Symantec IGA

  • Private Community

  • 1.  CA Directory Synch

    Posted Jan 14, 2014 07:13 AM

    Hi,

    I have below configuration

    1. Machine1 - SQL server

    2. Machine2 - IM Server

    3. Machine3 - CA directory & Provisioning directory

    4. Machine4 - Provisioning server & CA Directory

    5. Machine5 - Active directory

     

    I have done below steps

    1. created a user store in management console pointing to sql server database. userstore-> sql server

    2. created provisioning store in management console using directory tab pointing to active directory. provisioning store -> active directory

    3. configured provisioning in management console (pointing to provisioning server)

     

    concerns :

    Inbound and outbound synchronization is not working, when I have created a global user in provisioning manager , it is not reflected in IM and reverse is also not happening.

     

    Queries :

    1. Whatever the steps, I have followed is right ?

    2. To achieve inbound and outbound synchronization, Do we need to create a DSA in CA directory and create an user store pointing to CA directory and then create a provisioning store pointing to the same CA directory. Please confirm.

    Thanks,

    Anand



  • 2.  RE: CA Directory Synch

    Posted Jan 14, 2014 07:34 AM

    Hi Anand

    If it is not working either way, it can be anything.

    A good starting point would be to look at the etanotify log in the provisioning server\logs directory for inbound sync and the application log (server.log if jboss) for outbound sync.

    And also look closely at the application log for startup.

    You will probably find something there that will narrow down the problem.

    Normally if neither outbound nor inbound work it is because of network communication, user rights, password problems, spelling error and so on. All of those can somehow be found in the mentioned logs

     

    Cheers, Atle



  • 3.  Re: CA Directory Synch
    Best Answer

    Broadcom Employee
    Posted Jul 17, 2015 03:25 PM

    I do not see in your description where you are assigning provisioning roles to the corporate users in IM.

    Doing this creates the link between the users in IM and their global users.

     

    With out at least a blank provisioning role assigned to the corporate user (a Role without a template) you will not have inbound or outbound synchronization.



  • 4.  Re: CA Directory Synch

    Posted Sep 21, 2015 01:57 PM

    I'm having the same issue.  I created a blank role and assigned it to the user in the IDM UI but the user attributes are still not being updated.  Any other suggestions?



  • 5.  Re: CA Directory Synch

    Broadcom Employee
    Posted Oct 19, 2015 11:02 PM


    Kristen,

      When you say "but the user attributes are still not being updated" where are they not updated?

      On the endpoint? or on the global user?

     

    Thanks

    Bill Patton