Hello all,
I am trying to finish setting up our connector with our SQL environment and have encountered a problem with very specific group names. So far, we have been able to connect to multiple SQL databases, correlate accounts and everything seemed to be going smoothly. We encountered issues when it came to adding SQL entitlements to these identities. Our SQL environment is unconventional as we do not provision users directly for access but rather AD groups that they are members of. We created a transform to concat the samaccountname to properly mimic the name for correlation as it is in the SQL databases.
"name": "Domain Username Groups",
"type": "concat",
"attributes": {
"values": [
"DOMAIN\\",
{
"attributes": {
"sourceName": "DOMAIN Active Directory (Groups)",
"attributeName": "sAMAccountName"
},
"type": "accountAttribute"
}
]
},
"internal": false
}
Groups that follow the concat have no issues receiving entitlements, we read them as DOMAIN\GroupName. The issue lies with those we attempt to read using the “@” symbol, such as DOMAIN@GroupName. For whatever reason the error states that it comes back as DOMAIN
The Add Entitlement error reads
[“Login User FCSAMERICA\ not found on server”,“Login type is mandatory.”,“Login User FCSAMERICA\ not found on server”,“Login type is mandatory.”]
The modify error in the events of the account itself is similar to the screenshot but with some extra information provided at the end
[“Unable to provision database role- db_datareader@CreditReview Reason: Unable to process database user provisioning for user- FCSAMERICA\@CreditReview Reason: sailpoint.connector.ConnectorException: Windows NT user or group \u0027FCSAMERICA\\u0027 not found. Check the name again.”]
Any advice as to what might be the source of the problem with solution suggestions? Is it a truncate, symbol read issue? Is it on the SQL side (this account already exists in the database as do others, but SailPoint is unable to add entitlements to any of the “@” ones)?
Here is an example account as well
