Auto Provisoning Of users using IPA

May be this genrric ,I want the fow to be automatic , after an employee is created in system of record such as Hr11.
I want the user to be added in AD and then lawson, and other applications?
Can this be achived for CHage of username ,Rehire.

Can this be achived ?

I have asked about querying AD and I was told to look at the LDAP but no one has told me that I can add and change AD records. Good luck - if you figure this out please share. ..

You would need to know the inner workings of each system and how it creates user records. Each system would be different, such as using a web API, or directly creating records in the database. There are companies that sell expensive software just for this purpose. I'm not saying it's impossible with IPA, but it's probably not the best tool for that, and would be a massive project.

Sid,
Yes, I have successfully done that using ProcessFlow Integrator.
The way we ended up doing is creating the ldif file in the flow (with the required parameters based on your AD setup) and pushing the changes onto the AD/ LDAP server.
For instance, for the modifying the user password,
Create the ldif file using the file access node,
dn: cn=,ou=,dc=,dc=
changetype: modify
replace: userPassword
userPassword:

To push the changes into LDAP - System Command

ldapmodify -c -d debuglevel -h -p -D cn= -w -f

Hope this helps!

(shameless self-promotion)
The Examiner for Lawson S3 product (https://www.danalytics.co...nerforLawsonS3.aspx) has a feature that updates/synchronizes between your AD and HR11, but currently doesn't do the provisioning. Examiner also has a feature to detect "orphan" Lawson SSOP identities (i.e. they no longer match AD accounts so the user is no longer a valid user).

I have had a number of requests for adding AD user provisioning (as well as creating an Exchange account).

Are you looking for a solution that 1) creates the AD account, 2) creates the corresponding SSOP identity in Lawson, or both?

The dilemma with option 1 is the matching of 1) an RMID to 2) _EMPLOYEE identity to 3) an AD account -- this typically be done via the SSOP identity, but the SSOP identity can't be created using the normal process in Lawson Security until the AD account already exists So, any solution would have to create the AD account first.

Let me know if that what you are looking for...

Hello All

We work in a hospital and we using other applications like Epic which is our HIS System , we use PACS,Infitiy for our radiology , Onbase for Documents .

My plan is when we hire a user i want the user to get Added in AD , email accounts and Add the users in those applications.
My converse are what happens if a user changes there last name after getting married, what happens when they change there position ,terminated.

If all this can't be achieved if I can do this at least creating AD and email and assign Security Groups by using IPA?

sid, we don't do everything automated as you desire, but we do have self-service user RMID's auto-maintained. Here is what we do:
1. We have our New Hire / Re Hire personnel actions work-flow enabled - which sends a email notification to our System Access Provisioning group and they add the user to AD and grant all the other stuff they'll need in their job.
2. We have a daily process that reads an extract from AD (account, employee number, email address) and an extract from HR11 and an extract from the Lawson LDAP. It does a lot of stuff, but basically if the employee does not have an RMID, it builds one, if the employee does have an RMID it compares the data fields and updates as necessary (changes in email, name, changing roles if employee became a manager or vice versa), and if there is an RMID but the employee is terminated it changes the roles and portal role to inactive. It all hinges on the ability to marry the employee number to the AD account, and that information is on the AD extract.
How we do it is a bit klugy as it was done in a hurry when we implemented EMSS - some day I'd like to redo it all using Process Flow.