Prev
Next
Forums Integration / Customization IPA/ProcessFlow

PF Updating Active Directory

 3 Replies
 1 Subscribed to this topic
 52 Subscribed to this forum
Sort:
Author
Messages
cBreeze
Basic Member
Posts: 20
Basic Member
9/25/2011 2:13 PM

    Good afternoon,

    I am working on a process flow that will update the network Active Directory.
    We are looking to make Lawson HR the driver in generating User ID's for the network as well as Portal.
    (We are planning on doing an ldap bind to the network AD.)

    I would like to create a New Hire PA Action that triggers a process flow to:
    * Create and Update our Network Active Directory with a user ID and Password. 
        (as well as enrolling them in an initial default Group, etc...).

    * Additionally, I would like to update Lawson ldap with default user information. (Assign identity for ess, etc..)
       ( I understand that  I can use 'ResourceUpdate ' nodes for this.)

    * I am also considering the possibility of hitting another LDAP to a different application as well.

    (In reverse I would like to inactive User accounts in a Termination PF as well)

    MY first step is to attempt a script to update the Network Active Directory. (This seems like it will be the most difficult of tasks.) I am thinking that this can be done with the 'SysCommand' Node?? 


    I would appreciate any direction, logic, code, thoughts or if anyone has accompolished anything like this.
    ( I am not so experienced with LDAP/AD, But I am working on it...)


    We are Lawson Hosted:

    Env: Aix 9.0.1.7
    App: MSP 901.6
    LS - LDAP:MsAdam 

    Network AD Windows2003 (Updating to 2008 sometime soon?)

    (There also may be firewall issues to consider in a PF executing from Lawson outside of our network and hitting the network AD.)


    Thank you very much for any repsonse.
    Curt

    Vijay S
    Veteran Member
    Posts: 174
    Veteran Member
    12/2/2011 5:28 AM
      Curt,

      I am currently developing the reverse one now, the one that inactivates users from Lawson.
      We broke it in two parts. Both will be run Daily.

      Part 1
      Check the term date in HR11 and if it is Today Disable the User from Lawson Security (Deleting the SSOP part of the user) and intimating the HR and Supervisor for the same the remaining part will be as per what ever process you follow.

      Part 2
      - It will check the termination date from Hr11 , If its been 60 days It will delet the user (Resource Update, delete Resource) from Lawson security and an intimation for the same will be sent to HR and his immediate supervisor. Subsequently via an AGS call we need to inaactivate the same from RQ04 and PF ADMIN setup.
      Thanks -
      Vijay
      Deborah Creek
      Basic Member
      Posts: 10
      Basic Member
      4/27/2012 3:34 PM
        Hello Curt,

        Did you make any progress with PFI maintaining AD? We currently use PFI to maintain all self service accounts by using the ResourceUpdate node, but I want to understand how the process flow will need to change after we bind to Active Directory. Any insight would be appreciated.

        Thanks!
        Deborah
        SP
        Veteran Member
        Posts: 122
        Veteran Member
        4/27/2012 3:56 PM
          Effectively the ldapbind will simply remove the password filed from the SSOP identity. Your ResourceUpdate nodes will need to be updated to no longer attempt to store a password value on the SSOP identity. Other than that, there should not be any change to your flows.

          HTH,
          -SP