I got a request to extract dormant account list from CA SSO User DB and upload cvs fille into CA Identity manager to delete it. Due to limited program skill and time, I have used existing command and perl script.
It has 3 parts.
Step 1. Extract User id from LDAP server (must be executed where dxsearch command is available.)
Step 2. Get last login from CA SSO server (Must be executed in CA SSO Server)
Step 3. Extract user list that did not login xx days (default 356 days)
To test it your environment, download Dormant.zip file and extract file.
Open "DormantAccount_generation.bat" and change it accordingly.
- LDAP connection information (It can be executed where CA LDAP is installed because it uses dxsearch command.)
- dxsearch -L -h smserver.forwardinc.ca:14389 -b "ou=Customers,dc=ForwardIncExternal,dc=ca" -D <bind_dn> -w <password> "(objectclass=person)" uid | findstr "uid: " > .\work\temp.txt
- Change Perl paramater (It uses CA SSO Perl SDK. So, it should be executed in CA SSO server itself.)
- perl lastlogin.pl <sso admin ID> <sso_admin_password> "Client LDAP User Store" .\work\userlist.txt>.\work\lastlogininfo.txt
- Change time period (User list did not login last <days>
- call run.bat ..\work\lastlogininfo.txt ..\DormantUserlist.csv <days>
Step1 should be executed where desearch (CA LDAP) command is available.
Step2 should be executed where CA SSO server is installed server.
It is just developed for POC purpose. When it is converted into Java, it can be executed from any location. I hope that someone who is familiar with java program can migration this one into java based code.
Batch Job execution result
Last login record
Sample dormant account list, which can be used for IDM bulk task for user deletion.
This document was generated from the following discussion: CA SSO dormant account list