI.WebBase.AppInfo) : [1068007] Error detecting state of application (App01).
  [System.Net.WebException] The remote server returned an error: (401) Unauthorized.
   at VI.WebBase.AppInfo._GetValues(String values)
   at System.Net.WebClient.DownloadData(Uri address)
   at System.Net.WebClient.DownloadDataInternal(Uri address, WebRequest& request)

 

2013-08-05 11:22:10 Error (LoginRequestHandler) : [1074013] Login failed!
  A server for Login could not be determined.
  Servers are overloaded or partially not operational.
   at VI.WebApplication.LoginRequestHandler.OnProcessRequest(HttpContext context)

 

I have checked the event viewer on both the IIS server and SQL server, but no errors in Application, System or Security logs.

 

As a side note, I am able to successfully log into the Web Designer.

 

Below is my Web.Config settings. Note that I have also tried to add https://web.q1im.local/Q1IM to the Host 1 Segmentation, but the same error still appears.

 

web_config.PNG

 

Any ideas on where I should look next?

 

Thanks,

Roman

Search

After extending the schema in personwantsorg, shoppingcartitem, adsaccount tables should I index the new attributes

August 6, 2013, 8:47 am
$
0
0

Our customer has over 100K users and around 20 custom attributes in Active Directory that we will populate. We extended the ADSAccount table to include these attributes. We also needed to extend the schema of the personwantsorg and shoppingcartitem tables because they do not have enough custom properties to allow us to push all the attributes we need to Active Directory.

 

My question is what is the best practice around indexing new attributes added via the Schema Extension tool?

New Requests not shown in web portal

August 7, 2013, 4:06 am
$
0
0

I have installed Q1IM with all of the defaults settings and tried to recreate the builtin IT Shop (with different names ofcourse).

Everything could be configured in Manager, I've created a IT Shop, Shelfs, Products, Customers, Services and Resources and combined these all in the IT Shop. I did not configure the approval policy because we do not want any approvals at this point.

When opening the webportal I only see the "Active Directory Groups" service category on the New Request tab and not our newly created Service category.

 

Should I need to reload the database or something before my IT Shop is shown in the web portal?

Setting up IT Shop authentication for SSO and manual logon

August 7, 2013, 7:43 am
$
0
0

Hi all,

 

I'm not sure if this can be done or not, so any advice is welcome.

 

 

My customer has their IT shop set up so that they seamlessly go into IT shop as the Windows authenticated account.

 

But they have said "what can I do if I want to change the user that I am logged in as?  How can I also log in manually?"

 

I have run the WebDesignerConfigFileEditor and set

 

 

  1. Primary Authentication Module  --> ADSAccount (Rolebased)
  2. Secondary Module --> ADSAccount

 

 

thinking that they could login automatically, logout and then login manually.   But it seems as if the WebApp automatically logs them back in again.

 

Is there any configuration that I need to make to IIS to enable the above config to work, or is it just an inompatible set of requirements ?

 

 

Thanks

 

Jon.

Exchange server 2010 role

August 7, 2013, 2:17 pm
$
0
0

Is there a requirement which role an Exchange server must have to be used as server to synchronize against, provided that the synchronization server is a different member server in the domain? Like does it have to be a server with CAS (Client Access Server) role?

Password Caching Issue (EBS, AD..) due to Quarterly Password Change

July 29, 2013, 11:53 am
$
0
0

Hello,

 

We came across an issue with EBS deferred processes due to quarterly password change for EBS target system. As the deferred jobs in the queue caches the connector password when a password is changed in the target & Q1IM system the deferred jobs are unware of the password change keeps failing and finally goes into frozen state. Is there any way to refresh the password when Q1IM connector password is chagned ? Please suggest the best way of handling this issue.

 

Other Observations:

 

- Instead of reading the password using the foreign relation,  I tried to call a script and re-initialized the process even then the password is not refreshed.

 

 

 

Regards,

Sasi

Triggering an event based on a exception from previous process step

July 31, 2013, 12:02 pm
$
0
0

Hello,

 

  I have developed a custom process, in the process I would like toe generate an event based on exception from previous step. Is there anyway to capture the exception message or return code from the previous process step ? please let me know.

 

Regards,

Sasi

Creating a simple security group...

August 8, 2013, 6:44 am
$
0
0

So I know now how to create an IT Shop in which the requestable objects are also visible on the web portal.

I continued my research and tried to request a security group using the builtin request. It generated an error because there aren't any approvers configured, so I've changed the approval workflow to selfservice (meaning the requester can request a new security group without approval).

 

I again requested a security group, in the history I see that it is requested and approved, I do not see the group created anywhere in Quest ARS.

Looking at the Request Overview in Manager I see that the Request status is unsubscribed.?

 

There aren't any errors in the logging. The account which I use to request a new security group is unmanaged.

Does the builtin request need some extra configuring before it works, for example point to the right OU or something?

 

Creating a new security group from Manager  works.

Search

Webportal takes 5 - 10 minutes to open.

August 8, 2013, 1:08 pm
$
0
0

Hi All,

 

When a user goes to the webportal it is taking 5 - 10 minutes to open to the home page. The Quest One Identity Manager icon appears with the progress circle, which continues to spin until opening to the home page. We have republished the portal using web designer also restarted the pools. The issue started today which also coincided with the installation and deployment of agents using DGE. Could DGE be causing this issue? Any assistance would be greatly appreciated.

 

Thanks,

Jim

Email language cultures

August 9, 2013, 11:19 pm
$
0
0

I've created a number of custom email templates using a culture of en-GB and changed the default culture config parameter to the same.  This all works correctly, but now I'm finding that none of the standard request or attestation templates will send, as these are only defined as en-US.  I need to use en-GB in order that date fields are correctly displayed.

 

Is there any way of using the standard templates with a different default culture, or do I have to copy all of the standard templates and update their culture?  Ideally I would like the system to take en-GB if one is defined, else use en-US.

Re-enable employee

August 11, 2013, 11:50 am
$
0
0

Hello.

 

Is there a process plan to reactivate an employee if it's exit date is greater than current date? I use the schedule plan "Lock accounts of employees that have left the company" to permanently deactivate employees according to exit date. But I need to reactivate employees who have returned  and their exit date has changed.

 

Thanks.

Evgen

Use a script to call an action within Q1IM

July 25, 2013, 8:44 am
$
0
0

Is it possible to use a script (for instance PS) to trigger a process within Q1IM ?

If yes could you please provide me some example ?

Using Quest One Identity Manager's IT Shop as (part of) an IT Service Management Solution

August 12, 2013, 3:13 am
$
0
0

Q1IM and its IT shop offer possibilities to shop for more", than just access rights. In theory, all kinds of assets (but in this case especially IT assets like applications, mobile phones, laptops, accessories, etc.) can be ordered through the IT shop. Through "provisioning" the ordering proces can be automated in part or whole.

 

The question, however, is whether Q1IM is really up to this task, or whether it is better to use a product that is specialized in this particular area (e.g. BMC Remedy).

 

The main reasons for exploring the option of solving this with Q1IM are because it offers strong integration with Identity Management en because we use Q1IM as our solution for IAM.

Viewing all 379 articles
Browse latest View live
Search