Ldap account and group aggregation

Which IIQ version are you inquiring * 8.1*

Please share any images or screenshots, if relevant.

[Please insert images here, otherwise delete this section]

Please share any other relevant files that may be required (for example, logs).

[Please insert files here, otherwise delete this section]

Share all details about your problem, including any error messages you may have received.

I have connected iiq with ldap. The test connection is successfull. When I do group aggregation then account aggregation, the accounts and groups are aggregated but I can’t see the members of each group in iiq

Hi @fffirmin share your aggregation results so we can check what the possible reasons are. Also, provide logs after the aggregation.

how do you have configured the attribute groups on schema account?

Hi the result of the ldap aggregation task ? What is the location of logs on iiq 8.1? Please

Hi @fffirmin

Welcome to the SailPoint Developer Community!

The main IdentityIQ log files on your application server. This is usually identityiq.log or catalina.out (if you’re running on Tomcat).

$IIQ_HOME/WEB-INF/classes/
In log4j2.properties you will find entry like property.logLocation

property.logLocation=D:/Instances/Tomcat/logs/

• In general sequence of the task are 1st account aggregation then group aggregation. but I observe that you have run group aggregation 1st instead account aggregation, so go ahead and do in correct sequence.

please look at your task summary details page for the better understanding.

setup – > Tasks – Task Details – > click on respective aggregation task, here you find the summary.

Please get the configuration from LDAP application – schema details section: Object Type: account & Object Type: group this will help us understand weather it is configured correctly.

example screenshot for navigation:

image316×146 10.7 KB

Hi
1.pdf (214.7 KB)

are you sure in posixgruop and nisNetgroups you have a list of dn that can corrissponding to the identity attribute of each group?

ps if you have changed something into the schema after the first aggr. relauch the aggregation wothout optimization.

I have not changed anything in posixgruop and nisNetgroups. I have executed account and group aggregation several times without any change

Did you notice any errors in the aggregation, or was it successful?

the account and group aggregation was successfull

Do Identity Refresh Task.

After entitlements are aggregated and added to the catalog, you can run the Identity Refresh task. This ensures that the appropriate entitlements are associated with identities based on the aggregation data.

@fffirmin and this part?

I have showed you my configuration. I don’t know exactly what you are asking me to check please

I am asking about if the account attribute posixgruop and nisNetgroups do you a list of identity attribute of groups. In you case, do you a list of the group dns in this account attribute?

Check the Entitlement catalog for the members of LDAP group.

Also check whether the “Iterate search filter” and “Group Member Search DN” is correct or not.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.